Hi! I've recently suffered from a virus attack on my server system. It was Win32.Shadow.based (DrWeb) a.k.a. Win32.Kido "series" virus... I performed virus removal operations using DrWeb 5.0 and a special utility from Kaspersky Lab that is called "kidokiller". Everything went ok as it seemed to me. Then I restarted the system and got the error: EventLog service was unable to start, "error 2: file not found"... I tried to fix the problem so here are the steps I did: 1. Performed a disk check using CHKDSK - no problems. 2. The "sfc /scannow" command had no effect. 3. http://social.technet.microsoft.com/Forums/en-US/winservergen/thread/e516aa8b-9304-4fd9-a313-6a1942872df9 - also didn't help. 4. Looked for files related to the EventLog service - the files were present. So I'm stuck... I wonder if I can fix it without reinstalling the OS...

Hello,1) Can you try elevating Eventviewer fromAdministrator and check if it works ?? Start >> Administrative Tools >> Event Viewer Right Click on the Event Viewer and Click Run as and Provide the Credentials.2) Try a Cleanboot and see if it helps.http://support.microsoft.com/kb/929135This Kb can be applied to Windows 2008 Server aswell.keep updating us we will resolve the issue.Thanks and Hope it Helpshttp://technetfaqs.wordpress.com

Thank you for the answer, but I guess I've just found a cure. One "good man" says that the problem origin is in the KidoKiller.exe application as it modifies the registry! I've read the related information on Kaspersky lab forum (in Russian), and there I found out how to fix it. So I'm going to try the solution. I'll write as soon as I get the result.

As I said before, the cure was found! It's the KidoKiller.exe that added (or modified) an entry in the registry to the "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog" branch. It is "Parameters" and it must be deleted. So this is the solution! EventLog started normally. Thank you very much for your attention!

hi The Agent,the information is very useful. thanks for leting us know.sainath Windows Driver Development

As I said before, the cure was found! It's the KidoKiller.exe that added (or modified) an entry in the registry to the "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog" branch. It is "Parameters" and it must be deleted. So this is the solution! EventLog started normally. Thank you very much for your attention! Thanks for your solution. After 3 weeks of tests and going crazy I could solve the problem.