The How-To Geek Forums Have Migrated to Discourse


How-To Geek Forums / Windows 7

Can I delete warnings and events from my event viewer?

(37 posts)
  • Started 5 years ago by lasvegasidiot
  • Latest reply from nefetete1
  • Topic Viewed 3324 times

lasvegasidiot
Posts: 15

I have 1,929 administrative events that need to be removed. Can I do this myself?

Posted 5 years ago
Top
 
raphoenix
Posts: 14920

1.Copy Between Lines and Paste in notepad text file. (Do NOT Copy Lines)
====================================================================

@echo off
FOR /F "tokens=1,2*" %%V IN ('bcdedit') DO SET adminTest=%%V
IF (%adminTest%)==(Access) goto noAdmin
for /F "tokens=*" %%G in ('wevtutil.exe el') DO (call :do_clear "%%G")
echo.
echo Event Logs have been cleared! ^
goto theEnd
:do_clear
echo clearing %1
wevtutil.exe cl %1
goto :eof
:noAdmin
echo You must run this script as an Administrator!
echo ^
:theEnd
pause>NUL

====================================================================

2. Save file as Events.txt on desk top.

3. Rename File Events.txt TO Events.bat

4. Double Click on the Bat File to Clear All Windows Logs.

EDIT: 5. You Need to Find Out what is Causing all the Critical Events in the Administrative Log.

Rick P.

Posted 5 years ago
Top
 
lasvegasidiot
Posts: 15

Thanks Rick! How can I figure out what is causing these events?
Bruce

Posted 5 years ago
Top
 
raphoenix
Posts: 14920

Once the Logs are Cleared, Reboot the Computer and run for a while normally.

Then Copy the Log and paste in a New Post so we can help you configure the system. :) :)

The Administrative Log should NEVER have any entries IF the System is Setup Correctly.

Mine has NO Entries unless I install or may be uninstall something.

Rick P.
(Purist)

Posted 5 years ago
Top
 
lasvegasidiot
Posts: 15

Thanks looks like I can see the light at the end of the tunnel. Going to work now, I'll get this started tomorrow. Thanks again.
Bruce

Posted 5 years ago
Top
 
raphoenix
Posts: 14920

Bruce,

Be sure to get back with us as this is IMPORTANT.

Have a Good Shift,

Rick P.
(Purist)

Posted 5 years ago
Top
 
lasvegasidiot
Posts: 15

Rick,
When I double click on my Events.bat file a black window tells me you must run this script as an administrator! (which I see is part of your text), so I am stuck here.
Bruce

Posted 5 years ago
Top
 
Santo
Posts: 1288

Right click on the Event.bat file and click on "Run as Administrator".

Posted 5 years ago
Top
 
lasvegasidiot
Posts: 15

You are the man! That seemed to clear it all. I guess I am half way there. Will it be easy to find out what is causing this to happen.
Bruce

Posted 5 years ago
Top
 
raphoenix
Posts: 14920

lasvegasidiot,

Clear them Again and Reboot.

Once the Logs are Cleared, run for a while normally like may be for a day.

Then Copy the Log and Paste in this topic so we can help you configure the system. :) :)

Rick P.

Posted 5 years ago
Top
 
lasvegasidiot
Posts: 15

Rick,
I can't seem to copy/paste any information from the event viewer. Do you want a list of summary of administrative events, reciently viewed nodes, or log summary? the log summary shows about 80 enabled and 29 disabled.
Bruce

Posted 5 years ago
Top
 
raphoenix
Posts: 14920

Bare with me and I'll post a picture.

Posted 5 years ago
Top
 
raphoenix
Posts: 14920

I can't get the darn picture posted. !?(ARG)

If HTG just had a method to post an Image without going around one's elbow to scratch their .............

====================================================================
Post me a Picture of Administrative Events

Since I don't have any Administrative Events, I used this Security Log for EXAMPLE ONLY.

Posted 5 years ago
Top
 
lasvegasidiot
Posts: 15

In the summary of admin. events: Critical 0, error 0, warning 0, information 23, audit success 12.

The log Summary is 80 plus items, do you want the 29 that are disabled? most enabled just read microsoft-windows 0 Bytes.
Bruce

Posted 5 years ago
Top
 
Xhi
Posts: 6298

I simply copy and paste the URL to the picture using the image button, works every time. For screen images I use either Dropbox or Jing->Screencast for the Internet locations. Simple as pie.

Posted 5 years ago
Top
 
raphoenix
Posts: 14920

Tis a Photo Bucket 3rd party issue. (ARG)

I would use my own Website Servers but Google Crawler always picks'um up and they end up all over the net. (ARG)

Posted 5 years ago
Top
 
Xhi
Posts: 6298

I know I go to Google daily, with baited breath, to find out what screen shots you've posted lately. LOL.

