Reading Windows logs


ICIT2LOL

Well-known member
Member
VIP
Local time
10:24 PM
Posts
2,112
Location
Central West NSW Australia
OS
Windows 11 Pro 22H2 (OS Build 22621.2361)
I ran sfc /scannow and got the result in the pic yet I cannot find the reported logs any ideas please?LOGS.png
I searched the command line in C: drive but it tells me it cannot find them.
 

My Computer

System One

  • OS
    Windows 11 Pro 22H2 (OS Build 22621.2361)
    Computer type
    Laptop
    Manufacturer/Model
    Asus Vivo notebook X712P
    CPU
    i7 -10510U
    Motherboard
    Asus
    Memory
    Samsung 16GB DDR4 2666 MHz
    Graphics Card(s)
    On board Intel CPU graphics
    Sound Card
    N/a
    Monitor(s) Displays
    Generic
    Hard Drives
    Samsung 970 Pro NMe
    PSU
    N/A
    Case
    N/A
    Cooling
    Asus in built
    Keyboard
    Generic
    Mouse
    Logitec Wireless
    Internet Speed
    50MB max
    Browser
    Brave
    Antivirus
    ESET Smart Security
That's odd. I just copy C:\Windows\Logs\CBS\CBS.log and then paste.

2022-08-21 05_59_39-CBS.log - Notepad.png
 

My Computers

System One System Two

  • OS
    Win 11 Pro & 🐥.
    Computer type
    Laptop
    Manufacturer/Model
    ASUS VivoBook
    CPU
    AMD Ryzen 7 3700U with Radeon Vega Mobile Gfx
    Motherboard
    ASUSTeK COMPUTER INC. X509DA (FP5)
    Memory
    12GB
    Graphics Card(s)
    RX Vega 10 Graphics
    Monitor(s) Displays
    Generic PnP Monitor (1920x1080@60Hz)
    Screen Resolution
    1920x1080@60Hz
    Hard Drives
    Samsung 980 1 TB PCIe 3.0 NVMe M.2
    Internet Speed
    25 Mbps
    Browser
    Edge
    Antivirus
    Defender
  • Operating System
    Windows 11
    Computer type
    Laptop
    Manufacturer/Model
    ACER NITRO
    CPU
    AMD Ryzen 7 5800H / 3.2 GHz
    Motherboard
    CZ Scala_CAS (FP6)
    Memory
    16 GB (2 x 8 GB) DDR4 SDRAM 3200 MHz
    Graphics card(s)
    NVIDIA GeForce RTX 3060 6 GB GDDR6 SDRAM
    Sound Card
    Realtek Audio. NVIDIA High Definition Audio
    Monitor(s) Displays
    15.6" LED backlight 1920 x 1080 (Full HD) 144 Hz
    Screen Resolution
    1920 x 1080 (Full HD)
    Hard Drives
    Samsung 970 Evo Plus 2TB NVMe M.2
    PSU
    180 Watt, 19.5 V
    Mouse
    Lenovo Bluetooth
    Internet Speed
    25 Mbps
    Browser
    Edge
    Antivirus
    Defender
I ran sfc /scannow and got the result in the pic yet I cannot find the reported logs any ideas please?View attachment 36985
I searched the command line in C: drive but it tells me it cannot find them.
There is a lot more recorded in CBS.log besides the SFC results. To see just those files SFC did (or could not) replace use Option Three here:


There is just one other type of SFC 'successful repair' result that won't appear in the above. That is when SFC just repairs permissions or ownership that were set twice. This is a trivial error that does no harm if left uncorrected. Here is an example:

Code:
2022-08-21 10:50:23, Info                  CSI    00000096 [SR] Beginning Verify and Repair transaction
2022-08-21 10:50:24, Info                  CSI    00000097 Warning: Overlap: Directory \??\C:\Windows\System32\drivers\en-US\ is owned twice or has its security set twice
   Original owner: Microsoft-Windows-Foundation-Default-Security.Resources, version 10.0.19041.1, arch amd64, culture [l:5]'en-US', nonSxS, pkt {l:8 b:31bf3856ad364e35}
   New owner: Microsoft-Windows-Foundation-Default-Security.Resources, version 10.0.19041.1, arch amd64, culture [l:5]'en-US', nonSxS, pkt {l:8 b:31bf3856ad364e35}
2022-08-21 10:50:24, Info                  CSI    00000098 Warning: Overlap: Directory \??\C:\Windows\System32\wbem\en-US\ is owned twice or has its security set twice
   Original owner: Microsoft-Windows-Foundation-Default-Security.Resources, version 10.0.19041.1, arch amd64, culture [l:5]'en-US', nonSxS, pkt {l:8 b:31bf3856ad364e35}
   New owner: Microsoft-Windows-Foundation-Default-Security.Resources, version 10.0.19041.1, arch amd64, culture [l:5]'en-US', nonSxS, pkt {l:8 b:31bf3856ad364e35}
2022-08-21 10:50:24, Info                  CSI    00000099 Warning: Overlap: Directory \??\C:\Windows\help\mui\0409\ is owned twice or has its security set twice
   Original owner: Microsoft-Windows-Foundation-Default-Security.Resources, version 10.0.19041.1, arch amd64, culture [l:5]'en-US', nonSxS, pkt {l:8 b:31bf3856ad364e35}
   New owner: Microsoft-Windows-Foundation-Default-Security.Resources, version 10.0.19041.1, arch amd64, culture [l:5]'en-US', nonSxS, pkt {l:8 b:31bf3856ad364e35}
2022-08-21 10:50:25, Info                  CSI    0000009a [SR] Verify complete

To find those, search CBS.log for the word 'twice'.
 

My Computers

System One System Two

  • OS
    Windows 11 Home
    Computer type
    Laptop
    Manufacturer/Model
    Acer Aspire 3 A315-23
    CPU
    AMD Athlon Silver 3050U
    Memory
    8GB
    Graphics Card(s)
    Radeon Graphics
    Monitor(s) Displays
    laptop screen
    Screen Resolution
    1366x768 native resolution, up to 2560x1440 with Radeon Virtual Super Resolution
    Hard Drives
    1TB Samsung EVO 870 SSD
    Internet Speed
    50 Mbps
    Browser
    Edge, Firefox
    Antivirus
    Defender
    Other Info
    fully 'Windows 11 ready' laptop. Windows 10 C: partition migrated from my old unsupported 'main machine' then upgraded to 11. A test migration ran Insider builds for 2 months. When 11 was released on 5th October it was re-imaged back to 10 and was offered the upgrade in Windows Update on 20th October. Windows Update offered the 22H2 Feature Update on 20th September 2022. It got the 23H2 Feature Update on 4th November 2023 through Windows Update.

    My SYSTEM THREE is a Dell Latitude 5410, i7-10610U, 32GB RAM, 512GB ssd, supported device running Windows 11 Pro (and all my Hyper-V VMs).

    My SYSTEM FOUR is a 2-in-1 convertible Lenovo Yoga 11e 20DA, Celeron N2930, 4GB RAM, 256GB ssd. Unsupported device: currently running Win10 Pro, plus Win11 Pro RTM and Insider Beta, Dev and Canary, all as native boot vhdx.

    My SYSTEM FIVE is a Dell Latitude 3190 2-in-1, Pentium Silver N5030, 4GB RAM, 128GB NVMe ssd, supported device running Windows 11 Pro, and the Insider Canary build as a native boot .vhdx.
  • Operating System
    Windows 11 Pro
    Computer type
    Laptop
    Manufacturer/Model
    Dell Lattitude E4310
    CPU
    i5 M 520
    Motherboard
    0T6M8G
    Memory
    8GB
    Graphics card(s)
    (integrated graphics) Intel HD Graphics
    Screen Resolution
    1366x768
    Hard Drives
    500GB Crucial MX500 SSD
    Browser
    Firefox, Edge
    Antivirus
    Defender
    Other Info
    unsupported machine: Legacy bios, MBR, TPM 1.2, upgraded from W10 to W11 using W10/W11 hybrid install media workaround. In-place upgrade to 22H2 using ISO and a workaround. Feature Update to 23H2 by manually installing the Enablement Package.

    My SYSTEM THREE is a Dell Latitude 5410, i7-10610U, 32GB RAM, 512GB ssd, supported device running Windows 11 Pro (and all my Hyper-V VMs).

    My SYSTEM FOUR is a 2-in-1 convertible Lenovo Yoga 11e 20DA, Celeron N2930, 4GB RAM, 256GB ssd. Unsupported device: currently running Win10 Pro, plus Win11 Pro RTM and Win11 Pro Insider Beta, Dev and Canary, all as native boot vhdx.


