Windows-10 Home: random crash with black, non-illuminated screen

    IGT said:
    I don't have any issues with running native Windows commands (manually}. My reluctance is via any non-native (Windows) script. That said, what data from what named-log is Tenforums asking for? I'll get and manually upload/attach to this thread or, providing our network allows the connection, to Virustotal.


    I was honestly hoping to get help with reading and understanding what 'Event-Viewer', 'Reliability Monitor' and the CBS logs are reporting. Learning that would be huge, and may lead me to what is generating these critical errors and BSOD shutdown's
    I said it previously, and ps, its a PS script. Power Shell, native windows script.

    Also, is this a work computer?

    tomdsr said:
    it can be viewed before running it, it doesnt do anything bad. it collects information that we need to troubleshoot your issue instead of guessing.
    here, a couple screenshots of it.
    1 is the cmd window.
    2 is the output folder with file names for the logs you want to hand pick (not all are shown).
    3 is the code from the script for your perusal since you did not view it (not run it). you can view it without running it. you did know that, right?

    Windows-10 Home: random crash with black, non-illuminated screen-1.png
    Windows-10 Home: random crash with black, non-illuminated screen-2.png
    # Script Written By Spectrum #
    #Requires -Version 4.0
    # Any errors at the start should be treated as fatal
    $ErrorActionPreference = 'Stop'
    # Version String
    $ScriptVersion = "V2 Log Collector 1.11 - 12/4/20"
    # Default to UTF-8 output
    $PSDefaultParameterValues['*:Encoding'] = 'UTF8'
    # If we are running PowerShell Core, ensure that it is running Windows
    If ( ($PSVersionTable.PSEdition -eq "core") -and (!$IsWindows) )
    	Write-Warning "This script is for triaging Windows kernel panics, and does not work on non-Windows systems."
    	Write-Warning "Detected OS: $env:OS"
    # Check if constrained language mode is enabled, this may impact the execution of this script.
    If ( $ExecutionContext.SessionState.LanguageMode -eq "ConstrainedLanguage" )
    	Write-Warning "Constrained language mode is enabled, this prevents the script from running properly."
    # Detect Windows version
    $WindowsBuild = [System.Environment]::OSVersion.Version.Build
    $Win1709Build = 16299
    $Win81Build   = 9600
    # Check if we are running PowerShell Core 6
    # This is needed as some cmdlets and variables only work with legacy PowerShell or PowerShell 7+ (Get-Disk, Get-PhysicalDisk, Get-MpPreference, etc.)
    If ( ($PSVersionTable.PSEdition -eq "core") -and ($Host.Version.Major -eq 6) )
    	Return "This script does not work with PowerShell 6, please use 5.1 or 7+"
    # Abort if Controlled Folder Access is enabled, as it prevents log files from being placed on the desktop
    If ( $WindowsBuild -ge $Win1709Build )
    	If ( (Get-MpPreference).EnableControlledFolderAccess -eq 1 )
    		Write-Warning "Controlled Folder Access is enabled in Windows Defender, this prevents the script from placing log files on your Desktop."
    		Write-Output "`n"
    		Write-Warning "If you would like allow this script to run, please temporarily disable Controlled Folder Access in Windows Defender Security Center and then re-launch this script."
