Reading Windows logs


ICIT2LOL

Well-known member
Member
VIP
Local time
5:42 PM
Posts
2,173
Location
Central West NSW Australia
OS
Windows 11 Pro 23H2 (OS Build 22631.4169) Desktop (OS Build 22621.4317)
I ran sfc /scannow and got the result in the pic yet I cannot find the reported logs any ideas please?LOGS.png
I searched the command line in C: drive but it tells me it cannot find them.
 

My Computer

System One

  • OS
    Windows 11 Pro 23H2 (OS Build 22631.4169) Desktop (OS Build 22621.4317)
    Computer type
    Laptop
    Manufacturer/Model
    Asus Vivo notebook X712FA or Desktop Ivy Bridge build
    CPU
    i7 -10510U / Intel i5 3750K
    Motherboard
    Asus generic & Asus P8Z77-V
    Memory
    Samsung 16GB DDR4 2666 MHz & G-Skill 16GB DDR3 2134MHz
    Graphics Card(s)
    On board Intel CPU graphics & Nvidia GeForce GTX 1050Ti
    Sound Card
    Laptop onboard & Xonar DSX Card
    Monitor(s) Displays
    Generic & Samsung 27" SAM0C4C
    Hard Drives
    Samsung 970 Pro NMe & Samsung 870 EVO 500GB
    PSU
    N/A
    Case
    N/A
    Cooling
    Asus in built
    Keyboard
    Generic
    Mouse
    Logitec Wireless
    Internet Speed
    50Mbs max allowance - occasionally up to 75Mbs
    Browser
    Brave
    Antivirus
    ESET Ultimate Security on both
    Other Info
    Desktop running Windows11 Pro with unsupported hardware fix
That's odd. I just copy C:\Windows\Logs\CBS\CBS.log and then paste.

2022-08-21 05_59_39-CBS.log - Notepad.png
 

My Computers

System One System Two

  • OS
    Win 11 Home & 🐥.
    Computer type
    Laptop
    Manufacturer/Model
    ACER Nitro AN16-41
    CPU
    AMD Ryzen™ 7 7735HS Processor 3.2Ghz
    Motherboard
    RB Sierra_PEH (FP7)
    Memory
    32 GB DDR5 4800MHz
    Graphics Card(s)
    NVIDIA GeForce RTX 4060 8GB GDDR6
    Monitor(s) Displays
    16" QHD+ 165Hz 16:10 IPS Technology
    Screen Resolution
    1920 X 1200
    Hard Drives
    Samsung 990 PRO 2TB
    PSU
    330 Watts
    Mouse
    Lenovo Bluetooth.
    Internet Speed
    500 Mbps
    Browser
    Edge
    Antivirus
    Defender
  • Operating System
    Windows 11
    Computer type
    Laptop
    Manufacturer/Model
    ACER NITRO
    CPU
    AMD Ryzen 7 5800H / 3.2 GHz
    Motherboard
    CZ Scala_CAS (FP6)
    Memory
    32 GB DDR4 SDRAM 3200 MHz
    Graphics card(s)
    NVIDIA GeForce RTX 3060 6 GB GDDR6 SDRAM
    Sound Card
    Realtek Audio. NVIDIA High Definition Audio
    Monitor(s) Displays
    15.6" LED backlight 1920 x 1080 (Full HD) 144 Hz
    Screen Resolution
    1920 x 1080 (Full HD)
    Hard Drives
    Samsung 970 Evo Plus 2TB NVMe M.2
    PSU
    180 Watt, 19.5 V
    Mouse
    Lenovo Bluetooth
    Internet Speed
    500 Mbps
    Browser
    Edge
    Antivirus
    Defender
I ran sfc /scannow and got the result in the pic yet I cannot find the reported logs any ideas please?View attachment 36985
I searched the command line in C: drive but it tells me it cannot find them.
There is a lot more recorded in CBS.log besides the SFC results. To see just those files SFC did (or could not) replace use Option Three here:


There is just one other type of SFC 'successful repair' result that won't appear in the above. That is when SFC just repairs permissions or ownership that were set twice. This is a trivial error that does no harm if left uncorrected. Here is an example:

Code:
2022-08-21 10:50:23, Info                  CSI    00000096 [SR] Beginning Verify and Repair transaction
2022-08-21 10:50:24, Info                  CSI    00000097 Warning: Overlap: Directory \??\C:\Windows\System32\drivers\en-US\ is owned twice or has its security set twice
   Original owner: Microsoft-Windows-Foundation-Default-Security.Resources, version 10.0.19041.1, arch amd64, culture [l:5]'en-US', nonSxS, pkt {l:8 b:31bf3856ad364e35}
   New owner: Microsoft-Windows-Foundation-Default-Security.Resources, version 10.0.19041.1, arch amd64, culture [l:5]'en-US', nonSxS, pkt {l:8 b:31bf3856ad364e35}
2022-08-21 10:50:24, Info                  CSI    00000098 Warning: Overlap: Directory \??\C:\Windows\System32\wbem\en-US\ is owned twice or has its security set twice
   Original owner: Microsoft-Windows-Foundation-Default-Security.Resources, version 10.0.19041.1, arch amd64, culture [l:5]'en-US', nonSxS, pkt {l:8 b:31bf3856ad364e35}
   New owner: Microsoft-Windows-Foundation-Default-Security.Resources, version 10.0.19041.1, arch amd64, culture [l:5]'en-US', nonSxS, pkt {l:8 b:31bf3856ad364e35}
2022-08-21 10:50:24, Info                  CSI    00000099 Warning: Overlap: Directory \??\C:\Windows\help\mui\0409\ is owned twice or has its security set twice
   Original owner: Microsoft-Windows-Foundation-Default-Security.Resources, version 10.0.19041.1, arch amd64, culture [l:5]'en-US', nonSxS, pkt {l:8 b:31bf3856ad364e35}
   New owner: Microsoft-Windows-Foundation-Default-Security.Resources, version 10.0.19041.1, arch amd64, culture [l:5]'en-US', nonSxS, pkt {l:8 b:31bf3856ad364e35}
2022-08-21 10:50:25, Info                  CSI    0000009a [SR] Verify complete

To find those, search CBS.log for the word 'twice'.
 

My Computers

System One System Two

  • OS
    Windows 11 Home
    Computer type
    Laptop
    Manufacturer/Model
    Acer Aspire 3 A315-23
    CPU
    AMD Athlon Silver 3050U
    Memory
    8GB
    Graphics Card(s)
    Radeon Graphics
    Monitor(s) Displays
    laptop screen
    Screen Resolution
    1366x768 native resolution, up to 2560x1440 with Radeon Virtual Super Resolution
    Hard Drives
    1TB Samsung EVO 870 SSD
    Internet Speed
    50 Mbps
    Browser
    Edge, Firefox
    Antivirus
    Defender
    Other Info
    fully 'Windows 11 ready' laptop. Windows 10 C: partition migrated from my old unsupported 'main machine' then upgraded to 11. A test migration ran Insider builds for 2 months. When 11 was released on 5th October 2021 it was re-imaged back to 10 and was offered the upgrade in Windows Update on 20th October. Windows Update offered the 22H2 Feature Update on 20th September 2022. It got the 23H2 Feature Update on 4th November 2023 through Windows Update, and 24H2 on 3rd October through Windows Update by setting the Target Release Version for 24H2.

    My SYSTEM THREE is a Dell Latitude 5410, i7-10610U, 32GB RAM, 512GB NVMe ssd, supported device running Windows 11 Pro (and all my Hyper-V VMs).

