Windows Update 2004 - Error 0xe06d7363

Page 1 of 4 123 ... LastLast

  1. Posts : 67
    Windows 10 Home 64-bit
       #1

    Windows Update 2004 - Error 0xe06d7363


    I'm on Windows 10 1909 trying to upgrade to 2004.

    I am getting error 0xe06d7363.

    Tried updating via the Media Creation Tool (including via DVD), Windows Update and the Update Assistant.

    They all fail.

    There is 366 GB of free disk space.

    Stuff I've tried:

    * Clean boot.

    * Attempted in Safe Mode.

    * I have unplugged ethernet during install.

    * I have unplugged all USB devices during install.

    * Stopped as much non-Windows software as possible running during install.

    * Disabled AVG anti-virus.

    * Ran the Windows Update Troubleshooter.

    * Deleted $WINDOWS.~BT folder.

    * Deleted SoftwareDistribution folder.

    * Deleted catroot2 folder.

    * Deleted all other temporary files.

    * System File Checker finds no problems.

    * DISM restore health etc finds no issues.

    * Reset Winsock.

    * Started and restarted: bits, wuauserv, appidsvc and cryptsvc via a computer restart.

    * Checked the latest SSU is installed (it is).

    * System File Checker and DISM restore health finds no issues.

    * RAM test
    ed for 24 hours using Memtest86+ - no issues.

    * Ran HD Tune and SeaTools. No issues.

    setuperr.log is attached.

    setupact.log is here.

    Thanks.
    Windows Update 2004 - Error 0xe06d7363 Attached Files
      My Computer


  2. Posts : 39,962
    windows 10 professional version 1607 build 14393.969 64 bit
       #2

    The setupact link did not open.
    404 Not Found
    Not Found

    The requested URL was not found on this server.
    Apache/2.4.41 (Unix) Server at 217.199.187.197 Port 80


    The setuperr displayed:
    Code:
    2020-06-19 22:32:15, FatalError [0x090001] PANTHR Exception (code 0xE06D7363: <unknown>) occurred at 0x00007FFE7D0BA799 in C:\WINDOWS\System32\KERNELBASE.dll (+000000000003A799).  Minidump attached (122291 bytes) to diagerr.xml and C:\WINDOWS\Panther\UnattendGC\mnd2E6B.diagerr.mdmp.



    Post share links for:
    C:\WINDOWS\Panther\UnattendGC\mnd2E6B.diagerr.mdmp
    diagerr.xml
    setupmem.dmp

    There are log collectors used in another Ten Forums room.
    Run each V2 and DM and upload results directly into this thread.
    BSOD - Posting Instructions

    How to Upload and Post Screenshots and Files at Ten Forums


    Run this script using administrative powershell (PS):

    Code:
    function wh   
        {  
            Param ( [parameter (Mandatory = $true)][string]$txt )  
            Write-Host $txt -ForegroundColor Green -BackgroundColor Black -NoNewline  
            ##Example usage wh "Alias for `n Write-Host"  
      
        } ## End function wh  
      
      
    function StartScript   
        {  
            ##Locating Temp Dir and writing Transcript  
            $global:tempDir = [System.IO.Path]::GetTempPath()   
            MD $tempDir\LOGS -EA SilentlyContinue   
            CD $tempDir\LOGS  
            $txtCount = Get-Item $tempDir/LOGS/*.TXT -EA SilentlyContinue  
            if((Get-Host).Version.Major -cge 5) ##WIN7 Not Supported  
                {  
                    if($txtCount.Count -cge 1)   
                    {Start-Transcript -Append -Path $tempDir/LOGS/Event-Search.TXT}   
                    Else{Start-Transcript -Path $tempDir\LOGS\Event-Search.TXT}   
                }  
      
            $global:explore = $tempDir + "LOGS\"  
            $global:Ver = "1.6.3"  
            wh "`nLog Collection... (V$Ver)`n"  
      
            #clearing previous actions  
            Stop-Job *  
      
            #Initialize CheckBox Vars to $True/$False  
                $Global:EventsCollect = $true; $Global:SetupDiagCollect = $true  
                    $Global:UpdatesCollect = $true; $Global:WLANCollect = $true  
                        $Global:PowerCollect = $true; $Global:GPCollect = $true  
                            $Global:miscCollect = $true; $Global:bingCollect = $true  
                                $Global:eventOut = $false        
            #Clear Jobs  
            Stop-Job *  
            Remove-Job *  
                                              
        } ## End function Start-Script  
      
      
    function SetupDiagFunc  
        {  
            wh "`n Grabbing SetupDiag.exe ..."       
            Invoke-WebRequest https://go.microsoft.com/fwlink/?linkid=870142 -OutFile $tempDir\SetupDiag.exe -TimeoutSec 3 -UseBasicParsing  
                #check for successful download  
                if((Get-Item $tempDir\SetupDiag.exe).length -gt 100000)  
                    {  
                      wh "`nSuccessful DL!"  
                      wh "`n Invoking SetupDiag.exe ..."  
                      $SetupDiag = {CMD.EXE /C "%temp%\setupdiag.exe /Verbose /Output:%temp%\SetupDiag-Log.txt"}  
      
                      ## Kick-Off SetupDiagJob  
                      Start-Job -Name SetupDiagJob -ScriptBlock $SetupDiag                     
                      
                    }Else{Write-Host "`nDownload of SetupDiag.exe Failed!" -BackgroundColor RED }  
      
        } ## End Function SetupDiagFunc  
      
      
    function EventSearch  
        {  
        wh "`n Starting EventSearch Job-Function ...`n"  
        ## Gathering Events from System using Get-WinEvent via Job  
        $EventSearchJob =   
            {  
            $evtPaths = Get-Item C:\Windows\System32\Winevt\Logs\*.evtx -Exclude "*PowerShell*",   
                "*known folders*" | Select-Object FullName  
            $i = $evtPaths.Count  
      
            $x = 0 ##For 1st Loop do Until x = i  
            $events = @()  
            $gatherEvents = @()  
            $eventsArray = @()  
            $searchResult = @()  
            $MaxEvents = 99  
      
            #Loading/Gathering Events Loop...  
            do {  
           
                ##Getting Events w/ Get-WinEvent         
                $gatherEvents = Get-WinEvent -Path $evtPaths[$x].FullName -MaxEvents $MaxEvents -EA SilentlyContinue  
                $events = $events + $gatherEvents             
      
                $x++  
                  
                }  
                 Until ($x -eq $i)      
      
            $x = $x +1 ##Total Events Found!  
              
            $eventsLength = $events.Length ##Total events catalogged!  
              
            $xx = 0  
                   
            # Write Event Properties to a row and roll it out - Collapsing Array ...   
            do {  
                   $date = $events[$xx].TimeCreated | Get-Date -Format "yyyyMMdd".ToString() -EA SilentlyContinue ##EA SC for Blank Entries  
                      
                    $eventRow = new-object PSObject -Property @{  
                    Date = $date;  
                    Id = $events[$xx].Id;  
                    Level = $events[$xx].LevelDisplayName;  
                    Provider = $events[$xx].ProviderName;  
                   Message = $events[$xx].Message;  
                    }  
      
                    $cRow = $date + " " + "ID:" +  $events[$xx].Id + " " + "Level:" + $events[$xx].LevelDisplayName + " " + "Provider:" + $events[$xx].ProviderName + " " + "Message:" + $events[$xx].Message   
                    $eventsArray += $cRow  
                   
                    $xx++  
                    $d++  
            }  
            Until ($xx -eq $events.Length)  
     
            ##Looking for patterns error or fail in $eventsArray  
            $search = $eventsArray | Select-String -pattern ("error|fail") 
     
            Return $search ## | Write-Output ##Output for job  
      
            } ## End $EventSearchJob  
      
        Start-Job -Name EventSearchJob -ScriptBlock $EventSearchJob  
      
        } ## End function Event-Search  
      
      
    function writeSearch  ##   
        {  
            ##Event Logs Cont.  
            MD $tempDir\LOGS\EVTX\ -EA SilentlyContinue 
     
            ##output to file  
            $search | Group-Object | Sort-Object Count -Descending | Format-Table Count, Name -Wrap > TOP-ERRORS.TXT  
            $search > $tempDir\LOGS\SEARCH.TXT  
      
        if($Global:eventOut -eq $True)  
            {  
            $search | Group-Object | Sort-Object Count -Descending |   
                Select-Object -Property Count, Name | Out-GridView -Title "Top `"Errors`" via EVTX - V-$Ver"  
            }  
      
            wh "`n Collecting Matching EVTX Entries ...`n"     
            #Collecting all prev matching EVTX  
            #$evtx = Get-ChildItem C:\Windows\System32\Winevt\Logs\*.evtx  
            $evv = 0  
                      
