Win10 crashed, no Shortcuts. Is there a WinIni file in Win10

Page 2 of 7 FirstFirst 1234 ... LastLast

  1. Posts : 79
    win10 home 1903
    Thread Starter
       #11

    See if you can upload DM first. This is working
    Please indicate: (if any)
    a) antivirus software (always on and manual)
    b) firewall software
    c) drive encryption software
    I normally use Bitdefender Antivirus Free, which I believe also has firewall security. I don't think I have drive encryption software.
    Right now I don't see ANY antivirus in the tray, but I will check after sending you this file
    Win10 crashed, no Shortcuts. Is there a WinIni file in Win10 Attached Files
      My Computer


  2. Posts : 38,342
    windows 10 professional version 1607 build 14393.969 64 bit
       #12

    Uninstall Bitdefender using the applicable uninstall tool:
    Uninstall Bitdefender
    How to uninstall Bitdefender from your Windows device

    Make sure Microsoft defender is on.


    Run each DM and V2 > upload results directly into this thread
      My Computer


  3. Posts : 79
    win10 home 1903
    Thread Starter
       #13

    Bitdefender AV is on
    Win Defender Firewall is on
    I don't know where to check for drive encryption

    Also when I am in Contr Panel/System&Security/Security & Maint and I click on many of the links I get a popup: "You'll need a new app to open this link"

    Windows wants to update to version 1909. Should I now or leave it alone for the duration?
      My Computer


  4. Posts : 38,342
    windows 10 professional version 1607 build 14393.969 64 bit
       #14

    Please uninstall Bitdefender > upload DM and V2 > run the command below in administrative PS > post share link > upgrade 1903 to 1909

    Code:
    function wh   
        {  
            Param ( [parameter (Mandatory = $true)][string]$txt )  
            Write-Host $txt -ForegroundColor Green -BackgroundColor Black -NoNewline  
            ##Example usage wh "Alias for `n Write-Host"  
      
        } ## End function wh  
      
      
    function StartScript   
        {  
            ##Locating Temp Dir and writing Transcript  
            $global:tempDir = [System.IO.Path]::GetTempPath()   
            MD $tempDir\LOGS -EA SilentlyContinue   
            CD $tempDir\LOGS  
            $txtCount = Get-Item $tempDir/LOGS/*.TXT -EA SilentlyContinue  
            if((Get-Host).Version.Major -cge 5) ##WIN7 Not Supported  
                {  
                    if($txtCount.Count -cge 1)   
                    {Start-Transcript -Append -Path $tempDir/LOGS/Event-Search.TXT}   
                    Else{Start-Transcript -Path $tempDir\LOGS\Event-Search.TXT}   
                }  
      
            $global:explore = $tempDir + "LOGS\"  
            $global:Ver = "1.6.3"  
            wh "`nLog Collection... (V$Ver)`n"  
      
            #clearing previous actions  
            Stop-Job *  
      
            #Initialize CheckBox Vars to $True/$False  
                $Global:EventsCollect = $true; $Global:SetupDiagCollect = $true  
                    $Global:UpdatesCollect = $true; $Global:WLANCollect = $true  
                        $Global:PowerCollect = $true; $Global:GPCollect = $true  
                            $Global:miscCollect = $true; $Global:bingCollect = $true  
                                $Global:eventOut = $false        
            #Clear Jobs  
            Stop-Job *  
            Remove-Job *  
                                              
        } ## End function Start-Script  
      
      
    function SetupDiagFunc  
        {  
            wh "`n Grabbing SetupDiag.exe ..."       
            Invoke-WebRequest https://go.microsoft.com/fwlink/?linkid=870142 -OutFile $tempDir\SetupDiag.exe -TimeoutSec 3 -UseBasicParsing  
                #check for successful download  
                if((Get-Item $tempDir\SetupDiag.exe).length -gt 100000)  
                    {  
                      wh "`nSuccessful DL!"  
                      wh "`n Invoking SetupDiag.exe ..."  
                      $SetupDiag = {CMD.EXE /C "%temp%\setupdiag.exe /Verbose /Output:%temp%\SetupDiag-Log.txt"}  
      
                      ## Kick-Off SetupDiagJob  
                      Start-Job -Name SetupDiagJob -ScriptBlock $SetupDiag                     
                      
                    }Else{Write-Host "`nDownload of SetupDiag.exe Failed!" -BackgroundColor RED }  
      
        } ## End Function SetupDiagFunc  
      
      
    function EventSearch  
        {  
        wh "`n Starting EventSearch Job-Function ...`n"  
        ## Gathering Events from System using Get-WinEvent via Job  
        $EventSearchJob =   
            {  
            $evtPaths = Get-Item C:\Windows\System32\Winevt\Logs\*.evtx -Exclude "*PowerShell*",   
                "*known folders*" | Select-Object FullName  
            $i = $evtPaths.Count  
      
            $x = 0 ##For 1st Loop do Until x = i  
            $events = @()  
            $gatherEvents = @()  
            $eventsArray = @()  
            $searchResult = @()  
            $MaxEvents = 99  
      
            #Loading/Gathering Events Loop...  
            do {  
           
                ##Getting Events w/ Get-WinEvent         
                $gatherEvents = Get-WinEvent -Path $evtPaths[$x].FullName -MaxEvents $MaxEvents -EA SilentlyContinue  
                $events = $events + $gatherEvents             
      
                $x++  
                  
                }  
                 Until ($x -eq $i)      
      
            $x = $x +1 ##Total Events Found!  
              
            $eventsLength = $events.Length ##Total events catalogged!  
              
            $xx = 0  
                   
            # Write Event Properties to a row and roll it out - Collapsing Array ...   
            do {  
                   $date = $events[$xx].TimeCreated | Get-Date -Format "yyyyMMdd".ToString() -EA SilentlyContinue ##EA SC for Blank Entries  
                      
                    $eventRow = new-object PSObject -Property @{  
                    Date = $date;  
                    Id = $events[$xx].Id;  
                    Level = $events[$xx].LevelDisplayName;  
                    Provider = $events[$xx].ProviderName;  
                   Message = $events[$xx].Message;  
                    }  
      
                    $cRow = $date + " " + "ID:" +  $events[$xx].Id + " " + "Level:" + $events[$xx].LevelDisplayName + " " + "Provider:" + $events[$xx].ProviderName + " " + "Message:" + $events[$xx].Message   
                    $eventsArray += $cRow  
                   
                    $xx++  
                    $d++  
            }  
            Until ($xx -eq $events.Length)  
     
            ##Looking for patterns error or fail in $eventsArray  
            $search = $eventsArray | Select-String -pattern ("error|fail") 
     
            Return $search ## | Write-Output ##Output for job  
      
            } ## End $EventSearchJob  
      
        Start-Job -Name EventSearchJob -ScriptBlock $EventSearchJob  
      
        } ## End function Event-Search  
      
      
    function writeSearch  ##   
        {  
            ##Event Logs Cont.  
            MD $tempDir\LOGS\EVTX\ -EA SilentlyContinue 
     
            ##output to file  
            $search | Group-Object | Sort-Object Count -Descending | Format-Table Count, Name -Wrap > TOP-ERRORS.TXT  
            $search > $tempDir\LOGS\SEARCH.TXT  
      
        if($Global:eventOut -eq $True)  
            {  
            $search | Group-Object | Sort-Object Count -Descending |   
                Select-Object -Property Count, Name | Out-GridView -Title "Top `"Errors`" via EVTX - V-$Ver"  
            }  
      
            wh "`n Collecting Matching EVTX Entries ...`n"     
            #Collecting all prev matching EVTX  
            #$evtx = Get-ChildItem C:\Windows\System32\Winevt\Logs\*.evtx  
            $evv = 0  
                      
               $providerName =   
                   (($search | Select-String "Provider:.*Message:").Matches.Value -Replace   
                          " Message:", "" -Replace "Provider:", "" | Group-Object ).Name  
                  
                #Converting Provider Name to Log Name                 
                $providerName = (($providerName | ForEach-Object {Get-WinEvent -ProviderName $_ -MaxEvents 1 -EA SilentlyContinue}).LogName | Group-Object).Name     
                   $providerName = $providerName -replace "Microsoft.", ""  
                      $providerName = $providerName -replace "Windows.", ""  
                         $providerName = $providerName -replace "`/.*$", ""  
                               
                               
                             $evtx = $providerName | foreach{Get-ChildItem "C:\Windows\System32\winevt\logs\*$_*"}  
      
                    Do{  
                        COPY $evtx[$evv].PSPath $tempDir\LOGS\EVTX\ 
                           $evv++  
                      }  
                      Until($evv -eq $evtx.Count)  
      
        } #End function writeSearch  
      
      
    function GetUpdates  
        {  
            wh "`n Starting Get-WindowsUpdateLog Job-Function ...`n"  
            $updateJob = {get-WindowsUpdateLog}  
             
            if((Get-Host).Version.Major -cge 5) ##Modern Gatherer  
            {  
                Start-Job -Name GetUpdates -ScriptBlock $updateJob  
            }  
              
            ##Legacy Gatherer  
            CP C:\Windows\WindowsUpdate.log $tempDir\LOGS\WindowsUpdate.log  
      
            ##Installed-Updates/Packages 
            Get-WmiObject win32_quickfixengineering > $tempDir\LOGS\Installed_Updates.TXT  
            Get-WmiObject Win32_OperatingSystemQFE >> $tempDir\LOGS\Installed_Updates.TXT  
        DISM /Online /Get-Packages /Format:Table >> $tempDir\LOGS\Installed_Updates.TXT 
      
        } ## End function Get-Updates  
      
           
    function PrinterCheck  
        {  
            wh "`n Getting Printer Information ..."  
            get-printer | ft Name, ComputerName, Type, DriverName, PortName, Datatype, Location, DriverName > $tempDir\LOGS\Printers.TXT  
            get-printerDriver | fl >> $tempDir\LOGS\Printers.TXT  
            Get-ChildItem -Recurse Registry::"HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows NT x86\Drivers" | Out-File $tempDir\LOGS\Printers.TXT -Append  
            Get-ChildItem -Recurse Registry::"HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers" | Out-File $tempDir\LOGS\Printers.TXT -Append  
            Get-ChildItem -Recurse Registry::"HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors" | Out-File $tempDir\LOGS\Printers.TXT -Append  
            write-output "## CBS ntprint CHECK ##" >> $tempDir\LOGS\Printers.TXT  
            $cbsCheck = (Get-ChildItem C:\Windows\Logs\CBS\*cbs* -Recurse | select-string -Pattern "E_INVALIDARG in eventsXml.*Microsoft-Windows-PrintService")  
            if($cbsCheck.Count -eq 0){Write-Output "## NO MATCHES IN CBS ##" >> $tempDir\LOGS\Printers.TXT} Else{$cbsCheck | Group-Object  >> $tempDir\LOGS\Printers.TXT}  
            write-output "## ntprint.dll CHECK ##" >> $tempDir\LOGS\Printers.TXT  
            (Get-ChildItem C:\Windows\System32\ntprint.dll).VersionInfo | ft -AutoSize >> $tempDir\LOGS\Printers.TXT  
            (Get-ChildItem C:\Windows\SysWOW64\ntprint.dll).VersionInfo | ft -AutoSize >> $tempDir\LOGS\Printers.TXT  
      
        } ## End function PrinterCheck  
      
      
    function UpdateHelper  
        {  
        if((Get-Host).Version.Major -cge 5)  
            {  
                $winupdatelog = get-item $tempDir\LOGS\windows-update.log    ##WIN-10 File  
                MD $tempDir\LOGS\Windows\Logs\WindowsUpdate\ -EA SilentlyContinue | Out-Null  
                CP C:\Windows\Logs\WindowsUpdate\*.etl $tempDir\LOGS\Windows\Logs\WindowsUpdate\ -EA SilentlyContinue  
            }  
                Else{$winupdatelog = get-item $tempDir\LOGS\windowsupdate.log} ##LEGACY File  
      
        $updateError = ($winupdatelog | select-string -pattern "error.*0x........");  
        $updateErrorSplit = $updateError -Split " "  
        $updateErrorCount = (($updateErrorSplit | select-string -pattern "0x........") -Replace "[(),'`.:]", "" -Replace "hr=", "");  
      
        $updateErrorCount | Group-Object | Sort-Object Count -Descending | Format-Table Count, Name | Out-File $tempDir\LOGS\UPDATE-ERRORS.TXT -Width 999  
        $updateError >> UPDATE-ERRORS.TXT  
        if($updateError.length -eq 0){"No `"error.*0x........`" patterns Found in Windows-Update.log" | Out-File $tempDir\LOGS\UPDATE-ERRORS.TXT}  
      
        ($winupdatelog | Select-String "KB\d\d\d\d\d\d\d" | Select-string "fail") | Out-file $tempDir\LOGS\UPDATE-ERRORS.TXT -Append -width 999  
      
        } ## End function UpdateHelper  
      
      
    function getProcesses  
        {  
        wh "`nGetting Active Process ...`n"   
        Get-Process > $tempDir\LOGS\Running-Processes.TXT  
        CMD.EXE /C "tasklist /svc" | Out-File -Append  $tempDir\LOGS\Running-Processes.TXT  
          
