Windows 8 event log

Hello

I have a new computer, bought yesterday, running on Windows 8.
I got a call this afternoon from someone claiming to be from Microsoft saying that I had downloaded some kind of malware - the name means nothing to me.  He began to talk me through the journal of the opening events, was about to take me through new measures to be taken.  I said several times that I was extremely suspicious, especially as I said we have a lot of computers running on this topic and he claimed that it did not matter that I used.  We were interrupted right there and I asked for a number to transfer the call.  He gave me a 1800 number - which is an American extension and I am uk.  When I got out, he said it would work, and I insisted on taking his name and also received his "number".  When I tried the number I got an error tone.
Please could you confirm if there is anyway that could have been a real call from Microsoft?  Also - now that I've seen in the event log, I'm worried can I have downloaded something dangerous so that set up my new computer.  Any advice on the listed events of compensation would be great!

Same scam as all earlier versions of Windows.
 
It was not authentic.  If someone asks you anything you are owner and you do not make the call, think of it as a scam and hang up.  If you want to verify that this is a scam, then find the number of society who claim to want you, call them and see if they called you.

The event log is just what it sounds like - a journal of the events on your computer maintained by Microsoft.  Just don't go into it more without reason.  As a normal user - probably, you rarely need to cela and would more probably have a sysadmin (computer SCIENTIST) do it for you.  ;-)

Tags: Windows

Similar Questions

  • How to fix the error in the windows system event log

    How to diagnose in the event log error... pls help.

    Here are some notes on the event viewer reports that can help you. When you have a lot of mistakes, you need to focus on system errors and warnings, even if it's the applications that are giving you grief. Problems with the first sorting system can do the easier application problems. Note the time that the computer is started last and deal first with those at the beginning of the boot. Correct previous errors can be solved later.

    1. normally, when an error occurs on your computer looking in Event Viewer should be your starting point to find a solution. More related system errors are recorded and get an exact copy of the relevant report is important. Unfortunately, is not easy to understand reports and most of the users computer need help with their interpretation. I have to say later interpretation.

    2 Event Viewer includes three main newspapers of Windows. Here's the Application, security, and system. For purposes of troubleshooting system is by far the most important.

    3. to access the system log, select Start, Control Panel, administrative tools, Event Viewer, in the list on the left of the window select Windows and the system logs. Place the cursor on the system, right click and select filter current log. Check the front of the error and click OK and see you only reports errors. Click the Date and time column header to sort. You may need to click a second time to see the last report above.

    4. a tip for posting copies of error reports! Run Event Viewer and double-click the error you want to copy. Click the button copy on the general tab allows you to place a copy in the Clipboard and close Event Viewer. Now start your message and paste it into the body of the message. Make sure that it is the first dough right out of the event viewer.

    5. He cautioned against three types of reports, information, and reports errors. In most situations, it is the error reports that offer the best information but sometimes WARNING reports provide useful clues.

    6. all reports have stamps date and hour and when troubleshooting, it is important to focus on the latest reports. Reports of studies from the point when the computer is started, and then check if a similar report appeared in the previous session. If errors do not repeat investigation as to why they happen is wasted effort.

    7. in the individual reports the most important information is the event ID and Source such as these help when looking for help on the internet. The description is just as important and copy the exact text to use as search criteria greatly helps achieve better results when using Google. Not paraphrase descriptions when other people asking for help.

  • 8 Windows system event log, now what?

    Hello

    Here is my (compressed) system event log, so how can I fix or should I worry about the MISTAKES listed?

    Is there any other information you need? I downloaded the file zipped to my drop box, that ' E-mail address I should share it with?

    Thanks for your help...

    Alton J Drummond Jr

    "Jazz player Da".

    Almost every PC I've seen show at least a few errors in the paper at some point and if the system itself to show no symptoms of problems can generally be ignored. An error can be generated, and then the software reset and succeed the task but the error is already in the paper.

    For the majority of users, the event log should be used at the same time to investigate the real issues and not otherwise referred to as.