               $providerName =   
                   (($search | Select-String "Provider:.*Message:").Matches.Value -Replace   
                          " Message:", "" -Replace "Provider:", "" | Group-Object ).Name  
                  
                #Converting Provider Name to Log Name                 
                $providerName = (($providerName | ForEach-Object {Get-WinEvent -ProviderName $_ -MaxEvents 1 -EA SilentlyContinue}).LogName | Group-Object).Name     
                   $providerName = $providerName -replace "Microsoft.", ""  
                      $providerName = $providerName -replace "Windows.", ""  
                         $providerName = $providerName -replace "`/.*$", ""  
                               
                               
                             $evtx = $providerName | foreach{Get-ChildItem "C:\Windows\System32\winevt\logs\*$_*"}  
      
                    Do{  
                        COPY $evtx[$evv].PSPath $tempDir\LOGS\EVTX\ 
                           $evv++  
                      }  
                      Until($evv -eq $evtx.Count)  
      
        } #End function writeSearch  
      
      
    function GetUpdates  
        {  
            wh "`n Starting Get-WindowsUpdateLog Job-Function ...`n"  
            $updateJob = {get-WindowsUpdateLog}  
             
            if((Get-Host).Version.Major -cge 5) ##Modern Gatherer  
            {  
                Start-Job -Name GetUpdates -ScriptBlock $updateJob  
            }  
              
            ##Legacy Gatherer  
            CP C:\Windows\WindowsUpdate.log $tempDir\LOGS\WindowsUpdate.log  
      
            ##Installed-Updates/Packages 
            Get-WmiObject win32_quickfixengineering > $tempDir\LOGS\Installed_Updates.TXT  
            Get-WmiObject Win32_OperatingSystemQFE >> $tempDir\LOGS\Installed_Updates.TXT  
        DISM /Online /Get-Packages /Format:Table >> $tempDir\LOGS\Installed_Updates.TXT 
      
        } ## End function Get-Updates  
      
           
    function PrinterCheck  
        {  
            wh "`n Getting Printer Information ..."  
            get-printer | ft Name, ComputerName, Type, DriverName, PortName, Datatype, Location, DriverName > $tempDir\LOGS\Printers.TXT  
            get-printerDriver | fl >> $tempDir\LOGS\Printers.TXT  
            Get-ChildItem -Recurse Registry::"HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows NT x86\Drivers" | Out-File $tempDir\LOGS\Printers.TXT -Append  
            Get-ChildItem -Recurse Registry::"HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers" | Out-File $tempDir\LOGS\Printers.TXT -Append  
            Get-ChildItem -Recurse Registry::"HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors" | Out-File $tempDir\LOGS\Printers.TXT -Append  
            write-output "## CBS ntprint CHECK ##" >> $tempDir\LOGS\Printers.TXT  
            $cbsCheck = (Get-ChildItem C:\Windows\Logs\CBS\*cbs* -Recurse | select-string -Pattern "E_INVALIDARG in eventsXml.*Microsoft-Windows-PrintService")  
            if($cbsCheck.Count -eq 0){Write-Output "## NO MATCHES IN CBS ##" >> $tempDir\LOGS\Printers.TXT} Else{$cbsCheck | Group-Object  >> $tempDir\LOGS\Printers.TXT}  
            write-output "## ntprint.dll CHECK ##" >> $tempDir\LOGS\Printers.TXT  
            (Get-ChildItem C:\Windows\System32\ntprint.dll).VersionInfo | ft -AutoSize >> $tempDir\LOGS\Printers.TXT  
            (Get-ChildItem C:\Windows\SysWOW64\ntprint.dll).VersionInfo | ft -AutoSize >> $tempDir\LOGS\Printers.TXT  
      
        } ## End function PrinterCheck  
      
      
    function UpdateHelper  
        {  
        if((Get-Host).Version.Major -cge 5)  
            {  
                $winupdatelog = get-item $tempDir\LOGS\windows-update.log    ##WIN-10 File  
                MD $tempDir\LOGS\Windows\Logs\WindowsUpdate\ -EA SilentlyContinue | Out-Null  
                CP C:\Windows\Logs\WindowsUpdate\*.etl $tempDir\LOGS\Windows\Logs\WindowsUpdate\ -EA SilentlyContinue  
            }  
                Else{$winupdatelog = get-item $tempDir\LOGS\windowsupdate.log} ##LEGACY File  
      
        $updateError = ($winupdatelog | select-string -pattern "error.*0x........");  
        $updateErrorSplit = $updateError -Split " "  
        $updateErrorCount = (($updateErrorSplit | select-string -pattern "0x........") -Replace "[(),'`.:]", "" -Replace "hr=", "");  
      
        $updateErrorCount | Group-Object | Sort-Object Count -Descending | Format-Table Count, Name | Out-File $tempDir\LOGS\UPDATE-ERRORS.TXT -Width 999  
        $updateError >> UPDATE-ERRORS.TXT  
        if($updateError.length -eq 0){"No `"error.*0x........`" patterns Found in Windows-Update.log" | Out-File $tempDir\LOGS\UPDATE-ERRORS.TXT}  
      
        ($winupdatelog | Select-String "KB\d\d\d\d\d\d\d" | Select-string "fail") | Out-file $tempDir\LOGS\UPDATE-ERRORS.TXT -Append -width 999  
      
        } ## End function UpdateHelper  
      
      
    function getProcesses  
        {  
        wh "`nGetting Active Process ...`n"   
        Get-Process > $tempDir\LOGS\Running-Processes.TXT  
        CMD.EXE /C "tasklist /svc" | Out-File -Append  $tempDir\LOGS\Running-Processes.TXT  
          
        } ## End function getProcesses  
      
      
    function GetApps  
        {  
        wh "`n Getting List of Installed Apps...`n"  
        Get-WmiObject -Class Win32_Product | Format-Table -Property Name, Version, Vendor > $tempDir\LOGS\Installed-Apps.TXT  
        Get-AppxPackage | ft Name, Version, InstallLocation, IspArtiallyStaged, SignatureKind, Status >> $tempDir\LOGS\Installed-Apps.TXT  
          
        } ## End function GetApps  
      
      
    function SetupLogs  
        {  
        wh "`nGetting Windows Setup Logs Independent of SetupDiage.exe...`n"  
            MD $tempDir\LOGS\SETUP\ -EA SilentlyContinue  
        dir C:\ > $tempDir\LOGS\Dir_Structure.txt  
          
        ## Main Setup Collection  
        if($env:SystemDrive -eq 'C:') ##Verify SystemDrive  
        {  
            $SetupPaths = @()  
      
            $locations = @(  
                'C:\GetCurrent',  
                'C:\$Reset',  
                'C:\$SysReset',  
                'C:\$Windows.~BT',  
                'C:\$Windows.~WS',  
                'C:\Windows\Logs\',  
                'C:\Windows\Panther\',  
                'C:\Windows\inf\',  
                'C:\Windows\System32\LogFiles\',  
                'C:\Windows\System32\SysPrep\',  
                'C:\Windows10Upgrade',  
                'C:\Windows.old\Windows\Panther')  
      
            for($i = 0; $locations.count -gt $i; $i++)  
            {   
                if((get-item $locations[$i] -Force -EA SilentlyContinue).length -gt 0) ##Null Path Check -Force for Hidden  
                {  
                    CD $locations[$i]  
                    ##Search includes setuperr/setupact only  
                    $SetupPaths += Get-ChildItem * -Force -Recurse -Include setuperr.log, setupact.log, miglog.xml, *APPRAISER_Humanreadable.xml -EA SilentlyContinue      
                }  
            }  
      
            $cleanPaths = @()  
      
            for($i = 0; $SetupPaths.count -gt $i; $i++)  
            {  
                $cleanPaths += $SetupPaths[$i].PSParentPath.ToString() -replace "Microsoft\.PowerShell\.Core\\FileSystem\:\:C\:\\", ""  
            }  
      
