Reading Windows logs


ICIT2LOL

ICIT2LOL

Well-known member
Member
VIP
Local time
6:49 PM
Posts
1,359
Location
Central West NSW Australia
OS
Windows 11 Pro Build 21H2
I ran sfc /scannow and got the result in the pic yet I cannot find the reported logs any ideas please?LOGS.png
I searched the command line in C: drive but it tells me it cannot find them.
 

My Computer

System One

  • OS
    Windows 11 Pro Build 21H2
    Computer type
    Laptop
    Manufacturer/Model
    Asus
    CPU
    i7 -10510U
    Motherboard
    Asus
    Memory
    Samsung 16GB DDR4 2666 MHz
    Graphics Card(s)
    On board Intel
    Sound Card
    N/a
    Monitor(s) Displays
    Genaric
    Hard Drives
    Samsung 970 Pro NMe
    PSU
    N/A
    Case
    N/A
    Cooling
    Asus in built
    Keyboard
    Generic
    Mouse
    Logitec Wireless
    Internet Speed
    50MB max
    Browser
    Edge
Fabler2

Fabler2

Well-known member
Power User
VIP
Local time
8:49 AM
Posts
1,880
OS
Win 11 Pro & Dev.
That's odd. I just copy C:\Windows\Logs\CBS\CBS.log and then paste.

2022-08-21 05_59_39-CBS.log - Notepad.png
 

My Computers

System One System Two

  • OS
    Win 11 Pro & Dev.
    Computer type
    Laptop
    Manufacturer/Model
    ASUS VivoBook
    CPU
    AMD Ryzen 7 3700U with Radeon Vega Mobile Gfx
    Motherboard
    ASUSTeK COMPUTER INC. X509DA (FP5)
    Memory
    12GB
    Graphics Card(s)
    RX Vega 10 Graphics
    Monitor(s) Displays
    Generic PnP Monitor (1920x1080@60Hz)
    Screen Resolution
    1920x1080@60Hz
    Hard Drives
    INTEL SSD 660p 512GB NVMe
    Internet Speed
    25 Mbps
    Browser
    Edge
    Antivirus
    Defender
  • Operating System
    Windows 11
    Computer type
    Laptop
    Manufacturer/Model
    ACER
    CPU
    AMD Ryzen 7 5800H / 3.2 GHz
    Motherboard
    CZ Scala_CAS (FP6)
    Memory
    16 GB (2 x 8 GB) DDR4 SDRAM 3200 MHz
    Graphics card(s)
    NVIDIA GeForce RTX 3060 6 GB GDDR6 SDRAM
    Sound Card
    Realtek Audio. NVIDIA High Definition Audio
    Monitor(s) Displays
    15.6" LED backlight 1920 x 1080 (Full HD) 144 Hz
    Screen Resolution
    1920 x 1080 (Full HD)
    Hard Drives
    1.024 TB SSD M.2 2280 - Samsung
    PSU
    180 Watt, 19.5 V
    Mouse
    Logitech
    Internet Speed
    25 Mbps
    Browser
    Edge
    Antivirus
    Defender
Bree

Bree

Well-known member
Guru
VIP
Local time
8:49 AM
Posts
6,459
Location
S/E England, UK
OS
Windows 11 Home
ICIT2LOL said:
I ran sfc /scannow and got the result in the pic yet I cannot find the reported logs any ideas please?View attachment 36985
I searched the command line in C: drive but it tells me it cannot find them.
Click to expand...
There is a lot more recorded in CBS.log besides the SFC results. To see just those files SFC did (or could not) replace use Option Three here:

www.elevenforum.com

Use System File Checker (SFC) to Repair System Files in Windows 11 Tutorial

System File Checker (SFC) is a tool built into Windows that will check for system file corruption. The SFC /SCANNOW command scans and verifies the integrity of all protected system files and replaces missing or corrupted versions with correct versions when possible. If this command discovers...
www.elevenforum.com www.elevenforum.com

There is just one other type of SFC 'successful repair' result that won't appear in the above. That is when SFC just repairs permissions or ownership that were set twice. This is a trivial error that does no harm if left uncorrected. Here is an example:

Code: 
2022-08-21 10:50:23, Info                  CSI    00000096 [SR] Beginning Verify and Repair transaction
2022-08-21 10:50:24, Info                  CSI    00000097 Warning: Overlap: Directory \??\C:\Windows\System32\drivers\en-US\ is owned twice or has its security set twice
   Original owner: Microsoft-Windows-Foundation-Default-Security.Resources, version 10.0.19041.1, arch amd64, culture [l:5]'en-US', nonSxS, pkt {l:8 b:31bf3856ad364e35}
   New owner: Microsoft-Windows-Foundation-Default-Security.Resources, version 10.0.19041.1, arch amd64, culture [l:5]'en-US', nonSxS, pkt {l:8 b:31bf3856ad364e35}
2022-08-21 10:50:24, Info                  CSI    00000098 Warning: Overlap: Directory \??\C:\Windows\System32\wbem\en-US\ is owned twice or has its security set twice
   Original owner: Microsoft-Windows-Foundation-Default-Security.Resources, version 10.0.19041.1, arch amd64, culture [l:5]'en-US', nonSxS, pkt {l:8 b:31bf3856ad364e35}
   New owner: Microsoft-Windows-Foundation-Default-Security.Resources, version 10.0.19041.1, arch amd64, culture [l:5]'en-US', nonSxS, pkt {l:8 b:31bf3856ad364e35}
2022-08-21 10:50:24, Info                  CSI    00000099 Warning: Overlap: Directory \??\C:\Windows\help\mui\0409\ is owned twice or has its security set twice
   Original owner: Microsoft-Windows-Foundation-Default-Security.Resources, version 10.0.19041.1, arch amd64, culture [l:5]'en-US', nonSxS, pkt {l:8 b:31bf3856ad364e35}
   New owner: Microsoft-Windows-Foundation-Default-Security.Resources, version 10.0.19041.1, arch amd64, culture [l:5]'en-US', nonSxS, pkt {l:8 b:31bf3856ad364e35}
2022-08-21 10:50:25, Info                  CSI    0000009a [SR] Verify complete

To find those, search CBS.log for the word 'twice'.
 

My Computers

System One System Two

  • OS
    Windows 11 Home
    Computer type
    Laptop
    Manufacturer/Model
    Acer Aspire 3 A315-23
    CPU
    AMD Athlon Silver 3050U
    Memory
    8GB
    Graphics Card(s)
    Radeon Graphics
    Monitor(s) Displays
    laptop screen
    Screen Resolution
    1366x768 native resolution, up to 2560x1440 with Radeon Virtual Super Resolution
    Hard Drives
    1TB Samsung EVO 870 SSD
    Browser
    Edge, Firefox
    Antivirus
    Defender
    Other Info
    fully 'Windows 11 ready' laptop. Windows 10 C: partition migrated from my old unsupported 'main machine' then upgraded to 11. A test migration ran Insider builds for 2 months. When 11 was released on 5th October it was re-imaged back to 10 and was offered the upgrade in Windows Update on 20th October. Windows Update offered the 22H2 Feature Update on 20th September 2022.

    My SYSTEM THREE is a Dell Latitude 5410, i7-10610U, 32GB RAM, 512GB ssd, Windows 11 Pro.

    My SYSTEM FOUR is a 2-in-1 convertible Lenovo Yoga 11e 20DA, Celeron N2930, 4GB RAM, 128GB ssd. Unsupported device: currently running Win10 Pro, plus Win11 Pro 22H2 Insider Release Preview as a native boot vhdx.
  • Operating System
    Windows 11 Pro
    Computer type
    Laptop
    Manufacturer/Model
    Dell Lattitude E4310
    CPU
    i5 M 520
    Motherboard
    0T6M8G
    Memory
    4GB
    Screen Resolution
    1366x768
    Hard Drives
    500GB HDD
    Browser
    Firefox, Edge
    Antivirus
    Defender
    Other Info
    unsupported machine: Legacy bios, MBR, TPM 1.2, upgraded from W10 to W11 using W10/W11 hybrid install media workaround. In-place upgrade to 22H2 using ISO and a workaround.

    My SYSTEM THREE is a Dell Latitude 5410, i7-10610U, 32GB RAM, 512GB ssd, Windows 11 Pro.

    My SYSTEM FOUR is a 2-in-1 convertible Lenovo Yoga 11e 20DA, Celeron N2930, 4GB RAM, 128GB ssd. Unsupported device: currently running Win10 Pro, plus Win11 Pro 22H2 Insider Release Preview as a native boot vhdx.
x BlueRobot

x BlueRobot

Active member
Member
Local time
8:49 AM
Posts
147
OS
Windows 11
Bree said:
To see just those files SFC did (or could not) replace use Option Three here:
Click to expand...
I would not generally filter the CBS log just to the [SR] entries since you're going to remove some important context to the errors it managed to find and repair.
 