    		Write-Output "`n"
    		Read-Host -Prompt "Press Enter to close this window"
    		Stop-Process -ID $PID | Out-Null
    # If the OS is 64-bit and this script was launched with 32-bit PowerShell, relaunch with 64-bit PowerShell and exit the current instance
    If ( [Environment]::Is64BitOperatingSystem -eq $True -and [Environment]::Is64BitProcess -eq $False )
    	&"$env:SystemRoot\sysnative\windowspowershell\v1.0\powershell.exe" -NoProfile -ExecutionPolicy Bypass -NoExit -File $myInvocation.InvocationName
    	Stop-Process -ID $PID | Out-Null
    # Startup Banner
    Write-Output "
      ______              ______                          _
     /_  __/__  ____     / ____/___  _______  __________ ( )_____
      / / / _ \/ __ \   / /_  / __ \/ ___/ / / / __  __ \|// ___/
     / / /  __/ / / /  / __/ / /_/ / /  / /_/ / / / / / / (__  )
    /_/  \___/_/ /_/  /_/    \____/_/   \__,_/_/ /_/ /_/ /____/
        __                   ______      ____          __
       / /   ____  ______   / ____/___  / / /__  _____/ /_____  _____
      / /   / __ \/ __ ` /  / /   / __ \/ / / _ \/ ___/ __/ __ \/ ___/
     / /___/ /_/ / /_/ /  / /___/ /_/ / / /  __/ /__/ /_/ /_/ / /
    /_____/\____/\__, /   \____/\____/_/_/\___/\___/\__/\____/_/
    "`n" * 3
    Write-Output $ScriptVersion
    Write-Output "Script written by Spectrum"
    Read-Host -Prompt "Press Enter to continue"
    # Track execution time of the script
    $StopWatchMain = [System.Diagnostics.StopWatch]::StartNew()
    # Log file
    $Guid = [System.Guid]::NewGuid().ToString()
    $TranscriptFile = "transcript-main.txt"
    $TempFolderPath = Join-Path -Path $env:TEMP -ChildPath $Guid
    $TranscriptPath = Join-Path -Path $TempFolderPath -ChildPath $TranscriptFile
    New-Item -ItemType Directory -Path $TempFolderPath | Out-Null
    # Begin logging
    Start-Transcript -Path $TranscriptPath -Force | Out-Null
    Write-Information -MessageData $ScriptVersion
    Write-Information -MessageData $Guid
    # Create folder name
    $Time       = Get-Date -Format "yyyy-MM-dd_HH-mm-ss"
    $FolderName = "$env:COMPUTERNAME-($Time)"
    # Define paths to other script files
    $ElevatedScriptPath = Join-Path -Path $PSScriptRoot -ChildPath "elevated.ps1"
    $LoggerModule       = Join-Path -Path $PSScriptRoot -ChildPath "logger-module.psm1"
    # Output folders
    $Desktop      = [Environment]::GetFolderPath("Desktop")
    $Path         = Join-Path -Path $Desktop -ChildPath $FolderName
    $EventLogs    = Join-Path -Path $Path -ChildPath "Event Logs"
    $PowerReports = Join-Path -Path $Path -ChildPath "Power Reports"
    # Output files
    $CPU               = Join-Path -Path $Path -ChildPath "cpu.txt"
    $DriverTable       = Join-Path -Path $Path -ChildPath "driver-table.txt"
    $DriverVersions    = Join-Path -Path $Path -ChildPath "driver-versions.txt"
    $DxDiagFile        = Join-Path -Path $Path -ChildPath "dxdiag.txt"
    $FileHashes        = Join-Path -Path $env:LOCALAPPDATA -ChildPath "hashes.txt"
    $GPU               = Join-Path -Path $Path -ChildPath "gpu.txt"
    $HostsReport       = Join-Path -Path $Path -ChildPath "hosts.txt"
    $InstalledSoftware = Join-Path -Path $Path -ChildPath "installed-software.txt"
    $DiagLogTemp       = "licensingdiag-log.txt"
    $LicenseDiagLog    = Join-Path -Path $TempFolderPath -ChildPath $DiagLogTemp
    $LicenseFile       = Join-Path -Path $Path -ChildPath "genuine.txt"
    $LicneseXmlName    = "genuine.xml"
    $LicenseXmlTemp    = Join-Path -Path $TempFolderPath -ChildPath $LicneseXmlName
    $Motherboard       = Join-Path -Path $Path -ChildPath "motherboard.txt"
    $NetworkInfo       = Join-Path -Path $Path -ChildPath "network-info.txt"
    $PowerPlan         = Join-Path -Path $PowerReports -ChildPath "power-plan.txt"
