XP SP2 Event log not logging events

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Posted by Weedfreer on Super User See other posts from Super User or by Weedfreer
Published on 2010-06-02T09:36:07Z Indexed on 2010/06/02 9:44 UTC
Read the original article Hit count: 357

Filed under:
|
|
|

I have a problem whereby a terminal appears not to be logging events correctly and occasionally appears to have problems communicating accross the network.

The terminal has previously been infected with a virus which apears to have 'played' with the default group policy in the standard user profile. Although, outwardly, the terminal appears to be working normally I still have a nagging feeling that it isn't quite back to the way it was. It was infected by a user plugging in a USB Stick while the company was using the older version of the AV software...typically a week or so before it was updated.

I have configured the Event logs to Overwrite as required and to be 5056KB in Maximum size. I have also attempted:-

  • Disabling the Event Log service & restarting
  • Renewing the EVT files in Windows\system32\config directory
  • Restarting the event log service and restarting
  • Clearing the event log in the Services MMC
  • Resetting the Filters to Default in the services MMC
  • Using the EVENTCREATE command remotely from a CMD window on the server to force an event creation event.
So far the only operation to have any sort of success is the remote computer EVENTCREATE command from a CMD window on the server. As it stands, the only other time that the computer has managed to create events is while it is being restarted.

Has anyone gotany ideas on how to proceed? I'm thinking that possibly a refresh of the 'Windows\system32\config\SystemProfile' folder. I'm also thinking about running a tool such as Malwarebytes but this could be slightly controvertial as the system needs to be running on 'up-time' for as long as possible. I'm also wonderign whether anyone knows of any Windows admin tools that allow me to control the event logging options or default security options so that i could get it back to some sort of standard.

What I'm trying to avoid is a complte re-imaging of the terminal. Although this is an option, I dont really want to have to take it if i dont need to.

Many thanks in advance for any suggestions anyone may be able to provide.

© Super User or respective owner

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Related posts about windows-xp

Related posts about event-log

Categories cloud

.NET ASP.NET iphone linux python Windows mysql android sql windows-7 html c ruby-on-rails css objective-c ubuntu networking sql-server wpf asp.net-mvc ruby database Xml apache AJAX osx security regex django Performance 12.04 windows-xp mac web-development iphone-sdk vb.net Silverlight apache2 flash server perl best-practices email installation eclipse visual-studio algorithm windows-server-2008 winforms wcf firefox bash dns /Oracle