        } ## End function getProcesses  
      
      
    function GetApps  
        {  
        wh "`n Getting List of Installed Apps...`n"  
        Get-WmiObject -Class Win32_Product | Format-Table -Property Name, Version, Vendor > $tempDir\LOGS\Installed-Apps.TXT  
        Get-AppxPackage | ft Name, Version, InstallLocation, IspArtiallyStaged, SignatureKind, Status >> $tempDir\LOGS\Installed-Apps.TXT  
          
        } ## End function GetApps  
      
      
    function SetupLogs  
        {  
        wh "`nGetting Windows Setup Logs Independent of SetupDiage.exe...`n"  
            MD $tempDir\LOGS\SETUP\ -EA SilentlyContinue  
        dir C:\ > $tempDir\LOGS\Dir_Structure.txt  
          
        ## Main Setup Collection  
        if($env:SystemDrive -eq 'C:') ##Verify SystemDrive  
        {  
            $SetupPaths = @()  
      
            $locations = @(  
                'C:\GetCurrent',  
                'C:\$Reset',  
                'C:\$SysReset',  
                'C:\$Windows.~BT',  
                'C:\$Windows.~WS',  
                'C:\Windows\Logs\',  
                'C:\Windows\Panther\',  
                'C:\Windows\inf\',  
                'C:\Windows\System32\LogFiles\',  
                'C:\Windows\System32\SysPrep\',  
                'C:\Windows10Upgrade',  
                'C:\Windows.old\Windows\Panther')  
      
            for($i = 0; $locations.count -gt $i; $i++)  
            {   
                if((get-item $locations[$i] -Force -EA SilentlyContinue).length -gt 0) ##Null Path Check -Force for Hidden  
                {  
                    CD $locations[$i]  
                    ##Search includes setuperr/setupact only  
                    $SetupPaths += Get-ChildItem * -Force -Recurse -Include setuperr.log, setupact.log, miglog.xml, *APPRAISER_Humanreadable.xml -EA SilentlyContinue      
                }  
            }  
      
            $cleanPaths = @()  
      
            for($i = 0; $SetupPaths.count -gt $i; $i++)  
            {  
                $cleanPaths += $SetupPaths[$i].PSParentPath.ToString() -replace "Microsoft\.PowerShell\.Core\\FileSystem\:\:C\:\\", ""  
            }  
      
            CD $tempDir\LOGS\SETUP\  
            MD $cleanPaths -Force  
            CD $tempDir\LOGS\  
      
            for($i = 0; $SetupPaths.count -gt $i; $i++)  
            {  
                $destPath = "$tempDir\LOGS\SETUP\" + $cleanPaths[$i]  
                $copyPathLog = ($SetupPaths[$i].ToString())  
                  
                Copy  $copyPathLog -Destination $destPath  
            }  
          
        }Else{Write-Host "`nSystem Drive is not C:... Setup Collection Aborted!`n"}  
        ## End Main Setup Collection  
          
              
            ## Setup Reg Output      
            Get-ChildItem HKLM:\SYSTEM\SETUP\ | Out-File $tempDir\LOGS\SETUP\HKLM_SYSTEM_SETUP-OOBE.TXT  
            Get-ChildItem HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\OOBE\Me* -recurse -EA SilentlyContinue | Out-File $tempDir\LOGS\SETUP\HKLM_SYSTEM_SETUP-OOBE.TXT -Append  
            Get-Childitem HKLM:SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate | Out-File $tempDir\LOGS\SETUP\HKLM_SYSTEM_SETUP-OOBE.TXT -Append  
      
            ## SetupAct String Search  
      
      
              
             $setupRegx = @("MOUPG SetupHost..Initialize:",  
                            "============================",  
                            (Get-ChildItem $tempDir\LOGS\*setupact.log -Recurse | Select-String "MOUPG  SetupHost..Initialize. CmdLine"),  
                            "",  
                            "MOUPG Setup build & Host OS Build:",  
                            "==================================",  
                            "",  
                            (Get-ChildItem $tempDir\LOGS\*setupact.log -Recurse | Select-String "MOUPG  SetupHost..Setup build"),  
                            "...",  
                            (Get-ChildItem $tempDir\LOGS\*setupact.log -Recurse | Select-String "MOUPG      Host OS"),  
                            "",  
                            "Watson Parameters (4&5):",  
                            "=======================",  
                            "",  
                            (Get-ChildItem $tempDir\LOGS\*setupact.log -Recurse | Select-String "Watson Bucketing Parameters\[[4-5]\]" ),  
                            "",  
                            "\[0x........\]Error:",  
                            "==================",  
                            "",  
                            (Get-ChildItem $tempDir\LOGS\*setupact.log -Recurse | Select-String "\[0x........\]\[0x.....\]"),  
                            "",  
                            "`"FATAL`":",  
                            "======",  
                            "",  
                            (Get-ChildItem $tempDir\LOGS\*setupact.log -Recurse | Select-String "FATAL" | Select-String -NotMatch "FatalExecutionEngineError" | Select-String -NotMatch "non-fatal"),  
                            "",  
                            "`"Error   `":",  
                            "===========",  
                            "",  
                            (Get-ChildItem $tempDir\LOGS\*setupact.log -Recurse | Select-String "Error   "),  
                            "",  
                            "MIGRATE.*DATA:",  
                            "==============",  
                            "",  
                            (Get-ChildItem $tempDir\LOGS\*setupact.log -Recurse | Select-String "MIGRATE.*DATA"),  
                            ""             
                            )  
                $q=0  
                Do {$setupRegx[$q] | Out-File $tempDir\LOGS\SETUP\SetupAct-Regex.TXT -Append -Width 999 ##spool out results  
                                      $q++                    
                                                }Until($q -eq $setupRegx.Count)  
      
        } ## End function SetupLogs  
      
      
    function powerCFGInfo  
        {  
        MD $tempDir\LOGS\POWER\ -EA SilentlyContinue  | Out-Null  
        wh "`n Grabbing PowerCFG, Sleep & Battery Info ...`n"  
          
        ("`n" + "Available Sleep States (/A): `r" + "`n" +"============================`r" + "`r").ToString() | Out-File -Encoding ascii $tempDir\LOGS\POWER\POWERCFG_INFO.txt  
        powercfg /a | Out-File -Append -encoding ascii $tempDir\LOGS\POWER\POWERCFG_INFO.txt  
      
        ("`n" + "-DeviceQuery Wake_Armed: `r" + "`n" +"========================`r" + "`r").ToString() | Out-File -Append -Encoding ascii $tempDir\LOGS\POWER\POWERCFG_INFO.txt  
        powercfg -devicequery wake_armed  | Out-file -Append -encoding ascii $tempDir\LOGS\POWER\POWERCFG_INFO.txt  
      
        ("`n" + "Last Wake (-lastwake):  `r" + "`n" +"=====================`r" + "`r").ToString() | Out-File -Append -Encoding ascii $tempDir\LOGS\POWER\POWERCFG_INFO.txt  
        powercfg -lastwake  | Out-file -Append -encoding ascii $tempDir\LOGS\POWER\POWERCFG_INFO.txt  
        ("`n`r").ToString() | Out-File -Append -Encoding ascii $tempDir\LOGS\POWER\POWERCFG_INFO.txt  
      
        ("`n" + "-Requests: `r" + "`n" +"==========`r" + "`r").ToString() | Out-File -Append -Encoding ascii $tempDir\LOGS\POWER\POWERCFG_INFO.txt  
        powercfg -requests  | Out-file -Append -encoding ascii $tempDir\LOGS\POWER\POWERCFG_INFO.txt  
      
        $powerList = powercfg -list  
        $powerList | Out-File -Append -encoding ascii $tempDir\LOGS\POWER\POWERCFG_INFO.txt  
        $powerActive = $powerList | select-string "\*" | powercfg /QH "$_"   
        ("`n`r").ToString() | Out-File -Append -Encoding ascii $tempDir\LOGS\POWER\POWERCFG_INFO.txt  
      
        ("`n" + "Active Power Scheme Details: `r" + "`n" +"============================`r" + "`r").ToString() | Out-File -Append -Encoding ascii $tempDir\LOGS\POWER\POWERCFG_INFO.txt  
        $powerActive | Out-File -Append -encoding ascii $tempDir\LOGS\POWER\POWERCFG_INFO.txt  
      
      
        if((Get-Host).Version.Major -cge 5) ##WIN7 Does not Support powercfg /battery /sleepstudy  
             {   
               $ifbattery = Get-WmiObject win32_battery  
               if ( $ifbattery.__SERVER.count -cge 1 ) { CMD.EXE /C "powercfg /batteryreport /output %temp%\LOGS\POWER\battery-report.html" }  
               CMD.EXE /C "powercfg /sleepstudy /output %temp%\LOGS\POWER\sleepstudy-report.html"  
             }  
               CMD.EXE /C "powercfg /ENERGY /duration 10 /output %temp%\LOGS\POWER\energy-report.html"         
          
        } ## End function powerCFGInfo  
      
      
    function sysProductCheck  
        {  
        wh "`n Getting SystemProductName ...`n"  
        ##SystemInformation Reg   
        reg query HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SystemInformation\ /v SystemProductName  > $tempDir\LOGS\REG_SystemProductName.TXT   
        Get-WmiObject Win32_ComputerSystem > $tempDir\LOGS\WMI_Object_System.TXT  
        Get-WmiObject Win32_ComputerSystemProduct >> $tempDir\LOGS\WMI_Object_System.TXT  
          
        } ## End functions sysProductCheck  
      
      
    function showWLAN  
        {  
        wh "Generating NETSH WLAN Report...`n"  
      
        $showWLANjob = {  
                        CMD.EXE /c "netsh wlan show networks mode=ssid > %temp%\LOGS\Network\wlan.txt"  
                        CMD.EXE /c "netsh wlan show networks mode=bssid >> %temp%\LOGS\Network\wlan.txt"  
                        CMD.EXE /c "netsh winhttp show proxy > %temp%\LOGS\Network\proxy.txt"  
                        CMD.EXE /c "netsh wlan show wlanreport & COPY C:\ProgramData\Microsoft\Windows\wlanReport\wlan-report-latest.html %temp%\LOGS\Network\wlan-report-latest.html"   
                        ##WIN7 Does not Support netsh wlanreport                                                    
                        }   
      
        Start-Job -Name showWLAN -ScriptBlock $showWLANjob  
      
        } ## End function sysProductCheck  
      
      
    function getGPRESULT  
        {  
        wh "`nGetting GPRESULT...`n"  
        CMD.EXE /C "GPRESULT /V > %temp%\LOGS\GPRESULT.TXT"  
          
        } ## End function getGPRESULT  
      
      
    function reservedCheck  
        {       
             
        $reservedJob =   
            {  
            $vol = (mountvol /L | select-string -Pattern "\\\\")  
            $volstring = "mountvol y:" + $vol[0]  
            CMD.EXE /C $volstring  
          
            SLEEP 2  
      
            CMD.EXE /C "CHKDSK y: > %temp%\LOGS\SystemReserved.TXT"  
          
            SLEEP 2 # Pause after drive dismount  
          
            CMD.EXE /C "mountvol y: /D"  
            }  
      
        Start-Job -Name reservedJob -ScriptBlock $reservedJob  
          
        } ## End function reservedCheck  
      
      
    function fltmcCheck  
        {  
        wh "`n Getting fltmc Filters ...`n"  
        CMD.EXE /c "fltmc filters > %temp%\LOGS\fltmc_filters.TXT"  
          
        } ## End function fltmcCheck  
      
      
    function getDXDiag  
        {  
        wh "`n Grabbing DXDiag Info...`n"  
        C:\Windows\System32\dxdiag /x $explore\DxDiag  
          
        } ## End function getDXDiag  
      
      
    function getMSINFO  
        {  
        wh "`n Gathering MSINFO32 ...`n"  
        ## check if msinfo is already gathering - if so stop  
        If((get-process | select-string -Pattern "msinfo").Pattern -eq "msinfo")  
        {Stop-Process -ProcessName msinfo32}  
      
