Event Viiewer delema

[john aka: jopa]

Just this week I re-installed Windows XP SP-3 after formatting the drive.
All was working fine except that suddenly the System log in Event Viewer has
stopped recording the various services which load up at boot time. There
were around 17 information entries relating to services each time the system
started. Now there are no services listed - the only entries I see now right
after a bootup are two for the event log itself, one for TCPIP and one for
the Antivirus.

My research is getting me nowhere - "Windows XP predetermines the events
that are logged". Obviously this pre-determination is messed up somehow.
Anyone know if there is a registry setting or obscure file(s) somewhere that
might get the default behavior back? I'm afraid that if these entries are
not getting logged, there may be others which get missed as well.

I have tried clearing the log. I deleted the file
\WINDOWS\system32\config\SysEvent.Evt and let Windows build a new one at
next boot. I have restored the system to yesterdays date before the problem
started. Needless to say, none of this has fixed the problem. I really don't
want to re-format again over something like this.

 

[Gerry]

John

What are your anti-virus and anti-spyware arrangements?

Try Ctrl+Alt+Delete to select Task Manager. Does Task Manager still
work? Sometimes malware targets services needed to restore a computer.

Is the Security log on Event Viewer still working?

--



Hope this helps.

Gerry
~~~~
FCA
Stourport, England
Enquire, plan and execute
~~~~~~~~~~~~~~~~~~~

 

[john aka: jopa]

Yes... Event Log is started.

Click on Start, Run and key in services.msc and click on OK. Scroll down
and check to see if the event log is started.

 

[john aka: jopa]

Avira AntiV - also use Spybot & Malwarebytes.
Task Manager is working OK.
Didn't configure the security log in Event Viewer.

 

[Gerry]

John

HOW TO: View and Manage Event Logs in Event Viewer in Windows XP
http://support.microsoft.com/kb/308427/en-us

--



Hope this helps.

Gerry
~~~~
FCA
Stourport, England
Enquire, plan and execute
~~~~~~~~~~~~~~~~~~~

 

[john aka: jopa]

Thanks Gerry, although this article does not really address the issue about
*what* is logged to the system event. I did however discover the solution
(culprit) if anyone else might need this info. I had used a program called
CachemanXP, allowing it to "auto-optimize" the Windows system. In doing so,
it removed two entries "WMI events" and "WMI logging". Re-enabling these
entries solved my problem. I still don't know where these are in the
registry but, at least the dilemma is solved. Thanks for the efforts to help
guys.

 

[Leonard Grey]

'Optimizing' software strikes again!

 

[Gerry]

John

Thanks for letting me know the outcome.

--



Gerry
~~~~
FCA
Stourport, England
Enquire, plan and execute
~~~~~~~~~~~~~~~~~~~

 

[john aka: jopa]

You got that right! Normally I review any changes being made. As this was
a fresh re-install I guess I was too pre-occupied trying to get all the
software put back.