            CD $tempDir\LOGS\SETUP\  
            MD $cleanPaths -Force  
            CD $tempDir\LOGS\  
      
            for($i = 0; $SetupPaths.count -gt $i; $i++)  
            {  
                $destPath = "$tempDir\LOGS\SETUP\" + $cleanPaths[$i]  
                $copyPathLog = ($SetupPaths[$i].ToString())  
                  
                Copy  $copyPathLog -Destination $destPath  
            }  
          
        }Else{Write-Host "`nSystem Drive is not C:... Setup Collection Aborted!`n"}  
        ## End Main Setup Collection  
          
              
            ## Setup Reg Output      
            Get-ChildItem HKLM:\SYSTEM\SETUP\ | Out-File $tempDir\LOGS\SETUP\HKLM_SYSTEM_SETUP-OOBE.TXT  
            Get-ChildItem HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\OOBE\Me* -recurse -EA SilentlyContinue | Out-File $tempDir\LOGS\SETUP\HKLM_SYSTEM_SETUP-OOBE.TXT -Append  
            Get-Childitem HKLM:SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate | Out-File $tempDir\LOGS\SETUP\HKLM_SYSTEM_SETUP-OOBE.TXT -Append  
      
            ## SetupAct String Search  
      
      
              
             $setupRegx = @("MOUPG SetupHost..Initialize:",  
                            "============================",  
                            (Get-ChildItem $tempDir\LOGS\*setupact.log -Recurse | Select-String "MOUPG  SetupHost..Initialize. CmdLine"),  
                            "",  
                            "MOUPG Setup build & Host OS Build:",  
                            "==================================",  
                            "",  
                            (Get-ChildItem $tempDir\LOGS\*setupact.log -Recurse | Select-String "MOUPG  SetupHost..Setup build"),  
                            "...",  
                            (Get-ChildItem $tempDir\LOGS\*setupact.log -Recurse | Select-String "MOUPG      Host OS"),  
                            "",  
                            "Watson Parameters (4&5):",  
                            "=======================",  
                            "",  
                            (Get-ChildItem $tempDir\LOGS\*setupact.log -Recurse | Select-String "Watson Bucketing Parameters\[[4-5]\]" ),  
                            "",  
                            "\[0x........\]Error:",  
                            "==================",  
                            "",  
                            (Get-ChildItem $tempDir\LOGS\*setupact.log -Recurse | Select-String "\[0x........\]\[0x.....\]"),  
                            "",  
                            "`"FATAL`":",  
                            "======",  
                            "",  
                            (Get-ChildItem $tempDir\LOGS\*setupact.log -Recurse | Select-String "FATAL" | Select-String -NotMatch "FatalExecutionEngineError" | Select-String -NotMatch "non-fatal"),  
                            "",  
                            "`"Error   `":",  
                            "===========",  
                            "",  
                            (Get-ChildItem $tempDir\LOGS\*setupact.log -Recurse | Select-String "Error   "),  
                            "",  
                            "MIGRATE.*DATA:",  
                            "==============",  
                            "",  
                            (Get-ChildItem $tempDir\LOGS\*setupact.log -Recurse | Select-String "MIGRATE.*DATA"),  
                            ""             
                            )  
                $q=0  
                Do {$setupRegx[$q] | Out-File $tempDir\LOGS\SETUP\SetupAct-Regex.TXT -Append -Width 999 ##spool out results  
                                      $q++                    
                                                }Until($q -eq $setupRegx.Count)  
      
        } ## End function SetupLogs  
      
      
    function powerCFGInfo  
        {  
        MD $tempDir\LOGS\POWER\ -EA SilentlyContinue  | Out-Null  
        wh "`n Grabbing PowerCFG, Sleep & Battery Info ...`n"  
          
        ("`n" + "Available Sleep States (/A): `r" + "`n" +"============================`r" + "`r").ToString() | Out-File -Encoding ascii $tempDir\LOGS\POWER\POWERCFG_INFO.txt  
        powercfg /a | Out-File -Append -encoding ascii $tempDir\LOGS\POWER\POWERCFG_INFO.txt  
      
        ("`n" + "-DeviceQuery Wake_Armed: `r" + "`n" +"========================`r" + "`r").ToString() | Out-File -Append -Encoding ascii $tempDir\LOGS\POWER\POWERCFG_INFO.txt  
        powercfg -devicequery wake_armed  | Out-file -Append -encoding ascii $tempDir\LOGS\POWER\POWERCFG_INFO.txt  
      
        ("`n" + "Last Wake (-lastwake):  `r" + "`n" +"=====================`r" + "`r").ToString() | Out-File -Append -Encoding ascii $tempDir\LOGS\POWER\POWERCFG_INFO.txt  
        powercfg -lastwake  | Out-file -Append -encoding ascii $tempDir\LOGS\POWER\POWERCFG_INFO.txt  
        ("`n`r").ToString() | Out-File -Append -Encoding ascii $tempDir\LOGS\POWER\POWERCFG_INFO.txt  
      
        ("`n" + "-Requests: `r" + "`n" +"==========`r" + "`r").ToString() | Out-File -Append -Encoding ascii $tempDir\LOGS\POWER\POWERCFG_INFO.txt  
        powercfg -requests  | Out-file -Append -encoding ascii $tempDir\LOGS\POWER\POWERCFG_INFO.txt  
      
        $powerList = powercfg -list  
        $powerList | Out-File -Append -encoding ascii $tempDir\LOGS\POWER\POWERCFG_INFO.txt  
        $powerActive = $powerList | select-string "\*" | powercfg /QH "$_"   
        ("`n`r").ToString() | Out-File -Append -Encoding ascii $tempDir\LOGS\POWER\POWERCFG_INFO.txt  
      
        ("`n" + "Active Power Scheme Details: `r" + "`n" +"============================`r" + "`r").ToString() | Out-File -Append -Encoding ascii $tempDir\LOGS\POWER\POWERCFG_INFO.txt  
        $powerActive | Out-File -Append -encoding ascii $tempDir\LOGS\POWER\POWERCFG_INFO.txt  
      
      
        if((Get-Host).Version.Major -cge 5) ##WIN7 Does not Support powercfg /battery /sleepstudy  
             {   
               $ifbattery = Get-WmiObject win32_battery  
               if ( $ifbattery.__SERVER.count -cge 1 ) { CMD.EXE /C "powercfg /batteryreport /output %temp%\LOGS\POWER\battery-report.html" }  
               CMD.EXE /C "powercfg /sleepstudy /output %temp%\LOGS\POWER\sleepstudy-report.html"  
             }  
               CMD.EXE /C "powercfg /ENERGY /duration 10 /output %temp%\LOGS\POWER\energy-report.html"         
          
        } ## End function powerCFGInfo  
      
      
    function sysProductCheck  
        {  
        wh "`n Getting SystemProductName ...`n"  
        ##SystemInformation Reg   
        reg query HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SystemInformation\ /v SystemProductName  > $tempDir\LOGS\REG_SystemProductName.TXT   
        Get-WmiObject Win32_ComputerSystem > $tempDir\LOGS\WMI_Object_System.TXT  
        Get-WmiObject Win32_ComputerSystemProduct >> $tempDir\LOGS\WMI_Object_System.TXT  
          
        } ## End functions sysProductCheck  
      
      
    function showWLAN  
        {  
        wh "Generating NETSH WLAN Report...`n"  
      
        $showWLANjob = {  
                        CMD.EXE /c "netsh wlan show networks mode=ssid > %temp%\LOGS\Network\wlan.txt"  
                        CMD.EXE /c "netsh wlan show networks mode=bssid >> %temp%\LOGS\Network\wlan.txt"  
                        CMD.EXE /c "netsh winhttp show proxy > %temp%\LOGS\Network\proxy.txt"  
                        CMD.EXE /c "netsh wlan show wlanreport & COPY C:\ProgramData\Microsoft\Windows\wlanReport\wlan-report-latest.html %temp%\LOGS\Network\wlan-report-latest.html"   
                        ##WIN7 Does not Support netsh wlanreport                                                    
                        }   
      
        Start-Job -Name showWLAN -ScriptBlock $showWLANjob  
      
        } ## End function sysProductCheck  
      
      
    function getGPRESULT  
        {  
        wh "`nGetting GPRESULT...`n"  
        CMD.EXE /C "GPRESULT /V > %temp%\LOGS\GPRESULT.TXT"  
          
        } ## End function getGPRESULT  
      
      
    function reservedCheck  
        {       
             
        $reservedJob =   
            {  
            $vol = (mountvol /L | select-string -Pattern "\\\\")  
            $volstring = "mountvol y:" + $vol[0]  
            CMD.EXE /C $volstring  
          
