New
#31
I did follow your instructions and ran the script and attached the file. Did it come out ok?
I did follow your instructions and ran the script and attached the file. Did it come out ok?
bulmer,
Your wdo log files appear to have been edited.
I'm going to need you to run wdo again and to run the wdologs.zip script without any editing of the logs.
Cut and Paste without the commented sections this time.
My eyes must be playing tricks on me.
I've made a couple of changes to the script so that I can spot certain information easier.
Would you please use this revised version? Sorry for the inconvenience.
Script:
# ************************************************************
# Zips up your log files from Windows Defender Offline
# and extended info about the log files
# Places WDOlogs.ZIP on your Desktop
#
# ************************************************************
function New-Zip {
param([Parameter(Mandatory=$true, Position=0, ValueFromPipeline=$true)]
[String] $Path, [Switch] $PassThru, [Switch] $Force )
Process { if (Test-Path $path) {if (-not $Force) { return } }
Set-Content $path ("PK" + [char]5 + [char]6 + ("$([char]0)" * 18))
$item = Get-Item $path; $item.IsReadOnly = $false;if ($passThru) { $item } } }
function Copy-ToZip {param(
[Parameter(Mandatory=$true,Position=0,ValueFromPipelineByPropertyName=$true)] [Alias('FullName')]
[String]$File, [Parameter(Mandatory=$true,Position=1)] [String]$ZipFile,[Switch]$HideProgress,[Switch]$Force )
Begin {$ShellApplication = New-Object -ComObject Shell.Application
if (-not (Test-Path $ZipFile)) {New-Zip $ZipFile};$Path = Resolve-Path $ZipFile
$ZipPackage =$ShellApplication.Namespace("$Path")}
Process {$RealFile = Get-Item $File; if (-not $RealFile) { return }
if (-not $hideProgress) {$perc +=5; if ($perc -gt 100) { $perc = 0 }
Write-Progress "Copying to $ZipFile" $RealFile.FullName -PercentComplete $perc}
$Flags = 0; if ($force) {$flags = 16 -bor 1024 -bor 64 -bor 512};Write-Verbose $realFile.Fullname
$ZipPackage.CopyHere($realFile.Fullname, $flags);Start-Sleep -Milliseconds 500}}
$divider = "#" * 79
$fileinfo = join-path $env:TEMP \wdofileinfo.txt
IF (test-path $fileinfo) {del $fileinfo -ea:silentlycontinue -force:$true}
$dir = $env:windir + '\Microsoft Antimalware\Support'
$a = dir $dir -rec -force -ea:silentlycontinue | sort-object -property lastwritetime
$b = $a | where {$_.extension -eq '.log'} |Select mode, fullname, name, creationtime, lastwritetime, lastaccesstime, length, extension
$b | out-file -append $fileinfo
$b | foreach ($_.fullname) {
out-file -append $fileinfo -inputobject $divider
out-file -append $fileinfo -inputobject $_.fullname;
out-file -append $fileinfo -inputobject (get-content -path $_.fullname)
}
$ziploc = $env:userprofile + '\desktop\WDOlogs.ZIP'
new-zip $ziploc -verbose:$false -ea:silentlycontinue -force:$true
copy-tozip $fileinfo $ziploc -verbose:$false -hideprogress:$true
del $fileinfo
EXIT
EXIT
# ************************************************************
You missed one important minidump setting.
STARTUP AND RECOVERY SETTINGS
WIN + PAUSE/BREAK key combo |
Advanced system settings (left-hand side) |
Advanced tab, Startup and Recovery section, Settings |
System Failure section | checkmark Write an Event to the system log
| uncheck Automatically restart |
Under Write debugging information, select Small memory dump |
in the Small dump directory: box, enter %SystemRoot%\Minidump| OK
If Overwrite any existing file is checked, then:
Ø Under Write debugging information, select Kernel memory dump
!!!!!!#####################!!!!! This is the one you missed!
Ø Uncheck Overwrite any existing file
That must be unchecked so that you can collect more than one .dmp file.
Sorry for the delay, had to sleep...probably your turn now.
Ok, I fixed that one I missed (didn't think it was necessary because it was greyed out) and here is the new output from the revised functions..
Last edited by bulmer; 03 Aug 2012 at 22:12.
Alright, updated and ran full scan of Defender Offline nd attached are the WDOlogs. Thanks.