Reading Windows logs


ICIT2LOL

ICIT2LOL

Well-known member
Member
VIP
Local time
1:39 AM
Posts
2,181
Location
Central West NSW Australia
OS
Windows 11 Pro 23H2 (OS Build 22631.4169) Desktop (OS Build 22621.4317)
I ran sfc /scannow and got the result in the pic yet I cannot find the reported logs any ideas please?LOGS.png
I searched the command line in C: drive but it tells me it cannot find them.
 

My Computer

System One

  • OS
    Windows 11 Pro 23H2 (OS Build 22631.4169) Desktop (OS Build 22621.4317)
    Computer type
    Laptop
    Manufacturer/Model
    Asus Vivo notebook X712FA or Desktop Ivy Bridge build
    CPU
    i7 -10510U / Intel i5 3750K
    Motherboard
    Asus generic & Asus P8Z77-V
    Memory
    Samsung 16GB DDR4 2666 MHz & G-Skill 16GB DDR3 2134MHz
    Graphics Card(s)
    On board Intel CPU graphics & Nvidia GeForce GTX 1050Ti
    Sound Card
    Laptop onboard & Xonar DSX Card
    Monitor(s) Displays
    Generic & Samsung 27" SAM0C4C
    Hard Drives
    Samsung 970 Pro NMe & Samsung 870 EVO 500GB
    PSU
    N/A
    Case
    N/A
    Cooling
    Asus in built
    Keyboard
    Generic
    Mouse
    Logitec Wireless
    Internet Speed
    50Mbs max allowance - occasionally up to 75Mbs
    Browser
    Brave
    Antivirus
    ESET Ultimate Security on both
    Other Info
    Desktop running Windows11 Pro with unsupported hardware fix
That's odd. I just copy C:\Windows\Logs\CBS\CBS.log and then paste.

2022-08-21 05_59_39-CBS.log - Notepad.png
 

My Computers

System One System Two

  • OS
    Win 11 Home & Pro
    Computer type
    Laptop
    Manufacturer/Model
    ASUS Vivobook
    CPU
    AMD Ryzen™ 7 7730U
    Motherboard
    M1605YA
    Memory
    15.0GB Dual-Channel DDR4 @ 1596MHz (22-22-22-52)
    Graphics Card(s)
    512MB ATI AMD Radeon Graphics (ASUStek Computer Inc)
    Monitor(s) Displays
    Generic PnP Monitor (1920x1200@60Hz) - P1 PLUS (1920x1080@59Hz)
    Screen Resolution
    1920 X 1200
    Hard Drives
    953GB Western Digital WD
    PSU
    45 Watts
    Mouse
    Lenovo Bluetooth.
    Internet Speed
    500 Mbps
    Browser
    Edge
    Antivirus
    Defender
  • Operating System
    Windows 11
    Computer type
    Laptop
    Manufacturer/Model
    ACER NITRO
    CPU
    AMD Ryzen 7 5800H / 3.2 GHz
    Motherboard
    CZ Scala_CAS (FP6)
    Memory
    32 GB DDR4 SDRAM 3200 MHz
    Graphics card(s)
    NVIDIA GeForce RTX 3060 6 GB GDDR6 SDRAM
    Sound Card
    Realtek Audio. NVIDIA High Definition Audio
    Monitor(s) Displays
    15.6" LED backlight 1920 x 1080 (Full HD) 144 Hz
    Screen Resolution
    1920 x 1080 (Full HD)
    Hard Drives
    Samsung 970 Evo Plus 2TB NVMe M.2
    PSU
    180 Watt, 19.5 V
    Mouse
    Lenovo Bluetooth
    Internet Speed
    500 Mbps
    Browser
    Edge
    Antivirus
    Defender
ICIT2LOL said:
I ran sfc /scannow and got the result in the pic yet I cannot find the reported logs any ideas please?View attachment 36985
I searched the command line in C: drive but it tells me it cannot find them.
Click to expand...
There is a lot more recorded in CBS.log besides the SFC results. To see just those files SFC did (or could not) replace use Option Three here:

www.elevenforum.com

Use System File Checker (SFC) to Repair System Files in Windows 11

This tutorial will show you how to run the System File Checker (SFC) tool to repair missing, corrupted, and modified system files in Windows 10 and Windows 11. System File Checker (SFC) is a tool built into Windows that will check for system file corruption. The SFC /SCANNOW command scans and...
www.elevenforum.com www.elevenforum.com