            SLEEP 2  
      
            CMD.EXE /C "CHKDSK y: > %temp%\LOGS\SystemReserved.TXT"  
          
            SLEEP 2 # Pause after drive dismount  
          
            CMD.EXE /C "mountvol y: /D"  
            }  
      
        Start-Job -Name reservedJob -ScriptBlock $reservedJob  
          
        } ## End function reservedCheck  
      
      
    function fltmcCheck  
        {  
        wh "`n Getting fltmc Filters ...`n"  
        CMD.EXE /c "fltmc filters > %temp%\LOGS\fltmc_filters.TXT"  
          
        } ## End function fltmcCheck  
      
      
    function getDXDiag  
        {  
        wh "`n Grabbing DXDiag Info...`n"  
        C:\Windows\System32\dxdiag /x $explore\DxDiag  
          
        } ## End function getDXDiag  
      
      
    function getMSINFO  
        {  
        wh "`n Gathering MSINFO32 ...`n"  
        ## check if msinfo is already gathering - if so stop  
        If((get-process | select-string -Pattern "msinfo").Pattern -eq "msinfo")  
        {Stop-Process -ProcessName msinfo32}  
      
            C:\Windows\System32\msinfo32.exe /nfo $tempDir/LOGS/MSINFO32.NFO  
                     
        } ## End function getMSINFO  
      
      
    function getAV  
        {  
         if((Get-Host).Version.Major -cge 5) ##Modern OS Only  
            {  
            wh "`n Grab root\SecurityCenter2 AntivirusProduct ...`n"  
            $avPath = (Get-WmiObject -Namespace root\SecurityCenter2 -Class AntivirusProduct) | % {$_.pathtoSignedProductEXE}  
            "AV Info" + "`n========" | Out-File $tempDir/LOGS/SecurityProductInformation.TXT 
        $avPath | Out-File $tempDir/LOGS/SecurityProductInformation.TXT -Append  
            if($avPath[0] -match "exe")  
                {   
                    $path = (Get-Item $avPath[0]).PSParentPath  
                    Get-Item $path/*.ini | Out-File $tempDir/LOGS/SecurityProductInformation.TXT -Append  
                    Get-Content $path/*.ini | Out-File $tempDir/LOGS/SecurityProductInformation.TXT -Append             
                }  
                Get-ChildItem "HKLM:\SOFTWARE\Policies\Microsoft\Windows Defender\" -recurse -EA SilentlyContinue | Out-File $tempDir/LOGS/SecurityProductInformation.TXT -Append      
            }  
        } ## End function getAV  
      
      
    function getDrivers  
        {  
        wh "`n Grabbing Driver listing via DISM.EXE ...`n"  
            $drivers = cmd.exe /C "dism /online /get-drivers /format:table"  
            $drivers += cmd.exe /C "dism /online /get-drivers /all /format:table"  
            $drivers | Out-File $tempDir/LOGS/DISM-Get-Drivers.TXT  
        wh "`n Done!`n"  
        } ## End Function getDrivers  
      
      
    function getMISCLogs  
        {  
            wh "`nCopying misc. logs ...`n"   
            MD $tempDir\LOGS\WER\ -EA SilentlyContinue   
            MD $tempDir\LOGS\Windows\Logs\WindowsUpdate\ -EA SilentlyContinue  
            CP "C:\Users\All Users\Microsoft\Windows\WER\ReportArchive\*" $tempDir\LOGS\WER\ -Recurse -EA SilentlyContinue  
            CP "C:\Windows\Logs\CBS\*cbs*" $tempDir\LOGS\Windows\Logs\  
            CP "C:\Windows\Logs\DISM\*dism*" $TempDir\LOGS\Windows\Logs\  
            CP "C:\Windows\Logs\WindowsUpdate\*" $TempDir\LOGS\Windows\Logs\WindowsUpdate\  
      
                
            #DMP Collect  
            $dmp = @()  
            $dmp += Get-ChildItem C:\Windows\*.dmp   
            $dmp += (Get-ChildItem C:\Windows\LiveKernelReports\*.dmp -Recurse -EA SilentlyContinue)  
            $dmp += (Get-ChildItem C:\Windows\Minidump\*.dmp -Recurse -EA SilentlyContinue)  
            #Validate empty array  
            if($dmp.length -ne 0)  
                {  
                $dd=0  
                      Do{       
                            If($dmp[$dd].length -lt 2000000)  
                                { $destPath = $dmp[$dd].PSParentPath.Replace('C:\', '').Replace('Microsoft.PowerShell.Core\FileSystem::', '')  
                                    MD $destPath -EA SilentlyContinue 
                                        COPY -Path $dmp[$dd].PSPath -Destination $destPath }  
                            $dd++  
                        }  
                        Until($dd -eq $dmp.Count)  
                }  
     
             #disk info 
             "`nGet-Disk:`n=========" > $tempDir\LOGS\Disk-Info.TXT  
             Get-Disk |fl >> $tempDir\LOGS\Disk-Info.TXT 
             "`nGet-Partition:`n==============" >> $tempDir\LOGS\Disk-Info.TXT  
             Get-Partition >> $tempDir\LOGS\Disk-Info.TXT 
             Manage-bde -protectors -get C: >> $tempDir\LOGS\Disk-Info.TXT 
             "`nIO Fail Search:`n===============`n" >> $tempDir\LOGS\Disk-Info.TXT 
             $search | Select-String ".*io.fail.*" | Select-String -NotMatch '0, 0, 0, 0' >> $tempDir\LOGS\Disk-Info.TXT        
      
        } ## End function getMISCLogs  
      
      
    function bingCollect  
        {  
            ##O365 Firewall Check & Bing.com diagnostics.asp  
            ##URIs based on Article:   
            ##https://support.office.com/en-us/article/Network-requests-in-Office-365-ProPlus-and-Mobile-eb73fcd1-ca88-4d02-a74b-2dd3a9f3364d  
                    
            MD $TempDir\LOGS\Network\ -EA SilentlyContinue  
      
            wh "Performing Bing & O365 URI Check ... `n"  
      
      
                  $bingCheck = (Invoke-WebRequest -Uri https://www.bing.com/fdv2/diagnostics.aspx -UseBasicParsing)   
                  $bingCheck | Out-File $tempDir\LOGS\Network\O365-URL-Query.TXT  
                     
                  $URIs = @('api.login.microsoftonline.com',    #0  Standard Reply = 403  
                  'api.passwordreset.microsoftonline.com',      #1  Standard Reply = 200  
                  'becws.microsoftonline.com',                  #2  Standard Reply = 403  
                  'clientconfig.microsoftonline-p.net',         #3  Standard Reply = 404  
                  'companymanager.microsoftonline.com',         #4  Standard Reply = 403  
                  'device.login.microsoftonline.com',           #5  Standard Reply = 200  
                  'graph.microsoft.com',                        #6  Standard Reply = 404  
                  'hip.microsoftonline-p.net',                  #7  Standard Reply = 404   
                  'hipservice.microsoftonline.com',             #8  Standard Reply = 404  
                  'login.microsoft.com',                        #9  Standard Reply = 200  
                  'login.microsoftonline.com',                  #10 Standard Reply = 200  
                  'logincert.microsoftonline.com',              #11 Standard Reply = 200   
                  'loginex.microsoftonline.com',                #12 Standard Reply = 200  
                  'login-us.microsoftonline.com',               #13 Standard Reply = 200  
                  'login.microsoftonline-p.com',                #14 Standard Reply = 200  
                  'login.windows.net',                          #15 Standard Reply = 200  
                  'nexus.microsoftonline-p.com',                #16 Standard Reply = 403  
                  'passwordreset.microsoftonline.com',          #17 Standard Reply = 200  
                  'provisioningapi.microsoftonline.com',        #18 Standard Reply = 403  
                  'stamp2.login.microsoftonline.com',           #19 Standard Reply = 200  
                  'ccs.login.microsoftonline.com',              #20 Standard Reply = 401  
                  'ccs-sdf.login.microsoftonline.com',          #21 Standard Reply = 401  
                  'accounts.accesscontrol.windows.net',         #22 Standard Reply = 200  
                  'secure.aadcdn.microsoftonline-p.com',        #23 Standard Reply = 400  
                  'windows.net',                                #24 Standard Reply = 200  
                  'phonefactor.net',                            #25 Standard Reply = 200  
                  'account.activedirectory.windowsazure.com',   #26 Standard Reply = 404  
                  'secure.aadcdn.microsoftonline-p.com',        #27 Standard Reply = 400  
                  'login.windows.net',                          #28 Standard Reply = 200  
                  'provisioningapi.microsoftonline.com',        #29 Standard Reply = 403  
                  'mscrl.microsoft.com',                        #30 Standard Reply = 400  
                  'secure.aadcdn.microsoftonline-p.com',        #31 Standard Reply = 400  
                  'windowsupdate.microsoft.com',                #32 Standard Reply = 200  
                  'update.microsoft.com',                       #33 Standard Reply = 200  
                  'au.download.windowsupdate.com',              #34 Standard Reply = 200  
                  'download.windowsupdate.com',                 #35 Standard Reply = 200  
                  'download.microsoft.com',                     #36 Standard Reply = 200  
                  'tlu.dl.delivery.mp.microsoft.com');          #37 Standard Reply = 403  
              
