Check Disk (chkdsk) - Read Event Viewer Log

How to Read the Event Viewer Log for Check Disk (chkdsk) in Vista, Windows 7, and Windows 8​

   Information

This will show you how to read the Event Viewer log to see the scan results of Check Disk (chkdsk) in Vista, Windows 7, and Windows 8.

OPTION ONE

To Read chkdsk Results Log Directly in Event Viewer

NOTE: You must be logged in as administrator to be able to open Event Viewer.
1. If you have not already, you will need to have ran Check Disk (chkdsk) in Vista/Windows 7 or Windows 8 prior before it will be in the Event Viewer System log.

2. Press the Windows + R keys to open the Run dialog, type eventvwr.msc, and press Enter.

3. If prompted by UAC, then click on Yes (Windows 7/8) or Continue (Vista).

4. In the left pane of Event Viewer, double click on Windows Logs to expand it, click on Application to select it, then right click on Application and click on Find. (see screenshot below)

5. Copy and paste Chkdsk into the line, and click on Find Next. (see screenshot below)
NOTE: You can continue to click on Find Next to search for other older application logs (if available) for Check Disk (chkdsk) to see them as well.

6. You will now see the system log for the scan results of Check Disk (chkdsk). (see screenshot below)
NOTE: The log will have the Chkdsk tag if Check Disk is ran only from within Windows.

7. Go back to the top of the log file list in the middle pane of Event Viewer, then copy and paste Wininit into the line, and click on Find Next. (see screenshot below step 5)
NOTE: You can continue to click on Find Next to search for other older application logs (if available) for Check Disk (chkdsk) to see them as well.

8. You will now see the system log for the scan results of Check Disk (Wininit). (see screenshot below)
NOTE: The log will have the Wininit tag if the computer has to restart to run Check Disk at startup instead of within Windows.

9. When finished searching for Check Disk (chkdsk) application logs, you can close the Find window. (see screenshot below step 5)

10. When finished, you can close Event Viewer.

OPTION TWO

To Create .txt file on Desktop with chkdsk Results Log

   Note

This option is not available in Vista.

1. Press the Windows + R keys to open the Run dialog, type powershell.exe, and press Enter.

2. In PowerShell, copy and paste the command below, and press Enter. (see screenshot below)
NOTE: To paste the copied command into PowerShell, you will just need to right click in PowerShell.

[COLOR=black]get-winevent -FilterHashTable @{logname="Application"; id="1001"}| ?{$_.providername –match "wininit"} | fl timecreated, message | out-file Desktop\CHKDSKResults.txt[/COLOR]

3. You will now have a CHKDSKResults.txt file created on your desktop that is the log file of your chkdsk scan results from Event Viewer.
That's it,
Shawn

Related Tutorials

---

• How to Run Disk Check in Windows 7
• How to Check a Drive for Errors with "chkdsk" in Windows 8
• How to Change the AUTOCHK Initiation Countdown Time in Windows 7
• How to Reset Check Disk to Not Run at Startup
• How to Read the Event Viewer Log for Memory Diagnostics Tool

 

[PeteSapai]

Regarding running chkdsk on sdd, it is ok (sometimes even recommended) as long as you don't use the /r flag.
Shawn, could you change your warning to "recommended to not run 'chkdsk /r' on an SSD"?

 

[ICIT2LOL]

Hello and welcome Pete well I have run the chkdsk with both the / f and /r switche on my SSD's with no ill effect mind you Shawn might have a different angle on that

 

[PeteSapai]

I don't think /r will damage your ssd. It tries to detect bad sectors which, iirc, is something that an SSD does itself. Shawm mentions that ("SSD's automatically remap worn bits using wear leveling technology"), but forgets to mention that it only applies to the /r switch.

Also:

Yes, it's safe to run CHKDSK on a SSD drive. You just do not want to defrag a SSD though.

Hope this helps,
Shawn

 

[ICIT2LOL]

Yes Pete look I have run the /r switch quite a few times on my SSD's and there has never been a problem that I know of. In fact I run sfc and chkdsk if I even suspect something has gone awry - mind you I also mostly use the Samsung brand and of course the Magician (first) along with the usual TRIM stuff etc.

Personally I have never read anything anywhere that says the chkdsk is bad for SSD's see this (and the notation from Microsoft - heavy stuff and other links )
windows 8 - The value of running CHKDSK on an SSD? - Super User

 

[pxfragonard]

When right-clicking, "Find" is blanked out

When right-clicking, "Find" is blanked out. Any other methods for Vista? I just paste the line in for my 7 machine.

