Updates Fail, Slow Response, Fail to Connect to a Windows Service, etc

Page 2 of 3 FirstFirst 123 LastLast

  1. Posts : 43
    Windows 7 Ultimate x64
    Thread Starter
       #11

    It still gives me the same result after CheckSUR.

    And by Event Viewer, do you mean the one that I can open by typing 'event viewer' in the 'Start' -> search bar?
    If so, it is giving me an error message saying: "Event Log service is unavailable. Verify that the service is running."
    and there's no log anywhere.
    The only thing showing on the left pane of Event Viewer is 'Event Viewer (Local)'.
    in the middle is that error message from above,
    and the right pane just contains Event Viewer (Local)'s 'Connect to Another computer...' 'view' 'Refresh' 'Help'.

    Do you think a video driver or chipsets has something to do with this kind of problems? 'cause when I searched through the internet, I found some of people recommending to try updating them to the newest.

    Every time I reinstalled Windows 7 (7 times in total), I just reused chipsets, video drivers, usb, and audio updates that I've put in my usb flash drive because that's convenient.
    If those files were happened to be corrupted and I used them to install, wouldn't that can be the cause of these problems?
      My Computer


  2. Posts : 21,482
    Win 7 x64 Home Premium (and x86 VirtualBox VM)/Win10
       #12

    Ahah! another clue :)

    Please open an Elevated Command Prompt, and run the following commands

    NET START EVENTLOG
    SC QC EVENTLOG
    NET START WECSVC
    SC QC WECSVC
    NET START EVENTSYSTEM
    SC QC EVENTSYSTEM

    post the results.
      My Computer


  3. Posts : 43
    Windows 7 Ultimate x64
    Thread Starter
       #13

    Command Prompt Result


    Here's a result of running those commands:


    Code:
    Microsoft Windows [Version 6.1.7601]
    Copyright (c) 2009 Microsoft Corporation.  All rights reserved.
    
    C:\Windows\system32>NET START EVENTLOG
    The Windows Event Log service is starting.
    The Windows Event Log service was started successfully.
    
    
    C:\Windows\system32>SC QC EVENTLOG
    [SC] QueryServiceConfig SUCCESS
    
    SERVICE_NAME: EVENTLOG
            TYPE               : 20  WIN32_SHARE_PROCESS
            START_TYPE         : 2   AUTO_START
            ERROR_CONTROL      : 1   NORMAL
            BINARY_PATH_NAME   : C:\Windows\System32\svchost.exe -k LocalServiceNetw
    orkRestricted
            LOAD_ORDER_GROUP   : Event Log
            TAG                : 0
            DISPLAY_NAME       : Windows Event Log
            DEPENDENCIES       :
            SERVICE_START_NAME : NT AUTHORITY\LocalService
    
    C:\Windows\system32>NET START WECSVC
    The Windows Event Collector service is starting........
    The Windows Event Collector service could not be started.
    
    More help is available by typing NET HELPMSG 3523.
    
    
    C:\Windows\system32>SC QC WECSVC
    [SC] QueryServiceConfig SUCCESS
    
    SERVICE_NAME: WECSVC
            TYPE               : 20  WIN32_SHARE_PROCESS
            START_TYPE         : 3   DEMAND_START
            ERROR_CONTROL      : 1   NORMAL
            BINARY_PATH_NAME   : C:\Windows\system32\svchost.exe -k NetworkService
            LOAD_ORDER_GROUP   :
            TAG                : 0
            DISPLAY_NAME       : Windows Event Collector
            DEPENDENCIES       : HTTP
                               : Eventlog
            SERVICE_START_NAME : NT AUTHORITY\NetworkService
    
    C:\Windows\system32>NET START EVENTSYSTEM
    The requested service has already been started.
    
    More help is available by typing NET HELPMSG 2182.
    
    
    C:\Windows\system32>SC QC EVENTSYSTEM
    [SC] QueryServiceConfig SUCCESS
    
    SERVICE_NAME: EVENTSYSTEM
            TYPE               : 20  WIN32_SHARE_PROCESS
            START_TYPE         : 2   AUTO_START
            ERROR_CONTROL      : 1   NORMAL
            BINARY_PATH_NAME   : C:\Windows\system32\svchost.exe -k LocalService
            LOAD_ORDER_GROUP   :
            TAG                : 0
            DISPLAY_NAME       : COM+ Event System
            DEPENDENCIES       : rpcss
            SERVICE_START_NAME : NT AUTHORITY\LocalService
    
    C:\Windows\system32>
      My Computer


  4. Posts : 21,482
    Win 7 x64 Home Premium (and x86 VirtualBox VM)/Win10
       #14

    It looks as if there's something wrong with the Event Collector Service.
    Catch 22 applies here - the only sensible data would be in the Event Viewer- but that can't be used because teh Even Collector Service can't start... :)

    Best check the Dependency service, I suppose...

