[dm27]

Hello all,

I experienced some strange system behavior this evening, which may be related to my firewall program (Online Armor 4.5). I went to review the Application log in the Event Viewer, and I keep getting a "This log is corrupt" message.

Any good methods to retrieve this log?

Many thanks,

dm

[Advertisements]

Try this one:

• Please download the Event Viewer Tool by Vino Rosso VEW and save it to your Desktop:
• Double-click VEW.exe
• Under 'Select log to query', select (as appropriate):
  
  • Application
  • System
• Under 'Select type to list', select (as appropriate):
  
  • Error
  • Information
  • Warning

Then use the 'Date of events' or 'Number of events' as follows:

Either:

• Click the radio button for 'Number of events'
  Type 3 in the 1 to 20 box (or any number from 1 to 20)
  Then click the Run button.
  Notepad will open with the output log.
  
  
• Click the radio button for 'Date of events'
  In the From: boxes type today's date (presuming the crash happened today) 23 11 2009
  In the To: boxes type today's date (presuming the crash happened today) 23 11 2009
  Then click the Run button.
  Notepad will open with the output log.

[rshaffer61]

Try this one:

• Please download the Event Viewer Tool by Vino Rosso VEW and save it to your Desktop:
• Double-click VEW.exe
• Under 'Select log to query', select (as appropriate):
  
  • Application
  • System
• Under 'Select type to list', select (as appropriate):
  
  • Error
  • Information
  • Warning

Then use the 'Date of events' or 'Number of events' as follows:

Either:

• Click the radio button for 'Number of events'
  Type 3 in the 1 to 20 box (or any number from 1 to 20)
  Then click the Run button.
  Notepad will open with the output log.
  
  
• Click the radio button for 'Date of events'
  In the From: boxes type today's date (presuming the crash happened today) 23 11 2009
  In the To: boxes type today's date (presuming the crash happened today) 23 11 2009
  Then click the Run button.
  Notepad will open with the output log.

[dm27]

Hello rshaffer61,

I forgot about this app, thanks for the reminder. So I followed the instructions and after I clicked Run, the following error message box appeared:

Run-time error '-2147217407 (80041001)':
Automation error


I tried both options, date range and number of events, however both gave me the same error above.

As an FYI, I've done a scan with MBAM and Avira AntiVir tonight and neither program detected anything malicious.

Many thanks for your assistance,

dm

[rshaffer61]

OK lets dig a little deeper then.
Go to

Start and then to Run
Type in Chkdsk /r Note the space between k and /
Click Enter ...It will probably ask if you want to do this on the next reboot...click Y
If the window doesn't shutdown on its own then reboot the system manually. On reboot the system will start the chkdsk operation
This one will take longer then chkdsk /f

Note... there are 5 stages...
It may appear to hang at a certain percent for a hour or more or even back up and go over the same area...this is normal...
DO NOT SHUT YOUR COMPUTER DOWN WHILE CHKDSK IS RUNNING OR YOU CAN HAVE SEVERE PROBLEMS
This can take several hours to complete.
When completed it will boot the system back into windows.

Let me know if this fixes the problem

[dm27]

Hi rshaffer61,

I'll attempt the check disk over the weekend and let you know how it went.

Have a pleasant Thanksgiving!


dm

[rshaffer61]

You have a great Thanksgiving also. I will check on your results Monday.

[dm27]

Well no luck...

I rebooted, and the blue screen came up like it was going to start the check disk operation. However the text listed something similar to the below:

Check disk has been scheduled
Check disk has been cancelled

System booted back to normal Windows...

Also I just noticed my System clock is showing the European date setting: 24/11/10, instead of the U.S. setting 11/24/10. Can't seem to locate where to correct that.

[rshaffer61]

Also I just noticed my System clock is showing the European date setting: 24/11/10, instead of the U.S. setting 11/24/10. Can't seem to locate where to correct that.

OK one hint the cmos battery is failing.
What time is it showing?
There is another way to run chkdsk if you have your XP installation disk.


How To Run Chkdsk /r from Recovery Console:


How to run checkdisk from recovery console (Windows xp). (Courtesy dsenette)

• Insert the Windows XP startup disk into the floppy disk drive, or insert the Windows XP CD-ROM into the CD-ROM drive, and then restart the computer.
  Note:Click to select any options that are required to start the computer from the CD-ROM drive if you are prompted to do so.
• When the "Welcome to Setup" screen appears, press R to start the Recovery Console.
  Note:If you have a dual-boot or multiple-boot computer, select the installation that you want to access from the Recovery Console.
• When you are prompted to do so, type the Administrator password. If the administrator password is blank, just press ENTER.
• At the Recovery Console command prompt, type the following then press Enter:
  

  chkdsk /r

• Allow this to run UNDISTURBED until completed (45 min or so)
• Report any errors

[dm27]

That's interesting, this is a 4yr old HP laptop. However, the time is still accurate. Should I keep the computer off when I'm not using it to preserve the battery?

Unfortunately, I did not get an XP installation disc with this computer. The only thing I have are the emergency recovery discs that I burned.
(probably not much help though).

Almost forgot, I did have ComboFix install the Recovery Console, would that be an option?

dm

[rshaffer61]

Almost forgot, I did have ComboFix install the Recovery Console, would that be an option?

Yep you should be able to do the chkdsk using that recovery console as it is the same.

[dm27]

Well, I made some progress.

• Chkdsk /r ran from the recovery console, though aside from the used and available bytes available, this was the only other useful line. "Found and fixed one or more errors on volume."
• The Application log in Event Viewer is still corrupt.
• Found this VEW log file in the C drive. I thought the application failed based on the automation error yesterday.
  

  Vino's Event Viewer v01c run on Windows XP in English
  Report run at 23/11/2010 9:34:02 PM
  
  Note: All dates below are in the format dd/mm/yyyy
  
  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  'Application' Log - error Type
  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  Log: 'Application' Date/Time: 23/11/2010 9:02:04 PM
  Type: error Category: 10
  Event: 4427 Source: MSDTC Client
  Failed to initialize the needed name objects. Error Specifics: d:\comxp_sp3\com\com1x\dtc\dtc\msdtcprx\src\dtcinit.cpp:215, Pid: 2256
  No Callstack, CmdLine: C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}

That's about all for now...

Sincerely,

dm

[rshaffer61]

Rerun it to see if it finds and fixes anything else.
We are making progress.

[123Runner]

System clock is showing the European date setting

For this error you need to look under the Regional and Language option in control panel.
As I recall, on the general tab and then advanced options.

Have you tried deleting the application log and letting it make a new one?

[dm27]

System clock is showing the European date setting

For this error you need to look under the Regional and Language option in control panel.
As I recall, on the general tab and then advanced options.

Have you tried deleting the application log and letting it make a new one?

Hello 123Runner,

Thanks for the tip, I was able to correct that format via the Regional and Language > Regional Options > Customize > Date. In regards to the application log, I'm curious to see if anything in there will point to the odd behavior that occurred with my system on Tuesday. If I'm not successful, then I'll delete the existing log and begin a new one.


To rshaffer61: I will rerun chkdsk soon and let you know the results.


dm

[rshaffer61]

I'm wondering was there any updates done to the system before this started?
Hardware, Software, online updates?
Any new software installed or anything downloaded online?