            C:\Windows\System32\msinfo32.exe /nfo $tempDir/LOGS/MSINFO32.NFO  
                     
        } ## End function getMSINFO  
      
      
    function getAV  
        {  
         if((Get-Host).Version.Major -cge 5) ##Modern OS Only  
            {  
            wh "`n Grab root\SecurityCenter2 AntivirusProduct ...`n"  
            $avPath = (Get-WmiObject -Namespace root\SecurityCenter2 -Class AntivirusProduct) | % {$_.pathtoSignedProductEXE}  
            "AV Info" + "`n========" | Out-File $tempDir/LOGS/SecurityProductInformation.TXT 
        $avPath | Out-File $tempDir/LOGS/SecurityProductInformation.TXT -Append  
            if($avPath[0] -match "exe")  
                {   
                    $path = (Get-Item $avPath[0]).PSParentPath  
                    Get-Item $path/*.ini | Out-File $tempDir/LOGS/SecurityProductInformation.TXT -Append  
                    Get-Content $path/*.ini | Out-File $tempDir/LOGS/SecurityProductInformation.TXT -Append             
                }  
                Get-ChildItem "HKLM:\SOFTWARE\Policies\Microsoft\Windows Defender\" -recurse -EA SilentlyContinue | Out-File $tempDir/LOGS/SecurityProductInformation.TXT -Append      
            }  
        } ## End function getAV  
      
      
    function getDrivers  
        {  
        wh "`n Grabbing Driver listing via DISM.EXE ...`n"  
            $drivers = cmd.exe /C "dism /online /get-drivers /format:table"  
            $drivers += cmd.exe /C "dism /online /get-drivers /all /format:table"  
            $drivers | Out-File $tempDir/LOGS/DISM-Get-Drivers.TXT  
        wh "`n Done!`n"  
        } ## End Function getDrivers  
      
      
    function getMISCLogs  
        {  
            wh "`nCopying misc. logs ...`n"   
            MD $tempDir\LOGS\WER\ -EA SilentlyContinue   
            MD $tempDir\LOGS\Windows\Logs\WindowsUpdate\ -EA SilentlyContinue  
            CP "C:\Users\All Users\Microsoft\Windows\WER\ReportArchive\*" $tempDir\LOGS\WER\ -Recurse -EA SilentlyContinue  
            CP "C:\Windows\Logs\CBS\*cbs*" $tempDir\LOGS\Windows\Logs\  
            CP "C:\Windows\Logs\DISM\*dism*" $TempDir\LOGS\Windows\Logs\  
            CP "C:\Windows\Logs\WindowsUpdate\*" $TempDir\LOGS\Windows\Logs\WindowsUpdate\  
      
                
            #DMP Collect  
            $dmp = @()  
            $dmp += Get-ChildItem C:\Windows\*.dmp   
            $dmp += (Get-ChildItem C:\Windows\LiveKernelReports\*.dmp -Recurse -EA SilentlyContinue)  
            $dmp += (Get-ChildItem C:\Windows\Minidump\*.dmp -Recurse -EA SilentlyContinue)  
            #Validate empty array  
            if($dmp.length -ne 0)  
                {  
                $dd=0  
                      Do{       
                            If($dmp[$dd].length -lt 2000000)  
                                { $destPath = $dmp[$dd].PSParentPath.Replace('C:\', '').Replace('Microsoft.PowerShell.Core\FileSystem::', '')  
                                    MD $destPath -EA SilentlyContinue 
                                        COPY -Path $dmp[$dd].PSPath -Destination $destPath }  
                            $dd++  
                        }  
                        Until($dd -eq $dmp.Count)  
                }  
     
             #disk info 
             "`nGet-Disk:`n=========" > $tempDir\LOGS\Disk-Info.TXT  
             Get-Disk |fl >> $tempDir\LOGS\Disk-Info.TXT 
             "`nGet-Partition:`n==============" >> $tempDir\LOGS\Disk-Info.TXT  
             Get-Partition >> $tempDir\LOGS\Disk-Info.TXT 
             Manage-bde -protectors -get C: >> $tempDir\LOGS\Disk-Info.TXT 
             "`nIO Fail Search:`n===============`n" >> $tempDir\LOGS\Disk-Info.TXT 
             $search | Select-String ".*io.fail.*" | Select-String -NotMatch '0, 0, 0, 0' >> $tempDir\LOGS\Disk-Info.TXT        
      
        } ## End function getMISCLogs  
      
      
    function bingCollect  
        {  
            ##O365 Firewall Check & Bing.com diagnostics.asp  
            ##URIs based on Article:   
            ##https://support.office.com/en-us/article/Network-requests-in-Office-365-ProPlus-and-Mobile-eb73fcd1-ca88-4d02-a74b-2dd3a9f3364d  
                    
            MD $TempDir\LOGS\Network\ -EA SilentlyContinue  
      
            wh "Performing Bing & O365 URI Check ... `n"  
      
      
                  $bingCheck = (Invoke-WebRequest -Uri https://www.bing.com/fdv2/diagnostics.aspx -UseBasicParsing)   
                  $bingCheck | Out-File $tempDir\LOGS\Network\O365-URL-Query.TXT  
                     
                  $URIs = @('api.login.microsoftonline.com',    #0  Standard Reply = 403  
                  'api.passwordreset.microsoftonline.com',      #1  Standard Reply = 200  
                  'becws.microsoftonline.com',                  #2  Standard Reply = 403  
                  'clientconfig.microsoftonline-p.net',         #3  Standard Reply = 404  
                  'companymanager.microsoftonline.com',         #4  Standard Reply = 403  
                  'device.login.microsoftonline.com',           #5  Standard Reply = 200  
                  'graph.microsoft.com',                        #6  Standard Reply = 404  
                  'hip.microsoftonline-p.net',                  #7  Standard Reply = 404   
                  'hipservice.microsoftonline.com',             #8  Standard Reply = 404  
                  'login.microsoft.com',                        #9  Standard Reply = 200  
                  'login.microsoftonline.com',                  #10 Standard Reply = 200  
                  'logincert.microsoftonline.com',              #11 Standard Reply = 200   
                  'loginex.microsoftonline.com',                #12 Standard Reply = 200  
                  'login-us.microsoftonline.com',               #13 Standard Reply = 200  
                  'login.microsoftonline-p.com',                #14 Standard Reply = 200  
                  'login.windows.net',                          #15 Standard Reply = 200  
                  'nexus.microsoftonline-p.com',                #16 Standard Reply = 403  
                  'passwordreset.microsoftonline.com',          #17 Standard Reply = 200  
                  'provisioningapi.microsoftonline.com',        #18 Standard Reply = 403  
                  'stamp2.login.microsoftonline.com',           #19 Standard Reply = 200  
                  'ccs.login.microsoftonline.com',              #20 Standard Reply = 401  
                  'ccs-sdf.login.microsoftonline.com',          #21 Standard Reply = 401  
                  'accounts.accesscontrol.windows.net',         #22 Standard Reply = 200  
                  'secure.aadcdn.microsoftonline-p.com',        #23 Standard Reply = 400  
                  'windows.net',                                #24 Standard Reply = 200  
                  'phonefactor.net',                            #25 Standard Reply = 200  
                  'account.activedirectory.windowsazure.com',   #26 Standard Reply = 404  
                  'secure.aadcdn.microsoftonline-p.com',        #27 Standard Reply = 400  
                  'login.windows.net',                          #28 Standard Reply = 200  
                  'provisioningapi.microsoftonline.com',        #29 Standard Reply = 403  
                  'mscrl.microsoft.com',                        #30 Standard Reply = 400  
                  'secure.aadcdn.microsoftonline-p.com',        #31 Standard Reply = 400  
                  'windowsupdate.microsoft.com',                #32 Standard Reply = 200  
                  'update.microsoft.com',                       #33 Standard Reply = 200  
                  'au.download.windowsupdate.com',              #34 Standard Reply = 200  
                  'download.windowsupdate.com',                 #35 Standard Reply = 200  
                  'download.microsoft.com',                     #36 Standard Reply = 200  
                  'tlu.dl.delivery.mp.microsoft.com');          #37 Standard Reply = 403  
              
                     
                  $count = 0;  
                  $queryResult [email protected]{};  
                     
                  Write-Host "Checking URIs .." -NoNewline  
                     
                  Do {           
                          Try{  
                          $queryResult[$count] = (Invoke-WebRequest -Uri ("http:`/`/" + $URIs[$count]) -Method Head -UseBasicParsing -TimeoutSec 2).RawContent  
                             }Catch{ $catch = $_ }  
                     
                              if($queryResult[$count].Count -eq 0)  
                                      {$queryResult[$count] = ($catch[$catch.count -1].ToString()).Replace("`n", " ")}                                     
                          Write-Host "." -NoNewline           
                          $count++         
                      }Until ($count -eq ($URIs.Count));                            
                  Write-Host "."  
                      
                      Get-Date | Out-File $tempDir\LOGS\Network\O365-URL-Query.TXT -Append  
                      $queryResult | Out-File $tempDir\LOGS\Network\O365-URL-Query.TXT -Append  
                        
            Write-Host " Bing Check", `n, "==========" | Out-File $tempDir\LOGS\Network\O365-URL-Query.TXT -Append  
            
                  wh "`n`n`n`URL Check Finished...`n"   
        }  
      
      
    function smbConfig  
    {  
      
        $CMDs =  
        {   cmd.exe /c "net config server"    
            cmd.exe /c "net config workstation"  
            Get-SmbClientNetworkInterface  
            Get-SmbServerConfiguration  
            Get-SmbClientConfiguration  
            Get-ChildItem "HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer"   
            Get-NetAdapterAdvancedProperty | ft }  
      
        ForEach-Object{Invoke-Command $CMDs | Out-File $TempDir\LOGS\NETWORK\$env:COMPUTERNAME-SMB-Config.TXT -Append}  
      
        $share = Get-SmbShare  
      
        ForEach-Object{Get-SmbShareAccess $share.Name | ft  | Out-File $tempDir\LOGS\NETWORK\$env:COMPUTERNAME-SMB-Config.TXT -Append}  
      
    } ## End Function smbConfig  
      
      
    function regLang  
        {       
            DISM.EXE /Online /Get-Intl  | Out-File $tempDir\LOGS\Reg-Lang.TXT  
            "`n","Get-WinUserLanguageList","=======================" | Out-File $tempDir\LOGS\Reg-Lang.TXT -Append  
            Get-WinUserLanguageList     | Out-File $tempDir\LOGS\Reg-Lang.TXT -Append  
            "`n","Get-WinLanguageBarOption","========================" | Out-File $tempDir\LOGS\Reg-Lang.TXT -Append  
            Get-WinLanguageBarOption    | Out-File $tempDir\LOGS\Reg-Lang.TXT -Append  
        }  
      
      
    function autoRotate  
        {  
            Get-ChildItem HKLM:SOFTWARE\Microsoft\Windows\CurrentVersion\Auto* | Out-File $tempDir\LOGS\AutoRotate.TXT  
        }  
      
      
    function checkBoxes  
       {  
            Add-Type -AssemblyName System.Windows.Forms  
            Add-Type -AssemblyName System.Drawing  
      
            $Global:form = New-Object System.Windows.Forms.Form  
            $Global:form.Text = "LOGS-V$ver"  
            $Global:form.Size = New-Object System.Drawing.Size(300,400)  
            $Global:form.StartPosition = 'CenterScreen'  
      
            $OKButton = New-Object System.Windows.Forms.Button  
            $OKButton.Location = New-Object System.Drawing.Point(100,300)  
            $OKButton.Size = New-Object System.Drawing.Size(75,23)  
            $OKButton.Text = 'OK'  
            $OKButton.DialogResult = [System.Windows.Forms.DialogResult]::OK  
            $Global:form.AcceptButton = $OKButton  
            $Global:form.Controls.Add($OKButton)  
             
            $Global:form.ControlBox = $false  
              
                $Global:boxNum = 1  
                $Global:checkBox = @{} #hash for $checkBox  
                $tag = @{} #hash for $label  
                $Global:Box = @{}  
      
                function createCheckBox   
                    {  
                        Param ( [parameter (Mandatory = $true)][string]$name,  
                                [parameter (Mandatory = $true)][string]$label )  
                          
                        $drawingPoint = (50 + ($boxNum *25))  
      
                        $Global:checkBox[$boxNum] = New-Object System.Windows.Forms.CheckBox  
                        $Global:checkBox[$boxNum].Location = New-Object System.Drawing.Point(10,$drawingPoint)  
                        $Global:checkBox[$boxNum].Size = New-Object System.Drawing.Size(15,15)  
                        $Global:checkBox[$boxNum].Text = ''  
                        $Global:checkBox[$boxNum].Checked = $true  
                        $Global:form.Controls.Add($checkBox[$boxNum])  
                        #SetupDiag Label  
                        $tag[$boxNum] = New-Object System.Windows.Forms.Label  
                        $tag[$boxNum].Location = New-Object System.Drawing.Point(40,$drawingPoint)  
                        $tag[$boxNum].Size = New-Object System.Drawing.Size(280,20)  
                        $tag[$boxNum].Text = "$label"  
                        $Global:form.Controls.Add($tag[$boxNum])  
      
                        $Global:boxNum ++  
                      
                    } #End nested function createCheckBox   
                
                createCheckBox -name "EV" -label "EventSearch EventLog Helper"       #1  
                createCheckBox -name "SD" -label "SetupDiag.EXE Setup Diagnostics"   #2  
                createCheckBox -name "WU" -label "Get-WindowsUpdateLog Collection"   #3  
                createCheckBox -name "IP" -label "Network Information"               #4  
                createCheckBox -name "PW" -label "POWERCFG. Sleep & Battery Info"    #5  
                createCheckBox -name "GP" -label "GPResult Info"                     #6  
                createCheckBox -name "MS" -label "General Machine Info"              #7  
                createCheckBox -name "EO" -label "EventSearch Out-GridView"          #8            
                     