My Computer

System One

  • OS
    Windows 11
Bree

Bree

Well-known member
Guru
VIP
Local time
8:49 AM
Posts
6,459
Location
S/E England, UK
OS
Windows 11 Home
x BlueRobot said:
I would not generally filter the CBS log just to the [SR] entries since you're going to remove some important context to the errors it managed to find and repair.
Click to expand...
@Brink's tutorial says it is sufficient to search for [SR] and who am I to argue with him. This finds all cases where a corrupt file has been replaced from the component store, and those where it cannot be replaced because the store copy is also corrupt, then a DISM /RestoreHealth is required before running SFC again.
 

My Computers

System One System Two

  • OS
    Windows 11 Home
    Computer type
    Laptop
    Manufacturer/Model
    Acer Aspire 3 A315-23
    CPU
    AMD Athlon Silver 3050U
    Memory
    8GB
    Graphics Card(s)
    Radeon Graphics
    Monitor(s) Displays
    laptop screen
    Screen Resolution
    1366x768 native resolution, up to 2560x1440 with Radeon Virtual Super Resolution
    Hard Drives
    1TB Samsung EVO 870 SSD
    Browser
    Edge, Firefox
    Antivirus
    Defender
    Other Info
    fully 'Windows 11 ready' laptop. Windows 10 C: partition migrated from my old unsupported 'main machine' then upgraded to 11. A test migration ran Insider builds for 2 months. When 11 was released on 5th October it was re-imaged back to 10 and was offered the upgrade in Windows Update on 20th October. Windows Update offered the 22H2 Feature Update on 20th September 2022.

    My SYSTEM THREE is a Dell Latitude 5410, i7-10610U, 32GB RAM, 512GB ssd, Windows 11 Pro.

    My SYSTEM FOUR is a 2-in-1 convertible Lenovo Yoga 11e 20DA, Celeron N2930, 4GB RAM, 128GB ssd. Unsupported device: currently running Win10 Pro, plus Win11 Pro 22H2 Insider Release Preview as a native boot vhdx.
  • Operating System
    Windows 11 Pro
    Computer type
    Laptop
    Manufacturer/Model
    Dell Lattitude E4310
    CPU
    i5 M 520
    Motherboard
    0T6M8G
    Memory
    4GB
    Screen Resolution
    1366x768
    Hard Drives
    500GB HDD
    Browser
    Firefox, Edge
    Antivirus
    Defender
    Other Info
    unsupported machine: Legacy bios, MBR, TPM 1.2, upgraded from W10 to W11 using W10/W11 hybrid install media workaround. In-place upgrade to 22H2 using ISO and a workaround.

    My SYSTEM THREE is a Dell Latitude 5410, i7-10610U, 32GB RAM, 512GB ssd, Windows 11 Pro.

    My SYSTEM FOUR is a 2-in-1 convertible Lenovo Yoga 11e 20DA, Celeron N2930, 4GB RAM, 128GB ssd. Unsupported device: currently running Win10 Pro, plus Win11 Pro 22H2 Insider Release Preview as a native boot vhdx.
x BlueRobot

x BlueRobot

Active member
Member
Local time
8:49 AM
Posts
147
OS
Windows 11
Bree said:
@Brink's tutorial says it is sufficient to search for [SR] and who am I to argue with him.
Click to expand...
Why? It's questionable advice.

There are many errors within the CBS log which are pretty useless unless you look at the surrounding context. Some problems may not even be logged as errors. DISM is fairly okay at repairing file corruption but more often than not it will fail as well; it isn't very good at repairing nuanced problems which are typically due to registry corruption.

@ICIT2LOL I would open a command prompt and then the following command:

Rich (BB code): 
reg query "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing" /v EnableLog

Please post the output in your next post. It should be set to 0x1.
 

My Computer

System One

  • OS
    Windows 11
Brink

Brink

Administrator
Staff member
MVP
Local time
2:49 AM
Posts
5,730
OS
Windows 11 Pro for Workstations
Bree said:
@Brink's tutorial says it is sufficient to search for [SR] and who am I to argue with him. This finds all cases where a corrupt file has been replaced from the component store, and those where it cannot be replaced because the store copy is also corrupt, then a DISM /RestoreHealth is required before running SFC again.
Click to expand...

x BlueRobot said:
Why? It's questionable advice.