    My SYSTEM FIVE is a Dell Latitude 3190 2-in-1, Pentium Silver N5030, 4GB RAM, 128GB NVMe ssd, supported device running Windows 11 Pro.
To see just those files SFC did (or could not) replace use Option Three here:
I would not generally filter the CBS log just to the [SR] entries since you're going to remove some important context to the errors it managed to find and repair.
 

My Computer

System One

  • OS
    Windows 11, Windows 10, Linux Mint XFCE, Linux Fedora Cinnamon
I would not generally filter the CBS log just to the [SR] entries since you're going to remove some important context to the errors it managed to find and repair.
@Brink's tutorial says it is sufficient to search for [SR] and who am I to argue with him. This finds all cases where a corrupt file has been replaced from the component store, and those where it cannot be replaced because the store copy is also corrupt, then a DISM /RestoreHealth is required before running SFC again.
 

My Computers

System One System Two

  • OS
    Windows 11 Home
    Computer type
    Laptop
    Manufacturer/Model
    Acer Aspire 3 A315-23
    CPU
    AMD Athlon Silver 3050U
    Memory
    8GB
    Graphics Card(s)
    Radeon Graphics
    Monitor(s) Displays
    laptop screen
    Screen Resolution
    1366x768 native resolution, up to 2560x1440 with Radeon Virtual Super Resolution
    Hard Drives
    1TB Samsung EVO 870 SSD
    Internet Speed
    50 Mbps
    Browser
    Edge, Firefox
    Antivirus
    Defender
    Other Info
    fully 'Windows 11 ready' laptop. Windows 10 C: partition migrated from my old unsupported 'main machine' then upgraded to 11. A test migration ran Insider builds for 2 months. When 11 was released on 5th October it was re-imaged back to 10 and was offered the upgrade in Windows Update on 20th October. Windows Update offered the 22H2 Feature Update on 20th September 2022. It got the 23H2 Feature Update on 4th November 2023 through Windows Update.

    My SYSTEM THREE is a Dell Latitude 5410, i7-10610U, 32GB RAM, 512GB ssd, supported device running Windows 11 Pro (and all my Hyper-V VMs).

    My SYSTEM FOUR is a 2-in-1 convertible Lenovo Yoga 11e 20DA, Celeron N2930, 4GB RAM, 256GB ssd. Unsupported device: currently running Win10 Pro, plus Win11 Pro RTM and Insider Beta, Dev and Canary, all as native boot vhdx.

    My SYSTEM FIVE is a Dell Latitude 3190 2-in-1, Pentium Silver N5030, 4GB RAM, 128GB NVMe ssd, supported device running Windows 11 Pro, and the Insider Canary build as a native boot .vhdx.
  • Operating System
    Windows 11 Pro
    Computer type
    Laptop
    Manufacturer/Model
    Dell Lattitude E4310
    CPU
    i5 M 520
    Motherboard
    0T6M8G
    Memory
    8GB
    Graphics card(s)
    (integrated graphics) Intel HD Graphics
    Screen Resolution
    1366x768
    Hard Drives
    500GB Crucial MX500 SSD
    Browser
    Firefox, Edge
    Antivirus
    Defender
    Other Info
    unsupported machine: Legacy bios, MBR, TPM 1.2, upgraded from W10 to W11 using W10/W11 hybrid install media workaround. In-place upgrade to 22H2 using ISO and a workaround. Feature Update to 23H2 by manually installing the Enablement Package.

    My SYSTEM THREE is a Dell Latitude 5410, i7-10610U, 32GB RAM, 512GB ssd, supported device running Windows 11 Pro (and all my Hyper-V VMs).

    My SYSTEM FOUR is a 2-in-1 convertible Lenovo Yoga 11e 20DA, Celeron N2930, 4GB RAM, 256GB ssd. Unsupported device: currently running Win10 Pro, plus Win11 Pro RTM and Win11 Pro Insider Beta, Dev and Canary, all as native boot vhdx.


    My SYSTEM FIVE is a Dell Latitude 3190 2-in-1, Pentium Silver N5030, 4GB RAM, 128GB NVMe ssd, supported device running Windows 11 Pro.
@Brink's tutorial says it is sufficient to search for [SR] and who am I to argue with him.
Why? It's questionable advice.

There are many errors within the CBS log which are pretty useless unless you look at the surrounding context. Some problems may not even be logged as errors. DISM is fairly okay at repairing file corruption but more often than not it will fail as well; it isn't very good at repairing nuanced problems which are typically due to registry corruption.

@ICIT2LOL I would open a command prompt and then the following command:

Rich (BB code):
reg query "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing" /v EnableLog

Please post the output in your next post. It should be set to 0x1.
 