There is just one other type of SFC 'successful repair' result that won't appear in the above. That is when SFC just repairs permissions or ownership that were set twice. This is a trivial error that does no harm if left uncorrected. Here is an example:

Code: 
2022-08-21 10:50:23, Info                  CSI    00000096 [SR] Beginning Verify and Repair transaction
2022-08-21 10:50:24, Info                  CSI    00000097 Warning: Overlap: Directory \??\C:\Windows\System32\drivers\en-US\ is owned twice or has its security set twice
   Original owner: Microsoft-Windows-Foundation-Default-Security.Resources, version 10.0.19041.1, arch amd64, culture [l:5]'en-US', nonSxS, pkt {l:8 b:31bf3856ad364e35}
   New owner: Microsoft-Windows-Foundation-Default-Security.Resources, version 10.0.19041.1, arch amd64, culture [l:5]'en-US', nonSxS, pkt {l:8 b:31bf3856ad364e35}
2022-08-21 10:50:24, Info                  CSI    00000098 Warning: Overlap: Directory \??\C:\Windows\System32\wbem\en-US\ is owned twice or has its security set twice
   Original owner: Microsoft-Windows-Foundation-Default-Security.Resources, version 10.0.19041.1, arch amd64, culture [l:5]'en-US', nonSxS, pkt {l:8 b:31bf3856ad364e35}
   New owner: Microsoft-Windows-Foundation-Default-Security.Resources, version 10.0.19041.1, arch amd64, culture [l:5]'en-US', nonSxS, pkt {l:8 b:31bf3856ad364e35}
2022-08-21 10:50:24, Info                  CSI    00000099 Warning: Overlap: Directory \??\C:\Windows\help\mui\0409\ is owned twice or has its security set twice
   Original owner: Microsoft-Windows-Foundation-Default-Security.Resources, version 10.0.19041.1, arch amd64, culture [l:5]'en-US', nonSxS, pkt {l:8 b:31bf3856ad364e35}
   New owner: Microsoft-Windows-Foundation-Default-Security.Resources, version 10.0.19041.1, arch amd64, culture [l:5]'en-US', nonSxS, pkt {l:8 b:31bf3856ad364e35}
2022-08-21 10:50:25, Info                  CSI    0000009a [SR] Verify complete

To find those, search CBS.log for the word 'twice'.
 

My Computers

System One System Two

  • OS
    Windows 11 Home
    Computer type
    Laptop
    Manufacturer/Model
    Acer Aspire 3 A315-23
    CPU
    AMD Athlon Silver 3050U
    Memory
    8GB
    Graphics Card(s)
    Radeon Graphics
    Monitor(s) Displays
    laptop screen
    Screen Resolution
    1366x768 native resolution, up to 2560x1440 with Radeon Virtual Super Resolution
    Hard Drives
    1TB Samsung EVO 870 SSD
    Internet Speed
    150 Mbps
    Browser
    Edge, Firefox
    Antivirus
    Defender
    Other Info
    fully 'Windows 11 ready' laptop. Windows 10 C: partition migrated from my old unsupported 'main machine' then upgraded to 11. A test migration ran Insider builds for 2 months. When 11 was released on 5th October 2021 it was re-imaged back to 10 and was offered the upgrade in Windows Update on 20th October. Windows Update offered the 22H2 Feature Update on 20th September 2022. It got the 23H2 Feature Update on 4th November 2023 through Windows Update, and 24H2 on 3rd October 2024 through Windows Update by setting the Target Release Version for 24H2.

    My SYSTEM THREE is a Dell Latitude 5410, i7-10610U, 32GB RAM, 512GB NVMe ssd, supported device running Windows 11 Pro.

    My SYSTEM FOUR is a 2-in-1 convertible Lenovo Yoga 11e 20DA, Celeron N2930, 8GB RAM, 256GB ssd. Unsupported device: currently running Win10 Pro, plus Win11 Pro RTM and Insider Dev, Beta, and RP 24H2 as native boot vhdx.

    My SYSTEM FIVE is a Dell Latitude 3190 2-in-1, Pentium Silver N5030, 8GB RAM, 512GB NVMe ssd, supported device running Windows 11 Pro, plus Insider Beta, Dev, and Canary builds (and a few others) as a native boot .vhdx.