UPDATE: Please ignore post. Found it in eventviewer by scrolling.

 

[Brink]

 

[UsernameIssues]

Brink,

Step 4 probably needs to change a bit:

In the left pane of Event Viewer,
double click on Windows Logs to expand it,
click on Application to select it
then right click on Application
and click on Find.

Your screenshot for step 4 shows that Application was selected before the right click was done.


If you do exactly as step 4 currently says, the center pane should be a list of the event logs and their sizes. Right clicking on Application without selecting it first should give you a context menu where "Find..." is greyed out.



This is what post #84 in your tut thread was talking about.
But it was this post that lead me to look closely at this tut.


In my testing...
...I followed step 4 in the tut exactly as written
...I saw that "Find..." was not enabled
...I selected Application...
...then right clicked on Application
...I saw that "Find..." was enabled.

Now I wanted a screenshot to post with "Find..." greyed out.
I repeated step 4 in the tut exactly as written...
...but now "Find..." was enabled
...and yet - selecting "Find..." failed to produce a search window.



It seems that once "Find..." has been painted as enabled, it will be painted that way on subsequent context menus. But "Find..." is still non-functional until Application is selected prior to right clicking on Application.



You can also see that "Refresh" has been added to the context menu for that second screenshot. "Refresh" is also shown in the context menu in the screenshot under step 4 of this tut. Basically, you can never repeat the context menu shown in my first screenshot once you have created the context menu shown in the second screenshot. You have to exit Event Viewer to get that first screenshot. It took me a while to figure that out.

 

[Brink]

Thank you UNI. Updated.

 

[jraju]

Hi, One more nice tutorial by you, Brink

I found find in the right click application is greyed.
But i used your powershell, technique to get the log i wanted.
What is meant by some 168 unindexed files cleared ...in ...
Would you give the link of usefulness of powershell. Is it dos commands? I only knew from this post about existing of this tool.
This message is often there, whenever i attempt chkdsk /f/r after my computer hangs stand still, wherein i could not use keyboard, mouse, ctrl alt del,tab etc..
Wonderful thinking on your part to include this in the tutorial.

 

[Brink]

Hello jraju,

Yes, that log would be from running chkdsk for clearing unindexed (orphaned) files. This usually indicates drive corruption.

Windows PowerShell is a new Windows command-line shell designed especially for system administrators. Windows PowerShell includes an interactive prompt and a scripting environment that can be used independently or in combination.

https://technet.microsoft.com/en-us/library/dn425048.aspx

 

[apb]

Command version can be fixed for Powershell 2.0

Hmm, method two works great for my Windows 7 machine but doesn't for the Vista machine. I get this message in powershell (image included, couldn't copy/paste.

Hello,

I'm afraid that command requires at least PowerShell 4.0, and it doesn't appear to support Vista.

Download Windows Management Framework 4.0 from Official Microsoft Download Center

I, too, discovered that the command did not work for me in Win 7 sp1 64bit, under Powershell 2.0. The problem is that "Desktop" cannot be used as is.

However, it is possible to fix it to work thus:

PS C:\> get-winevent -FilterHashTable @{logname="Application"; id="1001"}| ?{$_.
providername -match "wininit"} | fl timecreated, message | out-file $env:UserPro
file\desktop\CHKDSKResults.txt

This of course depends on the env variable existing and one's desktop actually being in the user folder, and not somewhere else.

It is probably also possible to use

[Environment]::GetFolderPath("Desktop")

which returns the correct path for me, but I haven't figured out how to use it in the Powershell command. That would be a better solution, since it would still work if the desktop had been relocated.

--peter

 

[apb]

A couple more comments on the Powershell command method.

1. Why even bother with figuring out where the desktop is? Why not just redirect the output to a file you actually want it in:

get-winevent -FilterHashTable @{logname="Application"; id="1001"}| ?{$_. providername -match "wininit"} | fl timecreated, message >> path-of-where-I-want-to-put-it.txt

That way, we don't care how to find the desktop.

2. Usually, one only wants the last chkdsk result, but the command returns multiple ones. It's not clear to me how to have it spit out only the last one?

 

[apb]

Oh, and yet another comment. The log file that is produced with the command version is in unicode, which is double the size actually needed, unless there are actual unicode characters, and is not very readable with an editor that does not understand unicode. The easiest way I have found to convert a unicode file to an ascii file is the windows shell command:

type existing-unicode-filename > new-ascii-filename