                #Checkbox State Changes               
                $Global:checkBox[1].Add_CheckStateChanged(  
                        {   
                            if($Global:checkBox[1].checked -eq $True){ $Global:EventsCollect = $true ; Write-Host "." -nonewline} Else{ $Global:EventsCollect = $false }  
                                  
                        })             
                $Global:checkBox[2].Add_CheckStateChanged(  
                        {   
                            if($Global:checkBox[2].checked -eq $True){ $Global:SetupDiagCollect = $true ; Write-Host "." -nonewline} Else{ $Global:SetupDiagCollect = $false }  
                                  
                        })  
                $Global:checkBox[3].Add_CheckStateChanged(  
                        {   
                            if($Global:checkBox[3].checked -eq $True){ $Global:UpdatesCollect = $true ; Write-Host "." -nonewline} Else{ $Global:UpdatesCollect = $false }  
                                  
                        })  
                $Global:checkBox[4].Add_CheckStateChanged(  
                        {   
                            if($Global:checkBox[4].checked -eq $True){ $Global:WLANCollect = $true ; Write-Host "." -nonewline} Else{ $Global:WLANCollect = $false }  
                                  
                        })  
      
                $Global:checkBox[5].Add_CheckStateChanged(  
                        {   
                            if($Global:checkBox[5].checked -eq $True){ $Global:PowerCollect = $true ; Write-Host "." -nonewline} Else{ $Global:PowerCollect = $false }  
                                  
                        })  
                $Global:checkBox[6].Add_CheckStateChanged(  
                        {   
                            if($Global:checkBox[6].checked -eq $True){ $Global:GPCollect = $true ; Write-Host "." -nonewline} Else{ $Global:GPCollect = $false }  
                                  
                        })  
                $Global:checkBox[7].Add_CheckStateChanged(  
                        {   
                            if($Global:checkBox[7].checked -eq $True){ $Global:miscCollect = $true ; Write-Host "." -nonewline} Else{ $Global:miscCollect = $false }  
                                  
                        })  
      
                 $Global:checkBox[8].Add_CheckStateChanged(  
                        {   
                            if($Global:checkBox[8].checked -eq $True){ $Global:eventOut = $true ; $Global:checkBox[1].checked = $true; Write-Host "x" -nonewline} Else{ $Global:eventOut = $false }  
                                  
                        })  
                                               
            $Global:checkBox[8].Checked = $false  
            $mainText = New-Object System.Windows.Forms.Label  
            $mainText.Location = New-Object System.Drawing.Point(62,30)  
            $mainText.Size = New-Object System.Drawing.Size(260,20)  
            $mainText.Text = 'Choose which logs to collect:'  
            $Global:form.Controls.Add($mainText)  
            $result = $Global:form.ShowDialog()  
            SLEEP 1  #testing Topmost lag  
            $Global:form.Topmost = $true  
      
            #OK Button ...   
            if ($result -eq [System.Windows.Forms.DialogResult]::OK)  
            {  
                $x = $textBox.Text  
                $x  
            }       
      
        } #End function checkBoxes  
      
      
    Function werHint  
    {  
        $WERs = Get-ChildItem $tempDir\LOGS\WER\*.wer -Recurse  
      
        $WERArray = @()  
      
        $Date = $WERs | Select-String -pattern "eventtime=" | % {$_ -Replace("C:.*EventTime=", "")}  
        $eventType = $WERs | Select-String -pattern "EventType=" | % {$_ -Replace("C:.*EventType=", "")}  
        $Sig0Nam = $WERs | Select-String -pattern "Sig\[0\].Name" | % {$_ -Replace("C:.*Sig\[0\].Name=", "")}  
        $Sig0Val = $WERs | Select-String -pattern "Sig\[0\].Value" | % {$_ -Replace("C:.*Sig\[0\].Value=", "")}  
        $Sig3 = $WERs | Select-String -pattern "Sig\[3\].Value" | % {$_ -Replace("C:.*Sig\[3\].Value=", "")}  
        $Sig3 = $WERs | Select-String -pattern "Sig\[3\].Value" | % {$_ -Replace("C:.*Sig\[3\].Value=", "")}  
        $Sig4 = $WERs | Select-String -pattern "Sig\[4\].Value" | % {$_ -Replace("C:.*Sig\[4\].Value=", "")}  
      
        #ConvertDateTime  
        $epoch = [datetime]"01/01/1601 00:00"  
        $date = $date | foreach{$epoch.AddSeconds($_/10000000)}   
        $convertedDate = foreach($Date in $Date) {Get-Date $Date -Format G}  
      
        $WERarray = 0..($convertedDate.Length -1) | Select-Object @{n="Id";e={$_}},   
            @{n="Date";e={$convertedDate[$_]}}, @{n="EventType";e={$eventType[$_]}},  
                @{n="S0-Name";e={$Sig0Nam[$_]}}, @{n="S0-Value";e={$Sig0Val[$_]}}, @{n="S3";e={$Sig3[$_]}},   
                    @{n="S4";e={$Sig4[$_]}}  
      
        $WERArray |Sort-Object -Descending Date | ft -autosize Date, EventType, S0-Name, S0-Value, S3, S4  |   
            Out-File $tempDir\LOGS\WER-SUMMARY.TXT -Width 500  
      
    } ## End Function werHint  
      
      
      
    ### FUNCTIONS_INIT ###   
      
            $Script:Cancel = @{}  
      
            StartScript #function  
            checkBoxes  
              
            ## SetupDiagCollect   #2  
            if($Global:SetupDiagCollect -eq $True)  
                {  
                SetupDiagFunc #function & job   
                wh "...`n"  
                }  
            ## EventSearch         #1  
            if($Global:EventsCollect -eq $True)  
                {  
                EventSearch #function & job  
                wh "...`n"  
                }  
      
            ## Get-WindowsUpdate   #3  
            if($Global:UpdatesCollect -eq $True)  
                {  
                GetUpdates #function & job  
                wh "...`n`n"  
                }  
      
            ## WLAN/Wifi Collect    #4  
            if($Global:WLANCollect -eq $True)      
                {  
                bingCollect #function  
                wh "...`n"  
                showWLAN #function & job   
                wh "...`n"  
                smbConfig #function  
                }  
      
            ## Power/Battery Collect:#5  
            if($Global:PowerCollect -eq $True)  
                {  
                powerCFGInfo #function - make job takes a min  
                wh "...`n"  
                }  
      
            ## GPRESULT Collection:  #6  
            if($Global:GPCollect -eq $True)  
                {  
                getGPRESULT #function  
                wh "...`n"  
                }  
      
            ## Misc Logs Collection: #7        
            if($Global:miscCollect -eq $True)  
                {  
                getMSINFO #function & job  
                    wh "...`n"  
                PrinterCheck #function  
                    wh "...`n"  
                getProcesses #function  
                    wh "...`n"  
                getApps #function - make job - takes a min  
                    wh "...`n"  
                SetupLogs #function  
                    wh "...`n"       
                sysProductCheck #function  
                    wh "...`n"                 
                reservedCheck #function  
                    wh "...`n"  
                fltmcCheck #function  
                    wh "...`n"  
                getDXDiag #function  
                    wh "...`n"  
                regLang #function  
                    wh "...`n"  
                autoRotate #function  
                getMISCLogs #function  
                    wh "...`n"  
                getDrivers #function  
                    wh "...`n"   
                getAV #function  
                    wh "...`n"            
                 }  
            
      
    #### RECEIVING JOBS SECTION ###...   
      
            #EventSearchJob  
            if($Global:EventsCollect -eq $True)  
            {          
                wh "`nWaiting for EventSearchJob to complete...`n"  
      
                Receive-Job -Name EventSearchJob -OutVariable eventSearch -Wait   
                $search = $eventSearch.Line  
            }  
      
      
            if($Global:SetupDiagCollect -eq $True)  
            {  
                #SetupDiagJob - Receive-Job  
                $stamp = (Get-Date -format "hh:mm tt")  
                wh "`nWaiting for SetupDiagJob to complete..."  
                wh "`nTime Stamp: $stamp"  
                wh "`nThis can take up to 10 minutes ..."  
      
                Do{  
                  SLEEP 15  
                    wh "."  
                    if((Get-Job -name SetupDiagJob).State -eq "Completed")  
                        { Receive-Job -Name SetupDiagJob  
                               wh "`nSetupDiag Completed!"                         
                            Break                      }  
                                    }Until($Cancel.SetupDiag -eq $True)  
                wh `n  
                                                   
                #Receive file and copy  
                Receive-Job -Name SetupDiagJob -Wait   
                Copy-Item $tempDir\Logs*.zip $tempDir\LOGS\SetupDiag-Log.zip  
                Copy-Item $tempDir\setupdiag*.log $tempDir\LOGS\  
                Remove-Item $tempDir\Logs*.zip  
            }  
      
           
            if($Global:UpdatesCollect -eq $True)  
            {  
                #GetUpdates Job via:  
                #UpdateHelper <--- GetUpdates Job has to finish first!  
                #Checking Status of GetUpdates Job...  
                wh "Checking Status of GetUpdates Job...`n"  
                If ((Get-Job -Name GetUpdates).State -eq "Failed")  
                    { wh "`nGetUpdates Job Failed!`n" }  
                        Else{  
                                Receive-Job -Name GetUpdates -wait  
                                Move $env:USERPROFILE\Desktop\WindowsUpdate.log $TempDir\LOGS\Windows-Update.log -Force  
                                wh "`n Writing Update Helper Info to UPDATE-ERRORS.TXT ... `n"  
                                UpdateHelper #run the update helper function  
                            }               
            } #End getting GetUpdates-job       
      
            #Finishing EventSearch  
            if($Global:EventsCollect -eq $True)  
                {  
                    writeSearch #function  
                }  
      
    #Wait on MSINFO...  
    if($Global:miscCollect -eq $True)  
    {  
        wh "`n Waiting for MSINFO32 to Complete ...`n"  
        do{ start-sleep 1 }  
        Until((get-process | select-string -Pattern "msinfo").Pattern -cne "msinfo")  
            werHint #function  
    }  
      
      
    if((Get-Host).Version.Major -cge 5) ##WIN7 Does not Support Transcript  
        {  
      
    Stop-Transcript   
      
            do{  
        start-sleep 1  
        }  
        Until((get-item $tempDir\LOGS\Event-Search.TXT).Length -cne 0)  
          
        }  
      
    wh "`nLog Collection Completed! `nLogs are available in %temp%\LOGS\`n"    
    wh "`nHit Any Key or Close ...`n"  
      
    Start-Sleep 1  
      
    Start Explorer.exe $explore  
      
    PAUSE  
      
    ## LOGS.PS1 1.6.3  ##     
    ## JOHNEM 8-2019 ##   
    ## EOF ##
      My Computer


  5. Posts : 79
    win10 home 1903
    Thread Starter
       #15

    Bitdefender is uninstalled Although it was hard to get to, I think Defender AV is working but it doesn't show in the task bar

    Again, when I run the v2 link downloads version 1.09 zip
    When I click on the shortcut the log collector opens with all of this in red:
    & : The term '.\resources\main.ps1' is not recognized as the name of a cmdlet, function, script file, or operable
    program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again.
    At line:1 char:2
    + &'.\resources\main.ps1'
    + ~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo : ObjectNotFound: (.\resources\main.ps1:String) [], CommandNotFoundException
    + FullyQualifiedErrorId : CommandNotFoundException



    PS C:\WINDOWS\system32>

    Here is the latest version of DM


    And tell me how to get to Admin PS to copy and paste what you have above.
    Win10 crashed, no Shortcuts. Is there a WinIni file in Win10 Attached Files
      My Computer

  6. Ztruker's Avatar
    Posts : 13,505
    Windows 10 Pro X64 20H4 19042.746
       #16

    And tell me how to get to Admin PS to copy and paste what you have above.
    Click Start, type powershell. Right click on Windows PowerShell and select Run as Administrator.
      My Computers


  7. Posts : 79
    win10 home 1903
    Thread Starter
       #17

    Windows PowerShell
    Copyright (C) Microsoft Corporation. All rights reserved.