                     
                  $count = 0;  
                  $queryResult =@{};  
                     
                  Write-Host "Checking URIs .." -NoNewline  
                     
                  Do {           
                          Try{  
                          $queryResult[$count] = (Invoke-WebRequest -Uri ("http:`/`/" + $URIs[$count]) -Method Head -UseBasicParsing -TimeoutSec 2).RawContent  
                             }Catch{ $catch = $_ }  
                     
                              if($queryResult[$count].Count -eq 0)  
                                      {$queryResult[$count] = ($catch[$catch.count -1].ToString()).Replace("`n", " ")}                                     
                          Write-Host "." -NoNewline           
                          $count++         
                      }Until ($count -eq ($URIs.Count));                            
                  Write-Host "."  
                      
                      Get-Date | Out-File $tempDir\LOGS\Network\O365-URL-Query.TXT -Append  
                      $queryResult | Out-File $tempDir\LOGS\Network\O365-URL-Query.TXT -Append  
                        
            Write-Host " Bing Check", `n, "==========" | Out-File $tempDir\LOGS\Network\O365-URL-Query.TXT -Append  
            
                  wh "`n`n`n`URL Check Finished...`n"   
        }  
      
      
    function smbConfig  
    {  
      
        $CMDs =  
        {   cmd.exe /c "net config server"    
            cmd.exe /c "net config workstation"  
            Get-SmbClientNetworkInterface  
            Get-SmbServerConfiguration  
            Get-SmbClientConfiguration  
            Get-ChildItem "HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer"   
            Get-NetAdapterAdvancedProperty | ft }  
      
        ForEach-Object{Invoke-Command $CMDs | Out-File $TempDir\LOGS\NETWORK\$env:COMPUTERNAME-SMB-Config.TXT -Append}  
      
        $share = Get-SmbShare  
      
        ForEach-Object{Get-SmbShareAccess $share.Name | ft  | Out-File $tempDir\LOGS\NETWORK\$env:COMPUTERNAME-SMB-Config.TXT -Append}  
      
    } ## End Function smbConfig  
      
      
    function regLang  
        {       
            DISM.EXE /Online /Get-Intl  | Out-File $tempDir\LOGS\Reg-Lang.TXT  
            "`n","Get-WinUserLanguageList","=======================" | Out-File $tempDir\LOGS\Reg-Lang.TXT -Append  
            Get-WinUserLanguageList     | Out-File $tempDir\LOGS\Reg-Lang.TXT -Append  
            "`n","Get-WinLanguageBarOption","========================" | Out-File $tempDir\LOGS\Reg-Lang.TXT -Append  
            Get-WinLanguageBarOption    | Out-File $tempDir\LOGS\Reg-Lang.TXT -Append  
        }  
      
      
    function autoRotate  
        {  
            Get-ChildItem HKLM:SOFTWARE\Microsoft\Windows\CurrentVersion\Auto* | Out-File $tempDir\LOGS\AutoRotate.TXT  
        }  
      
      
    function checkBoxes  
       {  
            Add-Type -AssemblyName System.Windows.Forms  
            Add-Type -AssemblyName System.Drawing  
      
            $Global:form = New-Object System.Windows.Forms.Form  
            $Global:form.Text = "LOGS-V$ver"  
            $Global:form.Size = New-Object System.Drawing.Size(300,400)  
            $Global:form.StartPosition = 'CenterScreen'  
      
            $OKButton = New-Object System.Windows.Forms.Button  
            $OKButton.Location = New-Object System.Drawing.Point(100,300)  
            $OKButton.Size = New-Object System.Drawing.Size(75,23)  
            $OKButton.Text = 'OK'  
            $OKButton.DialogResult = [System.Windows.Forms.DialogResult]::OK  
            $Global:form.AcceptButton = $OKButton  
            $Global:form.Controls.Add($OKButton)  
             
            $Global:form.ControlBox = $false  
              
                $Global:boxNum = 1  
                $Global:checkBox = @{} #hash for $checkBox  
                $tag = @{} #hash for $label  
                $Global:Box = @{}  
      
                function createCheckBox   
                    {  
                        Param ( [parameter (Mandatory = $true)][string]$name,  
                                [parameter (Mandatory = $true)][string]$label )  
                          
                        $drawingPoint = (50 + ($boxNum *25))  
      
                        $Global:checkBox[$boxNum] = New-Object System.Windows.Forms.CheckBox  
                        $Global:checkBox[$boxNum].Location = New-Object System.Drawing.Point(10,$drawingPoint)  
                        $Global:checkBox[$boxNum].Size = New-Object System.Drawing.Size(15,15)  
                        $Global:checkBox[$boxNum].Text = ''  
                        $Global:checkBox[$boxNum].Checked = $true  
                        $Global:form.Controls.Add($checkBox[$boxNum])  
                        #SetupDiag Label  
                        $tag[$boxNum] = New-Object System.Windows.Forms.Label  
                        $tag[$boxNum].Location = New-Object System.Drawing.Point(40,$drawingPoint)  
                        $tag[$boxNum].Size = New-Object System.Drawing.Size(280,20)  
                        $tag[$boxNum].Text = "$label"  
                        $Global:form.Controls.Add($tag[$boxNum])  
      
                        $Global:boxNum ++  
                      
                    } #End nested function createCheckBox   
                
                createCheckBox -name "EV" -label "EventSearch EventLog Helper"       #1  
                createCheckBox -name "SD" -label "SetupDiag.EXE Setup Diagnostics"   #2  
                createCheckBox -name "WU" -label "Get-WindowsUpdateLog Collection"   #3  
                createCheckBox -name "IP" -label "Network Information"               #4  
                createCheckBox -name "PW" -label "POWERCFG. Sleep & Battery Info"    #5  
                createCheckBox -name "GP" -label "GPResult Info"                     #6  
                createCheckBox -name "MS" -label "General Machine Info"              #7  
                createCheckBox -name "EO" -label "EventSearch Out-GridView"          #8            
                     
                #Checkbox State Changes               
                $Global:checkBox[1].Add_CheckStateChanged(  
                        {   
                            if($Global:checkBox[1].checked -eq $True){ $Global:EventsCollect = $true ; Write-Host "." -nonewline} Else{ $Global:EventsCollect = $false }  
                                  
                        })             
                $Global:checkBox[2].Add_CheckStateChanged(  
                        {   
                            if($Global:checkBox[2].checked -eq $True){ $Global:SetupDiagCollect = $true ; Write-Host "." -nonewline} Else{ $Global:SetupDiagCollect = $false }  
                                  
                        })  
                $Global:checkBox[3].Add_CheckStateChanged(  
                        {   
                            if($Global:checkBox[3].checked -eq $True){ $Global:UpdatesCollect = $true ; Write-Host "." -nonewline} Else{ $Global:UpdatesCollect = $false }  
                                  
                        })  
                $Global:checkBox[4].Add_CheckStateChanged(  
                        {   
                            if($Global:checkBox[4].checked -eq $True){ $Global:WLANCollect = $true ; Write-Host "." -nonewline} Else{ $Global:WLANCollect = $false }  
                                  
                        })  
      
                $Global:checkBox[5].Add_CheckStateChanged(  
                        {   
                            if($Global:checkBox[5].checked -eq $True){ $Global:PowerCollect = $true ; Write-Host "." -nonewline} Else{ $Global:PowerCollect = $false }  
                                  