  • "Another computer on the network has the same IP address as this computer. Contact you network administrator for help resolving this issue. More details are available in the Windows system event log"

    Please, anyone can help as I don't know what to do? I am running Vista to the Windows Welcome page
    I am the administrator and I have no other computers attached to my laptop?
    I use the same USB port to connect to internet, but recently, I had to try another USB port I get the above error message.
    I have no idea how to do to correct the situation and would appreciate guidance step by step.
    Thank you.

    Hi RDCICON,

    1. which device you are connected to the USB port?

    2. you still get the same message when you connect the usb device or use the device on another computer?

    Method 1:

    You can try to run the tool built into Vista Network Diagnostics. To do this, click Start, go to network and select network share.

    On the left side of the window select the diagnosis and repair.
    It should help to find which device is listed with the duplicate IP address.

    Method 2: Release and renew the IP address by following these steps.

    a. Click Start. Click Run, type cmd, press ENTER.

    b. at the command prompt, type the following command and press ENTER

    ipconfig/release

    ipconfig / renew

    Method 3:

    Check and confirm the DHCP client service is started and set to automatic.

    If the DHCP client service is not running, then set it to autostart. Steps to set the auto service:

    a. click the Start button

    b. type services.msc in the search box.

    c. search for DHCP client and set it to automatic and make sure that it is started.

    Method 4:

    Reset the router and see if the problem persists.

    You can refer to the 3mentioned of general troubleshooting method in the following article to reset the router.

    http://support.Microsoft.com/kb/956196#Gm3

    You can also see the producers of the router manual or contact support for additional assistance.

    Hope this information is useful.

  • Entry Windows - Faulting module name event log: Converter - agent.dll - after the partition of 100 MB WIn2008 R2 online

    Hello

    Since my installation of Windows 2008 R2 (Web edition server) use the restore system 100 MB partition, I had to use this fix for this:

    VMware KB: A Windows 2008 R2 machine P2V Conversion fails at 96%

    to allow VMWare Converter (last 5.1) to also copy this partition but I never did because when I changed status od this partition to the online converter always stops on the connection to the machine Powered-> this local machine with the error "Unable to obtain material information for selected computer.". I noticed input error to the Windows Application event log that contains:

    Name of the failing application: vmware - converter.exe, version: 8.1.0.15346, time stamp: 0 x 51642354

    Name of the failed module: Converter - agent.dll, version: 8.1.0.15346, time stamp: 0 x 51642321

    Exception code: 0xc0000005

    Offset: 0x00084bbe

    ID of the process failed: 0x19d4

    Start time of application vulnerabilities: 0x01ce7402f38eeb43

    The failing application path: C:\Program Files (x 86) \VMware\VMware vCenter Converter Standalone\vmware - converter.exe

    Path of the failing module: C:\Program Files (x 86) \VMware\VMware vCenter Converter Standalone\converter - agent.dll

    Report ID: 7d2c66a6-dff6-11e2-ab7e-000c29da83b7

    There is also an entry of information:

    The description for event ID 1 source vmware-converter-worker is not found. Either the component that triggers this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer.

    If the event is on another computer, the display information had to be saved with the event.

    The following information has been included in the event:

    VMware-converter-worker service started

    When I reboot the system and not to make agent system Converter online 100 MB recovery partition does not hang and I can perform the conversion without this small partition.

    Any ideas?

    Concerning

    Hello

    I'm back with the log file. The log contains only the related situation this topic. Before you start the new operation of conversion, I have removed all previous logs.

    Concerning

    EDIT: I checked the file workers journal and information:

    [PopulateVolumeProperties] \\?\Volume{90f40b30-30cd-11e2-849d-000c29da83b7}\ volume is the name of the \Device\HarddiskVolumeShadowCopy1 device.