    Try the new cross-platform PowerShell Installing PowerShell - PowerShell | Microsoft Docs

    PS C:\WINDOWS\system32> function wh
    >> {
    >> Param ( [parameter (Mandatory = $true)][string]$txt )
    >> Write-Host $txt -ForegroundColor Green -BackgroundColor Black -NoNewline
    >> ##Example usage wh "Alias for `n Write-Host"
    >>
    >> } ## End function wh
    >>
    >>
    >> function StartScript
    >> {
    >> ##Locating Temp Dir and writing Transcript
    >> $global:tempDir = [System.IO.Path]::GetTempPath()
    >> MD $tempDir\LOGS -EA SilentlyContinue
    >> CD $tempDir\LOGS
    >> $txtCount = Get-Item $tempDir/LOGS/*.TXT -EA SilentlyContinue
    >> if((Get-Host).Version.Major -cge 5) ##WIN7 Not Supported
    >> {
    >> if($txtCount.Count -cge 1)
    >> {Start-Transcript -Append -Path $tempDir/LOGS/Event-Search.TXT}
    >> Else{Start-Transcript -Path $tempDir\LOGS\Event-Search.TXT}
    >> }
    >>
    >> $global:explore = $tempDir + "LOGS"
    >> $global:Ver = "1.6.3"
    >> wh "`nLog Collection... (V$Ver)`n"
    >>
    >> #clearing previous actions
    >> Stop-Job *
    >>
    >> #Initialize CheckBox Vars to $True/$False
    >> $Global:EventsCollect = $true; $Global:SetupDiagCollect = $true
    >> $Global:UpdatesCollect = $true; $Global:WLANCollect = $true
    >> $Global:PowerCollect = $true; $Global:GPCollect = $true
    >> $Global:miscCollect = $true; $Global:bingCollect = $true
    >> $Global:eventOut = $false
    >> #Clear Jobs
    >> Stop-Job *
    >> Remove-Job *
    >>
    >> } ## End function Start-Script
    >>
    >>
    >> function SetupDiagFunc
    >> {
    >> wh "`n Grabbing SetupDiag.exe ..."
    >> Invoke-WebRequest https://go.microsoft.com/fwlink/?linkid=870142 -OutFile $tempDir\SetupDiag.exe -TimeoutSec 3 -UseBasicParsing
    >> #check for successful download
    >> if((Get-Item $tempDir\SetupDiag.exe).length -gt 100000)
    >> {
    >> wh "`nSuccessful DL!"
    >> wh "`n Invoking SetupDiag.exe ..."
    >> $SetupDiag = {CMD.EXE /C "%temp%\setupdiag.exe /Verbose /Output:%temp%\SetupDiag-Log.txt"}
    >>
    >> ## Kick-Off SetupDiagJob
    >> Start-Job -Name SetupDiagJob -ScriptBlock $SetupDiag
    >>
    >> }Else{Write-Host "`nDownload of SetupDiag.exe Failed!" -BackgroundColor RED }
    >>
    >> } ## End Function SetupDiagFunc
    >>
    >>
    >> function EventSearch
    >> {
    >> wh "`n Starting EventSearch Job-Function ...`n"
    >> ## Gathering Events from System using Get-WinEvent via Job
    >> $EventSearchJob =
    >> {
    >> $evtPaths = Get-Item C:\Windows\System32\Winevt\Logs\*.evtx -Exclude "*PowerShell*",
    >> "*known folders*" | Select-Object FullName
    >> $i = $evtPaths.Count
    >>
    >> $x = 0 ##For 1st Loop do Until x = i
    >> $events = @()
    >> $gatherEvents = @()
    >> $eventsArray = @()
    >> $searchResult = @()
    >> $MaxEvents = 99
    >>
    >> #Loading/Gathering Events Loop...
    >> do {
    >>
    >> ##Getting Events w/ Get-WinEvent
    >> $gatherEvents = Get-WinEvent -Path $evtPaths[$x].FullName -MaxEvents $MaxEvents -EA SilentlyContinue
    >> $events = $events + $gatherEvents
    >>
    >> $x++
    >>
    >> }
    >> Until ($x -eq $i)
    >>
    >> $x = $x +1 ##Total Events Found!
    >>
    >> $eventsLength = $events.Length ##Total events catalogged!
    >>
    >> $xx = 0
    >>
    >> # Write Event Properties to a row and roll it out - Collapsing Array ...
    >> do {
    >> $date = $events[$xx].TimeCreated | Get-Date -Format "yyyyMMdd".ToString() -EA SilentlyContinue ##EA SC for Blank Entries
    >>
    >> $eventRow = new-object PSObject -Property @{
    >> Date = $date;
    >> Id = $events[$xx].Id;
    >> Level = $events[$xx].LevelDisplayName;
    >> Provider = $events[$xx].ProviderName;
    >> Message = $events[$xx].Message;
    >> }
    >>
    >> $cRow = $date + " " + "ID:" + $events[$xx].Id + " " + "Level:" + $events[$xx].LevelDisplayName + " " + "Provider:" + $events[$xx].ProviderName + " " + "Message:" + $events[$xx].Message
    >> $eventsArray += $cRow
    >>
    >> $xx++
    >> $d++
    >> }
    >> Until ($xx -eq $events.Length)
    >>
    >> ##Looking for patterns error or fail in $eventsArray
    >> $search = $eventsArray | Select-String -pattern ("error|fail")
    >>
    >> Return $search ## | Write-Output ##Output for job
    >>
    >> } ## End $EventSearchJob
    >>
    >> Start-Job -Name EventSearchJob -ScriptBlock $EventSearchJob
    >>
    >> } ## End function Event-Search
    >>
    >>
    >> function writeSearch ##
    >> {
    >> ##Event Logs Cont.
    >> MD $tempDir\LOGS\EVTX\ -EA SilentlyContinue
    >>
    >> ##output to file
    >> $search | Group-Object | Sort-Object Count -Descending | Format-Table Count, Name -Wrap > TOP-ERRORS.TXT
    >> $search > $tempDir\LOGS\SEARCH.TXT
    >>
    >> if($Global:eventOut -eq $True)
    >> {
    >> $search | Group-Object | Sort-Object Count -Descending |
    >> Select-Object -Property Count, Name | Out-GridView -Title "Top `"Errors`" via EVTX - V-$Ver"
    >> }
    >>
    >> wh "`n Collecting Matching EVTX Entries ...`n"
    >> #Collecting all prev matching EVTX
    >> #$evtx = Get-ChildItem C:\Windows\System32\Winevt\Logs\*.evtx
    >> $evv = 0
    >>
    >> $providerName =
    >> (($search | Select-String "Provider:.*Message:").Matches.Value -Replace
    >> " Message:", "" -Replace "Provider:", "" | Group-Object ).Name
    >>
    >> #Converting Provider Name to Log Name
    >> $providerName = (($providerName | ForEach-Object {Get-WinEvent -ProviderName $_ -MaxEvents 1 -EA SilentlyContinue}).LogName | Group-Object).Name
    >> $providerName = $providerName -replace "Microsoft.", ""
    >> $providerName = $providerName -replace "Windows.", ""
    >> $providerName = $providerName -replace "`/.*$", ""
    >>
    >>
    >> $evtx = $providerName | foreach{Get-ChildItem "C:\Windows\System32\winevt\logs\*$_*"}
    >>
    >> Do{
    >> COPY $evtx[$evv].PSPath $tempDir\LOGS\EVTX\
    >> $evv++
    >> }
    >> Until($evv -eq $evtx.Count)
    >>
    >> } #End function writeSearch
    >>
    >>
    >> function GetUpdates
    >> {
    >> wh "`n Starting Get-WindowsUpdateLog Job-Function ...`n"
    >> $updateJob = {get-WindowsUpdateLog}
    >>
    >> if((Get-Host).Version.Major -cge 5) ##Modern Gatherer
    >> {
    >> Start-Job -Name GetUpdates -ScriptBlock $updateJob
    >> }
    >>
    >> ##Legacy Gatherer
    >> CP C:\Windows\WindowsUpdate.log $tempDir\LOGS\WindowsUpdate.log
    >>
    >> ##Installed-Updates/Packages
    >> Get-WmiObject win32_quickfixengineering > $tempDir\LOGS\Installed_Updates.TXT
    >> Get-WmiObject Win32_OperatingSystemQFE >> $tempDir\LOGS\Installed_Updates.TXT
    >> DISM /Online /Get-Packages /Format:Table >> $tempDir\LOGS\Installed_Updates.TXT
    >>
    >> } ## End function Get-Updates
    >>
    >>
    >> function PrinterCheck
    >> {
    >> wh "`n Getting Printer Information ..."
    >> get-printer | ft Name, ComputerName, Type, DriverName, PortName, Datatype, Location, DriverName > $tempDir\LOGS\Printers.TXT
    >> get-printerDriver | fl >> $tempDir\LOGS\Printers.TXT
    >> Get-ChildItem -Recurse Registry::"HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows NT x86\Drivers" | Out-File $tempDir\LOGS\Printers.TXT -Append
    >> Get-ChildItem -Recurse Registry::"HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers" | Out-File $tempDir\LOGS\Printers.TXT -Append
    >> Get-ChildItem -Recurse Registry::"HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors" | Out-File $tempDir\LOGS\Printers.TXT -Append
    >> write-output "## CBS ntprint CHECK ##" >> $tempDir\LOGS\Printers.TXT
    >> $cbsCheck = (Get-ChildItem C:\Windows\Logs\CBS\*cbs* -Recurse | select-string -Pattern "E_INVALIDARG in eventsXml.*Microsoft-Windows-PrintService")
    >> if($cbsCheck.Count -eq 0){Write-Output "## NO MATCHES IN CBS ##" >> $tempDir\LOGS\Printers.TXT} Else{$cbsCheck | Group-Object >> $tempDir\LOGS\Printers.TXT}
    >> write-output "## ntprint.dll CHECK ##" >> $tempDir\LOGS\Printers.TXT
    >> (Get-ChildItem C:\Windows\System32\ntprint.dll).VersionInfo | ft -AutoSize >> $tempDir\LOGS\Printers.TXT
    >> (Get-ChildItem C:\Windows\SysWOW64\ntprint.dll).VersionInfo | ft -AutoSize >> $tempDir\LOGS\Printers.TXT
    >>
    >> } ## End function PrinterCheck
    >>
    >>
    >> function UpdateHelper
    >> {
    >> if((Get-Host).Version.Major -cge 5)
    >> {
    >> $winupdatelog = get-item $tempDir\LOGS\windows-update.log ##WIN-10 File
    >> MD $tempDir\LOGS\Windows\Logs\WindowsUpdate\ -EA SilentlyContinue | Out-Null
    >> CP C:\Windows\Logs\WindowsUpdate\*.etl $tempDir\LOGS\Windows\Logs\WindowsUpdate\ -EA SilentlyContinue
    >> }
    >> Else{$winupdatelog = get-item $tempDir\LOGS\windowsupdate.log} ##LEGACY File
    >>
    >> $updateError = ($winupdatelog | select-string -pattern "error.*0x........");
    >> $updateErrorSplit = $updateError -Split " "
    >> $updateErrorCount = (($updateErrorSplit | select-string -pattern "0x........") -Replace "[(),'`.:]", "" -Replace "hr=", "");
    >>
    >> $updateErrorCount | Group-Object | Sort-Object Count -Descending | Format-Table Count, Name | Out-File $tempDir\LOGS\UPDATE-ERRORS.TXT -Width 999
    >> $updateError >> UPDATE-ERRORS.TXT
    >> if($updateError.length -eq 0){"No `"error.*0x........`" patterns Found in Windows-Update.log" | Out-File $tempDir\LOGS\UPDATE-ERRORS.TXT}
    >>
    >> ($winupdatelog | Select-String "KB\d\d\d\d\d\d\d" | Select-string "fail") | Out-file $tempDir\LOGS\UPDATE-ERRORS.TXT -Append -width 999
    >>
    >> } ## End function UpdateHelper
    >>
    >>
    >> function getProcesses
    >> {
    >> wh "`nGetting Active Process ...`n"
    >> Get-Process > $tempDir\LOGS\Running-Processes.TXT
    >> CMD.EXE /C "tasklist /svc" | Out-File -Append $tempDir\LOGS\Running-Processes.TXT
    >>
    >> } ## End function getProcesses
    >>
    >>
    >> function GetApps
    >> {
    >> wh "`n Getting List of Installed Apps...`n"
    >> Get-WmiObject -Class Win32_Product | Format-Table -Property Name, Version, Vendor > $tempDir\LOGS\Installed-Apps.TXT
    >> Get-AppxPackage | ft Name, Version, InstallLocation, IspArtiallyStaged, SignatureKind, Status >> $tempDir\LOGS\Installed-Apps.TXT
    >>
    >> } ## End function GetApps
    >>
    >>
    >> function SetupLogs
    >> {
    >> wh "`nGetting Windows Setup Logs Independent of SetupDiage.exe...`n"
    >> MD $tempDir\LOGS\SETUP\ -EA SilentlyContinue
    >> dir C:\ > $tempDir\LOGS\Dir_Structure.txt
    >>
    >> ## Main Setup Collection
    >> if($env:SystemDrive -eq 'C:') ##Verify SystemDrive
    >> {
    >> $SetupPaths = @()
    >>
    >> $locations = @(
    >> 'C:\GetCurrent',
    >> 'C:\$Reset',
    >> 'C:\$SysReset',
    >> 'C:\$Windows.~BT',
    >> 'C:\$Windows.~WS',
    >> 'C:\Windows\Logs\',
    >> 'C:\Windows\Panther\',
    >> 'C:\Windows\inf\',
    >> 'C:\Windows\System32\LogFiles\',
    >> 'C:\Windows\System32\SysPrep\',
    >> 'C:\Windows10Upgrade',
    >> 'C:\Windows.old\Windows\Panther')
    >>
    >> for($i = 0; $locations.count -gt $i; $i++)
    >> {
    >> if((get-item $locations[$i] -Force -EA SilentlyContinue).length -gt 0) ##Null Path Check -Force for Hidden
    >> {
    >> CD $locations[$i]
    >> ##Search includes setuperr/setupact only
    >> $SetupPaths += Get-ChildItem * -Force -Recurse -Include setuperr.log, setupact.log, miglog.xml, *APPRAISER_Humanreadable.xml -EA SilentlyContinue
    >> }
    >> }
    >>
    >> $cleanPaths = @()
    >>
    >> for($i = 0; $SetupPaths.count -gt $i; $i++)
    >> {
    >> $cleanPaths += $SetupPaths[$i].PSParentPath.ToString() -replace "Microsoft\.PowerShell\.Core\\FileSystem\:\:C\:", ""
    >> }
    >>
    >> CD $tempDir\LOGS\SETUP\
    >> MD $cleanPaths -Force
    >> CD $tempDir\LOGS\
    >>
    >> for($i = 0; $SetupPaths.count -gt $i; $i++)
    >> {
    >> $destPath = "$tempDir\LOGS\SETUP" + $cleanPaths[$i]
    >> $copyPathLog = ($SetupPaths[$i].ToString())
    >>
    >> Copy $copyPathLog -Destination $destPath
    >> }
    >>
    >> }Else{Write-Host "`nSystem Drive is not C:... Setup Collection Aborted!`n"}
    >> ## End Main Setup Collection
    >>
    >>
    >> ## Setup Reg Output
    >> Get-ChildItem HKLM:\SYSTEM\SETUP\ | Out-File $tempDir\LOGS\SETUP\HKLM_SYSTEM_SETUP-OOBE.TXT
    >> Get-ChildItem HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\OOBE\Me* -recurse -EA SilentlyContinue | Out-File $tempDir\LOGS\SETUP\HKLM_SYSTEM_SETUP-OOBE.TXT -Append
    >> Get-Childitem HKLM:SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate | Out-File $tempDir\LOGS\SETUP\HKLM_SYSTEM_SETUP-OOBE.TXT -Append
    >>
    >> ## SetupAct String Search
    >>
    >>
    >>
    >> $setupRegx = @("MOUPG SetupHost..Initialize:",
    >> "============================",
    >> (Get-ChildItem $tempDir\LOGS\*setupact.log -Recurse | Select-String "MOUPG SetupHost..Initialize. CmdLine"),
    >> "",
    >> "MOUPG Setup build & Host OS Build:",
    >> "==================================",
    >> "",
    >> (Get-ChildItem $tempDir\LOGS\*setupact.log -Recurse | Select-String "MOUPG SetupHost..Setup build"),
    >> "...",
    >> (Get-ChildItem $tempDir\LOGS\*setupact.log -Recurse | Select-String "MOUPG Host OS"),
    >> "",
    >> "Watson Parameters (4&5):",
    >> "=======================",
