If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
Thread Tools | Rate Thread | Display Modes |
#1
|
|||
|
|||
Windows 10 - CBS Log Hash
Running Windows 10 Pro x64. In the CBS log how does Microsoft calculate the
hash and is there a free non Microsoft program that will do the samething? Also does DISM restore health use the CBS log? -- Bill Brought to you from Anchorage, Alaska |
Ads |
#2
|
|||
|
|||
Windows 10 - CBS Log Hash
Bill Bradshaw wrote:
Running Windows 10 Pro x64. In the CBS log how does Microsoft calculate the hash and is there a free non Microsoft program that will do the samething? Also does DISM restore health use the CBS log? Many programs restore health by "scanning stuff". The purpose of scanning stuff, is to determine what is going on, right at this instant in time. CBS.log would be a file the system can write. But not a lot of things would be reading it. It's the Component Based Servicing, which uses the WinSXS folder for management of OS patching. Files are hardlinked (not copied), from WinSXS to System32. If you want a hash identified, you'd probably have to provide a sample of one, copied and pasted into a post. Paul |
#3
|
|||
|
|||
Windows 10 - CBS Log Hash
Paul wrote:
Bill Bradshaw wrote: Running Windows 10 Pro x64. In the CBS log how does Microsoft calculate the hash and is there a free non Microsoft program that will do the samething? Also does DISM restore health use the CBS log? Many programs restore health by "scanning stuff". The purpose of scanning stuff, is to determine what is going on, right at this instant in time. CBS.log would be a file the system can write. But not a lot of things would be reading it. It's the Component Based Servicing, which uses the WinSXS folder for management of OS patching. Files are hardlinked (not copied), from WinSXS to System32. If you want a hash identified, you'd probably have to provide a sample of one, copied and pasted into a post. Paul This is from running sfc /scannow (cbs.log): Steps Recorder is file "psr.exe." psr.exe C:\Windows\System32 190 kB 12/6/2019 11:42 AM 12/7/2019 1:53 AM Application psr.exe C:\Windows\SysWOW64 190 kB 12/6/2019 11:42 AM 12/7/2019 1:53 AM Application psr.exe C:\Windows\WinSxS\amd64_microsoft-windows-a..roblemstepsrecorder_31bf3856ad364e35_10.0.19041 .1_none_90e29eafea574969 232 kB 12/6/2019 1:27 PM 12/7/2019 1:53 AM Application psr.exe C:\Windows\WinSxS\wow64_microsoft-windows-a..roblemstepsrecorder_31bf3856ad364e35_10.0.19041 .1_none_9b3749021eb80b64 190 kB 12/6/2019 11:42 AM 12/7/2019 1:53 AM Application Note 3 files with sizes matching and 1 not. I would like to be able to check the hashes for each of these files and see if one of them matches the hash scannow is looking for. 2020-08-26 08:56:01, Info CSI 0000004c Hashes for file member [l:18]'Steps Recorder.lnk' do not match. Expected: {l:32 ml:33 b:89d38e0765b3ad9c3edb7f641ed3ffba1e12bb89d9fd6d3b e72a571dc6e4161f}. Actual: {l:32 b:ad4118a2d61922a1a6e65fd209ba4f1b4260e4b0d03168f9 4bf2b9763e9bbbb6}. 2020-08-26 08:56:01, Info CSI 0000004d [SR] Cannot repair member file [l:18]'Steps Recorder.lnk' of Microsoft-Windows-Application-Compatibility-ProblemStepsRecorder, version 10.0.19041.1, arch amd64, nonSxS, pkt {l:8 b:31bf3856ad364e35} in the store, hash mismatch 2020-08-26 08:56:02, Info CSI 0000004e Hashes for file member [l:16]'Task Manager.lnk' do not match. So what I can use to check these. My hash program will not return any hash that looks Microsoft's. Hopefully this email shows up not to messed up. Bill |
#4
|
|||
|
|||
Windows 10 - CBS Log Hash
Bill Bradshaw wrote:
Paul wrote: Bill Bradshaw wrote: Running Windows 10 Pro x64. In the CBS log how does Microsoft calculate the hash and is there a free non Microsoft program that will do the samething? Also does DISM restore health use the CBS log? Many programs restore health by "scanning stuff". The purpose of scanning stuff, is to determine what is going on, right at this instant in time. CBS.log would be a file the system can write. But not a lot of things would be reading it. It's the Component Based Servicing, which uses the WinSXS folder for management of OS patching. Files are hardlinked (not copied), from WinSXS to System32. If you want a hash identified, you'd probably have to provide a sample of one, copied and pasted into a post. Paul This is from running sfc /scannow (cbs.log): Steps Recorder is file "psr.exe." psr.exe C:\Windows\System32 190 kB 12/6/2019 11:42 AM 12/7/2019 1:53 AM Application psr.exe C:\Windows\SysWOW64 190 kB 12/6/2019 11:42 AM 12/7/2019 1:53 AM Application psr.exe C:\Windows\WinSxS\amd64_microsoft-windows-a..roblemstepsrecorder_31bf3856ad364e35_10.0.19041 .1_none_90e29eafea574969 232 kB 12/6/2019 1:27 PM 12/7/2019 1:53 AM Application psr.exe C:\Windows\WinSxS\wow64_microsoft-windows-a..roblemstepsrecorder_31bf3856ad364e35_10.0.19041 .1_none_9b3749021eb80b64 190 kB 12/6/2019 11:42 AM 12/7/2019 1:53 AM Application Note 3 files with sizes matching and 1 not. I would like to be able to check the hashes for each of these files and see if one of them matches the hash scannow is looking for. 2020-08-26 08:56:01, Info CSI 0000004c Hashes for file member [l:18]'Steps Recorder.lnk' do not match. Expected: {l:32 ml:33 b:89d38e0765b3ad9c3edb7f641ed3ffba1e12bb89d9fd6d3b e72a571dc6e4161f}. Actual: {l:32 b:ad4118a2d61922a1a6e65fd209ba4f1b4260e4b0d03168f9 4bf2b9763e9bbbb6}. 2020-08-26 08:56:01, Info CSI 0000004d [SR] Cannot repair member file [l:18]'Steps Recorder.lnk' of Microsoft-Windows-Application-Compatibility-ProblemStepsRecorder, version 10.0.19041.1, arch amd64, nonSxS, pkt {l:8 b:31bf3856ad364e35} in the store, hash mismatch 2020-08-26 08:56:02, Info CSI 0000004e Hashes for file member [l:16]'Task Manager.lnk' do not match. So what I can use to check these. My hash program will not return any hash that looks Microsoft's. Hopefully this email shows up not to messed up. Bill OK, go to Virustotal.com and select "Search" option. Enter "89d38e0765b3ad9c3edb7f641ed3ffba1e12bb89d9fd6d3be 72a571dc6e4161f". You can see it is SHA256 being used as a hash. https://www.virustotal.com/gui/file/...161f/detection And if I enter "ad4118a2d61922a1a6e65fd209ba4f1b4260e4b0d03168f94 bf2b9763e9bbbb6", I discover the actual file is a DLL that I don't recognize. Like somebody or some thing has broken a linkage to the correct item. https://www.virustotal.com/gui/file/ad4118a2d61922a1a6e65fd209ba4f1b4260e4b0d03168f94b f2b9763e9bbbb6/detection" Apparently IASRECST.DLL was associated with a Malwarebytes false positive two years ago. That's the only abnormal thing of note in a quick search. ******* The bash shell has a sha256sum in it. Microsoft has certutil, but I don't know if that's on the C: drive or not. It might have been part of visualstudio. 7ZIP compression utility, puts a couple polynomials in a shell extension. Right click and go. That has sha256. Paul |
#5
|
|||
|
|||
Windows 10 - CBS Log Hash
Paul wrote:
Bill Bradshaw wrote: Paul wrote: Bill Bradshaw wrote: Running Windows 10 Pro x64. In the CBS log how does Microsoft calculate the hash and is there a free non Microsoft program that will do the samething? Also does DISM restore health use the CBS log? Many programs restore health by "scanning stuff". The purpose of scanning stuff, is to determine what is going on, right at this instant in time. CBS.log would be a file the system can write. But not a lot of things would be reading it. It's the Component Based Servicing, which uses the WinSXS folder for management of OS patching. Files are hardlinked (not copied), from WinSXS to System32. If you want a hash identified, you'd probably have to provide a sample of one, copied and pasted into a post. Paul This is from running sfc /scannow (cbs.log): Steps Recorder is file "psr.exe." psr.exe C:\Windows\System32 190 kB 12/6/2019 11:42 AM 12/7/2019 1:53 AM Application psr.exe C:\Windows\SysWOW64 190 kB 12/6/2019 11:42 AM 12/7/2019 1:53 AM Application psr.exe C:\Windows\WinSxS\amd64_microsoft-windows-a..roblemstepsrecorder_31bf3856ad364e35_10.0.19041 .1_none_90e29eafea574969 232 kB 12/6/2019 1:27 PM 12/7/2019 1:53 AM Application psr.exe C:\Windows\WinSxS\wow64_microsoft-windows-a..roblemstepsrecorder_31bf3856ad364e35_10.0.19041 .1_none_9b3749021eb80b64 190 kB 12/6/2019 11:42 AM 12/7/2019 1:53 AM Application Note 3 files with sizes matching and 1 not. I would like to be able to check the hashes for each of these files and see if one of them matches the hash scannow is looking for. 2020-08-26 08:56:01, Info CSI 0000004c Hashes for file member [l:18]'Steps Recorder.lnk' do not match. Expected: {l:32 ml:33 b:89d38e0765b3ad9c3edb7f641ed3ffba1e12bb89d9fd6d3b e72a571dc6e4161f}. Actual: {l:32 b:ad4118a2d61922a1a6e65fd209ba4f1b4260e4b0d03168f9 4bf2b9763e9bbbb6}. 2020-08-26 08:56:01, Info CSI 0000004d [SR] Cannot repair member file [l:18]'Steps Recorder.lnk' of Microsoft-Windows-Application-Compatibility-ProblemStepsRecorder, version 10.0.19041.1, arch amd64, nonSxS, pkt {l:8 b:31bf3856ad364e35} in the store, hash mismatch 2020-08-26 08:56:02, Info CSI 0000004e Hashes for file member [l:16]'Task Manager.lnk' do not match. So what I can use to check these. My hash program will not return any hash that looks Microsoft's. Hopefully this email shows up not to messed up. Bill OK, go to Virustotal.com and select "Search" option. Enter "89d38e0765b3ad9c3edb7f641ed3ffba1e12bb89d9fd6d3be 72a571dc6e4161f". You can see it is SHA256 being used as a hash. https://www.virustotal.com/gui/file/...161f/detection And if I enter "ad4118a2d61922a1a6e65fd209ba4f1b4260e4b0d03168f94 bf2b9763e9bbbb6", I discover the actual file is a DLL that I don't recognize. Like somebody or some thing has broken a linkage to the correct item. https://www.virustotal.com/gui/file/ad4118a2d61922a1a6e65fd209ba4f1b4260e4b0d03168f94b f2b9763e9bbbb6/detection" Apparently IASRECST.DLL was associated with a Malwarebytes false positive two years ago. That's the only abnormal thing of note in a quick search. ******* The bash shell has a sha256sum in it. Microsoft has certutil, but I don't know if that's on the C: drive or not. It might have been part of visualstudio. 7ZIP compression utility, puts a couple polynomials in a shell extension. Right click and go. That has sha256. Paul I did some more research and it appears the file link problem has been around since at least mid 2019. Supposedly it was fixed. I just finished a clean install of 2004 x64 a couple of days ago and now I have this problem. I tried running dism /online /cleanup-image /restore-health but it did not work so I need a source. I see people think if I download the latest iso it will match my current version 19041.450. So that is my next step. Just in case for the future I will still look for a program that will do SHA256. Personal computers save us so much time:-). Bill |
#6
|
|||
|
|||
Windows 10 - CBS Log Hash
Bill Bradshaw wrote:
Paul wrote: Bill Bradshaw wrote: Paul wrote: Bill Bradshaw wrote: Running Windows 10 Pro x64. In the CBS log how does Microsoft calculate the hash and is there a free non Microsoft program that will do the samething? Also does DISM restore health use the CBS log? Many programs restore health by "scanning stuff". The purpose of scanning stuff, is to determine what is going on, right at this instant in time. CBS.log would be a file the system can write. But not a lot of things would be reading it. It's the Component Based Servicing, which uses the WinSXS folder for management of OS patching. Files are hardlinked (not copied), from WinSXS to System32. If you want a hash identified, you'd probably have to provide a sample of one, copied and pasted into a post. Paul This is from running sfc /scannow (cbs.log): Steps Recorder is file "psr.exe." psr.exe C:\Windows\System32 190 kB 12/6/2019 11:42 AM 12/7/2019 1:53 AM Application psr.exe C:\Windows\SysWOW64 190 kB 12/6/2019 11:42 AM 12/7/2019 1:53 AM Application psr.exe C:\Windows\WinSxS\amd64_microsoft-windows-a..roblemstepsrecorder_31bf3856ad364e35_10.0.19041 .1_none_90e29eafea574969 232 kB 12/6/2019 1:27 PM 12/7/2019 1:53 AM Application psr.exe C:\Windows\WinSxS\wow64_microsoft-windows-a..roblemstepsrecorder_31bf3856ad364e35_10.0.19041 .1_none_9b3749021eb80b64 190 kB 12/6/2019 11:42 AM 12/7/2019 1:53 AM Application Note 3 files with sizes matching and 1 not. I would like to be able to check the hashes for each of these files and see if one of them matches the hash scannow is looking for. 2020-08-26 08:56:01, Info CSI 0000004c Hashes for file member [l:18]'Steps Recorder.lnk' do not match. Expected: {l:32 ml:33 b:89d38e0765b3ad9c3edb7f641ed3ffba1e12bb89d9fd6d3b e72a571dc6e4161f}. Actual: {l:32 b:ad4118a2d61922a1a6e65fd209ba4f1b4260e4b0d03168f9 4bf2b9763e9bbbb6}. 2020-08-26 08:56:01, Info CSI 0000004d [SR] Cannot repair member file [l:18]'Steps Recorder.lnk' of Microsoft-Windows-Application-Compatibility-ProblemStepsRecorder, version 10.0.19041.1, arch amd64, nonSxS, pkt {l:8 b:31bf3856ad364e35} in the store, hash mismatch 2020-08-26 08:56:02, Info CSI 0000004e Hashes for file member [l:16]'Task Manager.lnk' do not match. So what I can use to check these. My hash program will not return any hash that looks Microsoft's. Hopefully this email shows up not to messed up. Bill OK, go to Virustotal.com and select "Search" option. Enter "89d38e0765b3ad9c3edb7f641ed3ffba1e12bb89d9fd6d3be 72a571dc6e4161f". You can see it is SHA256 being used as a hash. https://www.virustotal.com/gui/file/...161f/detection And if I enter "ad4118a2d61922a1a6e65fd209ba4f1b4260e4b0d03168f94 bf2b9763e9bbbb6", I discover the actual file is a DLL that I don't recognize. Like somebody or some thing has broken a linkage to the correct item. https://www.virustotal.com/gui/file/ad4118a2d61922a1a6e65fd209ba4f1b4260e4b0d03168f94b f2b9763e9bbbb6/detection" Apparently IASRECST.DLL was associated with a Malwarebytes false positive two years ago. That's the only abnormal thing of note in a quick search. ******* The bash shell has a sha256sum in it. Microsoft has certutil, but I don't know if that's on the C: drive or not. It might have been part of visualstudio. 7ZIP compression utility, puts a couple polynomials in a shell extension. Right click and go. That has sha256. Paul I did some more research and it appears the file link problem has been around since at least mid 2019. Supposedly it was fixed. I just finished a clean install of 2004 x64 a couple of days ago and now I have this problem. I tried running dism /online /cleanup-image /restore-health but it did not work so I need a source. I see people think if I download the latest iso it will match my current version 19041.450. So that is my next step. Just in case for the future I will still look for a program that will do SHA256. Personal computers save us so much time:-). Bill Got this sorted out once I figured out how to use /source with DISM. Bill |
Thread Tools | |
Display Modes | Rate This Thread |
|
|