How to analyze SFC /scannow logs
Sfc /scannow will inspect all of the important Windows files on your computer, including Windows DLL files. If System File Checker finds an issue with any of these protected files, it will replace it.
You can find the sfc logs inside CBS.log under C:\Windows\logs\CBS\ folder.
There will be a lot of entries in cbs logs. You can filter out the log for SFC by running the below command.
findstr /c:"[SR]" cbs.log > sfcdetails.txt
The above command will search for the string [SR] and if it found , then it copies the corresponding entry in to the sfcdetails.txt
Below is sample text extracted from CBS log by using the above command
-----------------------------------------------------------------------------------------------------------
2013-06-24 12:55:44, Info CSI 00000210 [SR] Verify complete
2013-06-24 12:55:44, Info CSI 00000211 [SR] Verifying 100 (0x00000064) components
2013-06-24 12:55:44, Info CSI 00000212 [SR] Beginning Verify and Repair transaction
2013-06-24 12:55:48, Info CSI 00000214 [SR] Verify complete
2013-06-24 12:55:48, Info CSI 00000215 [SR] Verifying 100 (0x00000064) components
2013-06-24 12:55:48, Info CSI 00000216 [SR] Beginning Verify and Repair transaction
2013-06-24 12:55:53, Info CSI 00000218 [SR] Verify complete
2013-06-24 12:55:54, Info CSI 00000219 [SR] Verifying 88 (0x00000058) components
2013-06-24 12:55:54, Info CSI 0000021a [SR] Beginning Verify and Repair transaction
2013-06-24 12:55:57, Info CSI 0000021c [SR] Verify complete
2013-06-24 12:55:57, Info CSI 0000021d [SR] Repairing 1 components
2013-06-24 12:55:57, Info CSI 0000021e [SR] Beginning Verify and Repair transaction
2013-06-24 12:55:57, Info CSI 00000220 [SR] Cannot repair member file [l:24{12}]"PhotoAcq.dll" of Microsoft-Windows-PhotoAcquire, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2013-06-24 12:55:57, Info CSI 00000222 [SR] Cannot repair member file [l:24{12}]"PhotoAcq.dll" of Microsoft-Windows-PhotoAcquire, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch2013-06-24 12:55:57, Info CSI 00000223 [SR] This component was referenced by [l:178{89}]"Microsoft-Windows-PhotoBasicPackage~31bf3856ad364e35~x86~~6.1.7600.16385.PhotoBasicUpdate"
2013-06-24 12:55:57, Info CSI 00000226 [SR] Could not reproject corrupted file [ml:520{260},l:82{41}]"\??\C:\Program Files\Windows Photo Viewer"\[l:24{12}]"PhotoAcq.dll"; source file in store is also corrupted
2013-06-24 12:55:57, Info CSI 00000228 [SR] Repair complete
2013-06-24 12:55:57, Info CSI 00000229 [SR] Committing transaction
2013-06-24 12:55:57, Info CSI 0000022d [SR] Verify and Repair Transaction completed. All files and registry keys listed in this transaction have been successfully repaired
---------------------------------------------------------------------------------------------------------------------------------
From the above log you can see that there are only entries with [SR] line which is generated by sfc. There are some entries by sfc where sfc cannot repair some of the dll files which is highlighted above. Here in this case PhotoAcq.dll was not repaired by sfc. We can resolve this issue by copying the same dll file from a working machine and replacing it.
In few cases you may have to copy the file into C:\Windows\winsxs or C:\Windows\servicing, where you may not have permission to copy the file. You can take ownership and give full permission to the location by running the below commands.
takeown /f C:\Windows\winsxs\folder or file name where you want to take ownership
icacls C:\Windows\winsxs\folder or file name /grant Administrators:F
You can find the sfc logs inside CBS.log under C:\Windows\logs\CBS\ folder.
There will be a lot of entries in cbs logs. You can filter out the log for SFC by running the below command.
findstr /c:"[SR]" cbs.log > sfcdetails.txt
The above command will search for the string [SR] and if it found , then it copies the corresponding entry in to the sfcdetails.txt
Below is sample text extracted from CBS log by using the above command
-----------------------------------------------------------------------------------------------------------
2013-06-24 12:55:44, Info CSI 00000210 [SR] Verify complete
2013-06-24 12:55:44, Info CSI 00000211 [SR] Verifying 100 (0x00000064) components
2013-06-24 12:55:44, Info CSI 00000212 [SR] Beginning Verify and Repair transaction
2013-06-24 12:55:48, Info CSI 00000214 [SR] Verify complete
2013-06-24 12:55:48, Info CSI 00000215 [SR] Verifying 100 (0x00000064) components
2013-06-24 12:55:48, Info CSI 00000216 [SR] Beginning Verify and Repair transaction
2013-06-24 12:55:53, Info CSI 00000218 [SR] Verify complete
2013-06-24 12:55:54, Info CSI 00000219 [SR] Verifying 88 (0x00000058) components
2013-06-24 12:55:54, Info CSI 0000021a [SR] Beginning Verify and Repair transaction
2013-06-24 12:55:57, Info CSI 0000021c [SR] Verify complete
2013-06-24 12:55:57, Info CSI 0000021d [SR] Repairing 1 components
2013-06-24 12:55:57, Info CSI 0000021e [SR] Beginning Verify and Repair transaction
2013-06-24 12:55:57, Info CSI 00000220 [SR] Cannot repair member file [l:24{12}]"PhotoAcq.dll" of Microsoft-Windows-PhotoAcquire, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2013-06-24 12:55:57, Info CSI 00000222 [SR] Cannot repair member file [l:24{12}]"PhotoAcq.dll" of Microsoft-Windows-PhotoAcquire, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch2013-06-24 12:55:57, Info CSI 00000223 [SR] This component was referenced by [l:178{89}]"Microsoft-Windows-PhotoBasicPackage~31bf3856ad364e35~x86~~6.1.7600.16385.PhotoBasicUpdate"
2013-06-24 12:55:57, Info CSI 00000226 [SR] Could not reproject corrupted file [ml:520{260},l:82{41}]"\??\C:\Program Files\Windows Photo Viewer"\[l:24{12}]"PhotoAcq.dll"; source file in store is also corrupted
2013-06-24 12:55:57, Info CSI 00000228 [SR] Repair complete
2013-06-24 12:55:57, Info CSI 00000229 [SR] Committing transaction
2013-06-24 12:55:57, Info CSI 0000022d [SR] Verify and Repair Transaction completed. All files and registry keys listed in this transaction have been successfully repaired
---------------------------------------------------------------------------------------------------------------------------------
From the above log you can see that there are only entries with [SR] line which is generated by sfc. There are some entries by sfc where sfc cannot repair some of the dll files which is highlighted above. Here in this case PhotoAcq.dll was not repaired by sfc. We can resolve this issue by copying the same dll file from a working machine and replacing it.
In few cases you may have to copy the file into C:\Windows\winsxs or C:\Windows\servicing, where you may not have permission to copy the file. You can take ownership and give full permission to the location by running the below commands.
takeown /f C:\Windows\winsxs\folder or file name where you want to take ownership
icacls C:\Windows\winsxs\folder or file name /grant Administrators:F
Comments
Post a Comment