    My SYSTEM SIX is a Dell Latitude 5550, Core Ultra 7 165H, 64GB RAM, 1TB NVMe SSD, supported device, Windows 11 Pro 24H2, Hyper-V host machine.
  • Operating System
    Windows 11 Pro
    Computer type
    Laptop
    Manufacturer/Model
    Dell Latitude E4310
    CPU
    Intel® Core™ i5-520M
    Motherboard
    0T6M8G
    Memory
    8GB
    Graphics card(s)
    (integrated graphics) Intel HD Graphics
    Screen Resolution
    1366x768
    Hard Drives
    500GB Crucial MX500 SSD
    Browser
    Firefox, Edge
    Antivirus
    Defender
    Other Info
    unsupported machine: Legacy bios, MBR, TPM 1.2, upgraded from W10 to W11 using W10/W11 hybrid install media workaround. In-place upgrade to 22H2 using ISO and a workaround. Feature Update to 23H2 by manually installing the Enablement Package. In-place upgrade to 24H2 using hybrid 23H2/24H2 install media. Also running Insider Beta, Dev, and Canary builds as a native boot .vhdx.

    My SYSTEM THREE is a Dell Latitude 5410, i7-10610U, 32GB RAM, 512GB NVMe ssd, supported device running Windows 11 Pro.

    My SYSTEM FOUR is a 2-in-1 convertible Lenovo Yoga 11e 20DA, Celeron N2930, 8GB RAM, 256GB ssd. Unsupported device: currently running Win10 Pro, plus Win11 Pro RTM and Insider Dev, Beta, and RP 24H2 as native boot vhdx.

    My SYSTEM FIVE is a Dell Latitude 3190 2-in-1, Pentium Silver N5030, 8GB RAM, 512GB NVMe ssd, supported device running Windows 11 Pro, plus Insider Beta, Dev, and Canary builds (and a few others) as a native boot .vhdx.

    My SYSTEM SIX is a Dell Latitude 5550, Core Ultra 7 165H, 64GB RAM, 1TB NVMe SSD, supported device, Windows 11 Pro 24H2, Hyper-V host machine.
Bree said:
To see just those files SFC did (or could not) replace use Option Three here:
Click to expand...
I would not generally filter the CBS log just to the [SR] entries since you're going to remove some important context to the errors it managed to find and repair.
 

My Computer

System One

  • OS
    Windows 11, Windows 10, Linux Fedora Cinnamon
x BlueRobot said:
I would not generally filter the CBS log just to the [SR] entries since you're going to remove some important context to the errors it managed to find and repair.
Click to expand...
@Brink's tutorial says it is sufficient to search for [SR] and who am I to argue with him. This finds all cases where a corrupt file has been replaced from the component store, and those where it cannot be replaced because the store copy is also corrupt, then a DISM /RestoreHealth is required before running SFC again.
 

My Computers

System One System Two

  • OS
    Windows 11 Home
    Computer type
    Laptop
    Manufacturer/Model
    Acer Aspire 3 A315-23
    CPU
    AMD Athlon Silver 3050U
    Memory
    8GB
    Graphics Card(s)
    Radeon Graphics
    Monitor(s) Displays
    laptop screen
    Screen Resolution
    1366x768 native resolution, up to 2560x1440 with Radeon Virtual Super Resolution
    Hard Drives
    1TB Samsung EVO 870 SSD
    Internet Speed
    150 Mbps
    Browser
    Edge, Firefox
    Antivirus
    Defender
    Other Info
    fully 'Windows 11 ready' laptop. Windows 10 C: partition migrated from my old unsupported 'main machine' then upgraded to 11. A test migration ran Insider builds for 2 months. When 11 was released on 5th October 2021 it was re-imaged back to 10 and was offered the upgrade in Windows Update on 20th October. Windows Update offered the 22H2 Feature Update on 20th September 2022. It got the 23H2 Feature Update on 4th November 2023 through Windows Update, and 24H2 on 3rd October 2024 through Windows Update by setting the Target Release Version for 24H2.

    My SYSTEM THREE is a Dell Latitude 5410, i7-10610U, 32GB RAM, 512GB NVMe ssd, supported device running Windows 11 Pro.