    >> "",
    >> (Get-ChildItem $tempDir\LOGS\*setupact.log -Recurse | Select-String "Watson Bucketing Parameters\[[4-5]\]" ),
    >> "",
    >> "\[0x........\]Error:",
    >> "==================",
    >> "",
    >> (Get-ChildItem $tempDir\LOGS\*setupact.log -Recurse | Select-String "\[0x........\]\[0x.....\]"),
    >> "",
    >> "`"FATAL`":",
    >> "======",
    >> "",
    >> (Get-ChildItem $tempDir\LOGS\*setupact.log -Recurse | Select-String "FATAL" | Select-String -NotMatch "FatalExecutionEngineError" | Select-String -NotMatch "non-fatal"),
    >> "",
    >> "`"Error `":",
    >> "===========",
    >> "",
    >> (Get-ChildItem $tempDir\LOGS\*setupact.log -Recurse | Select-String "Error "),
    >> "",
    >> "MIGRATE.*DATA:",
    >> "==============",
    >> "",
    >> (Get-ChildItem $tempDir\LOGS\*setupact.log -Recurse | Select-String "MIGRATE.*DATA"),
    >> ""
    >> )
    >> $q=0
    >> Do {$setupRegx[$q] | Out-File $tempDir\LOGS\SETUP\SetupAct-Regex.TXT -Append -Width 999 ##spool out results
    >> $q++
    >> }Until($q -eq $setupRegx.Count)
    >>
    >> } ## End function SetupLogs
    >>
    >>
    >> function powerCFGInfo
    >> {
    >> MD $tempDir\LOGS\POWER\ -EA SilentlyContinue | Out-Null
    >> wh "`n Grabbing PowerCFG, Sleep & Battery Info ...`n"
    >>
    >> ("`n" + "Available Sleep States (/A): `r" + "`n" +"============================`r" + "`r").ToString() | Out-File -Encoding ascii $tempDir\LOGS\POWER\POWERCFG_INFO.txt
    >> powercfg /a | Out-File -Append -encoding ascii $tempDir\LOGS\POWER\POWERCFG_INFO.txt
    >>
    >> ("`n" + "-DeviceQuery Wake_Armed: `r" + "`n" +"========================`r" + "`r").ToString() | Out-File -Append -Encoding ascii $tempDir\LOGS\POWER\POWERCFG_INFO.txt
    >> powercfg -devicequery wake_armed | Out-file -Append -encoding ascii $tempDir\LOGS\POWER\POWERCFG_INFO.txt
    >>
    >> ("`n" + "Last Wake (-lastwake): `r" + "`n" +"=====================`r" + "`r").ToString() | Out-File -Append -Encoding ascii $tempDir\LOGS\POWER\POWERCFG_INFO.txt
    >> powercfg -lastwake | Out-file -Append -encoding ascii $tempDir\LOGS\POWER\POWERCFG_INFO.txt
    >> ("`n`r").ToString() | Out-File -Append -Encoding ascii $tempDir\LOGS\POWER\POWERCFG_INFO.txt
    >>
    >> ("`n" + "-Requests: `r" + "`n" +"==========`r" + "`r").ToString() | Out-File -Append -Encoding ascii $tempDir\LOGS\POWER\POWERCFG_INFO.txt
    >> powercfg -requests | Out-file -Append -encoding ascii $tempDir\LOGS\POWER\POWERCFG_INFO.txt
    >>
    >> $powerList = powercfg -list
    >> $powerList | Out-File -Append -encoding ascii $tempDir\LOGS\POWER\POWERCFG_INFO.txt
    >> $powerActive = $powerList | select-string "\*" | powercfg /QH "$_"
    >> ("`n`r").ToString() | Out-File -Append -Encoding ascii $tempDir\LOGS\POWER\POWERCFG_INFO.txt
    >>
    >> ("`n" + "Active Power Scheme Details: `r" + "`n" +"============================`r" + "`r").ToString() | Out-File -Append -Encoding ascii $tempDir\LOGS\POWER\POWERCFG_INFO.txt
    >> $powerActive | Out-File -Append -encoding ascii $tempDir\LOGS\POWER\POWERCFG_INFO.txt
    >>
    >>
    >> if((Get-Host).Version.Major -cge 5) ##WIN7 Does not Support powercfg /battery /sleepstudy
    >> {
    >> $ifbattery = Get-WmiObject win32_battery
    >> if ( $ifbattery.__SERVER.count -cge 1 ) { CMD.EXE /C "powercfg /batteryreport /output %temp%\LOGS\POWER\battery-report.html" }
    >> CMD.EXE /C "powercfg /sleepstudy /output %temp%\LOGS\POWER\sleepstudy-report.html"
    >> }
    >> CMD.EXE /C "powercfg /ENERGY /duration 10 /output %temp%\LOGS\POWER\energy-report.html"
    >>
    >> } ## End function powerCFGInfo
    >>
    >>
    >> function sysProductCheck
    >> {
    >> wh "`n Getting SystemProductName ...`n"
    >> ##SystemInformation Reg
    >> reg query HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SystemInformation\ /v SystemProductName > $tempDir\LOGS\REG_SystemProductName.TXT
    >> Get-WmiObject Win32_ComputerSystem > $tempDir\LOGS\WMI_Object_System.TXT
    >> Get-WmiObject Win32_ComputerSystemProduct >> $tempDir\LOGS\WMI_Object_System.TXT
    >>
    >> } ## End functions sysProductCheck
    >>
    >>
    >> function showWLAN
    >> {
    >> wh "Generating NETSH WLAN Report...`n"
    >>
    >> $showWLANjob = {
    >> CMD.EXE /c "netsh wlan show networks mode=ssid > %temp%\LOGS\Network\wlan.txt"
    >> CMD.EXE /c "netsh wlan show networks mode=bssid >> %temp%\LOGS\Network\wlan.txt"
    >> CMD.EXE /c "netsh winhttp show proxy > %temp%\LOGS\Network\proxy.txt"
    >> CMD.EXE /c "netsh wlan show wlanreport & COPY C:\ProgramData\Microsoft\Windows\wlanReport\wlan-report-latest.html %temp%\LOGS\Network\wlan-report-latest.html"
    >> ##WIN7 Does not Support netsh wlanreport
    >> }
    >>
    >> Start-Job -Name showWLAN -ScriptBlock $showWLANjob
    >>
    >> } ## End function sysProductCheck
    >>
    >>
    >> function getGPRESULT
    >> {
    >> wh "`nGetting GPRESULT...`n"
    >> CMD.EXE /C "GPRESULT /V > %temp%\LOGS\GPRESULT.TXT"
    >>
    >> } ## End function getGPRESULT
    >>
    >>
    >> function reservedCheck
    >> {
    >>
    >> $reservedJob =
    >> {
    >> $vol = (mountvol /L | select-string -Pattern "\\")
    >> $volstring = "mountvol y:" + $vol[0]
    >> CMD.EXE /C $volstring
    >>
    >> SLEEP 2
    >>
    >> CMD.EXE /C "CHKDSK y: > %temp%\LOGS\SystemReserved.TXT"
    >>
    >> SLEEP 2 # Pause after drive dismount
    >>
    >> CMD.EXE /C "mountvol y: /D"
    >> }
    >>
    >> Start-Job -Name reservedJob -ScriptBlock $reservedJob
    >>
    >> } ## End function reservedCheck
    >>
    >>
    >> function fltmcCheck
    >> {
    >> wh "`n Getting fltmc Filters ...`n"
    >> CMD.EXE /c "fltmc filters > %temp%\LOGS\fltmc_filters.TXT"
    >>
    >> } ## End function fltmcCheck
    >>
    >>
    >> function getDXDiag
    >> {
    >> wh "`n Grabbing DXDiag Info...`n"
    >> C:\Windows\System32\dxdiag /x $explore\DxDiag
    >>
    >> } ## End function getDXDiag
    >>
    >>
    >> function getMSINFO
    >> {
    >> wh "`n Gathering MSINFO32 ...`n"
    >> ## check if msinfo is already gathering - if so stop
    >> If((get-process | select-string -Pattern "msinfo").Pattern -eq "msinfo")
    >> {Stop-Process -ProcessName msinfo32}
    >>
    >> C:\Windows\System32\msinfo32.exe /nfo $tempDir/LOGS/MSINFO32.NFO
    >>
    >> } ## End function getMSINFO
    >>
    >>
    >> function getAV
    >> {
    >> if((Get-Host).Version.Major -cge 5) ##Modern OS Only
    >> {
    >> wh "`n Grab root\SecurityCenter2 AntivirusProduct ...`n"
    >> $avPath = (Get-WmiObject -Namespace root\SecurityCenter2 -Class AntivirusProduct) | % {$_.pathtoSignedProductEXE}
    >> "AV Info" + "`n========" | Out-File $tempDir/LOGS/SecurityProductInformation.TXT
    >> $avPath | Out-File $tempDir/LOGS/SecurityProductInformation.TXT -Append
    >> if($avPath[0] -match "exe")
    >> {
    >> $path = (Get-Item $avPath[0]).PSParentPath
    >> Get-Item $path/*.ini | Out-File $tempDir/LOGS/SecurityProductInformation.TXT -Append
    >> Get-Content $path/*.ini | Out-File $tempDir/LOGS/SecurityProductInformation.TXT -Append
    >> }
    >> Get-ChildItem "HKLM:\SOFTWARE\Policies\Microsoft\Windows Defender" -recurse -EA SilentlyContinue | Out-File $tempDir/LOGS/SecurityProductInformation.TXT -Append
    >> }
    >> } ## End function getAV
    >>
    >>
    >> function getDrivers
    >> {
    >> wh "`n Grabbing Driver listing via DISM.EXE ...`n"
    >> $drivers = cmd.exe /C "dism /online /get-drivers /format:table"
    >> $drivers += cmd.exe /C "dism /online /get-drivers /all /format:table"
    >> $drivers | Out-File $tempDir/LOGS/DISM-Get-Drivers.TXT
    >> wh "`n Done!`n"
    >> } ## End Function getDrivers
    >>
    >>
    >> function getMISCLogs
    >> {
    >> wh "`nCopying misc. logs ...`n"
    >> MD $tempDir\LOGS\WER\ -EA SilentlyContinue
    >> MD $tempDir\LOGS\Windows\Logs\WindowsUpdate\ -EA SilentlyContinue
    >> CP "C:\Users\All Users\Microsoft\Windows\WER\ReportArchive\*" $tempDir\LOGS\WER\ -Recurse -EA SilentlyContinue
    >> CP "C:\Windows\Logs\CBS\*cbs*" $tempDir\LOGS\Windows\Logs\
    >> CP "C:\Windows\Logs\DISM\*dism*" $TempDir\LOGS\Windows\Logs\
    >> CP "C:\Windows\Logs\WindowsUpdate\*" $TempDir\LOGS\Windows\Logs\WindowsUpdate\
    >>
    >>
    >> #DMP Collect
    >> $dmp = @()
    >> $dmp += Get-ChildItem C:\Windows\*.dmp
    >> $dmp += (Get-ChildItem C:\Windows\LiveKernelReports\*.dmp -Recurse -EA SilentlyContinue)
    >> $dmp += (Get-ChildItem C:\Windows\Minidump\*.dmp -Recurse -EA SilentlyContinue)
    >> #Validate empty array
    >> if($dmp.length -ne 0)
    >> {
    >> $dd=0
    >> Do{
    >> If($dmp[$dd].length -lt 2000000)
    >> { $destPath = $dmp[$dd].PSParentPath.Replace('C:\', '').Replace('Microsoft.PowerShell.Core\FileSystem::', '')
    >> MD $destPath -EA SilentlyContinue
    >> COPY -Path $dmp[$dd].PSPath -Destination $destPath }
    >> $dd++
    >> }
    >> Until($dd -eq $dmp.Count)
    >> }
    >>
    >> #disk info
    >> "`nGet-Disk:`n=========" > $tempDir\LOGS\Disk-Info.TXT
    >> Get-Disk |fl >> $tempDir\LOGS\Disk-Info.TXT
    >> "`nGet-Partition:`n==============" >> $tempDir\LOGS\Disk-Info.TXT
    >> Get-Partition >> $tempDir\LOGS\Disk-Info.TXT
    >> Manage-bde -protectors -get C: >> $tempDir\LOGS\Disk-Info.TXT
    >> "`nIO Fail Search:`n===============`n" >> $tempDir\LOGS\Disk-Info.TXT
    >> $search | Select-String ".*io.fail.*" | Select-String -NotMatch '0, 0, 0, 0' >> $tempDir\LOGS\Disk-Info.TXT
    >>
    >> } ## End function getMISCLogs
    >>
    >>
    >> function bingCollect
    >> {
    >> ##O365 Firewall Check & Bing.com diagnostics.asp
    >> ##URIs based on Article:
    >> ##Office 365 URLs and IP address ranges | Microsoft Docs
    >>
    >> MD $TempDir\LOGS\Network\ -EA SilentlyContinue
    >>
    >> wh "Performing Bing & O365 URI Check ... `n"
    >>
    >>
    >> $bingCheck = (Invoke-WebRequest -Uri https://www.bing.com/fdv2/diagnostics.aspx -UseBasicParsing)
    >> $bingCheck | Out-File $tempDir\LOGS\Network\O365-URL-Query.TXT
    >>
    >> $URIs = @('api.login.microsoftonline.com', #0 Standard Reply = 403
    >> 'api.passwordreset.microsoftonline.com', #1 Standard Reply = 200
    >> 'becws.microsoftonline.com', #2 Standard Reply = 403
    >> 'clientconfig.microsoftonline-p.net', #3 Standard Reply = 404
    >> 'companymanager.microsoftonline.com', #4 Standard Reply = 403
    >> 'device.login.microsoftonline.com', #5 Standard Reply = 200
    >> 'graph.microsoft.com', #6 Standard Reply = 404
    >> 'hip.microsoftonline-p.net', #7 Standard Reply = 404
    >> 'hipservice.microsoftonline.com', #8 Standard Reply = 404
    >> 'login.microsoft.com', #9 Standard Reply = 200
    >> 'login.microsoftonline.com', #10 Standard Reply = 200
    >> 'logincert.microsoftonline.com', #11 Standard Reply = 200
    >> 'loginex.microsoftonline.com', #12 Standard Reply = 200
    >> 'login-us.microsoftonline.com', #13 Standard Reply = 200
    >> 'login.microsoftonline-p.com', #14 Standard Reply = 200
    >> 'login.windows.net', #15 Standard Reply = 200
    >> 'nexus.microsoftonline-p.com', #16 Standard Reply = 403
    >> 'passwordreset.microsoftonline.com', #17 Standard Reply = 200
    >> 'provisioningapi.microsoftonline.com', #18 Standard Reply = 403
    >> 'stamp2.login.microsoftonline.com', #19 Standard Reply = 200
    >> 'ccs.login.microsoftonline.com', #20 Standard Reply = 401
    >> 'ccs-sdf.login.microsoftonline.com', #21 Standard Reply = 401
    >> 'accounts.accesscontrol.windows.net', #22 Standard Reply = 200
    >> 'secure.aadcdn.microsoftonline-p.com', #23 Standard Reply = 400
    >> 'windows.net', #24 Standard Reply = 200
    >> 'phonefactor.net', #25 Standard Reply = 200
    >> 'account.activedirectory.windowsazure.com', #26 Standard Reply = 404
    >> 'secure.aadcdn.microsoftonline-p.com', #27 Standard Reply = 400
    >> 'login.windows.net', #28 Standard Reply = 200
    >> 'provisioningapi.microsoftonline.com', #29 Standard Reply = 403
    >> 'mscrl.microsoft.com', #30 Standard Reply = 400
    >> 'secure.aadcdn.microsoftonline-p.com', #31 Standard Reply = 400
    >> 'windowsupdate.microsoft.com', #32 Standard Reply = 200
    >> 'update.microsoft.com', #33 Standard Reply = 200
    >> 'au.download.windowsupdate.com', #34 Standard Reply = 200
    >> 'download.windowsupdate.com', #35 Standard Reply = 200
    >> 'download.microsoft.com', #36 Standard Reply = 200
    >> 'tlu.dl.delivery.mp.microsoft.com'); #37 Standard Reply = 403
    >>
    >>
    >> $count = 0;
    >> $queryResult [email protected]{};
    >>
    >> Write-Host "Checking URIs .." -NoNewline
    >>
    >> Do {
    >> Try{
    >> $queryResult[$count] = (Invoke-WebRequest -Uri ("http:`/`/" + $URIs[$count]) -Method Head -UseBasicParsing -TimeoutSec 2).RawContent
    >> }Catch{ $catch = $_ }
    >>
    >> if($queryResult[$count].Count -eq 0)
    >> {$queryResult[$count] = ($catch[$catch.count -1].ToString()).Replace("`n", " ")}
    >> Write-Host "." -NoNewline
    >> $count++
    >> }Until ($count -eq ($URIs.Count));
    >> Write-Host "."
    >>
    >> Get-Date | Out-File $tempDir\LOGS\Network\O365-URL-Query.TXT -Append
    >> $queryResult | Out-File $tempDir\LOGS\Network\O365-URL-Query.TXT -Append
    >>
    >> Write-Host " Bing Check", `n, "==========" | Out-File $tempDir\LOGS\Network\O365-URL-Query.TXT -Append