    My SYSTEM FOUR is a 2-in-1 convertible Lenovo Yoga 11e 20DA, Celeron N2930, 8GB RAM, 256GB ssd. Unsupported device: currently running Win10 Pro, plus Win11 Pro RTM and Insider Dev, Beta, and RP 24H2 as native boot vhdx.

    My SYSTEM FIVE is a Dell Latitude 3190 2-in-1, Pentium Silver N5030, 8GB RAM, 512GB NVMe ssd, supported device running Windows 11 Pro, plus the Insider Beta, Dev, Canary, and Release Preview builds as a native boot .vhdx.
  • Operating System
    Windows 11 Pro
    Computer type
    Laptop
    Manufacturer/Model
    Dell Lattitude E4310
    CPU
    Intel® Core™ i5-520M
    Motherboard
    0T6M8G
    Memory
    8GB
    Graphics card(s)
    (integrated graphics) Intel HD Graphics
    Screen Resolution
    1366x768
    Hard Drives
    500GB Crucial MX500 SSD
    Browser
    Firefox, Edge
    Antivirus
    Defender
    Other Info
    unsupported machine: Legacy bios, MBR, TPM 1.2, upgraded from W10 to W11 using W10/W11 hybrid install media workaround. In-place upgrade to 22H2 using ISO and a workaround. Feature Update to 23H2 by manually installing the Enablement Package. In-place upgrade to 24H2 using hybrid 23H2/24H2 install media. Also running Insider Beta, Dev, and Canary builds as a native boot .vhdx.

    My SYSTEM THREE is a Dell Latitude 5410, i7-10610U, 32GB RAM, 512GB NVMe ssd, supported device running Windows 11 Pro (and all my Hyper-V VMs).

    My SYSTEM FOUR is a 2-in-1 convertible Lenovo Yoga 11e 20DA, Celeron N2930, 8GB RAM, 256GB ssd. Unsupported device: currently running Win10 Pro, plus Win11 Pro RTM and Insider Dev, Beta, and RP 24H2 as native boot vhdx.

    My SYSTEM FIVE is a Dell Latitude 3190 2-in-1, Pentium Silver N5030, 8GB RAM, 512GB NVMe ssd, supported device running Windows 11 Pro, plus the Insider Beta, Dev, Canary, and Release Preview builds as a native boot .vhdx.
To see just those files SFC did (or could not) replace use Option Three here:
I would not generally filter the CBS log just to the [SR] entries since you're going to remove some important context to the errors it managed to find and repair.
 

My Computer

System One

  • OS
    Windows 11, Windows 10, Linux Fedora Cinnamon
I would not generally filter the CBS log just to the [SR] entries since you're going to remove some important context to the errors it managed to find and repair.
@Brink's tutorial says it is sufficient to search for [SR] and who am I to argue with him. This finds all cases where a corrupt file has been replaced from the component store, and those where it cannot be replaced because the store copy is also corrupt, then a DISM /RestoreHealth is required before running SFC again.
 

My Computers

System One System Two

  • OS
    Windows 11 Home
    Computer type
    Laptop
    Manufacturer/Model
    Acer Aspire 3 A315-23
    CPU
    AMD Athlon Silver 3050U
    Memory
    8GB
    Graphics Card(s)
    Radeon Graphics
    Monitor(s) Displays
    laptop screen
    Screen Resolution
    1366x768 native resolution, up to 2560x1440 with Radeon Virtual Super Resolution
    Hard Drives
    1TB Samsung EVO 870 SSD
    Internet Speed
    50 Mbps
    Browser
    Edge, Firefox
    Antivirus
    Defender
    Other Info
    fully 'Windows 11 ready' laptop. Windows 10 C: partition migrated from my old unsupported 'main machine' then upgraded to 11. A test migration ran Insider builds for 2 months. When 11 was released on 5th October 2021 it was re-imaged back to 10 and was offered the upgrade in Windows Update on 20th October. Windows Update offered the 22H2 Feature Update on 20th September 2022. It got the 23H2 Feature Update on 4th November 2023 through Windows Update, and 24H2 on 3rd October through Windows Update by setting the Target Release Version for 24H2.

