New
#21
Hi,
Looks like some health partitions with nothing on them
Merge with C.
2004 update windows 10 error 0x80070002
-
-
New #22
Many thanks for your help again.
If I would delete the EFI partition, would it be possible to resize the windows partition to use some of the free disk space available on the disk next to the current install?
Regards
MF
-
New #23
If you remove EFI partition, you won't be able to boot into your system any more.
-
New #24
Hi,
Not with windows
But you can do it with free mini tool
Have to get it here looks like the newest version contains some crapware dang it so don't update it when it asks
Download MiniTool Partition Wizard Free 11.5 for Windows - Filehippo.com
-
New #25
Many thanks again.
I can boot the system with the grub 2 boot partition.
I don't need the EFI one.
Regards
MF
-
New #26
If you down load minitool just watch panels as you install. Lots of unwanted crap. Love the tool, hate the crap.
-
New #27
1) Open administrative command prompt and type or copy and paste:
2) sfc /scannow
3) dism /online /cleanup-image /scanhealth
4) dism /online /cleanup-image /restorehealth
5) sfc /scannow
6) chkdsk /scan
7) wmic recoveros set autoreboot = false
8) wmic recoveros set DebugInfoType = 7
9) wmic recoveros get autoreboot
10) wmic recoveros get DebugInfoType
11) bcdedit /enum {badmemory}
12) When these have completed > right click on the top bar or title bar of the administrative command prompt box > left click on edit then select all > right click on the top bar again > left click on edit then copy > paste into the thread
13) In the left lower corner search type: system or system control > open system control panel > on the left pane click advanced system settings
a) > on the advanced tab under startup and recovery > click settings > post an image of the startup and recovery window into the thread
b) > on the advanced tab under performance > click on settings > on the performance options window > click on the advanced tab > under virtual memory > click on change > post an image of the virtual memory window into the thread
14) If the computer has Ccleaner (do not install the software if it is not already installed) > click windows tab or custom clean > scroll down to system and advanced > post an image into the thread
15) Run HD Tune (free version) (all drives)
HD Tune website
Post images into the thread for results on these tabs:
a) Health
b) Benchmark
c) Full error scan
16) Run Sea Tools for Windows
long generic test
Post an image of the test result into the thread
SeaTools for Windows |
Seagate
How to use SeaTools for Windows | Seagate Support US
17) Open administrative command prompt and type or copy and paste:
chkdsk /r /v
This may take hours to run so plan to run overnight.
Run on all drives using the syntax: chkdsk /r /v C: or chkdsk /r /v D: changing the drive letter to the applicable drive.
C:\Windows\system32>chkdsk /r /v
The type of the file system is NTFS.
Cannot lock current drive.
Chkdsk cannot run because the volume is in use by another
process. Would you like to schedule this volume to be
checked the next time the system restarts? (Y/N)
Type: Y
reboot
18) Use the information in this link to find the chkdsk report in the event viewer.
Copy and paste into notepad > save to desktop > post into the thread using one drive or drop box share link:
Read Chkdsk Log in Event Viewer in Windows 10 Windows 10 Performance Maintenance Tutorials
Read Chkdsk Log in Event Viewer in Windows 10
19) Open administrative command prompt and copy and paste: (all at one time)
Code:bcdedit /enum all regentc /info diskpart lis dis lis vol sel dis 0 det dis lis par sel par 1 det par sel par 2 det par sel par 3 det par sel par 4 det par sel par 5 det par sel par 6 det par sel par 7 det par sel par 8 det par sel par 9 det par sel par 10 det par sel par 11 det par sel par 12 det par sel dis 1 det dis lis par
20) Full error code:
Code:Error: 0x80070002 - 0x4001E
21) Run V2 > upload results directly into this thread
BSOD - Posting Instructions
22) Run this script > click OK > post a share link into this thread:
Code:function wh { Param ( [parameter (Mandatory = $true)][string]$txt ) Write-Host $txt -ForegroundColor Green -BackgroundColor Black -NoNewline ##Example usage wh "Alias for `n Write-Host" } ## End function wh function StartScript { ##Locating Temp Dir and writing Transcript $global:tempDir = [System.IO.Path]::GetTempPath() MD $tempDir\LOGS -EA SilentlyContinue CD $tempDir\LOGS $txtCount = Get-Item $tempDir/LOGS/*.TXT -EA SilentlyContinue if((Get-Host).Version.Major -cge 5) ##WIN7 Not Supported { if($txtCount.Count -cge 1) {Start-Transcript -Append -Path $tempDir/LOGS/Event-Search.TXT} Else{Start-Transcript -Path $tempDir\LOGS\Event-Search.TXT} } $global:explore = $tempDir + "LOGS\" $global:Ver = "1.6.3" wh "`nLog Collection... (V$Ver)`n" #clearing previous actions Stop-Job * #Initialize CheckBox Vars to $True/$False $Global:EventsCollect = $true; $Global:SetupDiagCollect = $true $Global:UpdatesCollect = $true; $Global:WLANCollect = $true $Global:PowerCollect = $true; $Global:GPCollect = $true $Global:miscCollect = $true; $Global:bingCollect = $true $Global:eventOut = $false #Clear Jobs Stop-Job * Remove-Job * } ## End function Start-Script function SetupDiagFunc { wh "`n Grabbing SetupDiag.exe ..." Invoke-WebRequest https://go.microsoft.com/fwlink/?linkid=870142 -OutFile $tempDir\SetupDiag.exe -TimeoutSec 3 -UseBasicParsing #check for successful download if((Get-Item $tempDir\SetupDiag.exe).length -gt 100000) { wh "`nSuccessful DL!" wh "`n Invoking SetupDiag.exe ..." $SetupDiag = {CMD.EXE /C "%temp%\setupdiag.exe /Verbose /Output:%temp%\SetupDiag-Log.txt"} ## Kick-Off SetupDiagJob Start-Job -Name SetupDiagJob -ScriptBlock $SetupDiag }Else{Write-Host "`nDownload of SetupDiag.exe Failed!" -BackgroundColor RED } } ## End Function SetupDiagFunc function EventSearch { wh "`n Starting EventSearch Job-Function ...`n" ## Gathering Events from System using Get-WinEvent via Job $EventSearchJob = { $evtPaths = Get-Item C:\Windows\System32\Winevt\Logs\*.evtx -Exclude "*PowerShell*", "*known folders*" | Select-Object FullName $i = $evtPaths.Count $x = 0 ##For 1st Loop do Until x = i $events = @() $gatherEvents = @() $eventsArray = @() $searchResult = @() $MaxEvents = 99 #Loading/Gathering Events Loop... do { ##Getting Events w/ Get-WinEvent $gatherEvents = Get-WinEvent -Path $evtPaths[$x].FullName -MaxEvents $MaxEvents -EA SilentlyContinue $events = $events + $gatherEvents $x++ } Until ($x -eq $i) $x = $x +1 ##Total Events Found! $eventsLength = $events.Length ##Total events catalogged! $xx = 0 # Write Event Properties to a row and roll it out - Collapsing Array ... do { $date = $events[$xx].TimeCreated | Get-Date -Format "yyyyMMdd".ToString() -EA SilentlyContinue ##EA SC for Blank Entries $eventRow = new-object PSObject -Property @{ Date = $date; Id = $events[$xx].Id; Level = $events[$xx].LevelDisplayName; Provider = $events[$xx].ProviderName; Message = $events[$xx].Message; } $cRow = $date + " " + "ID:" + $events[$xx].Id + " " + "Level:" + $events[$xx].LevelDisplayName + " " + "Provider:" + $events[$xx].ProviderName + " " + "Message:" + $events[$xx].Message $eventsArray += $cRow $xx++ $d++ } Until ($xx -eq $events.Length) ##Looking for patterns error or fail in $eventsArray $search = $eventsArray | Select-String -pattern ("error|fail") Return $search ## | Write-Output ##Output for job } ## End $EventSearchJob Start-Job -Name EventSearchJob -ScriptBlock $EventSearchJob } ## End function Event-Search function writeSearch ## { ##Event Logs Cont. MD $tempDir\LOGS\EVTX\ -EA SilentlyContinue ##output to file $search | Group-Object | Sort-Object Count -Descending | Format-Table Count, Name -Wrap > TOP-ERRORS.TXT $search > $tempDir\LOGS\SEARCH.TXT if($Global:eventOut -eq $True) { $search | Group-Object | Sort-Object Count -Descending | Select-Object -Property Count, Name | Out-GridView -Title "Top `"Errors`" via EVTX - V-$Ver" } wh "`n Collecting Matching EVTX Entries ...`n" #Collecting all prev matching EVTX #$evtx = Get-ChildItem C:\Windows\System32\Winevt\Logs\*.evtx $evv = 0 $providerName = (($search | Select-String "Provider:.*Message:").Matches.Value -Replace " Message:", "" -Replace "Provider:", "" | Group-Object ).Name #Converting Provider Name to Log Name $providerName = (($providerName | ForEach-Object {Get-WinEvent -ProviderName $_ -MaxEvents 1 -EA SilentlyContinue}).LogName | Group-Object).Name $providerName = $providerName -replace "Microsoft.", "" $providerName = $providerName -replace "Windows.", "" $providerName = $providerName -replace "`/.*$", "" $evtx = $providerName | foreach{Get-ChildItem "C:\Windows\System32\winevt\logs\*$_*"} Do{ COPY $evtx[$evv].PSPath $tempDir\LOGS\EVTX\ $evv++ } Until($evv -eq $evtx.Count) } #End function writeSearch function GetUpdates { wh "`n Starting Get-WindowsUpdateLog Job-Function ...