    Please run the following commands, and post the results.

    NET START HTTP
    SC QC HTTP

    (I'm off to bed - see you tomorrow!)
      My Computer


  5. Posts : 43
    Windows 7 Ultimate x64
    Thread Starter
       #15

    Result


    Here's a result of command prompt.
    And ok, good night :)

    Code:
    Microsoft Windows [Version 6.1.7601]
    Copyright (c) 2009 Microsoft Corporation.  All rights reserved.
    
    C:\Windows\system32>NET START HTTP
    The requested service has already been started.
    
    More help is available by typing NET HELPMSG 2182.
    
    
    C:\Windows\system32>SC QC HTTP
    [SC] QueryServiceConfig SUCCESS
    
    SERVICE_NAME: HTTP
            TYPE               : 1  KERNEL_DRIVER
            START_TYPE         : 3   DEMAND_START
            ERROR_CONTROL      : 1   NORMAL
            BINARY_PATH_NAME   : system32\drivers\HTTP.sys
            LOAD_ORDER_GROUP   :
            TAG                : 0
            DISPLAY_NAME       : HTTP
            DEPENDENCIES       :
            SERVICE_START_NAME :
    
    C:\Windows\system32>
      My Computer


  6. Posts : 21,482
    Win 7 x64 Home Premium (and x86 VirtualBox VM)/Win10
       #16

    The chances are that your Eventlog problems are caused by corrupted logs
    We'll have to see what logs are likely to be the cause, and rename them.

    Please run the following commands in an Elevated Command prompt, and post the results.

    DIR C:\Windows\System32\winevt\logs /on
    ICACLS C:\Windows\System32\winevt\logs
      My Computer


  7. Posts : 43
    Windows 7 Ultimate x64
    Thread Starter
       #17

    Result of Command Prompt


    Here's a result:

    Code:
    Microsoft Windows [Version 6.1.7601]
    Copyright (c) 2009 Microsoft Corporation.  All rights reserved.
    
    C:\Windows\system32>DIR C:\Windows\System32\winevt\logs /on
     Volume in drive C has no label.
     Volume Serial Number is 127B-6585
    
     Directory of C:\Windows\System32\winevt\logs
    
    12/18/2012  04:50 PM    <DIR>          .
    12/18/2012  04:50 PM    <DIR>          ..
    12/21/2012  12:25 PM         2,166,784 Application.evtx
    12/14/2012  10:09 PM            69,632 HardwareEvents.evtx
    12/14/2012  10:09 PM            69,632 Internet Explorer.evtx
    12/14/2012  10:09 PM            69,632 Key Management Service.evtx
    12/14/2012  10:09 PM            69,632 Media Center.evtx
    12/14/2012  10:09 PM            69,632 Microsoft-Windows-Application-Experience%
    4Problem-Steps-Recorder.evtx
    12/21/2012  12:41 AM            69,632 Microsoft-Windows-Application-Experience%
    4Program-Compatibility-Assistant.evtx
    12/14/2012  10:09 PM            69,632 Microsoft-Windows-Application-Experience%
    4Program-Compatibility-Troubleshooter.evtx
    12/15/2012  02:35 PM            69,632 Microsoft-Windows-Application-Experience%
    4Program-Inventory.evtx
    12/16/2012  02:21 AM            69,632 Microsoft-Windows-Application-Experience%
    4Program-Telemetry.evtx
    12/14/2012  10:57 PM            69,632 Microsoft-Windows-Audio%4CaptureMonitor.e
    vtx
    12/14/2012  10:57 PM            69,632 Microsoft-Windows-Audio%4Operational.evtx
    
    12/21/2012  12:41 AM         1,052,672 Microsoft-Windows-Bits-Client%4Operationa
    l.evtx
    12/21/2012  12:27 PM         1,052,672 Microsoft-Windows-BranchCacheSMB%4Operati
    onal.evtx
    12/21/2012  12:44 PM            69,632 Microsoft-Windows-Dhcp-Client%4Admin.evtx
    
