You're gonna want that cowbell!

Windows Vista and the Problem of Corrupt Event Logs

One of my fellow Pigtown neighbors saw me as I returned yesterday morning from the gym.  I have helped him in the past with his computer needs, and he mentioned to me that both his laptop and desktop were having “issues.”

The desktop was due for some up to date antivirus software, and it was in need of some updates and patches.  I uninstalled Norton SystemWorks 2006 as it had expired from when the PC was purchased.  I downloaded and installed AVG AntiVirus free for his purposes.  After that, I update his PC with the latest Windows patches for Windows XP.

The laptop, however, had a more interesting problem.  When he would boot up the machine and login, he was met with no desktop.  Merely a white mouse cursor with no desktop icons.  The laptop was not thrashing about, and his data was intact.

My first instinct was to boot into Safe Mode.  Booting into Safe Mode is normally a good way to get around this, but as I booted into Safe Mode and logged in his user account, the same black desktop greeted me.  I attempted booting into Safe Mode with Command Prompt, but I was met with the same result.  I booted again and tried the old Windows NT trick of booting with the Last Known Good Configuration.  Again, I was greeted with the black desktop and white mouse cursor. In all of these instances, I was unable to start Task Manager as well.  For all intents and purposes, once I logged into the laptop, it was unresponsive.

A bit of Googling turned up some results, and it looks like this problem is a common issue.  Most of the threads I read seemed to point to either Windows Vista’s piracy protection “feature” or to a corrupt Event Log.  The problem, though, was how to get into the machine to clear out the offending event logs.

I came upon a suggestion to invoke the Sticky Keys dialog to invoke the MSCONFIG utility.  The steps below are what I did to get this problem fixed.

  1. Press the Shift key five (5) times.
  2. The Sticky Keys dialog box should now open, asking “Do you want to turn on Sticky Keys?” An HTML link stating “Go to the Ease of Access Center to disable the keyboard shortcut should also be present.  Click on this HTML link to open an Explorer/Internet Explorer window.
  3. Click on the very beginning of the address bar.  Enter the following into the address bar: C:\Windows\System32\msconfig.  Hit Enter.
  4. The System Configuration utility should now open.  Click on the tab labeled Services.
  5. Find the service called Windows Event Log.  Uncheck the check mark next to it.  Click the Apply button, then click OK.
  6. Restart the offending machine.  Once the machine has rebooted, login as normal.
  7. The desktop and taskbar should appear as they normally do.  Now, to remove the offending event logs.
  8. Open a command prompt as Administrator.
  9. Navigate to C:\Windows\System32\winevt.  Issue a dir command, and note that there is a directory named Logs.
  10. Rename the Logs directory: ren Logs BAD
  11. Open MSCONFIG, and re-enable the Windows Event Log service on the Services tab.
  12. Reboot the machine again.
  13. Upon login, the machine should be working as expected.  You can reboot a few more times to confirm that all appears in working order.

Admittedly, Windows not booting to a desktop for corrupt event logs is somewhat problematic behavior.  In the past, Windows NT and XP would merely complain of corrupt logs when you would try to view them via the Event Viewer.  Vista just refuses to complete the boot sequence.  Hopefully, the steps above allow someone a very quick resolution to this problem.

5 Comments

  1. Alan Wood

    Thank you! After hours of running tools like regedit and chkdsk from the recovery mode of vista, this is what finally did it.

    I only wish I had found this article sooner. 🙂

  2. Esteban Santana Santana

    You should add am “mkdir Logs” right after step 10 since the event log service wont work without it.

  3. mark

    yes this works. but whats next? how do i get my old user back? This creates a TEmp profile every time i log in on vista?
    I feel my vista is teasing me. … u can see but you cant touch !!!

  4. JJT

    @Esteban: I do not seem to recall the machine in question having an issue with no logs directory. It recreated it automatically after re-enabling the service.

    @mark: This does nothing to your user profile, as it only deals with corrupt event logs. It sounds to me like you have a profile issue, and the only solution there is to create a new profile.

  5. Schermann

    I found that my WINDOWS EVENT LOG service and WINDOWS EVENT COLLECTOR service were not working but were still trying to startup!

    So I started ’services.msc’ and ‘disabled’ both services.

    NOW THIS ONLY GETS YOUR COMPUTER UP AND GOING:

    The fix is here…

    Hi guys,

    After doing many researches, I believe this problem is because we changed the permission of a folder incorrectly, the RtBackup folder which is under C:\Windows\System32\LogFiles\WMI\RtBackup .

    I solved the problem by rebooting the system–>safe mode–> go to RtBackup folder —> delete or rename that folder–>

    –> go to another folder –> C:Windows\System32\Winevt\Logs –> delete or rename that folder

    Reenable those disabled services (make sure that the WINDOWS EVENT COLLECTOR service is set to manual) and reboot; FIXED!

    I know this will work for you as it did for me!

© 2022 Baltimoremick

Theme by Anders NorenUp ↑