    My SYSTEM FOUR is a 2-in-1 convertible Lenovo Yoga 11e 20DA, Celeron N2930, 8GB RAM, 256GB ssd. Unsupported device: currently running Win10 Pro, plus Win11 Pro RTM and Insider Dev, Beta, and RP 24H2 as native boot vhdx.

    My SYSTEM FIVE is a Dell Latitude 3190 2-in-1, Pentium Silver N5030, 8GB RAM, 512GB NVMe ssd, supported device running Windows 11 Pro, plus Insider Beta, Dev, and Canary builds (and a few others) as a native boot .vhdx.

    My SYSTEM SIX is a Dell Latitude 5550, Core Ultra 7 165H, 64GB RAM, 1TB NVMe SSD, supported device, Windows 11 Pro 24H2, Hyper-V host machine.
  • Operating System
    Windows 11 Pro
    Computer type
    Laptop
    Manufacturer/Model
    Dell Latitude E4310
    CPU
    Intel® Core™ i5-520M
    Motherboard
    0T6M8G
    Memory
    8GB
    Graphics card(s)
    (integrated graphics) Intel HD Graphics
    Screen Resolution
    1366x768
    Hard Drives
    500GB Crucial MX500 SSD
    Browser
    Firefox, Edge
    Antivirus
    Defender
    Other Info
    unsupported machine: Legacy bios, MBR, TPM 1.2, upgraded from W10 to W11 using W10/W11 hybrid install media workaround. In-place upgrade to 22H2 using ISO and a workaround. Feature Update to 23H2 by manually installing the Enablement Package. In-place upgrade to 24H2 using hybrid 23H2/24H2 install media. Also running Insider Beta, Dev, and Canary builds as a native boot .vhdx.

    My SYSTEM THREE is a Dell Latitude 5410, i7-10610U, 32GB RAM, 512GB NVMe ssd, supported device running Windows 11 Pro.

    My SYSTEM FOUR is a 2-in-1 convertible Lenovo Yoga 11e 20DA, Celeron N2930, 8GB RAM, 256GB ssd. Unsupported device: currently running Win10 Pro, plus Win11 Pro RTM and Insider Dev, Beta, and RP 24H2 as native boot vhdx.

    My SYSTEM FIVE is a Dell Latitude 3190 2-in-1, Pentium Silver N5030, 8GB RAM, 512GB NVMe ssd, supported device running Windows 11 Pro, plus Insider Beta, Dev, and Canary builds (and a few others) as a native boot .vhdx.

    My SYSTEM SIX is a Dell Latitude 5550, Core Ultra 7 165H, 64GB RAM, 1TB NVMe SSD, supported device, Windows 11 Pro 24H2, Hyper-V host machine.
Bree said:
@Brink's tutorial says it is sufficient to search for [SR] and who am I to argue with him.
Click to expand...
Why? It's questionable advice.

There are many errors within the CBS log which are pretty useless unless you look at the surrounding context. Some problems may not even be logged as errors. DISM is fairly okay at repairing file corruption but more often than not it will fail as well; it isn't very good at repairing nuanced problems which are typically due to registry corruption.

@ICIT2LOL I would open a command prompt and then the following command:

Rich (BB code): 
reg query "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing" /v EnableLog

Please post the output in your next post. It should be set to 0x1.
 

My Computer

System One

  • OS
    Windows 11, Windows 10, Linux Fedora Cinnamon
Bree said:
@Brink's tutorial says it is sufficient to search for [SR] and who am I to argue with him. This finds all cases where a corrupt file has been replaced from the component store, and those where it cannot be replaced because the store copy is also corrupt, then a DISM /RestoreHealth is required before running SFC again.
Click to expand...

x BlueRobot said:
Why? It's questionable advice.

There are many errors within the CBS log which are pretty useless unless you look at the surrounding context. Some problems may not even be logged as errors. DISM is fairly okay at repairing file corruption but more often than not it will fail as well; it isn't very good at repairing nuanced problems which are typically due to registry corruption.
Click to expand...

Since there are many things logged into the CBS.LOG, filtering it with "[SR]" will let you only see anything logged by SFC.

You shouldn't miss any SFC details, but it's fine to look at the whole log if wanted. It's just more work to sift through it.
 