    $RAM               = Join-Path -Path $Path -ChildPath "ram.txt"
    $SleepStates       = Join-Path -Path $PowerReports -ChildPath "sleep-states.txt"
    $SystemInfo        = Join-Path -Path $Path -ChildPath "msinfo32.nfo"
    $TranscriptDest    = Join-Path -Path $Path -ChildPath $TranscriptFile
    $WindowsUpdates    = Join-Path -Path $Path -ChildPath "windows-updates.txt"
    $Zip               = $Path + ".zip"
    # Where to download autoruns from and where to place the executable
    $AutorunsURL  = ""
    $AutorunsPath = Join-Path -Path $PSScriptRoot -ChildPath "autorunsc.exe"
    # Native file and folder locations
    $HostsFile = Join-Path $env:SystemRoot -ChildPath "System32\drivers\etc\hosts"
    $System32  = Join-Path -Path $env:SystemRoot -ChildPath "System32"
    # Full paths of executables used in this script, in case the system's environment variables have been messed with
    $DriverQueryPath = Join-Path -Path $System32 -ChildPath "driverquery.exe"
    $DXDiagPath      = Join-Path -Path $System32 -ChildPath "dxdiag.exe"
    $IpconfigPath    = Join-Path -Path $System32 -ChildPath "ipconfig.exe"
    $LicenseDiagPath = Join-Path -Path $System32 -ChildPath "licensingdiag.exe"
    $MsInfo32Path    = Join-Path -Path $System32 -ChildPath "msinfo32.exe"
    $PowerCfgPath    = Join-Path -Path $System32 -ChildPath "powercfg.exe"
    $PowerShellPath  = Get-Process -PID $PID | Select-Object -ExpandProperty "Path"
    $RoutePath       = Join-Path -Path $System32 -ChildPath "route.exe"
    # Timeouts for asynchronous processes to complete, in seconds
    $DriverQueryTimeout    = 120
    $DxDiagTimeout         =  90
    $ElevatedScriptTimeout = 150
    $LicenseTimeout        = 120
    $MsInfo32Timeout       = 420
    # Import custom module containing support functions
    Import-Module $LoggerModule
    # Set window size to 1000 by 1000 to avoid truncation when sending output to files
    $Host.UI.RawUI.BufferSize = New-Object Management.Automation.Host.Size(1000,1000)
    # Check for pre-existing files and folders, and remove them if they exist
    If ( Test-Path -Path $Path )
    	Remove-Item -Path $Path -Recurse -Force | Out-Null
    If ( Test-Path -Path $Zip )
    	Remove-Item -Path $Zip -Force | Out-Null
    # Create directories and files
    New-Item -ItemType Directory -Path $Path -Force | Out-Null
    New-Item -ItemType Directory -Path $EventLogs | Out-Null
    New-Item -ItemType Directory -Path $PowerReports | Out-Null
    # End of "critical" area, errors will now default to being non-fatal
    $ErrorActionPreference = 'Continue'
    # Check that the OS is supported, warn if it is not
    If ( $WindowsBuild -lt $Win81Build )
    	Write-Warning "Unsupported version of Windows detected.  Minimum build supported: $Win81Build, your build is: $WindowsBuild."
    # Generate System Information Report
    Write-Output "Generating system information report, this may take a while..."
    	$MsInfo32 = Start-Process -FilePath $MsInfo32Path -ArgumentList """/nfo"" ""$SystemInfo""" -PassThru
        Write-Warning "Failed to launch $MsInfo32Path"
        Write-Output $error[0]
    # Download autorunsc.exe, this will later be run in elevated.ps1
    Get-RemoteFile -URL $AutorunsURL -FileName "autorunsc" -DestinationPath $AutorunsPath
    # Start elevated.ps1
    If ( Test-Path -Path $ElevatedScriptPath )
    	Write-Output "Launching elevated script..."
    		$ElevatedScript = Start-Process -FilePath $PowerShellPath `
    										-ArgumentList """-ExecutionPolicy"" ""Bypass"" ""-NonInteractive"" ""-NoProfile"" ""-NoExit"" ""-File"" ""$ElevatedScriptPath"" ""$Path"" ""$Guid"" ""$TempFolderPath""" `
    										-Verb RunAs `
    		Write-Warning "Failed to launch elevated script!"