                        })  
                $Global:checkBox[6].Add_CheckStateChanged(  
                        {   
                            if($Global:checkBox[6].checked -eq $True){ $Global:GPCollect = $true ; Write-Host "." -nonewline} Else{ $Global:GPCollect = $false }  
                                  
                        })  
                $Global:checkBox[7].Add_CheckStateChanged(  
                        {   
                            if($Global:checkBox[7].checked -eq $True){ $Global:miscCollect = $true ; Write-Host "." -nonewline} Else{ $Global:miscCollect = $false }  
                                  
                        })  
      
                 $Global:checkBox[8].Add_CheckStateChanged(  
                        {   
                            if($Global:checkBox[8].checked -eq $True){ $Global:eventOut = $true ; $Global:checkBox[1].checked = $true; Write-Host "x" -nonewline} Else{ $Global:eventOut = $false }  
                                  
                        })  
                                               
            $Global:checkBox[8].Checked = $false  
            $mainText = New-Object System.Windows.Forms.Label  
            $mainText.Location = New-Object System.Drawing.Point(62,30)  
            $mainText.Size = New-Object System.Drawing.Size(260,20)  
            $mainText.Text = 'Choose which logs to collect:'  
            $Global:form.Controls.Add($mainText)  
            $result = $Global:form.ShowDialog()  
            SLEEP 1  #testing Topmost lag  
            $Global:form.Topmost = $true  
      
            #OK Button ...   
            if ($result -eq [System.Windows.Forms.DialogResult]::OK)  
            {  
                $x = $textBox.Text  
                $x  
            }       
      
        } #End function checkBoxes  
      
      
    Function werHint  
    {  
        $WERs = Get-ChildItem $tempDir\LOGS\WER\*.wer -Recurse  
      
        $WERArray = @()  
      
        $Date = $WERs | Select-String -pattern "eventtime=" | % {$_ -Replace("C:.*EventTime=", "")}  
        $eventType = $WERs | Select-String -pattern "EventType=" | % {$_ -Replace("C:.*EventType=", "")}  
        $Sig0Nam = $WERs | Select-String -pattern "Sig\[0\].Name" | % {$_ -Replace("C:.*Sig\[0\].Name=", "")}  
        $Sig0Val = $WERs | Select-String -pattern "Sig\[0\].Value" | % {$_ -Replace("C:.*Sig\[0\].Value=", "")}  
        $Sig3 = $WERs | Select-String -pattern "Sig\[3\].Value" | % {$_ -Replace("C:.*Sig\[3\].Value=", "")}  
        $Sig3 = $WERs | Select-String -pattern "Sig\[3\].Value" | % {$_ -Replace("C:.*Sig\[3\].Value=", "")}  
        $Sig4 = $WERs | Select-String -pattern "Sig\[4\].Value" | % {$_ -Replace("C:.*Sig\[4\].Value=", "")}  
      
        #ConvertDateTime  
        $epoch = [datetime]"01/01/1601 00:00"  
        $date = $date | foreach{$epoch.AddSeconds($_/10000000)}   
        $convertedDate = foreach($Date in $Date) {Get-Date $Date -Format G}  
      
        $WERarray = 0..($convertedDate.Length -1) | Select-Object @{n="Id";e={$_}},   
            @{n="Date";e={$convertedDate[$_]}}, @{n="EventType";e={$eventType[$_]}},  
                @{n="S0-Name";e={$Sig0Nam[$_]}}, @{n="S0-Value";e={$Sig0Val[$_]}}, @{n="S3";e={$Sig3[$_]}},   
                    @{n="S4";e={$Sig4[$_]}}  
      
        $WERArray |Sort-Object -Descending Date | ft -autosize Date, EventType, S0-Name, S0-Value, S3, S4  |   
            Out-File $tempDir\LOGS\WER-SUMMARY.TXT -Width 500  
      
    } ## End Function werHint  
      
      
      
    ### FUNCTIONS_INIT ###   
      
            $Script:Cancel = @{}  
      
            StartScript #function  
            checkBoxes  
              
            ## SetupDiagCollect   #2  
            if($Global:SetupDiagCollect -eq $True)  
                {  
                SetupDiagFunc #function & job   
                wh "...`n"  
                }  
            ## EventSearch         #1  
            if($Global:EventsCollect -eq $True)  
                {  
                EventSearch #function & job  
                wh "...`n"  
                }  
      
            ## Get-WindowsUpdate   #3  
            if($Global:UpdatesCollect -eq $True)  
                {  
                GetUpdates #function & job  
                wh "...`n`n"  
                }  
      
            ## WLAN/Wifi Collect    #4  
            if($Global:WLANCollect -eq $True)      
                {  
                bingCollect #function  
                wh "...`n"  
                showWLAN #function & job   
                wh "...`n"  
                smbConfig #function  
                }  
      
            ## Power/Battery Collect:#5  
            if($Global:PowerCollect -eq $True)  
                {  
                powerCFGInfo #function - make job takes a min  
                wh "...`n"  
                }  
      
            ## GPRESULT Collection:  #6  
            if($Global:GPCollect -eq $True)  
                {  
                getGPRESULT #function  
                wh "...`n"  
                }  
      
            ## Misc Logs Collection: #7        
            if($Global:miscCollect -eq $True)  
                {  
                getMSINFO #function & job  
                    wh "...`n"  
                PrinterCheck #function  
                    wh "...`n"  
                getProcesses #function  
                    wh "...`n"  
                getApps #function - make job - takes a min  
                    wh "...`n"  
                SetupLogs #function  
                    wh "...`n"       
                sysProductCheck #function  
                    wh "...`n"                 
                reservedCheck #function  
                    wh "...`n"  
                fltmcCheck #function  
                    wh "...`n"  
                getDXDiag #function  
                    wh "...`n"  
                regLang #function  
                    wh "...`n"  
                autoRotate #function  
                getMISCLogs #function  
                    wh "...`n"  
                getDrivers #function  
                    wh "...`n"   
                getAV #function  
                    wh "...`n"            
                 }  
            
      
    #### RECEIVING JOBS SECTION ###...   
      
            #EventSearchJob  
            if($Global:EventsCollect -eq $True)  
            {          
                wh "`nWaiting for EventSearchJob to complete...`n"  
      
                Receive-Job -Name EventSearchJob -OutVariable eventSearch -Wait   
                $search = $eventSearch.Line  
            }  
      
      
            if($Global:SetupDiagCollect -eq $True)  
            {  
                #SetupDiagJob - Receive-Job  
                $stamp = (Get-Date -format "hh:mm tt")  
                wh "`nWaiting for SetupDiagJob to complete..."  
                wh "`nTime Stamp: $stamp"  
                wh "`nThis can take up to 10 minutes ..."  
      
                Do{  
                  SLEEP 15  
                    wh "."  
                    if((Get-Job -name SetupDiagJob).State -eq "Completed")  
                        { Receive-Job -Name SetupDiagJob  
                               wh "`nSetupDiag Completed!"                         
                            Break                      }  
                                    }Until($Cancel.SetupDiag -eq $True)  
                wh `n  
                                                   
                #Receive file and copy  
                Receive-Job -Name SetupDiagJob -Wait   
                Copy-Item $tempDir\Logs*.zip $tempDir\LOGS\SetupDiag-Log.zip  
                Copy-Item $tempDir\setupdiag*.log $tempDir\LOGS\  
                Remove-Item $tempDir\Logs*.zip  
            }  
      
           
            if($Global:UpdatesCollect -eq $True)  
            {  
                #GetUpdates Job via:  
                #UpdateHelper <--- GetUpdates Job has to finish first!  
                #Checking Status of GetUpdates Job...  
                wh "Checking Status of GetUpdates Job...`n"  
                If ((Get-Job -Name GetUpdates).State -eq "Failed")  
                    { wh "`nGetUpdates Job Failed!`n" }  
                        Else{  
                                Receive-Job -Name GetUpdates -wait  
                                Move $env:USERPROFILE\Desktop\WindowsUpdate.log $TempDir\LOGS\Windows-Update.log -Force  
                                wh "`n Writing Update Helper Info to UPDATE-ERRORS.TXT ... `n"  
                                UpdateHelper #run the update helper function  
                            }               
            } #End getting GetUpdates-job       
      
            #Finishing EventSearch  
            if($Global:EventsCollect -eq $True)  
                {  
                    writeSearch #function  
                }  
      