    >>
    >> wh "`n`n`n`URL Check Finished...`n"
    >> }
    >>
    >>
    >> function smbConfig
    >> {
    >>
    >> $CMDs =
    >> { cmd.exe /c "net config server"
    >> cmd.exe /c "net config workstation"
    >> Get-SmbClientNetworkInterface
    >> Get-SmbServerConfiguration
    >> Get-SmbClientConfiguration
    >> Get-ChildItem "HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer"
    >> Get-NetAdapterAdvancedProperty | ft }
    >>
    >> ForEach-Object{Invoke-Command $CMDs | Out-File $TempDir\LOGS\NETWORK\$env:COMPUTERNAME-SMB-Config.TXT -Append}
    >>
    >> $share = Get-SmbShare
    >>
    >> ForEach-Object{Get-SmbShareAccess $share.Name | ft | Out-File $tempDir\LOGS\NETWORK\$env:COMPUTERNAME-SMB-Config.TXT -Append}
    >>
    >> } ## End Function smbConfig
    >>
    >>
    >> function regLang
    >> {
    >> DISM.EXE /Online /Get-Intl | Out-File $tempDir\LOGS\Reg-Lang.TXT
    >> "`n","Get-WinUserLanguageList","=======================" | Out-File $tempDir\LOGS\Reg-Lang.TXT -Append
    >> Get-WinUserLanguageList | Out-File $tempDir\LOGS\Reg-Lang.TXT -Append
    >> "`n","Get-WinLanguageBarOption","========================" | Out-File $tempDir\LOGS\Reg-Lang.TXT -Append
    >> Get-WinLanguageBarOption | Out-File $tempDir\LOGS\Reg-Lang.TXT -Append
    >> }
    >>
    >>
    >> function autoRotate
    >> {
    >> Get-ChildItem HKLM:SOFTWARE\Microsoft\Windows\CurrentVersion\Auto* | Out-File $tempDir\LOGS\AutoRotate.TXT
    >> }
    >>
    >>
    >> function checkBoxes
    >> {
    >> Add-Type -AssemblyName System.Windows.Forms
    >> Add-Type -AssemblyName System.Drawing
    >>
    >> $Global:form = New-Object System.Windows.Forms.Form
    >> $Global:form.Text = "LOGS-V$ver"
    >> $Global:form.Size = New-Object System.Drawing.Size(300,400)
    >> $Global:form.StartPosition = 'CenterScreen'
    >>
    >> $OKButton = New-Object System.Windows.Forms.Button
    >> $OKButton.Location = New-Object System.Drawing.Point(100,300)
    >> $OKButton.Size = New-Object System.Drawing.Size(75,23)
    >> $OKButton.Text = 'OK'
    >> $OKButton.DialogResult = [System.Windows.Forms.DialogResult]::OK
    >> $Global:form.AcceptButton = $OKButton
    >> $Global:form.Controls.Add($OKButton)
    >>
    >> $Global:form.ControlBox = $false
    >>
    >> $Global:boxNum = 1
    >> $Global:checkBox = @{} #hash for $checkBox
    >> $tag = @{} #hash for $label
    >> $Global:Box = @{}
    >>
    >> function createCheckBox
    >> {
    >> Param ( [parameter (Mandatory = $true)][string]$name,
    >> [parameter (Mandatory = $true)][string]$label )
    >>
    >> $drawingPoint = (50 + ($boxNum *25))
    >>
    >> $Global:checkBox[$boxNum] = New-Object System.Windows.Forms.CheckBox
    >> $Global:checkBox[$boxNum].Location = New-Object System.Drawing.Point(10,$drawingPoint)
    >> $Global:checkBox[$boxNum].Size = New-Object System.Drawing.Size(15,15)
    >> $Global:checkBox[$boxNum].Text = ''
    >> $Global:checkBox[$boxNum].Checked = $true
    >> $Global:form.Controls.Add($checkBox[$boxNum])
    >> #SetupDiag Label
    >> $tag[$boxNum] = New-Object System.Windows.Forms.Label
    >> $tag[$boxNum].Location = New-Object System.Drawing.Point(40,$drawingPoint)
    >> $tag[$boxNum].Size = New-Object System.Drawing.Size(280,20)
    >> $tag[$boxNum].Text = "$label"
    >> $Global:form.Controls.Add($tag[$boxNum])
    >>
    >> $Global:boxNum ++
    >>
    >> } #End nested function createCheckBox
    >>
    >> createCheckBox -name "EV" -label "EventSearch EventLog Helper" #1
    >> createCheckBox -name "SD" -label "SetupDiag.EXE Setup Diagnostics" #2
    >> createCheckBox -name "WU" -label "Get-WindowsUpdateLog Collection" #3
    >> createCheckBox -name "IP" -label "Network Information" #4
    >> createCheckBox -name "PW" -label "POWERCFG. Sleep & Battery Info" #5
    >> createCheckBox -name "GP" -label "GPResult Info" #6
    >> createCheckBox -name "MS" -label "General Machine Info" #7
    >> createCheckBox -name "EO" -label "EventSearch Out-GridView" #8
    >>
    >> #Checkbox State Changes
    >> $Global:checkBox[1].Add_CheckStateChanged(
    >> {
    >> if($Global:checkBox[1].checked -eq $True){ $Global:EventsCollect = $true ; Write-Host "." -nonewline} Else{ $Global:EventsCollect = $false }
    >>
    >> })
    >> $Global:checkBox[2].Add_CheckStateChanged(
    >> {
    >> if($Global:checkBox[2].checked -eq $True){ $Global:SetupDiagCollect = $true ; Write-Host "." -nonewline} Else{ $Global:SetupDiagCollect = $false }
    >>
    >> })
    >> $Global:checkBox[3].Add_CheckStateChanged(
    >> {
    >> if($Global:checkBox[3].checked -eq $True){ $Global:UpdatesCollect = $true ; Write-Host "." -nonewline} Else{ $Global:UpdatesCollect = $false }
    >>
    >> })
    >> $Global:checkBox[4].Add_CheckStateChanged(
    >> {
    >> if($Global:checkBox[4].checked -eq $True){ $Global:WLANCollect = $true ; Write-Host "." -nonewline} Else{ $Global:WLANCollect = $false }
    >>
    >> })
    >>
    >> $Global:checkBox[5].Add_CheckStateChanged(
    >> {
    >> if($Global:checkBox[5].checked -eq $True){ $Global:PowerCollect = $true ; Write-Host "." -nonewline} Else{ $Global:PowerCollect = $false }
    >>
    >> })
    >> $Global:checkBox[6].Add_CheckStateChanged(
    >> {
    >> if($Global:checkBox[6].checked -eq $True){ $Global:GPCollect = $true ; Write-Host "." -nonewline} Else{ $Global:GPCollect = $false }
    >>
    >> })
    >> $Global:checkBox[7].Add_CheckStateChanged(
    >> {
    >> if($Global:checkBox[7].checked -eq $True){ $Global:miscCollect = $true ; Write-Host "." -nonewline} Else{ $Global:miscCollect = $false }
    >>
    >> })
    >>
    >> $Global:checkBox[8].Add_CheckStateChanged(
    >> {
    >> if($Global:checkBox[8].checked -eq $True){ $Global:eventOut = $true ; $Global:checkBox[1].checked = $true; Write-Host "x" -nonewline} Else{ $Global:eventOut = $false }
    >>
    >> })
    >>
    >> $Global:checkBox[8].Checked = $false
    >> $mainText = New-Object System.Windows.Forms.Label
    >> $mainText.Location = New-Object System.Drawing.Point(62,30)
    >> $mainText.Size = New-Object System.Drawing.Size(260,20)
    >> $mainText.Text = 'Choose which logs to collect:'
    >> $Global:form.Controls.Add($mainText)
    >> $result = $Global:form.ShowDialog()
    >> SLEEP 1 #testing Topmost lag
    >> $Global:form.Topmost = $true
    >>
    >> #OK Button ...
    >> if ($result -eq [System.Windows.Forms.DialogResult]::OK)
    >> {
    >> $x = $textBox.Text
    >> $x
    >> }
    >>
    >> } #End function checkBoxes
    >>
    >>
    >> Function werHint
    >> {
    >> $WERs = Get-ChildItem $tempDir\LOGS\WER\*.wer -Recurse
    >>
    >> $WERArray = @()
    >>
    >> $Date = $WERs | Select-String -pattern "eventtime=" | % {$_ -Replace("C:.*EventTime=", "")}
    >> $eventType = $WERs | Select-String -pattern "EventType=" | % {$_ -Replace("C:.*EventType=", "")}
    >> $Sig0Nam = $WERs | Select-String -pattern "Sig\[0\].Name" | % {$_ -Replace("C:.*Sig\[0\].Name=", "")}
    >> $Sig0Val = $WERs | Select-String -pattern "Sig\[0\].Value" | % {$_ -Replace("C:.*Sig\[0\].Value=", "")}
    >> $Sig3 = $WERs | Select-String -pattern "Sig\[3\].Value" | % {$_ -Replace("C:.*Sig\[3\].Value=", "")}
    >> $Sig3 = $WERs | Select-String -pattern "Sig\[3\].Value" | % {$_ -Replace("C:.*Sig\[3\].Value=", "")}
    >> $Sig4 = $WERs | Select-String -pattern "Sig\[4\].Value" | % {$_ -Replace("C:.*Sig\[4\].Value=", "")}
    >>
    >> #ConvertDateTime
    >> $epoch = [datetime]"01/01/1601 00:00"
    >> $date = $date | foreach{$epoch.AddSeconds($_/10000000)}
    >> $convertedDate = foreach($Date in $Date) {Get-Date $Date -Format G}
    >>
    >> $WERarray = 0..($convertedDate.Length -1) | Select-Object @{n="Id";e={$_}},
    >> @{n="Date";e={$convertedDate[$_]}}, @{n="EventType";e={$eventType[$_]}},
    >> @{n="S0-Name";e={$Sig0Nam[$_]}}, @{n="S0-Value";e={$Sig0Val[$_]}}, @{n="S3";e={$Sig3[$_]}},
    >> @{n="S4";e={$Sig4[$_]}}
    >>
    >> $WERArray |Sort-Object -Descending Date | ft -autosize Date, EventType, S0-Name, S0-Value, S3, S4 |
    >> Out-File $tempDir\LOGS\WER-SUMMARY.TXT -Width 500
    >>
    >> } ## End Function werHint
    >>
    >>
    >>
    >> ### FUNCTIONS_INIT ###
    >>
    >> $Script:Cancel = @{}
    >>
    >> StartScript #function
    >> checkBoxes
    >>
    >> ## SetupDiagCollect #2
    >> if($Global:SetupDiagCollect -eq $True)
    >> {
    >> SetupDiagFunc #function & job
    >> wh "...`n"
    >> }
    >> ## EventSearch #1
    >> if($Global:EventsCollect -eq $True)
    >> {
    >> EventSearch #function & job
    >> wh "...`n"
    >> }
    >>
    >> ## Get-WindowsUpdate #3
    >> if($Global:UpdatesCollect -eq $True)
    >> {
    >> GetUpdates #function & job
    >> wh "...`n`n"
    >> }
    >>
    >> ## WLAN/Wifi Collect #4
    >> if($Global:WLANCollect -eq $True)
    >> {
    >> bingCollect #function
    >> wh "...`n"
    >> showWLAN #function & job
    >> wh "...`n"
    >> smbConfig #function
    >> }
    >>
    >> ## Power/Battery Collect:#5
    >> if($Global:PowerCollect -eq $True)
    >> {
    >> powerCFGInfo #function - make job takes a min
    >> wh "...`n"
    >> }
    >>
    >> ## GPRESULT Collection: #6
    >> if($Global:GPCollect -eq $True)
    >> {
    >> getGPRESULT #function
    >> wh "...`n"
    >> }
    >>
    >> ## Misc Logs Collection: #7
    >> if($Global:miscCollect -eq $True)
    >> {
    >> getMSINFO #function & job
    >> wh "...`n"
    >> PrinterCheck #function
    >> wh "...`n"
    >> getProcesses #function
    >> wh "...`n"
    >> getApps #function - make job - takes a min
    >> wh "...`n"
    >> SetupLogs #function
    >> wh "...`n"
    >> sysProductCheck #function
    >> wh "...`n"
    >> reservedCheck #function
    >> wh "...`n"
    >> fltmcCheck #function
    >> wh "...`n"
    >> getDXDiag #function
    >> wh "...`n"
    >> regLang #function
    >> wh "...`n"
    >> autoRotate #function
    >> getMISCLogs #function
    >> wh "...`n"
    >> getDrivers #function
    >> wh "...`n"
    >> getAV #function
    >> wh "...`n"
    >> }
    >>
    >>
    >> #### RECEIVING JOBS SECTION ###...
    >>
    >> #EventSearchJob
    >> if($Global:EventsCollect -eq $True)
    >> {
    >> wh "`nWaiting for EventSearchJob to complete...`n"
    >>
    >> Receive-Job -Name EventSearchJob -OutVariable eventSearch -Wait
    >> $search = $eventSearch.Line
    >> }
    >>
    >>
    >> if($Global:SetupDiagCollect -eq $True)
    >> {
    >> #SetupDiagJob - Receive-Job
    >> $stamp = (Get-Date -format "hh:mm tt")
    >> wh "`nWaiting for SetupDiagJob to complete..."
    >> wh "`nTime Stamp: $stamp"
    >> wh "`nThis can take up to 10 minutes ..."
    >>
    >> Do{
    >> SLEEP 15
    >> wh "."
    >> if((Get-Job -name SetupDiagJob).State -eq "Completed")
    >> { Receive-Job -Name SetupDiagJob
    >> wh "`nSetupDiag Completed!"
    >> Break }
    >> }Until($Cancel.SetupDiag -eq $True)
    >> wh `n
    >>
    >> #Receive file and copy
    >> Receive-Job -Name SetupDiagJob -Wait
    >> Copy-Item $tempDir\Logs*.zip $tempDir\LOGS\SetupDiag-Log.zip
    >> Copy-Item $tempDir\setupdiag*.log $tempDir\LOGS\
    >> Remove-Item $tempDir\Logs*.zip
    >> }
    >>
    >>
    >> if($Global:UpdatesCollect -eq $True)
    >> {
    >> #GetUpdates Job via:
    >> #UpdateHelper <--- GetUpdates Job has to finish first!
    >> #Checking Status of GetUpdates Job...
    >> wh "Checking Status of GetUpdates Job...`n"
    >> If ((Get-Job -Name GetUpdates).State -eq "Failed")
    >> { wh "`nGetUpdates Job Failed!`n" }
    >> Else{
    >> Receive-Job -Name GetUpdates -wait
    >> Move $env:USERPROFILE\Desktop\WindowsUpdate.log $TempDir\LOGS\Windows-Update.log -Force
    >> wh "`n Writing Update Helper Info to UPDATE-ERRORS.TXT ... `n"
    >> UpdateHelper #run the update helper function
    >> }
    >> } #End getting GetUpdates-job
    >>
    >> #Finishing EventSearch
    >> if($Global:EventsCollect -eq $True)
    >> {
    >> writeSearch #function
    >> }
    >>
    >> #Wait on MSINFO...
    >> if($Global:miscCollect -eq $True)
    >> {
    >> wh "`n Waiting for MSINFO32 to Complete ...`n"
    >> do{ start-sleep 1 }
    >> Until((get-process | select-string -Pattern "msinfo").Pattern -cne "msinfo")
    >> werHint #function
    >> }
    >>
    >>
    >> if((Get-Host).Version.Major -cge 5) ##WIN7 Does not Support Transcript
    >> {
    >>
    >> Stop-Transcript
    >>
    >> do{
    >> start-sleep 1
    >> }
    >> Until((get-item $tempDir\LOGS\Event-Search.TXT).Length -cne 0)
    >>
    >> }
    >>
    >> wh "`nLog Collection Completed! `nLogs are available in %temp%\LOGS\`n"
    >> wh "`nHit Any Key or Close ...`n"
    >>
    >> Start-Sleep 1
    >>
    >> Start Explorer.exe $explore
    >>
    >> PAUSE
    >>
    >> ## LOGS.PS1 1.6.3 ##
    >> ## JOHNEM 8-2019 ##
    >> ## EOF ##
    >>
    >> My Computer
    >> Quote Quote Multi-Quote This Message Bookmark Post Thank
    >> Gomer
    >>
    >> Gomer
    >>
    >> Member
    >> Joined : Mar 2016
    >> Posts : 54
    >> win10 home 1903
    >> Local Time: 14:10
    >> Thread Starter USA US MAINE
    >> 16 Minutes Ago #15
    >>
    >>
    >> Bitdefender is uninstalled Although it was hard to get to, I think Defender AV is working but it doesn't sh
      My Computer