    My SYSTEM THREE is a Dell Latitude 5410, i7-10610U, 32GB RAM, 512GB NVMe ssd, supported device running Windows 11 Pro (and all my Hyper-V VMs).

    My SYSTEM FOUR is a 2-in-1 convertible Lenovo Yoga 11e 20DA, Celeron N2930, 8GB RAM, 256GB ssd. Unsupported device: currently running Win10 Pro, plus Win11 Pro RTM and Insider Dev, Beta, and RP 24H2 as native boot vhdx.

    My SYSTEM FIVE is a Dell Latitude 3190 2-in-1, Pentium Silver N5030, 8GB RAM, 512GB NVMe ssd, supported device running Windows 11 Pro, plus the Insider Beta, Dev, Canary, and Release Preview builds as a native boot .vhdx.
  • Operating System
    Windows 11 Pro
    Computer type
    Laptop
    Manufacturer/Model
    Dell Lattitude E4310
    CPU
    Intel® Core™ i5-520M
    Motherboard
    0T6M8G
    Memory
    8GB
    Graphics card(s)
    (integrated graphics) Intel HD Graphics
    Screen Resolution
    1366x768
    Hard Drives
    500GB Crucial MX500 SSD
    Browser
    Firefox, Edge
    Antivirus
    Defender
    Other Info
    unsupported machine: Legacy bios, MBR, TPM 1.2, upgraded from W10 to W11 using W10/W11 hybrid install media workaround. In-place upgrade to 22H2 using ISO and a workaround. Feature Update to 23H2 by manually installing the Enablement Package. In-place upgrade to 24H2 using hybrid 23H2/24H2 install media. Also running Insider Beta, Dev, and Canary builds as a native boot .vhdx.

    My SYSTEM THREE is a Dell Latitude 5410, i7-10610U, 32GB RAM, 512GB NVMe ssd, supported device running Windows 11 Pro (and all my Hyper-V VMs).

    My SYSTEM FOUR is a 2-in-1 convertible Lenovo Yoga 11e 20DA, Celeron N2930, 8GB RAM, 256GB ssd. Unsupported device: currently running Win10 Pro, plus Win11 Pro RTM and Insider Dev, Beta, and RP 24H2 as native boot vhdx.

    My SYSTEM FIVE is a Dell Latitude 3190 2-in-1, Pentium Silver N5030, 8GB RAM, 512GB NVMe ssd, supported device running Windows 11 Pro, plus the Insider Beta, Dev, Canary, and Release Preview builds as a native boot .vhdx.
@Brink's tutorial says it is sufficient to search for [SR] and who am I to argue with him.
Why? It's questionable advice.

There are many errors within the CBS log which are pretty useless unless you look at the surrounding context. Some problems may not even be logged as errors. DISM is fairly okay at repairing file corruption but more often than not it will fail as well; it isn't very good at repairing nuanced problems which are typically due to registry corruption.

@ICIT2LOL I would open a command prompt and then the following command:

Rich (BB code):
reg query "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing" /v EnableLog

Please post the output in your next post. It should be set to 0x1.
 

My Computer

System One

  • OS
    Windows 11, Windows 10, Linux Fedora Cinnamon
@Brink's tutorial says it is sufficient to search for [SR] and who am I to argue with him. This finds all cases where a corrupt file has been replaced from the component store, and those where it cannot be replaced because the store copy is also corrupt, then a DISM /RestoreHealth is required before running SFC again.

Why? It's questionable advice.

There are many errors within the CBS log which are pretty useless unless you look at the surrounding context. Some problems may not even be logged as errors. DISM is fairly okay at repairing file corruption but more often than not it will fail as well; it isn't very good at repairing nuanced problems which are typically due to registry corruption.