            Write-Output $error[0]
    	Write-Warning "$ElevatedScriptPath not found!"
    # Start DirectX Diagnostics Report
    Write-Output "Running DirectX diagnostics..."
    	$DxDiag = Start-Process -FilePath $DXDiagPath -ArgumentList "/dontskip","/whql:off","/t","$DxDiagFile" -WindowStyle Hidden -PassThru
    	Write-Warning "Failed to run DirectX diagnostics!"
        Write-Output $error[0]
    # Start Driver Query
    	$DriverQuery = Start-Process -FilePath $DriverQueryPath -ArgumentList "/v","/fo table" -WindowStyle Hidden -RedirectStandardOutput $DriverTable -PassThru
    	Write-Warning "Failed to run Driver Query!"
        Write-Output $error[0]
    # Start License Diagnostics
    	# licensingdiag.exe outputs error messages to standardoutput, which is why we are not using -RedirectStandardError
    	$LicenseDiag = Start-Process -FilePath $LicenseDiagPath -ArgumentList "/report","$LicenseXmlTemp" -RedirectStandardOutput $LicenseDiagLog -WindowStyle Hidden -PassThru
    	Write-Warning "Failed to run licensing diagnostics!"
        Write-Output $error[0]
    # Export System, Application, and PnP Event Logs
    Export-EventLog -DestinationPath $EventLogs
    # Driver information
    Write-Output "Gathering device driver information..."
    $DriverInfoAttributes = "DeviceName", "FriendlyName", "InfName", "DriverVersion", "DeviceID", "IsSigned", "DriverDate"
    Get-CimInstance -ClassName Win32_PnPSignedDriver | Select-Object -Property $DriverInfoAttributes | Sort-Object -Property DeviceName | Format-Table -AutoSize | Out-File -FilePath $DriverVersions
    # Get default power plan
    Write-Output "Checking power settings..."
    &$PowerCfgPath /list 2> $null | Out-File -FilePath $PowerPlan
    # List available sleep states
    &$PowerCfgPath /availablesleepstates 2> $null | Out-File -FilePath $SleepStates
    # RAM info
    Write-Output "Getting hardware information..."
    Get-MemoryInfo | Format-List | Out-File -FilePath $RAM
    # Processor information
    $ProcessorAttributes = "Name", "Description", "Manufacturer", "DeviceID", "SocketDesignation", "CurrentClockSpeed", "CPUStatus", `
    					   "LastErrorCode", "ErrorDescription", "PartNumber", "Revision", "SerialNumber", "ProcessorId", "Status", `
    					   "StatusInfo", "Stepping", "CurrentVoltage", "VoltageCaps"
    Get-CimInstance -ClassName Win32_Processor | Select-Object -Property $ProcessorAttributes | Format-List | Out-File -FilePath $CPU
    # System Board information
    Write-Output "Motherboard Details" | Out-File -Append -FilePath $Motherboard
    $BaseBoardAttributes = "Product", "Model", "Version", "Manufacturer", "Description", "Name", "SKU"
    Get-CimInstance -ClassName Win32_BaseBoard | Select-Object -Property $BaseBoardAttributes | Format-List | Out-File -Append -FilePath $Motherboard
    # UEFI/BIOS properties
    Write-Output "UEFI/BIOS Details" | Out-File -Append -FilePath $Motherboard
    $BiosAttributes = "SMBIOSBIOSVersion", "Manufacturer", "Name", "Version", "BIOSVersion", "ReleaseDate"
    Get-CimInstance -ClassName Win32_Bios | Select-Object -Property $BiosAttributes | Format-List | Out-File -Append -FilePath $Motherboard
    # GPU information
    $GpuAttributes = "Name", "DeviceID", "PNPDeviceID", "VideoProcessor", "CurrentRefreshRate", "VideoModeDescription", "AdapterRAM", `
    				 "DriverVersion", "InfFilename", "InstalledDisplayDrivers", "InstallDate", "DriverDate", "Status", "StatusInfo", `
    				 "LastErrorCode", "ErrorDescription"
    Get-CimInstance -ClassName Win32_VideoController | Select-Object -Property $GpuAttributes | Format-List | Out-File -FilePath $GPU
    # Installed software information
    Write-Output "Listing installed software..."