`n" $updateJob = {get-WindowsUpdateLog} if((Get-Host).Version.Major -cge 5) ##Modern Gatherer { Start-Job -Name GetUpdates -ScriptBlock $updateJob } ##Legacy Gatherer CP C:\Windows\WindowsUpdate.log $tempDir\LOGS\WindowsUpdate.log ##Installed-Updates/Packages Get-WmiObject win32_quickfixengineering > $tempDir\LOGS\Installed_Updates.TXT Get-WmiObject Win32_OperatingSystemQFE >> $tempDir\LOGS\Installed_Updates.TXT DISM /Online /Get-Packages /Format:Table >> $tempDir\LOGS\Installed_Updates.TXT } ## End function Get-Updates function PrinterCheck { wh "`n Getting Printer Information ..." get-printer | ft Name, ComputerName, Type, DriverName, PortName, Datatype, Location, DriverName > $tempDir\LOGS\Printers.TXT get-printerDriver | fl >> $tempDir\LOGS\Printers.TXT Get-ChildItem -Recurse Registry::"HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows NT x86\Drivers" | Out-File $tempDir\LOGS\Printers.TXT -Append Get-ChildItem -Recurse Registry::"HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers" | Out-File $tempDir\LOGS\Printers.TXT -Append Get-ChildItem -Recurse Registry::"HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors" | Out-File $tempDir\LOGS\Printers.TXT -Append write-output "## CBS ntprint CHECK ##" >> $tempDir\LOGS\Printers.TXT $cbsCheck = (Get-ChildItem C:\Windows\Logs\CBS\*cbs* -Recurse | select-string -Pattern "E_INVALIDARG in eventsXml.*Microsoft-Windows-PrintService") if($cbsCheck.Count -eq 0){Write-Output "## NO MATCHES IN CBS ##" >> $tempDir\LOGS\Printers.TXT} Else{$cbsCheck | Group-Object >> $tempDir\LOGS\Printers.TXT} write-output "## ntprint.dll CHECK ##" >> $tempDir\LOGS\Printers.TXT (Get-ChildItem C:\Windows\System32\ntprint.dll).VersionInfo | ft -AutoSize >> $tempDir\LOGS\Printers.TXT (Get-ChildItem C:\Windows\SysWOW64\ntprint.dll).VersionInfo | ft -AutoSize >> $tempDir\LOGS\Printers.TXT } ## End function PrinterCheck function UpdateHelper { if((Get-Host).Version.Major -cge 5) { $winupdatelog = get-item $tempDir\LOGS\windows-update.log ##WIN-10 File MD $tempDir\LOGS\Windows\Logs\WindowsUpdate\ -EA SilentlyContinue | Out-Null CP C:\Windows\Logs\WindowsUpdate\*.etl $tempDir\LOGS\Windows\Logs\WindowsUpdate\ -EA SilentlyContinue } Else{$winupdatelog = get-item $tempDir\LOGS\windowsupdate.log} ##LEGACY File $updateError = ($winupdatelog | select-string -pattern "error.*0x........"); $updateErrorSplit = $updateError -Split " " $updateErrorCount = (($updateErrorSplit | select-string -pattern "0x........") -Replace "[(),'`.:]", "" -Replace "hr=", ""); $updateErrorCount | Group-Object | Sort-Object Count -Descending | Format-Table Count, Name | Out-File $tempDir\LOGS\UPDATE-ERRORS.TXT -Width 999 $updateError >> UPDATE-ERRORS.TXT if($updateError.length -eq 0){"No `"error.*0x........`" patterns Found in Windows-Update.log" | Out-File $tempDir\LOGS\UPDATE-ERRORS.TXT} ($winupdatelog | Select-String "KB\d\d\d\d\d\d\d" | Select-string "fail") | Out-file $tempDir\LOGS\UPDATE-ERRORS.TXT -Append -width 999 } ## End function UpdateHelper function getProcesses { wh "`nGetting Active Process ...`n" Get-Process > $tempDir\LOGS\Running-Processes.TXT CMD.EXE /C "tasklist /svc" | Out-File -Append $tempDir\LOGS\Running-Processes.TXT } ## End function getProcesses function GetApps { wh "`n Getting List of Installed Apps...`n" Get-WmiObject -Class Win32_Product | Format-Table -Property Name, Version, Vendor > $tempDir\LOGS\Installed-Apps.TXT Get-AppxPackage | ft Name, Version, InstallLocation, IspArtiallyStaged, SignatureKind, Status >> $tempDir\LOGS\Installed-Apps.TXT } ## End function GetApps function SetupLogs { wh "`nGetting Windows Setup Logs Independent of SetupDiage.exe...`n" MD $tempDir\LOGS\SETUP\ -EA SilentlyContinue dir C:\ > $tempDir\LOGS\Dir_Structure.txt ## Main Setup Collection if($env:SystemDrive -eq 'C:') ##Verify SystemDrive { $SetupPaths = @() $locations = @( 'C:\GetCurrent', 'C:\$Reset', 'C:\$SysReset', 'C:\$Windows.~BT', 'C:\$Windows.~WS', 'C:\Windows\Logs\', 'C:\Windows\Panther\', 'C:\Windows\inf\', 'C:\Windows\System32\LogFiles\', 'C:\Windows\System32\SysPrep\', 'C:\Windows10Upgrade', 'C:\Windows.old\Windows\Panther') for($i = 0; $locations.count -gt $i; $i++) { if((get-item $locations[$i] -Force -EA SilentlyContinue).length -gt 0) ##Null Path Check -Force for Hidden { CD $locations[$i] ##Search includes setuperr/setupact only $SetupPaths += Get-ChildItem * -Force -Recurse -Include setuperr.log, setupact.log, miglog.xml, *APPRAISER_Humanreadable.xml -EA SilentlyContinue } } $cleanPaths = @() for($i = 0; $SetupPaths.count -gt $i; $i++) { $cleanPaths += $SetupPaths[$i].PSParentPath.ToString() -replace "Microsoft\.PowerShell\.Core\\FileSystem\:\:C\:\\", "" } CD $tempDir\LOGS\SETUP\ MD $cleanPaths -Force CD $tempDir\LOGS\ for($i = 0; $SetupPaths.count -gt $i; $i++) { $destPath = "$tempDir\LOGS\SETUP\" + $cleanPaths[$i] $copyPathLog = ($SetupPaths[$i].ToString()) Copy $copyPathLog -Destination $destPath } }Else{Write-Host "`nSystem Drive is not C:... Setup Collection Aborted!