Since there are many things logged into the CBS.LOG, filtering it with "[SR]" will let you only see anything logged by SFC.

You shouldn't miss any SFC details, but it's fine to look at the whole log if wanted. It's just more work to sift through it.
 

My Computers

System One System Two

  • OS
    Windows 11 Pro for Workstations
    Computer type
    PC/Desktop
    Manufacturer/Model
    Custom self build
    CPU
    Intel i7-8700K 5 GHz
    Motherboard
    ASUS ROG Maximus XI Formula Z390
    Memory
    64 GB (4x16GB) G.SKILL TridentZ RGB DDR4 3600 MHz (F4-3600C18D-32GTZR)
    Graphics Card(s)
    ASUS ROG-STRIX-GTX1080TI-O11G-GAMING (11GB GDDR5X)
    Sound Card
    Integrated Digital Audio (S/PDIF)
    Monitor(s) Displays
    2 x Samsung Odyssey G75 27"
    Screen Resolution
    2560x1440
    Hard Drives
    1TB Samsung 990 PRO M.2,
    4TB Samsung 990 PRO M.2,
    8TB WD MyCloudEX2Ultra NAS
    PSU
    Seasonic Prime Titanium 850W
    Case
    Thermaltake Core P3 wall mounted
    Cooling
    Corsair Hydro H115i
    Keyboard
    Logitech wireless K800
    Mouse
    Logitech MX Master 3
    Internet Speed
    1 Gbps Download and 35 Mbps Upload
    Browser
    Google Chrome
    Antivirus
    Microsoft Defender and Malwarebytes Premium
    Other Info
    Logitech Z625 speaker system,
    Logitech BRIO 4K Pro webcam,
    HP Color LaserJet Pro MFP M477fdn,
    APC SMART-UPS RT 1000 XL - SURT1000XLI,
    Galaxy S23 Plus phone
  • Operating System
    Windows 11 Pro
    Computer type
    Laptop
    Manufacturer/Model
    Surface Laptop 7 Copilot+ PC
    CPU
    Snapdragon X Elite (12 core) 3.42 GHz
    Memory
    16 GB LPDDR5x-7467 MHz
    Monitor(s) Displays
    15" HDR
    Screen Resolution
    2496 x 1664
    Hard Drives
    1 TB SSD
    Internet Speed
    Wi-Fi 7 and Bluetooth 5.4
    Browser
    Chrome and Edge
    Antivirus
    Windows Defender
Ok I tried Fablers suggestion and got the logs I think I was looking at the C: drive in This PC and not the command prompt. Having said that there was a lot of stuff there I don't understand anyway but thanks for all the replies folks at least I know how to do it now.
 

My Computer

System One

  • OS
    Windows 11 Pro 23H2 (OS Build 22631.4169) Desktop (OS Build 22621.4317)
    Computer type
    Laptop
    Manufacturer/Model
    Asus Vivo notebook X712FA or Desktop Ivy Bridge build
    CPU
    i7 -10510U / Intel i5 3750K
    Motherboard
    Asus generic & Asus P8Z77-V
    Memory
    Samsung 16GB DDR4 2666 MHz & G-Skill 16GB DDR3 2134MHz
    Graphics Card(s)
    On board Intel CPU graphics & Nvidia GeForce GTX 1050Ti
    Sound Card
    Laptop onboard & Xonar DSX Card
    Monitor(s) Displays
    Generic & Samsung 27" SAM0C4C
    Hard Drives
    Samsung 970 Pro NMe & Samsung 870 EVO 500GB
    PSU
    N/A
    Case
    N/A
    Cooling
    Asus in built
    Keyboard
    Generic
    Mouse
    Logitec Wireless
    Internet Speed
    50Mbs max allowance - occasionally up to 75Mbs
    Browser
    Brave
    Antivirus
    ESET Ultimate Security on both
    Other Info
    Desktop running Windows11 Pro with unsupported hardware fix
Back
Top Bottom