Posted 5 years ago
Top
 
raphoenix
Posts: 14920

That's why I quit posting off my sites.

If I had them Hosted, I could get in to the Header Section and stop the Crawler with coding.

At $100 per year per site, that's gets real expensive FAST !!!!

Posted 5 years ago
Top
 
raphoenix
Posts: 14920

lasvegasidiot,

In the summary of admin. events: Critical 0, error 0, warning 0, information 23, audit success 12

The Administrative Log is OK.

What are some of the Information Entries ???

What do mean by 29 Disabled ???

Rick P.

Posted 5 years ago
Top
 
lasvegasidiot
Posts: 15

I seem to have 5 admin. events: Error HAL 12
Error WMI 10
Warning WLAN AutoConfig 4001
Warning User Profile Service 1530 (twice)

I hope that helps, as I can't seem to use any of the examples you have suggested to copy to you.
Bruce

Posted 5 years ago
Top
 
lasvegasidiot
Posts: 15

My log summary shows 26 log names disabled.
The service control manager shows 375 events since yesterdays purge. Most are listed as event ID 7036 (about 300 of them) Task none.Again I can't copy/paste any of this.
Bruce

Posted 5 years ago
Top
 
ispalten
Posts: 6259

Yes, you can copy and paste. Open the tasks reports up and you can do it. Right at the bottom on the left is COPY. All you need do is DOUBLE CLICK on one of them in the Event Viewer and it will open.

As for the event 7036. considered normal (https://www.microsoft.com/technet/support/ee/transform.aspx?ProdName=Windows+Operating+System&ProdVer=5.2&EvtID=7036&EvtSrc=Service+Control+Manager&LCID=1033) but there could be other reasons too (http://www.eventid.net/display.....38;phase=1) that might need investigation.

Are ALL these ERRORS or just INFORMATION or WARNINGS?

Post a few of the errors please.

Irv S.

Posted 5 years ago
Top
 
raphoenix
Posts: 14920

Error WMI 10

Run this Fixit
http://support.microsoft.com/d.....US;2545227

Error HAL 12 (Possible Sleep errors)

Check for vendor Bios Update.
http://social.technet.microsof.....c7f5d38a7d

Warning WLAN AutoConfig 4001

Reset Service
Adminstrative Tools>Services>WLAN Auto Config---> Set to Manual.

Warning User Profile Service 1530

Hive Process leak during Shutdown
Ignore for right now (just a Warning)

Rick P.

Posted 5 years ago
Top
 
lasvegasidiot
Posts: 15

Log Name: System
Source: Microsoft-Windows-HAL
Date: 5/8/2012 12:02:15 PM
Event ID: 12
Task Category: None
Level: Error
Keywords: (1)
User: N/A
Computer: Bruce-PC
Description:
The platform firmware has corrupted memory across the previous system power transition. Please check for updated firmware for your system.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-HAL" Guid="{63D1E632-95CC-4443-9312-AF927761D52A}" />
<EventID>12</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000001</Keywords>
<TimeCreated SystemTime="2012-05-08T19:02:15.962000000Z" />
<EventRecordID>67653</EventRecordID>
<Correlation />
<Execution ProcessID="4" ThreadID="832" />
<Channel>System</Channel>
<Computer>Bruce-PC</Computer>
<Security />
</System>
<EventData>
<Data Name="Count">1</Data>
<Data Name="FirstPage">80</Data>
<Data Name="LastPage">80</Data>
</EventData>
</Event>

Posted 5 years ago
Top
 
lasvegasidiot
Posts: 15

The last two posts are the only error messages, the others are warnings.
Thanks everyone, Bruce

Name: Application
Source: Microsoft-Windows-WMI
Date: 5/8/2012 11:30:39 AM
Event ID: 10
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: Bruce-PC
Description:
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-WMI" Guid="{1edeee53-0afe-4609-b846-d8c0b2075b1f}" EventSourceName="WinMgmt" />
<EventID Qualifiers="49152">10</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2012-05-08T18:30:39.000000000Z" />
<EventRecordID>12068</EventRecordID>
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
<Channel>Application</Channel>
<Computer>Bruce-PC</Computer>
<Security />
</System>
<EventData>
<Data>//./root/CIMV2</Data>
<Data>SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99</Data>
<Data>0x80041003</Data>
</EventData>
</Event>

Posted 5 years ago
Top
 
raphoenix
Posts: 14920

See My Post Above Your Posting

Fix per instructions

Run Event.bat

Reboot

Check Administrative Log

Post back

Rick P.

Posted 5 years ago
Top
 
lasvegasidiot
Posts: 15

I've done as you suggested. Only these two warnings show up now.
Bruce

Log Name: System
Source: Microsoft-Windows-WLAN-AutoConfig
Date: 5/9/2012 4:38:49 PM
Event ID: 4001
Task Category: None
Level: Warning
Keywords:
User: SYSTEM
Computer: Bruce-PC
Description:
WLAN AutoConfig service has successfully stopped.

Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-WLAN-AutoConfig" Guid="{9580D7DD-0379-4658-9870-D5BE7D52D6DE}" />
<EventID>4001</EventID>
<Version>0</Version>
<Level>3</Level>
<Task>0</Task>
<Opcode>2</Opcode>
<Keywords>0x4000000000000000</Keywords>
<TimeCreated SystemTime="2012-05-09T23:38:49.447500000Z" />
<EventRecordID>68030</EventRecordID>
<Correlation />
<Execution ProcessID="964" ThreadID="988" />
<Channel>System</Channel>
<Computer>Bruce-PC</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
</EventData>
</Event>

Log Name: Application
Source: Microsoft-Windows-User Profiles Service
Date: 5/9/2012 4:38:23 PM
Event ID: 1530
Task Category: None
Level: Warning
Keywords:
User: SYSTEM
Computer: Bruce-PC
Description:
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.

DETAIL -
1 user registry handles leaked from \Registry\User\S-1-5-21-3164753274-1595191286-1399480476-1000_Classes:
Process 1608 (\Device\HarddiskVolume1\Program Files\Trend Micro\AMSP\coreServiceShell.exe) has opened key \REGISTRY\USER\S-1-5-21-3164753274-1595191286-1399480476-1000_CLASSES

Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-User Profiles Service" Guid="{89B1E9F0-5AFF-44A6-9B44-0A07A7CE5845}" />
<EventID>1530</EventID>
<Version>0</Version>
<Level>3</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2012-05-09T23:38:23.239500000Z" />
<EventRecordID>12129</EventRecordID>
<Correlation />
<Execution ProcessID="1004" ThreadID="4596" />
<Channel>Application</Channel>
<Computer>Bruce-PC</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData Name="EVENT_HIVE_LEAK">
<Data Name="Detail">1 user registry handles leaked from \Registry\User\S-1-5-21-3164753274-1595191286-1399480476-1000_Classes:
Process 1608 (\Device\HarddiskVolume1\Program Files\Trend Micro\AMSP\coreServiceShell.exe) has opened key \REGISTRY\USER\S-1-5-21-3164753274-1595191286-1399480476-1000_CLASSES
</Data>
</EventData>
</Event>

Posted 5 years ago
Top
 
raphoenix
Posts: 14920

Set WLAN-AutoConfig Service to DISABLE

Do Event.bat

Reboot

Do Event.bat

Reboot

Check Administrative Log

Post Back

Rick P.

Posted 5 years ago
Top
 
lasvegasidiot
Posts: 15

Rick, Purged twice. It only shows the 4001, and 1530 events (within the last two hours).
Bruce

Posted 5 years ago
Top
 
raphoenix
Posts: 14920

Set WLAN-AutoConfig Service to (DISABLE)
This used to be called WZC (Wireless Zero Configuration) in old XP.

Do Event.bat

Reboot

Do Event.bat

Reboot

Check Administrative Log

The 1530 Process Leak is most probably caused by Trend Micro AV not shutting down quickly.
We could fix this by may be ??? increasing Shut Down time BUT it is only a warning and not an error.

Post Back

Rick P.

Posted 5 years ago
Top
 
lasvegasidiot
Posts: 15

Rick, Critical 0, Error 0, Warning 3036 gatherer as well as the same two (4001 and 1530) within the last two hours.
Thanks again, Bruce

Posted 5 years ago
Top
 
raphoenix
Posts: 14920

Gatherer Error Event ID 3036 is most probably due to a corrupt Index file in Windows Search.

If you want that off, DISABLE Indexing AND Windows Search Service.

Also Indexing should be UN-checked on the HDD.

There are several (Tasks) which use Gathering Function that should be DISABLED also if running an SSD.

Rick P.

Posted 5 years ago
Top
 
lasvegasidiot
Posts: 15

Should I do that permanently? Thanks again for all of your help. I'll check the event viewer again tomorrow. I am of to work.
Bruce

Posted 5 years ago
Top
 
raphoenix
Posts: 14920

Bruce,

We will look at it again tomorrow.

Have a Good Shift. :)

Rick P.

Posted 5 years ago
Top
 
fannyyahoocom
Posts: 1

Is it alright to disable all of even viewer and logs?

Posted 5 years ago
Top
 
warlock
Posts: 4100

@fannyyahoocom, This is a 2 month old thread. Please start a new topic and post with your question.

Posted 5 years ago
Top
 
nefetete1
Posts: 1

You are my Hero! I had over 6,000 errors on my event viewer. The .Bat worked like a charm. I was taking my T mobile stick out of the USB Port with out safty removing it from the eject option Icon.

Thank You, Thank you,
Angela

Posted 4 years ago
Top
 



Topic Closed

This topic has been closed to new replies.