`n"} ## End Main Setup Collection ## Setup Reg Output Get-ChildItem HKLM:\SYSTEM\SETUP\ | Out-File $tempDir\LOGS\SETUP\HKLM_SYSTEM_SETUP-OOBE.TXT Get-ChildItem HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\OOBE\Me* -recurse -EA SilentlyContinue | Out-File $tempDir\LOGS\SETUP\HKLM_SYSTEM_SETUP-OOBE.TXT -Append Get-Childitem HKLM:SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate | Out-File $tempDir\LOGS\SETUP\HKLM_SYSTEM_SETUP-OOBE.TXT -Append ## SetupAct String Search $setupRegx = @("MOUPG SetupHost..Initialize:", "============================", (Get-ChildItem $tempDir\LOGS\*setupact.log -Recurse | Select-String "MOUPG SetupHost..Initialize. CmdLine"), "", "MOUPG Setup build & Host OS Build:", "==================================", "", (Get-ChildItem $tempDir\LOGS\*setupact.log -Recurse | Select-String "MOUPG SetupHost..Setup build"), "...", (Get-ChildItem $tempDir\LOGS\*setupact.log -Recurse | Select-String "MOUPG Host OS"), "", "Watson Parameters (4&5):", "=======================", "", (Get-ChildItem $tempDir\LOGS\*setupact.log -Recurse | Select-String "Watson Bucketing Parameters\[[4-5]\]" ), "", "\[0x........\]Error:", "==================", "", (Get-ChildItem $tempDir\LOGS\*setupact.log -Recurse | Select-String "\[0x........\]\[0x.....\]"), "", "`"FATAL`":", "======", "", (Get-ChildItem $tempDir\LOGS\*setupact.log -Recurse | Select-String "FATAL" | Select-String -NotMatch "FatalExecutionEngineError" | Select-String -NotMatch "non-fatal"), "", "`"Error `":", "===========", "", (Get-ChildItem $tempDir\LOGS\*setupact.log -Recurse | Select-String "Error "), "", "MIGRATE.*DATA:", "==============", "", (Get-ChildItem $tempDir\LOGS\*setupact.log -Recurse | Select-String "MIGRATE.*DATA"), "" ) $q=0 Do {$setupRegx[$q] | Out-File $tempDir\LOGS\SETUP\SetupAct-Regex.TXT -Append -Width 999 ##spool out results $q++ }Until($q -eq $setupRegx.Count) } ## End function SetupLogs function powerCFGInfo { MD $tempDir\LOGS\POWER\ -EA SilentlyContinue | Out-Null wh "`n Grabbing PowerCFG, Sleep & Battery Info ...`n" ("`n" + "Available Sleep States (/A): `r" + "`n" +"============================`r" + "`r").ToString() | Out-File -Encoding ascii $tempDir\LOGS\POWER\POWERCFG_INFO.txt powercfg /a | Out-File -Append -encoding ascii $tempDir\LOGS\POWER\POWERCFG_INFO.txt ("`n" + "-DeviceQuery Wake_Armed: `r" + "`n" +"========================`r" + "`r").ToString() | Out-File -Append -Encoding ascii $tempDir\LOGS\POWER\POWERCFG_INFO.txt powercfg -devicequery wake_armed | Out-file -Append -encoding ascii $tempDir\LOGS\POWER\POWERCFG_INFO.txt ("`n" + "Last Wake (-lastwake): `r" + "`n" +"=====================`r" + "`r").ToString() | Out-File -Append -Encoding ascii $tempDir\LOGS\POWER\POWERCFG_INFO.txt powercfg -lastwake | Out-file -Append -encoding ascii $tempDir\LOGS\POWER\POWERCFG_INFO.txt ("`n`r").ToString() | Out-File -Append -Encoding ascii $tempDir\LOGS\POWER\POWERCFG_INFO.txt ("`n" + "-Requests: `r" + "`n" +"==========`r" + "`r").ToString() | Out-File -Append -Encoding ascii $tempDir\LOGS\POWER\POWERCFG_INFO.txt powercfg -requests | Out-file -Append -encoding ascii $tempDir\LOGS\POWER\POWERCFG_INFO.txt $powerList = powercfg -list $powerList | Out-File -Append -encoding ascii $tempDir\LOGS\POWER\POWERCFG_INFO.txt $powerActive = $powerList | select-string "\*" | powercfg /QH "$_" ("`n`r").ToString() | Out-File -Append -Encoding ascii $tempDir\LOGS\POWER\POWERCFG_INFO.txt ("`n" + "Active Power Scheme Details: `r" + "`n" +"============================`r" + "`r").ToString() | Out-File -Append -Encoding ascii $tempDir\LOGS\POWER\POWERCFG_INFO.txt $powerActive | Out-File -Append -encoding ascii $tempDir\LOGS\POWER\POWERCFG_INFO.txt if((Get-Host).Version.Major -cge 5) ##WIN7 Does not Support powercfg /battery /sleepstudy { $ifbattery = Get-WmiObject win32_battery if ( $ifbattery.__SERVER.count -cge 1 ) { CMD.EXE /C "powercfg /batteryreport /output %temp%\LOGS\POWER\battery-report.html" } CMD.EXE /C "powercfg /sleepstudy /output %temp%\LOGS\POWER\sleepstudy-report.html" } CMD.EXE /C "powercfg /ENERGY /duration 10 /output %temp%\LOGS\POWER\energy-report.html" } ## End function powerCFGInfo function sysProductCheck { wh "`n Getting SystemProductName ...`n" ##SystemInformation Reg reg query HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SystemInformation\ /v SystemProductName > $tempDir\LOGS\REG_SystemProductName.TXT Get-WmiObject Win32_ComputerSystem > $tempDir\LOGS\WMI_Object_System.TXT Get-WmiObject Win32_ComputerSystemProduct >> $tempDir\LOGS\WMI_Object_System.TXT } ## End functions sysProductCheck function showWLAN { wh "Generating NETSH WLAN Report...