    12/21/2012  12:41 AM            69,632 Microsoft-Windows-Dhcpv6-Client%4Admin.ev
    tx
    12/21/2012  12:41 AM         1,052,672 Microsoft-Windows-Diagnosis-DPS%4Operatio
    nal.evtx
    12/15/2012  02:35 PM            69,632 Microsoft-Windows-Diagnosis-Scheduled%4Op
    erational.evtx
    12/18/2012  04:45 PM            69,632 Microsoft-Windows-Diagnosis-Scripted%4Adm
    in.evtx
    12/18/2012  04:45 PM            69,632 Microsoft-Windows-Diagnosis-Scripted%4Ope
    rational.evtx
    12/18/2012  04:50 PM            69,632 Microsoft-Windows-Diagnosis-ScriptedDiagn
    osticsProvider%4Operational.evtx
    12/21/2012  12:41 AM         1,052,672 Microsoft-Windows-Diagnostics-Performance
    %4Operational.evtx
    12/21/2012  12:45 PM         1,052,672 Microsoft-Windows-DriverFrameworks-UserMo
    de%4Operational.evtx
    12/21/2012  12:41 AM            69,632 Microsoft-Windows-Fault-Tolerant-Heap%4Op
    erational.evtx
    12/21/2012  12:37 PM         1,118,208 Microsoft-Windows-GroupPolicy%4Operationa
    l.evtx
    12/14/2012  10:57 PM            69,632 Microsoft-Windows-Help%4Operational.evtx
    12/21/2012  12:41 AM            69,632 Microsoft-Windows-HomeGroup Provider Serv
    ice%4Operational.evtx
    12/21/2012  12:35 PM            69,632 Microsoft-Windows-Kernel-EventTracing%4Ad
    min.evtx
    12/14/2012  10:09 PM            69,632 Microsoft-Windows-Kernel-Power%4Thermal-O
    perational.evtx
    12/14/2012  10:09 PM            69,632 Microsoft-Windows-Kernel-StoreMgr%4Operat
    ional.evtx
    12/14/2012  10:09 PM            69,632 Microsoft-Windows-Kernel-WHEA%4Errors.evt
    x
    12/21/2012  12:31 PM         1,052,672 Microsoft-Windows-Kernel-WHEA%4Operationa
    l.evtx
    12/21/2012  12:41 AM            69,632 Microsoft-Windows-Known Folders API Servi
    ce.evtx
    12/15/2012  02:35 PM            69,632 Microsoft-Windows-LanguagePackSetup%4Oper
    ational.evtx
    12/14/2012  07:29 PM            69,632 Microsoft-Windows-MUI%4Admin.evtx
    12/15/2012  02:35 PM            69,632 Microsoft-Windows-MUI%4Operational.evtx
    12/14/2012  10:09 PM            69,632 Microsoft-Windows-NCSI%4Operational.evtx
    12/14/2012  07:29 PM            69,632 Microsoft-Windows-NetworkAccessProtection
    %4Operational.evtx
    12/14/2012  07:29 PM            69,632 Microsoft-Windows-NetworkAccessProtection
    %4WHC.evtx
    12/14/2012  08:01 PM            69,632 Microsoft-Windows-NetworkLocationWizard%4
    Operational.evtx
    12/21/2012  12:26 PM         1,052,672 Microsoft-Windows-NetworkProfile%4Operati
    onal.evtx
    12/21/2012  12:27 PM            69,632 Microsoft-Windows-OfflineFiles%4Operation
    al.evtx
    12/14/2012  10:57 PM            69,632 Microsoft-Windows-PrintService%4Admin.evt
    x
    12/21/2012  12:41 AM            69,632 Microsoft-Windows-ReadyBoost%4Operational
    .evtx
    12/21/2012  12:41 AM            69,632 Microsoft-Windows-ReliabilityAnalysisComp
    onent%4Operational.evtx
    12/14/2012  10:57 PM            69,632 Microsoft-Windows-RemoteDesktopServices-R
    dpCoreTS%4Admin.evtx
    12/14/2012  10:57 PM            69,632 Microsoft-Windows-RemoteDesktopServices-R
    dpCoreTS%4Operational.evtx
    12/14/2012  10:57 PM            69,632 microsoft-windows-RemoteDesktopServices-R
    emoteDesktopSessionManager%4Admin.evtx
    12/21/2012  12:41 AM            69,632 Microsoft-Windows-Resource-Exhaustion-Det
    ector%4Operational.evtx
    12/21/2012  12:41 AM            69,632 Microsoft-Windows-Resource-Exhaustion-Res
    olver%4Operational.evtx
    12/14/2012  07:29 PM            69,632 Microsoft-Windows-RestartManager%4Operati
    onal.evtx
    12/14/2012  10:57 PM            69,632 Microsoft-Windows-TerminalServices-Client
    USBDevices%4Admin.evtx
    12/14/2012  10:57 PM            69,632 Microsoft-Windows-TerminalServices-Client
    USBDevices%4Operational.evtx
    12/14/2012  10:09 PM            69,632 Microsoft-Windows-TerminalServices-LocalS
    essionManager%4Admin.evtx
    12/21/2012  12:41 AM            69,632 Microsoft-Windows-TerminalServices-LocalS
    essionManager%4Operational.evtx
    12/14/2012  10:57 PM            69,632 Microsoft-Windows-TerminalServices-RDPCli
    ent%4Operational.evtx
    12/14/2012  10:57 PM            69,632 Microsoft-Windows-TerminalServices-Remote
    ConnectionManager%4Admin.evtx
    12/14/2012  10:57 PM            69,632 Microsoft-Windows-TerminalServices-Remote
    ConnectionManager%4Operational.evtx
    12/14/2012  10:57 PM            69,632 Microsoft-Windows-TerminalServices-Server
    USBDevices%4Admin.evtx
    12/14/2012  10:57 PM            69,632 Microsoft-Windows-TerminalServices-Server
    USBDevices%4Operational.evtx
    12/21/2012  12:36 PM            69,632 Microsoft-Windows-User Profile Service%4O
    perational.evtx
    12/21/2012  12:41 AM            69,632 Microsoft-Windows-WER-Diag%4Operational.e
    vtx
    12/14/2012  09:51 PM            69,632 Microsoft-Windows-Windows Defender%4Opera
    tional.evtx
    12/14/2012  09:51 PM            69,632 Microsoft-Windows-Windows Defender%4WHC.e
    vtx
    12/14/2012  10:09 PM            69,632 Microsoft-Windows-Windows Firewall With A
    dvanced Security%4ConnectionSecurity.evtx
    12/21/2012  12:26 PM         1,052,672 Microsoft-Windows-Windows Firewall With A
    dvanced Security%4Firewall.evtx
    12/14/2012  07:29 PM            69,632 Microsoft-Windows-WindowsBackup%4ActionCe
    nter.evtx
    12/15/2012  02:35 PM         1,052,672 Microsoft-Windows-WindowsSystemAssessment
    Tool%4Operational.evtx
    12/21/2012  12:41 AM         1,052,672 Microsoft-Windows-WindowsUpdateClient%4Op
    erational.evtx
    12/14/2012  10:09 PM            69,632 Microsoft-Windows-Winlogon%4Operational.e
    vtx
    12/21/2012  12:26 PM         1,052,672 Microsoft-Windows-WLAN-AutoConfig%4Operat
    ional.evtx
    12/21/2012  12:25 PM         4,263,936 Security.evtx
    12/20/2012  01:18 AM         1,052,672 Setup.evtx
    12/21/2012  12:25 PM        18,944,000 System.evtx
    12/14/2012  10:09 PM            69,632 Windows PowerShell.evtx
                  75 File(s)     43,233,280 bytes
                   2 Dir(s)  73,580,122,112 bytes free
    