    MEM > 2013 - 07 - 07T 22: 40:47.140 + 02:00 [info 06288 'Default'] [GetDriveLetterOrMountPoint] Mount point of volume \\?\Volume{90f40b30-30cd-11e2-849d-000c29da83b7}\ is \\?\Volume{90f40b30-30cd-11e2-849d-000c29da83b7}\

    MEM > 2013 - 07 - 07T 22: 40:50.881 + 02:00 [06288 panic "Default"] (recursion level Log 2) Win32 exception: Access Violation (0xc0000005)

    showed me where is the problem. I managed diskshadow.exe and executed delete conceals the entire operation. Now I can go ahead with the conversion. Thank you

  • missing events in the event log

    I'm really new and can't help otherwise explain what just happened to me. I am running Vista home and checked my reliability and performance monitor. He came back to me with missing events to the event log. 14% of my missing log files. He told me that my buffer size and maximum ETW memory buffer is not obtimal that the data sets are collected. I have AVG free virus and found no problem. I had a lot of problems with the security of the networks and curious to know for myself if someone takes information just behind my computer. Everyone acts as if I am perinoid, but I had log events while at work and shut down the system. Some are could not log on to attemtps still more successful. Many programs also show other computers on my network even glancing only ethernet to my dsl modem. So I'm not under xp but have the same diagnostic report. I would be grateful no sign, that I am not paranoid. thanx

    Hi Dancin' madman,

    Welcome to the Microsoft Vista answers Forum!

    I would like to ask you a few questions in order to get a better understanding of this issue so that we can better help you.

    (a) what version of Vista are you using?

    (b) is connected to a domain, or more than 10 computers in your computer network?

    (c) what the event log you are trying to check?

    For example, if you check the log of events for an Application, then you must

    1. click on Start, type Event Viewer in the start search and press enter

    2. in the Windows logs , select the Application, it should be under the winlogon (the last)entry. Right click on the Application and select Properties.

    3. in the Properties , you can check for the latest event logs and check the settings if it is set to replace the events, if you want, then you can change the settings.

    Because you are worried about the security of the network, you can try first run a scan of online security.

    Follow the below links for analysis online on your computer to verify if there is a malicious software on your computer.

    http://OneCare.live.com/site/en-us/default.htm

    http://www.Microsoft.com/security/malwareremove/default.aspx

    You can also check if the Services of Windows Event log and dependence are started.

    1. Click Start, type Services in start search box and press ENTER.

    2. Locate the Windows event log in the mentioned Services.

    3. check if the status is started. If the condition column is blank, right click on the Windows event log Service and select start.

    4. open the Windows Service event log, select dependencies. In dependencies, select the Windows event collector and click ok to start the service.

    5. also check the dependencies in the Windows event collector and launch service dependencies by clicking OK.

    Hope the helps of information.
    Please post back and we do know.

    Concerning
    Jeremy K
    Microsoft Answers Support Engineer
    Visit our Microsoft answers feedback Forum and let us know what you think.

  • Add the windows firewall with the security log for windows 2008 Event Viewer

    Hi all

    I would like to see weather which is turn on the Windows or turn OFF firewall and at what time on Windows 2008.

    As what I had checked, I could see this on Windows 7 (Event Viewer/Applications and Services/Logs/Microsoft/Windows/Windows Firewall With Advanced Security/Firewall), but this does not show on Windows 2008.

    Is anyway to add this in Windows 2008?

    Your help is very appreciated.

    BR/WT.

    Hi all

    I would like to see weather which is turn on the Windows or turn OFF firewall and at what time on Windows 2008.

    As what I had checked, I could see this on Windows 7 (Event Viewer/Applications and Services/Logs/Microsoft/Windows/Windows Firewall With Advanced Security/Firewall), but this does not show on Windows 2008.

    Is anyway to add this in Windows 2008?

    Your help is very appreciated.

    BR/WT.

    Best place to get the most appropriate response is technet...

    Please repost this under, http://social.technet.microsoft.com/Forums/windowsserver/en-US/home

  • Agent Extension SNMP event log has not initialized properly in windows 2008 R2

    I enabled the functionality of SNMP Service and found the following error:

    "Error 2019: Extension SNMP event log Agent has not initialized properly in windows 2008 R2 Enterprise 64-bit.