There are many errors within the CBS log which are pretty useless unless you look at the surrounding context. Some problems may not even be logged as errors. DISM is fairly okay at repairing file corruption but more often than not it will fail as well; it isn't very good at repairing nuanced problems which are typically due to registry corruption.
Click to expand...

Since there are many things logged into the CBS.LOG, filtering it with "[SR]" will let you only see anything logged by SFC.

You shouldn't miss any SFC details, but it's fine to look at the whole log if wanted. It's just more work to sift through it.
 

My Computers

System One System Two

  • OS
    Windows 11 Pro for Workstations
    Computer type
    PC/Desktop
    Manufacturer/Model
    Custom self build
    CPU
    Intel i7-8700K 5 GHz
    Motherboard
    ASUS ROG Maximus XI Formula Z390
    Memory
    16 GB (8GBx2) G.SKILL TridentZ DDR4 3200 MHz
    Graphics Card(s)
    ASUS ROG-STRIX-GTX1080TI-O11G-GAMING
    Sound Card
    Integrated Digital Audio (S/PDIF)
    Monitor(s) Displays
    2 x Samsung Odyssey G75 27"
    Screen Resolution
    2560x1440
    Hard Drives
    1TB Samsung 980 PRO M.2,
    1TB Samsung 970 EVO Plus M.2,
    6TB WD Black WD6001FZWX
    8TB WD MyCloudEX2Ultra NAS
    PSU
    Seasonic Prime Titanium 850W
    Case
    Thermaltake Core P3 wall mounted
    Cooling
    Corsair Hydro H115i
    Keyboard
    Logitech wireless K800
    Mouse
    Logitech MX Master 3
    Internet Speed
    1 Gbps Download and 35 Mbps Upload
    Browser
    Google Chrome
    Antivirus
    Microsoft Defender and Malwarebytes Premium
    Other Info
    Logitech Z625 speaker system,
    Logitech BRIO 4K Pro webcam,
    HP Color LaserJet Pro MFP M477fdn,
    Linksys EA9500 router,
    Motorola MB8611 cable modem,
    APC SMART-UPS RT 1000 XL - SURT1000XLI,
    Galaxy S20 Ultra 5G phone
  • Operating System
    Windows 11 Pro for Workstations
    Computer type
    Laptop
    Manufacturer/Model
    HP Spectre x360 2in1
    CPU
    i7-1065G7 3.9 GHz
    Memory
    16 GB LPDDR4-3200
    Graphics card(s)
    Intel Iris Plus
    Sound Card
    Intel SST
    Monitor(s) Displays
    13.3" 4K UWVA AMOLED multitouch
    Screen Resolution
    3840 x 2160
    Hard Drives
    512 GB PCIe NVMe M.2 SSD
    Browser
    Google Chrome
    Antivirus
    Windows Defender and Malwarebytes Premium
ICIT2LOL

ICIT2LOL

Well-known member
Member
VIP
Thread Starter
Local time
6:49 PM
Posts
1,359
Location
Central West NSW Australia
OS
Windows 11 Pro Build 21H2
Ok I tried Fablers suggestion and got the logs I think I was looking at the C: drive in This PC and not the command prompt. Having said that there was a lot of stuff there I don't understand anyway but thanks for all the replies folks at least I know how to do it now.
 

My Computer

System One

  • OS
    Windows 11 Pro Build 21H2
    Computer type
    Laptop
    Manufacturer/Model
    Asus
    CPU
    i7 -10510U
    Motherboard
    Asus
    Memory
    Samsung 16GB DDR4 2666 MHz
    Graphics Card(s)
    On board Intel
    Sound Card
    N/a
    Monitor(s) Displays
    Genaric
    Hard Drives
    Samsung 970 Pro NMe
    PSU
    N/A
    Case
    N/A
    Cooling
    Asus in built
    Keyboard
    Generic
    Mouse
    Logitec Wireless
    Internet Speed
    50MB max
    Browser
    Edge
You must log in or register to reply here.

Similar threads

Solved Clean up!
2 3
Replies
41
Views
632
Alexey2912
A
Solved Can't Re-create Disk Cleanup shortcut link in Windows Tools.
Replies
9
Views
416
PlateauRealm
PlateauRealm
DISM 0x800f081f Error
Replies
3
Views
529
FreeBooter
FreeBooter
Please help me confirm and report this Windows 11 bug
Replies
9
Views
303
LesFerch
LesFerch
Solved New PC. Microsoft Account user w/ two-step verify. Device not Trusted. Repeat verify
Replies
14
Views
396
chockfullof546
C

Latest Tutorials

Top Bottom