`n" $showWLANjob = { CMD.EXE /c "netsh wlan show networks mode=ssid > %temp%\LOGS\Network\wlan.txt" CMD.EXE /c "netsh wlan show networks mode=bssid >> %temp%\LOGS\Network\wlan.txt" CMD.EXE /c "netsh winhttp show proxy > %temp%\LOGS\Network\proxy.txt" CMD.EXE /c "netsh wlan show wlanreport & COPY C:\ProgramData\Microsoft\Windows\wlanReport\wlan-report-latest.html %temp%\LOGS\Network\wlan-report-latest.html" ##WIN7 Does not Support netsh wlanreport } Start-Job -Name showWLAN -ScriptBlock $showWLANjob } ## End function sysProductCheck function getGPRESULT { wh "`nGetting GPRESULT...`n" CMD.EXE /C "GPRESULT /V > %temp%\LOGS\GPRESULT.TXT" } ## End function getGPRESULT function reservedCheck { $reservedJob = { $vol = (mountvol /L | select-string -Pattern "\\\\") $volstring = "mountvol y:" + $vol[0] CMD.EXE /C $volstring SLEEP 2 CMD.EXE /C "CHKDSK y: > %temp%\LOGS\SystemReserved.TXT" SLEEP 2 # Pause after drive dismount CMD.EXE /C "mountvol y: /D" } Start-Job -Name reservedJob -ScriptBlock $reservedJob } ## End function reservedCheck function fltmcCheck { wh "`n Getting fltmc Filters ...`n" CMD.EXE /c "fltmc filters > %temp%\LOGS\fltmc_filters.TXT" } ## End function fltmcCheck function getDXDiag { wh "`n Grabbing DXDiag Info...`n" C:\Windows\System32\dxdiag /x $explore\DxDiag } ## End function getDXDiag function getMSINFO { wh "`n Gathering MSINFO32 ...`n" ## check if msinfo is already gathering - if so stop If((get-process | select-string -Pattern "msinfo").Pattern -eq "msinfo") {Stop-Process -ProcessName msinfo32} C:\Windows\System32\msinfo32.exe /nfo $tempDir/LOGS/MSINFO32.NFO } ## End function getMSINFO function getAV { if((Get-Host).Version.Major -cge 5) ##Modern OS Only { wh "`n Grab root\SecurityCenter2 AntivirusProduct ...`n" $avPath = (Get-WmiObject -Namespace root\SecurityCenter2 -Class AntivirusProduct) | % {$_.pathtoSignedProductEXE} "AV Info" + "`n========" | Out-File $tempDir/LOGS/SecurityProductInformation.TXT $avPath | Out-File $tempDir/LOGS/SecurityProductInformation.TXT -Append if($avPath[0] -match "exe") { $path = (Get-Item $avPath[0]).PSParentPath Get-Item $path/*.ini | Out-File $tempDir/LOGS/SecurityProductInformation.TXT -Append Get-Content $path/*.ini | Out-File $tempDir/LOGS/SecurityProductInformation.TXT -Append } Get-ChildItem "HKLM:\SOFTWARE\Policies\Microsoft\Windows Defender\" -recurse -EA SilentlyContinue | Out-File $tempDir/LOGS/SecurityProductInformation.TXT -Append } } ## End function getAV function getDrivers { wh "`n Grabbing Driver listing via DISM.EXE ...`n" $drivers = cmd.exe /C "dism /online /get-drivers /format:table" $drivers += cmd.exe /C "dism /online /get-drivers /all /format:table" $drivers | Out-File $tempDir/LOGS/DISM-Get-Drivers.TXT wh "`n Done!`n" } ## End Function getDrivers function getMISCLogs { wh "`nCopying misc. logs ...`n" MD $tempDir\LOGS\WER\ -EA SilentlyContinue MD $tempDir\LOGS\Windows\Logs\WindowsUpdate\ -EA SilentlyContinue CP "C:\Users\All Users\Microsoft\Windows\WER\ReportArchive\*" $tempDir\LOGS\WER\ -Recurse -EA SilentlyContinue CP "C:\Windows\Logs\CBS\*cbs*" $tempDir\LOGS\Windows\Logs\ CP "C:\Windows\Logs\DISM\*dism*" $TempDir\LOGS\Windows\Logs\ CP "C:\Windows\Logs\WindowsUpdate\*" $TempDir\LOGS\Windows\Logs\WindowsUpdate\ #DMP Collect $dmp = @() $dmp += Get-ChildItem C:\Windows\*.dmp $dmp += (Get-ChildItem C:\Windows\LiveKernelReports\*.dmp -Recurse -EA SilentlyContinue) $dmp += (Get-ChildItem C:\Windows\Minidump\*.dmp -Recurse -EA SilentlyContinue) #Validate empty array if($dmp.length -ne 0) { $dd=0 Do{ If($dmp[$dd].length -lt 2000000) { $destPath = $dmp[$dd].PSParentPath.Replace('C:\', '').Replace('Microsoft.PowerShell.Core\FileSystem::', '') MD $destPath -EA SilentlyContinue COPY -Path $dmp[$dd].PSPath -Destination $destPath } $dd++ } Until($dd -eq $dmp.Count) } #disk info "`nGet-Disk:`n=========" > $tempDir\LOGS\Disk-Info.TXT Get-Disk |fl >> $tempDir\LOGS\Disk-Info.TXT "`nGet-Partition:`n==============" >> $tempDir\LOGS\Disk-Info.TXT Get-Partition >> $tempDir\LOGS\Disk-Info.TXT Manage-bde -protectors -get C: >> $tempDir\LOGS\Disk-Info.TXT "`nIO Fail Search:`n===============`n" >> $tempDir\LOGS\Disk-Info.TXT $search | Select-String ".*io.fail.