    I uninstalled all related SNMP Applications and reinstalled the functionality of the SNMP Service, however, I always do face the same error.

    According to the following of Article http://support.microsoft.com/kb/128729 , this requires to contact microsoft to obtain the fix.

    I have a subscription with Microsoft technical support to download the fix mentioned the article above.

    Any help please,.

    Hello

    The question you posted would be better suited in the community pro Windows 2008.
    http://social.technet.Microsoft.com/forums/en-us/category/WindowsServer

  • Windows could not start the service on the Local computer Windows event log. Windows 2008 R2 server

    When I try to start the event log service can I have on my server (Windows 2008 R2), I get the following error:

    "Windows didn't start the service on the Local computer Windows event log."

    Error 2: the system cannot find the specified file. »

    Hello

    Your question of Windows is more complex than what is generally answered in the Microsoft Answers forums. It is better suited for the public on the TechNet site. Please post your question in the below link: http://social.technet.microsoft.com/Forums/en/category/windowsserver/

  • Place to query windows event log?

    Hello:

    Is it possible to query the CVI windows event log?

    I don't see all the Windows event recorder functions available in the windows SDK provided with CVI 8.

    What are the functions of windows recorder that I refer:

    http://msdn.Microsoft.com/en-us/library/aa385784 (vs.85) .aspx

    I am interested in the capture of application errors from the event logs on the stations running Teststand and CVI.

    Thank you
    Dave

    You can use the ReadEventLog function.  It is documented in the Windows 2000 RC2 SDK distributed with CVI FDS 8.5.1.  Do not know if it is documented in the SDK software distributed with CVI 9.x

    ReadEventLog

    ReadEventLog

    The ReadEventLog function reads a large number of entries in the specified event log. The function can be used to read the journal entries in chronological order or reverse chronological.

    BOOL ReadEventLog(
  HANDLE hEventLog,                // handle to event log
  DWORD dwReadFlags,               // how to read log
  DWORD dwRecordOffset,            // offset of first record
  LPVOID lpBuffer,                 // buffer for read data
  DWORD nNumberOfBytesToRead,      // bytes to read
  DWORD *pnBytesRead,              // number of bytes read
  DWORD *pnMinNumberOfBytesNeeded  // bytes required
);

    Parameters

    hEventLog
    [in] Handle to read the event log. This handle is returned by the OpenEventLog function.
    dwReadFlags
    [in] Specifies how the read operation is to move forward. This parameter must include one of the following values.

    Value Meaning
    EVENTLOG_SEEK_READ The read operation derives from the record specified by the dwRecordOffset parameter.

    This flag cannot be used with EVENTLOG_SEQUENTIAL_READ.
    EVENTLOG_SEQUENTIAL_READ The read operation is in order since the last call to the function ReadEventLog using this handle.

    This flag cannot be used with the EVENTLOG_SEEK_READ.

    If the buffer is large enough, more than one record can be read at the specified seek position. You must specify one of the following flags to indicate the direction for successive read operations.

    Value Meaning
    EVENTLOG_FORWARDS_READ The journal is read in chronological order.

    This flag cannot be used with EVENTLOG_BACKWARDS_READ.
    EVENTLOG_BACKWARDS_READ The journal is read in reverse chronological order.

    This flag cannot be used with EVENTLOG_FORWARDS_READ.
    dwRecordOffset
    [in] Specifies the registration number - the journal entry in which to begin the read operation. This parameter is ignored unless dwReadFlags includes the EVENTLOG_SEEK_READ flag.
    lpBuffer
    [out] Pointer to a buffer for the reading of the event log data. This parameter cannot be NULL, even if the nNumberOfBytesToRead parameter is null.

