Windows Event Log service won't start - how to figure out cause

Windows Event Log service will not start, it says "Error 2: The system cannot find the file specified." I've tried sfc /scannow and it reported zero issues. All other services start up fine, so svchost.exe isn't the issue. I'm guessing there is some permission or path issue or missing file, but I don't what I should do to find out where it is failing. Is process explorer useful in this situation? If so, what do I watch for?

EDIT

After watching what failed using Process Monitor, the "fix" for my particular situation was to create a registry key at HKLM\System\CurrentControlSet\services\eventlog\Parameters\ServiceDll containing the same value as the key HKLM\System\CurrentControlSet\services\eventlog\ServiceDll

I'm a big fan of mysterious windows self-reconfigurations.

Solution 1:

Process Monitor would be more useful than Process Explorer. You would filter on only the executable that is used by the service. I don't have a Win7 box in front of me, so I can't check what that is.

Run it, try to start the service, and see what fails.

Solution 2:

Are the event logs trying to write to a location that isn't there? Rt-Click on a particular windows event log and select properties. Look at the path that the logs are writing to. Is it something other then the default windir, for example another drive that isn't there?