    #Wait on MSINFO...  
    if($Global:miscCollect -eq $True)  
    {  
        wh "`n Waiting for MSINFO32 to Complete ...`n"  
        do{ start-sleep 1 }  
        Until((get-process | select-string -Pattern "msinfo").Pattern -cne "msinfo")  
            werHint #function  
    }  
      
      
    if((Get-Host).Version.Major -cge 5) ##WIN7 Does not Support Transcript  
        {  
      
    Stop-Transcript   
      
            do{  
        start-sleep 1  
        }  
        Until((get-item $tempDir\LOGS\Event-Search.TXT).Length -cne 0)  
          
        }  
      
    wh "`nLog Collection Completed! `nLogs are available in %temp%\LOGS\`n"    
    wh "`nHit Any Key or Close ...`n"  
      
    Start-Sleep 1  
      
    Start Explorer.exe $explore  
      
    PAUSE  
      
    ## LOGS.PS1 1.6.3  ##     
    ## JOHNEM 8-2019 ##   
    ## EOF ##



    1) Open administrative command prompt and type or copy and paste:
    2) sfc /scannow
    3) dism /online /cleanup-image /scanhealth
    4) dism /online /cleanup-image /restorehealth
    5) sfc /scannow
    6) chkdsk /scan
    7) wmic recoveros set autoreboot = false
    8) wmic recoveros set DebugInfoType = 7
    9) wmic recoveros get autoreboot
    10) wmic recoveros get DebugInfoType
    11) bcdedit /enum {badmemory}

    12) When these have completed > right click on the top bar or title bar of the administrative command prompt box > left click on edit then select all > right click on the top bar again > left click on edit then copy > paste into the thread


    When posting share links please use: one drive, drop box, or google drive
      My Computer


  3. Posts : 67
    Windows 10 Home 64-bit
    Thread Starter
       #3

    Apologies. Setupact.log is now here.

    The PS logs are here: http://217.199.187.197/otronics.co.uk/LOGS.zip

    All other requested files/logs are attached apart from
    setupmem.dmp which I can't find.

    Running the
    command prompt stuff now and will post back shortly.

    - - - Updated - - -

    Code:
    Microsoft Windows [Version 10.0.18363.900](c) 2019 Microsoft Corporation. All rights reserved.C:\WINDOWS\system32>sfc /scannowBeginning system scan.  This process will take some time.Beginning verification phase of system scan.Verification 100% complete.Windows Resource Protection did not find any integrity violations.C:\WINDOWS\system32>dism /online /cleanup-image /scanhealthDeployment Image Servicing and Management toolVersion: 10.0.18362.900Image Version: 10.0.18363.900[==========================100.0%==========================] No component store corruption detected.The operation completed successfully.C:\WINDOWS\system32> dism /online /cleanup-image /restorehealthDeployment Image Servicing and Management toolVersion: 10.0.18362.900Image Version: 10.0.18363.900[==========================100.0%==========================] The restore operation completed successfully.The operation completed successfully.C:\WINDOWS\system32>sfc /scannowBeginning system scan.  This process will take some time.Beginning verification phase of system scan.Verification 100% complete.Windows Resource Protection did not find any integrity violations.C:\WINDOWS\system32>chkdsk /scanThe type of the file system is NTFS.Volume label is Server OS.Stage 1: Examining basic file system structure ...  643328 file records processed.File verification completed.  24135 large file records processed.  0 bad file records processed.Stage 2: Examining file name linkage ...  456 reparse records processed.  839422 index entries processed.Index verification completed.  0 unindexed files scanned.  0 unindexed files recovered to lost and found.  456 reparse records processed.Stage 3: Examining security descriptors ...Security descriptor verification completed.  98048 data files processed.CHKDSK is verifying Usn Journal...  39615032 USN bytes processed.Usn Journal verification completed.Windows has scanned the file system and found no problems.No further action is required. 480538671 KB total disk space.  94764928 KB in 378888 files.    281880 KB in 98049 indexes.         0 KB in bad sectors.    774959 KB in use by the system.     65536 KB occupied by the log file. 384716904 KB available on disk.      4096 bytes in each allocation unit. 120134667 total allocation units on disk.  96179226 allocation units available on disk.C:\WINDOWS\system32>wmic recoveros set autoreboot = falseUpdating property(s) of '\\SERVER\ROOT\CIMV2:Win32_OSRecoveryConfiguration.Name="Microsoft Windows 10 Home|C:\\WINDOWS|\\Device\\Harddisk0\\Partition3"'Property(s) update successful.C:\WINDOWS\system32>wmic recoveros set DebugInfoType = 7Updating property(s) of '\\SERVER\ROOT\CIMV2:Win32_OSRecoveryConfiguration.Name="Microsoft Windows 10 Home|C:\\WINDOWS|\\Device\\Harddisk0\\Partition3"'Property(s) update successful.C:\WINDOWS\system32>wmic recoveros get autorebootAutoRebootFALSEC:\WINDOWS\system32>wmic recoveros get DebugInfoTypeDebugInfoType7C:\WINDOWS\system32>wmic recoveros get DebugInfoTypeDebugInfoType7C:\WINDOWS\system32>bcdedit /enum {badmemory}RAM Defects-----------identifier              {badmemory}C:\WINDOWS\system32>
    Windows Update 2004 - Error 0xe06d7363 Attached Files
      My Computer


  4. Posts : 39,962
    windows 10 professional version 1607 build 14393.969 64 bit
       #4

    Please upload V2 results.
      My Computer


  5. Posts : 67
    Windows 10 Home 64-bit
    Thread Starter
       #5

    zbook said:
    Please upload V2 results.
    Hi.

    Is that not in one of the attachments above?
      My Computer


  6. Posts : 39,962
    windows 10 professional version 1607 build 14393.969 64 bit
       #6

    It was found...thx.

    1) List and uninstall all non-Microsoft antivirus software
    (This includes always on and manual software.)
    (This includes running the applicable antivirus uninstall tools for any AV that could have been incompletely uninstalled)

    2) List and uninstall all non-Microsoft firewall software

    3) List all Microsoft and non-Microsoft drive encryption software.
    Uninstall all non-Microsoft disk encryption software

    4) Create a brand new restore point.
    Create System Restore Point in Windows 10

    5) In the left lower corner search type: system or system control > open system control panel > on the left pane click advanced system settings

    a) > on the advanced tab under startup and recovery > click settings > post an image of the startup and recovery window into the thread

    b) > on the advanced tab under performance > click on settings > on the performance options window > click on the advanced tab > under virtual memory > click on change > post an image of the virtual memory window into the thread

    6) Open Ccleaner > click windows tab or custom clean > scroll down to system and advanced > post an image into the thread

    7) Run HD Tune (free version) (all drives)
    HD Tune website
    Post images into the thread for results on these tabs:
    a) Health
    b) Benchmark
    c) Full error scan

    8) Run Sea Tools for Windows
    long generic test
    Post an image of the test result into the thread
    SeaTools for Windows |
    Seagate

    How to use SeaTools for Windows | Seagate Support US

    9) Open administrative command prompt and type or copy and paste:
    chkdsk /r /v
    This may take hours to run so plan to run overnight.
    Run on all drives using the syntax: chkdsk /r /v C: or chkdsk /r /v D: changing the drive letter to the applicable drive.

    C:\Windows\system32>chkdsk /r /v
    The type of the file system is NTFS.
    Cannot lock current drive.

    Chkdsk cannot run because the volume is in use by another
    process. Would you like to schedule this volume to be
    checked the next time the system restarts? (Y/N)

    Type: Y
    reboot


    10) Use the information in this link to find the chkdsk report in the event viewer.
    Copy and paste into notepad > save to desktop > post into the thread using one drive or drop box share link:
    Read Chkdsk Log in Event Viewer in Windows 10 Windows 10 Performance Maintenance Tutorials
    Read Chkdsk Log in Event Viewer in Windows 10

    11) Open disk management > by default some columns are compressed > widen each Status and Volume > make sure the contents within the parenthesis are in full view and that none of the characters are cutoff > view disk 0 > widen this row as needed so that all of the characters are in full view > post an image into the thread
    Disk Management - How to Post a Screenshot of

    12) Download and install Minitool Partition Wizard > click launch > post an image of the results into this thread
    MiniTool Partition Wizard Free Edition - Free download and software reviews - CNET Download.com
    MiniTool Portable Partition Magic Brings Easier Disk Management

    13) Uninstall AVG using the applicable uninstall tool:
    Uninstalling AVG AntiVirus using AVG Clear | AVG Support

    14) These test / steps can be performed overnight:
    a) HD Tune full error scan
    b) Sea Tools for Windows long generic test
    c) Chkdsk /r /v
      My Computer


  7. Posts : 67
    Windows 10 Home 64-bit
    Thread Starter
       #7

    1) AVG Free & Malwarebytes Free. Both have been removed (in the case of AVG - with the removal tool as well)

    2) No non-Microsoft firewall software.