    The buffer will be filled with an EVENTLOGRECORD structure.

    nNumberOfBytesToRead
    [in] Specifies the size, in bytes, of the buffer. This function will read as whole submissions contained in the buffer. the function does not return the partial entries, even if there is room in the buffer.
    pnBytesRead
    [out] Pointer to a variable that receives the number of bytes read by the function.
    pnMinNumberOfBytesNeeded
    [out] Pointer to a variable that receives the number of bytes required for the following journal entry. This count is not valid unless ReadEventLog returns zero, and GetLastError returns ERROR_INSUFFICIENT_BUFFER.

    Return values

    If the function succeeds, the return value is nonzero.

    If the function fails, the return value is zero. To get extended error information, call GetLastError.

    Remarks

    When this function returns successfully, the playback in the error log position is adjusted by the number of records to read. Only a number of set of event log records will return.

    Note  Configured for this source file name can also be the file name configured for other sources (several sources may exist under subkeys under one log file). Therefore, this function can return events that have been recorded by several sources.

    Requirements

    Windows NT/2000: Requires Windows NT 3.1 or later version.
    Windows 95/98: Not supported.
    Windows CE: Not supported.
    Header: Declared in winbase.h; include windows.h.
    Library: Use advapi32.lib.
    Unicode: Implementation of both Unicode and ANSI under Windows NT/2000.

    See also

    Event logging overview event logging functions, ClearEventLog, CloseEventLog, EVENTLOGRECORD, OpenEventLog ReportEvent

  • VB6 DLL is not log messages in the Windows Server 2003 event log when it is called from an ASP page

    Hi all

    I have an ASP web application, I will create a "VBModule1" (VB6 Dll) instance of an ASP page and inside this method of "VBModule1" I create an instance of another VB6 Dll 'VBLogger', who calls App.LogEvent () to write messages to the event log.

    I tested the Web application on the develepoment (XP) machine and everything worked fine but when the user runs the Web application on the Production Server (windows server 2003) events are not saved.

    Friend missing the security settings of my ASP web app that needs to be configured on Windows Server 2003 for VB6 DLLs logging events?

    Please think as soon as POSSIBLE.

    IIS on Windows server 20003 version: 6.0

    Thank you.

    Hello

    The question you have posted is related to Windows Server 2003 would be better suited to the Windows Server community.

    Please visit the link below to find a community that will support what ask you:

    http://social.technet.Microsoft.com/forums/en-us/category/WindowsServer

  • You try to start a service error "Windows failed to start the VMware authorization on local computer Service. For more information, see the system event log. If it is a non-Microsoft service, contact the service provider

    Ideas:

    • You have problems with programs
    • ETrying to launch a service error "Windows failed to start the VMware authorization on local computer Service. For more information, see the system event log. If it is a Microsoft service, contact the service provider and refer to the specific service-6000004 error code "... I contacted the people at VMware they say it's a problem with Windows Vista..." IAM confused pls help... .rror messages
    • Recent changes to your computer
    • What you have already tried to solve the problem

    Remember - this is a public forum so never post private information such as numbers of mail or telephone!

    Hi sanjeevkode,

    Thank you for visiting the website of Microsoft Windows Vista Community.  As the question you posted typically associated with third party software / application that has its own way of program codes and call the corresponding system resources when installing and running. Therefore, I also suggest you to join the VMware Forums for the best support.

    VMware communities: http://communities.vmware.com/home.jspa

    In the meantime I suggest you try these options / methods

    IMPORTANT NOTE: Microsoft provides this information as a convenience to you. Proposed changes could lead to serious problems. Microsoft cannot guarantee that problems would be solved as a result of the suggestions. Changes to settings are at your own risk.

    Option 1: If you go to computer management, and then to the list of Services and find the VMware authorization Service, it appears as stopped? If so, you need to start

    Option 2: Try logging on as an administrator Local host during installation first workstation, rather than you connect with a domain ID

    Option 3: The question can be caused also by your security program such an antivirus or a firewall of Windows /Defender that can have conflicting parameters as to not not to perform certain tasks. I suggest you temporary disable antivirus and firewall and check the result again. You must enable security programs new that had disabled you

    Option 4: The problem could be linked to a local or domain group policy. Make sure that the local account is defined as 'local user __vmware_user__' in the local Administrators group and the permissions of "Log on locally" and "Log on as a service.

