The Windows Club

TheWindowsClub covers authentic Windows 11, Windows 10 tips, tutorials, how-to's, features, freeware. Created by Anand Khanse, MVP.

How to delete corrupt Event Viewer Log files in Windows Server

Download Windows Speedup Tool to fix errors and make PC run faster

If the *.evt files are corrupted, you may encounter the error messages mentioned here. There are various reasons why the Event Viewer log files can be corrupted; however, to resolve this, we need to delete the files. In this post, we will see how you can delete corrupt Event Viewer log files in Windows Server or Windows 11/10 to get rid of the resultant errors.

The handle is invalid

Dr. Watson Services.exe
Exception: Access Violation (0xc0000005), Address: 0x76e073d4

After you click on OK or cancel on the Dr. Watson error message, you may also receive the following error message:

Event Viewer
Remote Procedure Call failed

Delete corrupt Event Viewer Log files in Windows Server

Event Viewer logs can become corrupted for several reasons, including unexpected system shutdowns, malware attacks, or hardware failures. Other causes include exceeding log size limits, improper configurations, or incomplete system updates. Corruption may also occur if the EventLog service encounters issues while writing to the log files. To resolve this, we are going to clear the corrupted logs.

Depending on your partition type, you can use one of the following methods to delete corrupt Event Viewer Log files in Windows Server.

  • NTFS Partition
  • FAT Partition

Let us discuss them in detail.

NTFS Partition

An NTFS partition is part of a storage device set up using the NTFS system created by Microsoft. It’s commonly used in Windows because it offers useful features like file compression, encryption, and better data security. If you have NTFS Partition, this method is for you.

Read: How to disable Windows Event Log

Since we are going to change the registry, it is important to create a backup of the same as it can be used in case something goes wrong. To create a backup in Registry Editor, you need to go to File > Export, go to the location where you want to store the file and save the file.

Once done, follow the steps mentioned below.

Open Windows Services by opening Run (Win + R), type “services.msc”, and click OK.

Now, you need to look for the Event Log (or Windows Event Log) Service, right-click on it, ans select Properties.

In the General tab, set the Startup type to Disabled, and click on Stop.

There is an alternate method that you can try to stop the service.

Open the Registry Editor and go to:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog

Look for the Start value, double-click it, and set its Value data to 4. Then click OK.

Reboot your computer. If you get a message stating that a few services are stopped, don’t worry; just proceed with this solution.

Now, open the File Explorer and go to %SystemRoot%\System32\Config.

You then have to either delete or move corrupt *.evt files.

This way, you can delete the corrupted Event Log files.

However, once you are done, delete the files, open the Services Manager, look for the Event Log (or Windows Event Log) service, go to its Properties, change its Startup type to Automatic, and click on Start.

Read: Event Viewer not working in Windows Server

FAT Partition

delete corrupt Event Viewer Log files

A FAT partition uses the File Allocation Table (FAT) system, commonly FAT32 or exFAT, for organizing and storing files. It is simple, compatible across devices and platforms, and ideal for removable storage. In FAT, you can use the method mentioned there or an alternate method. To do so, you need to follow the steps mentioned below.

  1. First of all, create a DOS bootable disk using tools like Rufus or a similar utility. Insert a USB drive, open Rufus, select FreeDOS as the boot option and create the bootable disk.
  2. Now, you need to configure BIOS to boot from USB Drive.
  3. Once in the DOS prompt, navigate to the directory containing the corrupt Event Viewer log files. You can use the run: cd %SystemRoot%\System32\Config.
  4. Identify the corrupt .evt file (e.g., Sysevent.evt, Appevent.evt, or Secevent.evt).
  5. Rename or move the file using commands like: rename Sysevent.evt Sysevent.old or move Sysevent.evt C:\CorruptedFiles.

That is how you can remove, rename, or move the corrupt Event Viewer Log files.

Read: Where is the BSOD log file location in Windows?

How to fix ERROR_CORRUPT_LOG_CLEARED?

To fix the ERROR_CORRUPT_LOG_CLEARED, first, scan your drive using the command chkdsk C: /f /r /x in Command Prompt, and restart your PC to check for volume corruption. Then, verify the SMART status of your drives by running wmic diskdrive get status; if the status isn’t “OK,” replace failing drives. Repair system files using the sfc /scannow command, and if needed, run DISM /Online /Cleanup-Image /RestoreHealth. Lastly, review Event Viewer logs for disk-related errors under Windows Logs > System and troubleshoot any identified issues. These steps address the problem effectively and ensure system health.

Read: Windows Event Log Service not starting or is unavailable

How do I delete corrupted log files?

To delete corrupted log files, first, open the folder where the logs are stored, such as %SystemRoot%\System32\Config. Identify the corrupted files, like .evt files, and then use Command Prompt with administrative privileges or File Explorer to rename or delete them.

Also Read: Export Event Viewer Logs in Windows.

AnandK@TWC

Anand Khanse is the Admin of TheWindowsClub.com, a 10-year Microsoft MVP (2006-16) & a Windows Insider MVP (2016-2022). Please read the entire post & the comments first, create a System Restore Point before making any changes to your system & be careful about any 3rd-party offers while installing freeware.

Reader Interactions

Leave a Reply

Your email address will not be published. Required fields are marked *

Live Chat Button