*" | Select-String -NotMatch '0, 0, 0, 0' >> $tempDir\LOGS\Disk-Info.TXT } ## End function getMISCLogs function bingCollect { ##O365 Firewall Check & Bing.com diagnostics.asp ##URIs based on Article: ##https://support.office.com/en-us/article/Network-requests-in-Office-365-ProPlus-and-Mobile-eb73fcd1-ca88-4d02-a74b-2dd3a9f3364d MD $TempDir\LOGS\Network\ -EA SilentlyContinue wh "Performing Bing & O365 URI Check ... `n" $bingCheck = (Invoke-WebRequest -Uri https://www.bing.com/fdv2/diagnostics.aspx -UseBasicParsing) $bingCheck | Out-File $tempDir\LOGS\Network\O365-URL-Query.TXT $URIs = @('api.login.microsoftonline.com', #0 Standard Reply = 403 'api.passwordreset.microsoftonline.com', #1 Standard Reply = 200 'becws.microsoftonline.com', #2 Standard Reply = 403 'clientconfig.microsoftonline-p.net', #3 Standard Reply = 404 'companymanager.microsoftonline.com', #4 Standard Reply = 403 'device.login.microsoftonline.com', #5 Standard Reply = 200 'graph.microsoft.com', #6 Standard Reply = 404 'hip.microsoftonline-p.net', #7 Standard Reply = 404 'hipservice.microsoftonline.com', #8 Standard Reply = 404 'login.microsoft.com', #9 Standard Reply = 200 'login.microsoftonline.com', #10 Standard Reply = 200 'logincert.microsoftonline.com', #11 Standard Reply = 200 'loginex.microsoftonline.com', #12 Standard Reply = 200 'login-us.microsoftonline.com', #13 Standard Reply = 200 'login.microsoftonline-p.com', #14 Standard Reply = 200 'login.windows.net', #15 Standard Reply = 200 'nexus.microsoftonline-p.com', #16 Standard Reply = 403 'passwordreset.microsoftonline.com', #17 Standard Reply = 200 'provisioningapi.microsoftonline.com', #18 Standard Reply = 403 'stamp2.login.microsoftonline.com', #19 Standard Reply = 200 'ccs.login.microsoftonline.com', #20 Standard Reply = 401 'ccs-sdf.login.microsoftonline.com', #21 Standard Reply = 401 'accounts.accesscontrol.windows.net', #22 Standard Reply = 200 'secure.aadcdn.microsoftonline-p.com', #23 Standard Reply = 400 'windows.net', #24 Standard Reply = 200 'phonefactor.net', #25 Standard Reply = 200 'account.activedirectory.windowsazure.com', #26 Standard Reply = 404 'secure.aadcdn.microsoftonline-p.com', #27 Standard Reply = 400 'login.windows.net', #28 Standard Reply = 200 'provisioningapi.microsoftonline.com', #29 Standard Reply = 403 'mscrl.microsoft.com', #30 Standard Reply = 400 'secure.aadcdn.microsoftonline-p.com', #31 Standard Reply = 400 'windowsupdate.microsoft.com', #32 Standard Reply = 200 'update.microsoft.com', #33 Standard Reply = 200 'au.download.windowsupdate.com', #34 Standard Reply = 200 'download.windowsupdate.com', #35 Standard Reply = 200 'download.microsoft.com', #36 Standard Reply = 200 'tlu.dl.delivery.mp.microsoft.com'); #37 Standard Reply = 403 $count = 0; $queryResult =@{}; Write-Host "Checking URIs .." -NoNewline Do { Try{ $queryResult[$count] = (Invoke-WebRequest -Uri ("http:`/`/" + $URIs[$count]) -Method Head -UseBasicParsing -TimeoutSec 2).RawContent }Catch{ $catch = $_ } if($queryResult[$count].Count -eq 0) {$queryResult[$count] = ($catch[$catch.count -1].ToString()).Replace("`n", " ")} Write-Host "." -NoNewline $count++ }Until ($count -eq ($URIs.Count)); Write-Host "." Get-Date | Out-File $tempDir\LOGS\Network\O365-URL-Query.TXT -Append $queryResult | Out-File $tempDir\LOGS\Network\O365-URL-Query.TXT -Append Write-Host " Bing Check", `n, "==========" | Out-File $tempDir\LOGS\Network\O365-URL-Query.TXT -Append wh "`n`n`n`URL Check Finished...`n" } function smbConfig { $CMDs = { cmd.exe /c "net config server" cmd.exe /c "net config workstation" Get-SmbClientNetworkInterface Get-SmbServerConfiguration Get-SmbClientConfiguration Get-ChildItem "HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer" Get-NetAdapterAdvancedProperty | ft } ForEach-Object{Invoke-Command $CMDs | Out-File $TempDir\LOGS\NETWORK\$env:COMPUTERNAME-SMB-Config.TXT -Append} $share = Get-SmbShare ForEach-Object{Get-SmbShareAccess $share.Name | ft | Out-File $tempDir\LOGS\NETWORK\$env:COMPUTERNAME-SMB-Config.TXT -Append} } ## End Function smbConfig function regLang { DISM.EXE /Online /Get-Intl | Out-File $tempDir\LOGS\Reg-Lang.TXT "`n","Get-WinUserLanguageList","=======================" | Out-File $tempDir\LOGS\Reg-Lang.TXT -Append Get-WinUserLanguageList | Out-File $tempDir\LOGS\Reg-Lang.TXT -Append "`n","Get-WinLanguageBarOption","========================" | Out-File $tempDir\LOGS\Reg-Lang.TXT -Append Get-WinLanguageBarOption | Out-File $tempDir\LOGS\Reg-Lang.TXT -Append } function autoRotate { Get-ChildItem HKLM:SOFTWARE\Microsoft\Windows\CurrentVersion\Auto* | Out-File $tempDir\LOGS\AutoRotate.TXT } function checkBoxes { Add-Type -AssemblyName System.Windows.Forms Add-Type -AssemblyName System.Drawing $Global:form = New-Object System.Windows.Forms.Form $Global:form.Text = "LOGS-V$ver" $Global:form.Size = New-Object System.Drawing.Size(300,400) $Global:form.StartPosition = 'CenterScreen' $OKButton = New-Object System.Windows.Forms.Button $OKButton.Location = New-Object System.Drawing.Point(100,300) $OKButton.Size = New-Object System.Drawing.Size(75,23) $OKButton.Text = 'OK' $OKButton.DialogResult = [System.Windows.Forms.DialogResult]::OK $Global:form.AcceptButton = $OKButton $Global:form.Controls.Add($OKButton) $Global:form.ControlBox = $false $Global:boxNum = 1 $Global:checkBox = @{} #hash for $checkBox $tag = @{} #hash for $label $Global:Box = @{} function createCheckBox { Param ( [parameter (Mandatory = $true)][string]$name, [parameter (Mandatory = $true)][string]$label ) $drawingPoint = (50 + ($boxNum *25)) $Global:checkBox[$boxNum] = New-Object System.Windows.Forms.CheckBox $Global:checkBox[$boxNum].Location = New-Object System.Drawing.Point(10,$drawingPoint) $Global:checkBox[$boxNum].Size = New-Object System.Drawing.Size(15,15) $Global:checkBox[$boxNum].Text = '' $Global:checkBox[$boxNum].Checked = $true $Global:form.Controls.Add($checkBox[$boxNum]) #SetupDiag Label $tag[$boxNum] = New-Object System.Windows.Forms.Label $tag[$boxNum].Location = New-Object System.Drawing.Point(40,$drawingPoint) $tag[$boxNum].Size = New-Object System.Drawing.Size(280,20) $tag[$boxNum].Text = "$label" $Global:form.Controls.Add($tag[$boxNum]) $Global:boxNum ++ } #End nested function createCheckBox createCheckBox -name "EV" -label "EventSearch EventLog Helper" #1 createCheckBox -name "SD" -label "SetupDiag.EXE Setup Diagnostics" #2 createCheckBox -name "WU" -label "Get-WindowsUpdateLog Collection" #3 createCheckBox -name "IP" -label "Network Information" #4 createCheckBox -name "PW" -label "POWERCFG. Sleep & Battery Info" #5 createCheckBox -name "GP" -label "GPResult Info" #6 createCheckBox -name "MS" -label "General Machine Info" #7 createCheckBox -name "EO" -label "EventSearch Out-GridView" #8 #Checkbox State Changes $Global:checkBox[1].Add_CheckStateChanged( { if($Global:checkBox[1].checked -eq $True){ $Global:EventsCollect = $true ; Write-Host "." -nonewline} Else{ $Global:EventsCollect = $false } }) $Global:checkBox[2].Add_CheckStateChanged( { if($Global:checkBox[2].checked -eq $True){ $Global:SetupDiagCollect = $true ; Write-Host "." -nonewline} Else{ $Global:SetupDiagCollect = $false } }) $Global:checkBox[3].Add_CheckStateChanged( { if($Global:checkBox[3].checked -eq $True){ $Global:UpdatesCollect = $true ; Write-Host "." -nonewline} Else{ $Global:UpdatesCollect = $false } }) $Global:checkBox[4].Add_CheckStateChanged( { if($Global:checkBox[4].checked -eq $True){ $Global:WLANCollect = $true ; Write-Host "." -nonewline} Else{ $Global:WLANCollect = $false } }) $Global:checkBox[5].Add_CheckStateChanged( { if($Global:checkBox[5].checked -eq $True){ $Global:PowerCollect = $true ; Write-Host "." -nonewline} Else{ $Global:PowerCollect = $false } }) $Global:checkBox[6].Add_CheckStateChanged( { if($Global:checkBox[6].checked -eq $True){ $Global:GPCollect = $true ; Write-Host "." -nonewline} Else{ $Global:GPCollect = $false } }) $Global:checkBox[7].Add_CheckStateChanged( { if($Global:checkBox[7].checked -eq $True){ $Global:miscCollect = $true ; Write-Host "." -nonewline} Else{ $Global:miscCollect = $false } }) $Global:checkBox[8].Add_CheckStateChanged( { if($Global:checkBox[8].checked -eq $True){ $Global:eventOut = $true ; $Global:checkBox[1].checked = $true; Write-Host "x" -nonewline} Else{ $Global:eventOut = $false } }) $Global:checkBox[8].Checked = $false $mainText = New-Object System.Windows.Forms.Label $mainText.Location = New-Object System.Drawing.Point(62,30) $mainText.Size = New-Object System.Drawing.Size(260,20) $mainText.Text = 'Choose which logs to collect:' $Global:form.Controls.Add($mainText) $result = $Global:form.ShowDialog() SLEEP 1 #testing Topmost lag $Global:form.Topmost = $true #OK Button ... if ($result -eq [System.Windows.Forms.DialogResult]::OK) { $x = $textBox.Text $x } } #End function checkBoxes Function werHint { $WERs = Get-ChildItem $tempDir\LOGS\WER\*.wer -Recurse $WERArray = @() $Date = $WERs | Select-String -pattern "eventtime=" | % {$_ -Replace("C:.*EventTime=", "")} $eventType = $WERs | Select-String -pattern "EventType=" | % {$_ -Replace("C:.*EventType=", "")} $Sig0Nam = $WERs | Select-String -pattern "Sig\[0\].Name" | % {$_ -Replace("C:.*Sig\[0\].Name=", "")} $Sig0Val = $WERs | Select-String -pattern "Sig\[0\].Value" | % {$_ -Replace("C:.*Sig\[0\].Value=", "")} $Sig3 = $WERs | Select-String -pattern "Sig\[3\].Value" | % {$_ -Replace("C:.*Sig\[3\].Value=", "")} $Sig3 = $WERs | Select-String -pattern "Sig\[3\].Value" | % {$_ -Replace("C:.*Sig\[3\].Value=", "")} $Sig4 = $WERs | Select-String -pattern "Sig\[4\].Value" | % {$_ -Replace("C:.