My Computers

System One System Two

  • OS
    Windows 11 Pro for Workstations
    Computer type
    PC/Desktop
    Manufacturer/Model
    Custom self build
    CPU
    Intel i7-8700K 5 GHz
    Motherboard
    ASUS ROG Maximus XI Formula Z390
    Memory
    64 GB (4x16GB) G.SKILL TridentZ RGB DDR4 3600 MHz (F4-3600C18D-32GTZR)
    Graphics Card(s)
    ASUS ROG-STRIX-GTX1080TI-O11G-GAMING (11GB GDDR5X)
    Sound Card
    Integrated Digital Audio (S/PDIF)
    Monitor(s) Displays
    2 x Samsung Odyssey G75 27"
    Screen Resolution
    2560x1440
    Hard Drives
    1TB Samsung 990 PRO M.2,
    4TB Samsung 990 PRO M.2,
    8TB WD MyCloudEX2Ultra NAS
    PSU
    Seasonic Prime Titanium 850W
    Case
    Thermaltake Core P3 wall mounted
    Cooling
    Corsair Hydro H115i
    Keyboard
    Logitech wireless K800
    Mouse
    Logitech MX Master 3
    Internet Speed
    1 Gbps Download and 35 Mbps Upload
    Browser
    Chrome and Edge
    Antivirus
    Microsoft Defender
    Other Info
    Logitech Z625 speaker system,
    Logitech BRIO 4K Pro webcam,
    HP Color LaserJet Pro MFP M477fdn,
    CyberPower CP1500PFCLCD
    Galaxy S23 Plus phone
  • Operating System
    Windows 11 Pro
    Computer type
    Laptop
    Manufacturer/Model
    Surface Laptop 7 Copilot+ PC
    CPU
    Snapdragon X Elite (12 core) 3.42 GHz
    Memory
    16 GB LPDDR5x-7467 MHz
    Monitor(s) Displays
    15" HDR
    Screen Resolution
    2496 x 1664
    Hard Drives
    1 TB SSD
    Internet Speed
    Wi-Fi 7 and Bluetooth 5.4
    Browser
    Chrome and Edge
    Antivirus
    Microsoft Defender
Ok I tried Fablers suggestion and got the logs I think I was looking at the C: drive in This PC and not the command prompt. Having said that there was a lot of stuff there I don't understand anyway but thanks for all the replies folks at least I know how to do it now.
 

My Computer

System One

  • OS
    Windows 11 Pro 23H2 (OS Build 22631.4169) Desktop (OS Build 22621.4317)
    Computer type
    Laptop
    Manufacturer/Model
    Asus Vivo notebook X712FA or Desktop Ivy Bridge build
    CPU
    i7 -10510U / Intel i5 3750K
    Motherboard
    Asus generic & Asus P8Z77-V
    Memory
    Samsung 16GB DDR4 2666 MHz & G-Skill 16GB DDR3 2134MHz
    Graphics Card(s)
    On board Intel CPU graphics & Nvidia GeForce GTX 1050Ti
    Sound Card
    Laptop onboard & Xonar DSX Card
    Monitor(s) Displays
    Generic & Samsung 27" SAM0C4C
    Hard Drives
    Samsung 970 Pro NMe & Samsung 870 EVO 500GB
    PSU
    N/A
    Case
    N/A
    Cooling
    Asus in built
    Keyboard
    Generic
    Mouse
    Logitec Wireless
    Internet Speed
    50Mbs max allowance - occasionally up to 75Mbs
    Browser
    Brave
    Antivirus
    ESET Ultimate Security on both
    Other Info
    Desktop running Windows11 Pro with unsupported hardware fix
You must log in or register to reply here.

Similar threads

Win 11 Registry has old Windows Login Links
Replies
3
Views
283
pseymour
pseymour
No UEFI,Windows logo on windows boot
Replies
11
Views
617
krism
krism
Multiple Watchdog error logs on Resume from Sleep/Hibernation after 24H2
Replies
4
Views
626
glasskuter
glasskuter
I keep hearing reading sound from my external hdd
Replies
6
Views
225
Vsynced
Vsynced
Windows 11 lagging and stuck in windows logo
Replies
3
Views
608
andrew129260
andrew129260

Latest Support Threads

Latest Tutorials

Back
Top Bottom