    Get-InstalledSoftware -DestinationPath $InstalledSoftware
    # Installed Windows Updates
    Write-Output "Listing installed Windows updates..."
    Get-CimInstance -ClassName Win32_QuickFixEngineering | Select-Object -Property HotFixID,Description,InstalledOn | Sort-Object -Property InstalledOn,HotFixID | Format-Table -AutoSize | Out-File -FilePath $WindowsUpdates
    # Basic networking information
    Write-Output "Finding network information..."
    &$IpconfigPath /allcompartments /all 2> $null | Select-Object -Skip 1 | Out-File -FilePath $NetworkInfo
    &$RoutePath print | Out-File -Append -FilePath $NetworkInfo 2> $null
    # Copy relevant entries from the hosts file
    Write-Output "Examining hosts file..."
    If ( Test-Path -Path $HostsFile )
    	Get-Content -Path $HostsFile | Select-String '(|(' | Out-File -FilePath $HostsReport
    	Write-Warning "Hosts file not found."
    # Wait for licensingdiag.exe to finish
    If ( $LicenseDiag )
    	Wait-ProcessCustom -ProcessObject $LicenseDiag -ProcessName "licensingdiag.exe" -TimeoutSeconds $LicenseTimeout
    # Now that licensingdiag.exe has finished, attempt to process the xml file, redact the license key, and export from xml to flat text
    Write-Output "Creating Windows license report..."
    If ( Test-Path -Path $LicenseXmlTemp )
    	[xml] $LicenseXml = Get-Content -Path $LicenseXmlTemp
    	# Cleanup other files generated by licensingdiag.exe
    	Remove-Item -Path $LicenseXmlTemp -Force | Out-Null
    	Remove-Item -Path "$TempFolderPath\$env:COMPUTERNAME*.cab" -Force | Out-Null
    	# Redact potentially sensitive information that is not useful for troubleshooting before exporting as plaintext
    	$LicenseXml.DiagReport.LicensingData.OA3ProductKey = "Redacted"
    	$LicenseXml.DiagReport.GenuineAuthz.ServerProps    = "Redacted"
    	$LicenseXml.DiagReport.ChildNodes | Out-File -FilePath $LicenseFile
    	Write-Warning "$LicenseFileTemp does not exist."
    # Send all output of licensingdiag.exe to $LicenseFile
    If ( Test-Path -Path $LicenseDiagLog )
    	Get-Content -Encoding Unicode -Path $LicenseDiagLog | Out-File -Append -FilePath $LicenseFile
    	Remove-Item -Path $LicenseDiagLog -Force | Out-Null
    	Write-Information -MessageData "$LicenseDiagLog does not exist."
    # Wait for dxdiag.exe to finish
    If ( $DxDiag )
    	Wait-ProcessCustom -ProcessObject $DxDiag -ProcessName "dxdiag.exe" -TimeoutSeconds $DxDiagTimeout
    # Wait for driverquery.exe to finish
    If ( $DriverQuery )
    	Wait-ProcessCustom -ProcessObject $DriverQuery -ProcessName "driverquery.exe" -TimeoutSeconds $DriverQueryTimeout
    # Wait for msinfo32.exe to finish
    If ( $MsInfo32 )
    	Wait-ProcessCustom -ProcessObject $MsInfo32 -ProcessName "msinfo32.exe" -TimeoutSeconds $MsInfo32Timeout
    # Check that the msinfo32.nfo file was created, msinfo32.exe returns an exit code of 0 regardless of whether or not it ran into an error, so this check is necessary.