    The two parameters are available in the "* Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment *" branch of domain group policy or local.

    Let me know if it worked.
    Hope it will be useful.

    Thank you and best regards,
    Vijay K - Microsoft Support
    Visit our Microsoft answers feedback Forum and let us know what you think.

    [If this post can help solve your problem, please click the 'Mark as answer' or 'Useful' at the top of this message.] [Marking a post as answer, or relatively useful, you help others find the answer more quickly.]

  • Event log Windows has stopped working due to an appcrash.

    Recently on windows problem reports and solutions, I got a note saying: windows event log has stopped working due to an appcrash.

    I went to the windows event logs and record the time and the problem. I'm relatively new to computers so I could not understand the problem.

    I find the time, this event occurred and I got a certificate service Id 64, a application Id 1000 event.

    could someone help me with this problem, thank you

    The Office of response technicians can probably help you. Click on this link-online http://answerdesk.microsoftstore.com/

    Good luck.

  • My Administration event log is 8000 + and new errors every day. Windows Explorer stops responding, how can I stop this?

    OT: my Administration event log is 8000 + and new errors every day. How can I stop this?

    My ACER laptop running VISTA family premium has many errors I do not understand why and don't know how to stop.

    Is how important it? Is this normal? Should I post each event with details to see if it can be interrupted?

    For example my lap top works generally OK but Explorer windows (explorer.exe) crashes with a message that it fails and restarts. The error code and events are

    Error 01/03/11 10:04:22 Application Error 1000 (100)

    Application Explorer.EXE, version 6.0.6002.18005, time stamp 0x49e01da5, module MSVCR80.dll, version 8.0.50727.4053, time stamp 0x4a594c79, exception code 0xc000000d, offset error 0x00008aa0, process id 0 x 624, failed failed application start 0x01cbaad15a2d1273.

    Thanks if you can help

    Hi Tricsim,

    Since when are you facing this problem?

    There could be several causes for this problem; I suggest you try the following steps to correct the problem:

    Method 1: Auditor of file system (CFS) scan to fix all of the corrupted system files. To do this, follow the steps mentioned in the link below:

    How to use the System File Checker tool to fix the system files missing or corrupted on Windows Vista or Windows 7

    http://support.Microsoft.com/kb/929833

    Method 2: Put the computer to boot and then check if the problem persists

    Follow step 1 in the link below,
    How to troubleshoot a problem by performing a clean boot in Windows Vista or in Windows 7

    If everything works well after a clean boot, you can deduce that some third-party services are at the origin of the problem.

    Continue with the remaining steps to pin-point on the third party service.
    After find you the program that is causing the problem, you will have to perhaps to update or install a newer version of the program, if you rarely use that you should consider uninstalling the software.

    Important: n ' forget not to put the computer to a normal startup follow step 7 in the link.

    Method 3: You can follow the steps described in the article below

    Error message when you log on to Windows Vista: "Windows Explorer has stopped working".

    http://support.Microsoft.com/kb/937093

    Thanks and greetings
    Ajay K
    Microsoft Answers Support Engineer
    ***************************************************************************
    Visit our Microsoft answers feedback Forum and let us know what you think.

  • Failed to start service on Windows 7 windows event log. Error 4201. __

    Cannot start service on Local computer Windows event log.  4201 error: The instance name passed was not recognized as valid by a WMI data provider.

    Hi rung_windows7,

    Renaming or deleting the following file seems to work for some users:

    C:\Windows\System32\LogFiles\WMI\RtBackup

    REF: error 4201 event log - ERROR_WMI_INSTANCE_NOT_FOUND (a great helluva thread)
    Ramesh Srinivasan, Microsoft MVP [Windows Desktop Experience]

Maybe you are looking for