My Computer

System One

  • OS
    Windows 11, Windows 10, Linux Mint XFCE, Linux Fedora Cinnamon
@Brink's tutorial says it is sufficient to search for [SR] and who am I to argue with him. This finds all cases where a corrupt file has been replaced from the component store, and those where it cannot be replaced because the store copy is also corrupt, then a DISM /RestoreHealth is required before running SFC again.

Why? It's questionable advice.

There are many errors within the CBS log which are pretty useless unless you look at the surrounding context. Some problems may not even be logged as errors. DISM is fairly okay at repairing file corruption but more often than not it will fail as well; it isn't very good at repairing nuanced problems which are typically due to registry corruption.

Since there are many things logged into the CBS.LOG, filtering it with "[SR]" will let you only see anything logged by SFC.

You shouldn't miss any SFC details, but it's fine to look at the whole log if wanted. It's just more work to sift through it.
 

My Computers

System One System Two

  • OS
    Windows 11 Pro for Workstations
    Computer type
    PC/Desktop
    Manufacturer/Model
    Custom self build
    CPU
    Intel i7-8700K 5 GHz
    Motherboard
    ASUS ROG Maximus XI Formula Z390
    Memory
    64 GB (4x16GB) G.SKILL TridentZ RGB DDR4 3600 MHz (F4-3600C18D-32GTZR)
    Graphics Card(s)
    ASUS ROG-STRIX-GTX1080TI-O11G-GAMING (11GB GDDR5X)
    Sound Card
    Integrated Digital Audio (S/PDIF)
    Monitor(s) Displays
    2 x Samsung Odyssey G75 27"
    Screen Resolution
    2560x1440
    Hard Drives
    1TB Samsung 990 PRO M.2,
    4TB Samsung 990 PRO M.2,
    8TB WD MyCloudEX2Ultra NAS
    PSU
    Seasonic Prime Titanium 850W
    Case
    Thermaltake Core P3 wall mounted
    Cooling
    Corsair Hydro H115i
    Keyboard
    Logitech wireless K800
    Mouse
    Logitech MX Master 3
    Internet Speed
    1 Gbps Download and 35 Mbps Upload
    Browser
    Google Chrome
    Antivirus
    Microsoft Defender and Malwarebytes Premium
    Other Info
    Logitech Z625 speaker system,
    Logitech BRIO 4K Pro webcam,
    HP Color LaserJet Pro MFP M477fdn,
    APC SMART-UPS RT 1000 XL - SURT1000XLI,
    Galaxy S23 Plus phone
  • Operating System
    Windows 11 Pro
    Computer type
    Laptop
    Manufacturer/Model
    HP Spectre x360 2in1 14-eu0098nr (2024)
    CPU
    Intel Core Ultra 7 155H 4.8 GHz
    Memory
    16 GB LPDDR5x-7467 MHz
    Graphics card(s)
    Integrated Intel Arc
    Sound Card
    Poly Studio
    Monitor(s) Displays
    14" 2.8K OLED multitouch
    Screen Resolution
    2880 x 1800
    Hard Drives
    2 TB PCIe NVMe M.2 SSD
    Internet Speed
    Intel Wi-Fi 7 BE200 (2x2) and Bluetooth 5.4
    Browser
    Chrome and Edge
    Antivirus
    Windows Defender and Malwarebytes Premium
Ok I tried Fablers suggestion and got the logs I think I was looking at the C: drive in This PC and not the command prompt. Having said that there was a lot of stuff there I don't understand anyway but thanks for all the replies folks at least I know how to do it now.
 

My Computer

System One

  • OS
    Windows 11 Pro 22H2 (OS Build 22621.2361)
    Computer type
    Laptop
    Manufacturer/Model
    Asus Vivo notebook X712P
    CPU
    i7 -10510U
    Motherboard
    Asus
    Memory
    Samsung 16GB DDR4 2666 MHz
    Graphics Card(s)
    On board Intel CPU graphics
    Sound Card
    N/a
    Monitor(s) Displays
    Generic
    Hard Drives
    Samsung 970 Pro NMe
    PSU
    N/A
    Case
    N/A
    Cooling
    Asus in built
    Keyboard
    Generic
    Mouse
    Logitec Wireless
    Internet Speed
    50MB max
    Browser
    Brave
    Antivirus
    ESET Smart Security

Latest Support Threads

Latest Tutorials

Back
Top Bottom