*Sig\[4\].Value=", "")} #ConvertDateTime $epoch = [datetime]"01/01/1601 00:00" $date = $date | foreach{$epoch.AddSeconds($_/10000000)} $convertedDate = foreach($Date in $Date) {Get-Date $Date -Format G} $WERarray = 0..($convertedDate.Length -1) | Select-Object @{n="Id";e={$_}}, @{n="Date";e={$convertedDate[$_]}}, @{n="EventType";e={$eventType[$_]}}, @{n="S0-Name";e={$Sig0Nam[$_]}}, @{n="S0-Value";e={$Sig0Val[$_]}}, @{n="S3";e={$Sig3[$_]}}, @{n="S4";e={$Sig4[$_]}} $WERArray |Sort-Object -Descending Date | ft -autosize Date, EventType, S0-Name, S0-Value, S3, S4 | Out-File $tempDir\LOGS\WER-SUMMARY.TXT -Width 500 } ## End Function werHint ### FUNCTIONS_INIT ### $Script:Cancel = @{} StartScript #function checkBoxes ## SetupDiagCollect #2 if($Global:SetupDiagCollect -eq $True) { SetupDiagFunc #function & job wh "...`n" } ## EventSearch #1 if($Global:EventsCollect -eq $True) { EventSearch #function & job wh "...`n" } ## Get-WindowsUpdate #3 if($Global:UpdatesCollect -eq $True) { GetUpdates #function & job wh "...`n`n" } ## WLAN/Wifi Collect #4 if($Global:WLANCollect -eq $True) { bingCollect #function wh "...`n" showWLAN #function & job wh "...`n" smbConfig #function } ## Power/Battery Collect:#5 if($Global:PowerCollect -eq $True) { powerCFGInfo #function - make job takes a min wh "...`n" } ## GPRESULT Collection: #6 if($Global:GPCollect -eq $True) { getGPRESULT #function wh "...`n" } ## Misc Logs Collection: #7 if($Global:miscCollect -eq $True) { getMSINFO #function & job wh "...`n" PrinterCheck #function wh "...`n" getProcesses #function wh "...`n" getApps #function - make job - takes a min wh "...`n" SetupLogs #function wh "...`n" sysProductCheck #function wh "...`n" reservedCheck #function wh "...`n" fltmcCheck #function wh "...`n" getDXDiag #function wh "...`n" regLang #function wh "...`n" autoRotate #function getMISCLogs #function wh "...`n" getDrivers #function wh "...`n" getAV #function wh "...`n" } #### RECEIVING JOBS SECTION ###... #EventSearchJob if($Global:EventsCollect -eq $True) { wh "`nWaiting for EventSearchJob to complete...`n" Receive-Job -Name EventSearchJob -OutVariable eventSearch -Wait $search = $eventSearch.Line } if($Global:SetupDiagCollect -eq $True) { #SetupDiagJob - Receive-Job $stamp = (Get-Date -format "hh:mm tt") wh "`nWaiting for SetupDiagJob to complete..." wh "`nTime Stamp: $stamp" wh "`nThis can take up to 10 minutes ..." Do{ SLEEP 15 wh "." if((Get-Job -name SetupDiagJob).State -eq "Completed") { Receive-Job -Name SetupDiagJob wh "`nSetupDiag Completed!" Break } }Until($Cancel.SetupDiag -eq $True) wh `n #Receive file and copy Receive-Job -Name SetupDiagJob -Wait Copy-Item $tempDir\Logs*.zip $tempDir\LOGS\SetupDiag-Log.zip Copy-Item $tempDir\setupdiag*.log $tempDir\LOGS\ Remove-Item $tempDir\Logs*.zip } if($Global:UpdatesCollect -eq $True) { #GetUpdates Job via: #UpdateHelper <--- GetUpdates Job has to finish first! #Checking Status of GetUpdates Job... wh "Checking Status of GetUpdates Job...`n" If ((Get-Job -Name GetUpdates).State -eq "Failed") { wh "`nGetUpdates Job Failed!`n" } Else{ Receive-Job -Name GetUpdates -wait Move $env:USERPROFILE\Desktop\WindowsUpdate.log $TempDir\LOGS\Windows-Update.log -Force wh "`n Writing Update Helper Info to UPDATE-ERRORS.TXT ... `n" UpdateHelper #run the update helper function } } #End getting GetUpdates-job #Finishing EventSearch if($Global:EventsCollect -eq $True) { writeSearch #function } #Wait on MSINFO... if($Global:miscCollect -eq $True) { wh "`n Waiting for MSINFO32 to Complete ...`n" do{ start-sleep 1 } Until((get-process | select-string -Pattern "msinfo").Pattern -cne "msinfo") werHint #function } if((Get-Host).Version.Major -cge 5) ##WIN7 Does not Support Transcript { Stop-Transcript do{ start-sleep 1 } Until((get-item $tempDir\LOGS\Event-Search.TXT).Length -cne 0) } wh "`nLog Collection Completed! `nLogs are available in %temp%\LOGS\`n" wh "`nHit Any Key or Close ...`n" Start-Sleep 1 Start Explorer.exe $explore PAUSE ## LOGS.PS1 1.6.3 ## ## JOHNEM 8-2019 ## ## EOF ##
23) These test / steps can be performed overnight:
a) HD Tune full error scan
b) Sea Tools for Windows long generic test
c) Chkdsk /r /v
-
-
New #29
Many thanks again.
I am having to work to delete enough files to spare 20 GB space. I am at 17.7 GB.
I will fix this and try the update.
Regards
MF
- - - Updated - - -
I have now got 20.5 GB of free disk space.
I ran the update and got a different error message.
It is 08x00703ed
I am running Malwarebytes Pro.
Regards
MF
- - - Updated - - -
Sorry, the error is 0x800703ed
-
New #30
When available please update the progress with the steps in post #27.
Quote
Related Discussions