    3) No Microsoft and non-Microsoft drive encryption software.

    4) Done.

    5)

    a)

    Windows Update 2004 - Error 0xe06d7363-5a.png

    b)

    Windows Update 2004 - Error 0xe06d7363-5b.png

    6)

    Windows Update 2004 - Error 0xe06d7363-6.png

    7)

    Windows Update 2004 - Error 0xe06d7363-hd1.jpgWindows Update 2004 - Error 0xe06d7363-hd2.jpgWindows Update 2004 - Error 0xe06d7363-hd3.jpg

    8) I ran Sea Tools before starting this thread but didn't screenshot it. It took over an hour and passed.

    9) chkdsk is running. Will post back.
      My Computer


  8. Posts : 39,962
    windows 10 professional version 1607 build 14393.969 64 bit
       #8

    Nice progress.
    MiniTool may flag Windows Defender.
    So can skip unless it does not flag.

    For Malwarebytes run the applicable uninstall tool:
    https://downloads.malwarebytes.com/file/mb_clean


    UPGRADE CHECK LIST:
    Code:
    Run through this check list before the next upgrade attempt:
    
    1) remove nonessential hardware
    docks
    USB devices
    printers
    headset
    speakers
    joysticks
    projectors
    scanners
    plotters
    portable optical drives (CD, DVD)
    microphones
    cameras
    webcams
    smartphones
    bluetooth devices
    USB drives (other than a windows 10 iso if used for the upgrade)
    USB Wireless Mouse or Keyboard Receiver, USB Wireless Network Card
    secondary monitors
    
    
    2) These should be the only attached devices:
    wired mouse
    wired keyboard
    monitor
    
    Any of these that have been done in the past week are not necessary to repeat:
    
    
    3) open administrative command prompt and type or copy and paste: (repair file system)
    chkdsk /r /v 
    This may take many hours so plan to run overnight
    Find the chkdsk report in the event viewer using the information in this link and post into the thread:
    Read Chkdsk Log in Event Viewer in Windows 10 Performance Maintenance Tutorials
    https://www.tenforums.com/tutorials/40822-read-chkdsk-log-event-viewer-windows-10-a.html 
    
    4) open administrative command prompt and copy and paste: (repair operating system)
    sfc /scannow 
    dism /online /cleanup-image /restorehealth 
    When these have completed > right click on the top bar or title bar of the administrative command prompt box > left click on edit then select all > right click on the top bar again > left click on edit then copy > paste into the thread
    
    5) update windows (have all recommended updates installed) and reboot after updates
    
    6) List and uninstall all non-Microsoft antivirus software
    (This includes always on and manual software.)
    (This includes running the applicable antivirus uninstall tools for any AV that could have been incompletely uninstalled)
    
    7) List and uninstall all non-Microsoft firewall software
    
    8) List all Microsoft and non-Microsoft drive encryption software. 
    Uninstall all non-Microsoft disk encryption software
    
    9) Run disk cleanup to clean temporary and system files
    
    10) Verify that the drive has > 30 GB free space (At least 25 GB is needed for creating dumps)
    
    11) Place the computer in clean boot:
    https://support.microsoft.com/en-us/help/929135/how-to-perform-a-clean-boot-in-windows
    How to perform a Clean Boot in Windows 10 - TechNet Articles - United States (English) - TechNet Wiki
    https://social.technet.microsoft.com/wiki/contents/articles/29876.how-to-perform-a-clean-boot-in-windows-10.aspx
    https://www.tenforums.com/tutorials/41804-perform-clean-boot-windows-10-troubleshoot-software-conflicts.html
    
    
    12) Detach all SATA devices other than the disk drive that has the Windows operating system
    (Make sure that the only disk drive that is attached to the computer at the time of the upgrade attempt is the disk drive containing Windows)
    (Other disk drives may be able to be detached by disconnecting cables or if necessary to remove the drive from the computer)
    
    13) Make sure that there is no metered connection:  https://support.microsoft.com/en-us/help/17452/windows-metered-internet-connections-faq




    For any Windows upgrade failure:

    a) run V2 > upload directly into this thread
    BSOD - Posting Instructions
    How to Upload and Post Screenshots and Files at Ten Forums

    b) Run the script > post a share link into the newest post
      My Computer


  9. Posts : 67
    Windows 10 Home 64-bit
    Thread Starter
       #9

    10) Chkdsk log

    Code:
    TimeCreated : 24/06/2020 02:08:30Message     :                             Checking file system on C:              The type of the file system is NTFS.              Volume label is Server OS.                            A disk check has been scheduled.              Windows will now check the disk.                                                     Stage 1: Examining basic file system structure ...              Cleaning up instance tags for file 0x23123.              Cleaning up instance tags for file 0x2359a.              Cleaning up instance tags for file 0x235a1.              Cleaning up instance tags for file 0x235bc.              Cleaning up instance tags for file 0x268b9.              Cleaning up instance tags for file 0x268bb.              Cleaning up instance tags for file 0x2969a.              Cleaning up instance tags for file 0x313d6.              Cleaning up instance tags for file 0x319b8.              Cleaning up instance tags for file 0x319b9.              Cleaning up instance tags for file 0x32a62.              Cleaning up instance tags for file 0x3ea4e.                643328 file records processed.                                                                                    File verification completed.                24082 large file records processed.                                                                 0 bad file records processed.                                                                               Stage 2: Examining file name linkage ...                456 reparse records processed.                                                                    815906 index entries processed.                                                                                   Index verification completed.                0 unindexed files scanned.                                                                      0 unindexed files recovered to lost and found.                                                  456 reparse records processed.                                                                                Stage 3: Examining security descriptors ...              Cleaning up 6054 unused index entries from index $SII of file 0x9.              Cleaning up 6054 unused index entries from index $SDH of file 0x9.              Cleaning up 6054 unused security descriptors.              CHKDSK is compacting the security descriptor stream              Security descriptor verification completed.                86290 data files processed.                                                                       CHKDSK is verifying Usn Journal...              Usn Journal verification completed.                            Stage 4: Looking for bad clusters in user file data ...                643312 files processed.                                                                                           File data verification completed.                            Stage 5: Looking for bad, free clusters ...                103938507 free clusters processed.                                                                                   Free space verification is complete.              Correcting errors in the Volume Bitmap.                            Windows has made corrections to the file system.              No further action is required.                             480538671 KB total disk space.                63805248 KB in 324599 files.                  248856 KB in 86293 indexes.                       0 KB in bad sectors.                  730539 KB in use by the system.                   65536 KB occupied by the log file.               415754028 KB available on disk.                                  4096 bytes in each allocation unit.               120134667 total allocation units on disk.               103938507 allocation units available on disk.                            Internal Info:              00 d1 09 00 16 45 06 00 64 fc 0b 00 00 00 00 00  .....E..d.......              78 01 00 00 50 00 00 00 00 00 00 00 00 00 00 00  x...P...........                            Windows has finished checking your disk.              Please wait while your computer restarts.


    11)

    Windows Update 2004 - Error 0xe06d7363-disk.png

    12)

    Windows Update 2004 - Error 0xe06d7363-part.png

    13) Done.


    14) All done as above.

    Malwarebytes uninstall tool has been run.

    I've cleaned temp files and will try the update to 2004 again later.
      My Computer


  10. Posts : 39,962
    windows 10 professional version 1607 build 14393.969 64 bit
       #10

    Chkdsk:
    Code:
    Correcting errors in the Volume Bitmap.                           
    Windows has made corrections to the file system.

    For the upgrade:
    a) Make sure the computer is placed in clean boot before the upgrade and reboots into clean boot
    b) Make sure there are no attached hardware devices
    c) Updates can be accepted during the upgrade


    Use this link as needed when posting results:
    How to Change Post Editor to Source or WYSIWYG Mode at TenForums.com



    Run the Avast uninstall tool:
    Avast Uninstall Utility | Download aswClear for Avast Removal
      My Computer


 

  Related Discussions
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd
All times are GMT -5. The time now is 14:58.
Find Us




Windows 10 Forums