    C:\Windows\system32>ICACLS C:\Windows\System32\winevt\logs
    C:\Windows\System32\winevt\logs NT SERVICE\eventlog:(OI)(CI)(F)
                                    NT AUTHORITY\SYSTEM:(OI)(CI)(F)
                                    BUILTIN\Administrators:(OI)(CI)(F)
                                    NT AUTHORITY\Authenticated Users:(CI)(R)
    
    Successfully processed 1 files; Failed processing 0 files
    
    C:\Windows\system32>
      My Computer


  8. Posts : 21,482
    Win 7 x64 Home Premium (and x86 VirtualBox VM)/Win10
       #18

    It looks like it's the System log that's stuck
    we need to delete it, after saving the file to the desktop for any forensics..
    Reboot to Safe Mode with Command prompt, and run

    NET STOP EVENTLOG
    COPY C:\Windows\System32\winevt\logs\system.evtx %userprofile%\desktop
    DEL C:\Windows\System32\winevt\logs\system.evtx

    The reboot to normal mode, and see if you can now open Event Viewer
      My Computer


  9. Posts : 43
    Windows 7 Ultimate x64
    Thread Starter
       #19

    It's working! I can open Event Viewer now!
    Then, shall I follow the guide you posted on the 1st page and post the compressed files of Apps.evtx and Sys.evtx?
      My Computer


  10. Posts : 43
    Windows 7 Ultimate x64
    Thread Starter
       #20

    Apps.evtx and Sys.evtx


    Here are Apps.evtx and Sys.evtx from Event Viewer:
      My Computer


 
Page 2 of 3 FirstFirst 123 LastLast

  Related Discussions
Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd
All times are GMT -5. The time now is 02:21.
Find Us