    $SystemInfoExists = Test-Path -Path $SystemInfo
    If ( !$SystemInfoExists )
    	Write-Warning "$SystemInfo not found, msinfo32.exe may have crashed or was canceled by the user."
    # Wait for elevated.ps1 to finish
    If ( $ElevatedScript )
    	Wait-ProcessCustom -ProcessObject $ElevatedScript -ProcessName "elevated script" -TimeoutSeconds $ElevatedScriptTimeout
    If ( $StopWatchMain.IsRunning )
    	Write-Information -MessageData "main.ps1 execution time (before file hashing and compression) was $($StopWatchMain.Elapsed.TotalSeconds) seconds."
    	Write-Information -MessageData "StopWatch instance for main.ps1 was not running."
    # Stop transcript since the file will need to be moved into the output folder
    Stop-Transcript | Out-Null
    # Move transcript to $Path
    If ( Test-Path -Path $TranscriptPath )
        Move-Item -Path $TranscriptPath -Destination $TranscriptDest -Force
    	Write-Output "$TranscriptPath not found." | Out-File -Append -FilePath $TranscriptDest
    If ( Test-Path -path $TempFolderPath )
    	Remove-Item -Path $TempFolderPath -Force
    # Get hash of files to later check for corruption, we skip .wer files as there can be hundreds of them which can take an excessive amount of time to hash
    $FileName = @{Name="FileName";Expression={Split-Path $_.Path -Leaf}}
    $FilesToHash = Get-ChildItem -Path $Path -Recurse -Exclude "*.wer" -File
    $Hashes = $FilesToHash | Get-FileHash -Algorithm SHA256
    $Hashes | Select-Object -Property $FileName,Hash,Algorithm | Sort-Object -Property FileName | Format-Table -AutoSize | Out-File -FilePath $FileHashes
    If ( Test-Path -Path $FileHashes )
        Move-Item -Path $FileHashes -Destination $Path
    # Compress output folder
    Write-Output "Compressing folder..."
    $CompressionResult = Compress-Folder -Path $Path -DestinationPath $Zip
    # Check that the .zip file was created and the compression operation completed successfully before removing the uncompressed directory
    Write-Output "`n"
    $ZipExists = Test-Path -Path $Zip
    If ( $ZipExists -eq "True" -and $CompressionResult -eq "True" )
    	# Check that $Zip is not empty before declaring compression succeeded
    	$ZipSize = (Get-Item -Path $Zip).Length
    	If ( $ZipSize -gt 1 )
    		Remove-Item -Path $Path -Recurse -Force | Out-Null
    		Write-Output "Output location: $Zip"
    	    Write-Warning "Compression failed, $Zip is empty."
    		Write-Output "`n"
    		Write-Output "Output location: $Path"
        Write-Warning "Compression failed!"
        Write-Output "`n"
        Write-Output "Output location: $Path"
    Write-Output "`n"
    Read-Host -Prompt "Press Enter to exit"
    # Stop script, it was launched with -NoExit so we must actually stop the process to close the window
    Stop-Process -ID $PID | Out-Null
  IGT
    Posts : 19
    Windows 10 {64-bit)
    tomdsr said:
    I said it previously, and ps, its a PS script. Power Shell, native windows script.
    I truly apologize, I do not remember seeing/reading where it was posted --the script was for Power-Shell, of which I don't regularly use, or know well enough to read in a reasonable amount of time.
    tomdsr said:
    Also, is this a work computer?
    Yes, machine is used to remotely monitor surveillance systems; cannot be off-line for an extended period.

    ubuysa said:
    Yes you did miss something, you missed thsi: BSOD - Posting Instructions. I'm volunteering my time and expertise to try and help you, but if you don't want to take the hand that's extended then that's fine.
    I do believe people here are genuinely helping and/or attempting to help. The fact still remains, there are others who sit back and wait for opportunities to exploit. --No, I did not miss that document. For reason(s) we've already discussed, I have reservations. Moving forward I have attached a zip with hopes this helps without any ill-intent from a wannabe; if you catch my meaning.