  8. Posts : 38,342
    windows 10 professional version 1607 build 14393.969 64 bit
       #18

    This is a link on how to open administrative PS for post #14:

    Open Elevated Windows PowerShell in Windows 10


    Open administrative command prompt and copy and paste:

    Code:
    copy %SystemRoot%\minidump\*.dmp "%USERPROFILE%\Desktop\"&dxdiag /t %Temp%\dxdiag.txt&copy %Temp%\dxdiag.txt "%USERPROFILE%\Desktop\SFdebugFiles\"&type %SystemRoot%\System32\drivers\etc\hosts >> "%USERPROFILE%\Desktop\hosts.txt"&systeminfo > "%USERPROFILE%\Desktop\systeminfo.txt"&driverquery /v > "%USERPROFILE%\Desktop\drivers.txt" &msinfo32 /nfo "%USERPROFILE%\Desktop\msinfo32.nfo"&wevtutil qe System /f:text > "%USERPROFILE%\Desktop\eventlog.txt"&reg export HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall "%USERPROFILE%\Desktop\uninstall.txt"&reg export "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components" "%USERPROFILE%\Desktop\installed.txt"&net start > "%USERPROFILE%\Desktop\services.txt"&REM wmic startup list full /format:htable >"%USERPROFILE%\Desktop\startup.html"&wmic STARTUP GET Caption, Command, User >"%USERPROFILE%\Desktop\startup.txt"

    Find the new text file on the destop > post a share link into the thread


    Run these malware scans > post share links into the thread:

    Remove Malware & Spyware with Anti-Malware Software | Superantispyware
    Free Virus Scan | Online Virus Scan from ESET | ESET
      My Computer


  9. Posts : 79
    win10 home 1903
    Thread Starter
       #19

    There suddenly appeared 7 text files on the desktop. Hope that is what you asked for
    One text file "eventlog" is 7.7MB and thus too big to upload. Do you want me to split it up?
    Win10 crashed, no Shortcuts. Is there a WinIni file in Win10 Attached Files
      My Computer


  10. Posts : 38,342
    windows 10 professional version 1607 build 14393.969 64 bit
       #20

    For the larger file please post share links using one drive, drop box, or google drive:
    Share OneDrive files and folders - Office Support


    If the computer has Ccleaner (do not install the software if it is not already installed) > click windows tab or custom clean > scroll down to system and advanced > post an image into the thread
      My Computer


 
Page 2 of 7 FirstFirst 1234 ... LastLast

  Related Discussions
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd
All times are GMT -5. The time now is 00:18.
Find Us




Windows 10 Forums