
04-Jul-14 14:43:12.20 Begin Logging

v2.9 compiled EXE
v2.9 compiled EXE
v2.9 compiled EXE
v2.9 compiled EXE

04-Jul-14 14:43:12.23 Finished set commands                     - error level - 0


04-Jul-14 14:43:12.25 Changed the title of the screen           - error level - 0
04-Jul-14 14:43:12.25 Did a PushD to HomeDrive:HomePath\Document- error level - 0
04-Jul-14 14:43:12.26 Checked for existance of TSF Sub-Dir      - error level - 0
04-Jul-14 14:43:12.26 Created user Dir                          - error level - 0
04-Jul-14 14:43:12.29 Copying mini-kernel dump files            - error level - 0
04-Jul-14 14:43:12.32 Copying mini-kernel dump files Done       - error level - 1
-
* * *    B S O D    F I L E    C O L L E C T I O N    S C R I P T    * * *
         Authors:
            jcgriff2 - J. C. Griffith, Microsoft MVP
            TheOutcaste - Jerry Wines, Microsoft MVP
           http://www.sysnative.com/
           sysnative.com - MVP
          2008 - 2011 sysnative.com
            Last Update: February 2011
         New Jersey, USA; Oregon, USA
         ALL RIGHTS RESERVED
-
  04-Jul-14   14:43:06.88  ----- Actual Start execution time
-
      B E G I N      jcgriff2    B A T C H   E X E C U T I O N
      B E G I N      jcgriff2    B A T C H   E X E C U T I O N
-
-
04-Jul-14 14:43:12.36 
-
Original home drive =  C:
home path           =  \Users\Roy
current directory   =  C:\Users\Roy\Documents
-
04-Jul-14 14:43:12.37 Running WHOAMI command                    - error level - 1
-
ALL user SIDs ------

USER INFORMATION
----------------

User Name  SID                                          
========== =============================================
roy-pc\roy S-1-5-21-564948734-1150122823-3207075699-1000


GROUP INFORMATION
-----------------

Group Name                                                    Type             SID          Attributes                                                     
============================================================= ================ ============ ===============================================================
Everyone                                                      Well-known group S-1-1-0      Mandatory group, Enabled by default, Enabled group             
NT AUTHORITY\Local account and member of Administrators group Well-known group S-1-5-114    Mandatory group, Enabled by default, Enabled group             
BUILTIN\Administrators                                        Alias            S-1-5-32-544 Mandatory group, Enabled by default, Enabled group, Group owner
BUILTIN\Users                                                 Alias            S-1-5-32-545 Mandatory group, Enabled by default, Enabled group             
NT AUTHORITY\INTERACTIVE                                      Well-known group S-1-5-4      Mandatory group, Enabled by default, Enabled group             
CONSOLE LOGON                                                 Well-known group S-1-2-1      Mandatory group, Enabled by default, Enabled group             
NT AUTHORITY\Authenticated Users                              Well-known group S-1-5-11     Mandatory group, Enabled by default, Enabled group             
NT AUTHORITY\This Organization                                Well-known group S-1-5-15     Mandatory group, Enabled by default, Enabled group             
NT AUTHORITY\Local account                                    Well-known group S-1-5-113    Mandatory group, Enabled by default, Enabled group             
LOCAL                                                         Well-known group S-1-2-0      Mandatory group, Enabled by default, Enabled group             
NT AUTHORITY\NTLM Authentication                              Well-known group S-1-5-64-10  Mandatory group, Enabled by default, Enabled group             
Mandatory Label\High Mandatory Level                          Label            S-1-16-12288 Mandatory group, Enabled by default, Enabled group             


PRIVILEGES INFORMATION
----------------------

Privilege Name                  Description                               State   
=============================== ========================================= ========
SeLockMemoryPrivilege           Lock pages in memory                      Disabled
SeIncreaseQuotaPrivilege        Adjust memory quotas for a process        Disabled
SeSecurityPrivilege             Manage auditing and security log          Disabled
SeTakeOwnershipPrivilege        Take ownership of files or other objects  Disabled
SeLoadDriverPrivilege           Load and unload device drivers            Disabled
SeSystemProfilePrivilege        Profile system performance                Disabled
SeSystemtimePrivilege           Change the system time                    Disabled
SeProfileSingleProcessPrivilege Profile single process                    Disabled
SeIncreaseBasePriorityPrivilege Increase scheduling priority              Disabled
SeCreatePagefilePrivilege       Create a pagefile                         Disabled
SeBackupPrivilege               Back up files and directories             Disabled
SeRestorePrivilege              Restore files and directories             Disabled
SeShutdownPrivilege             Shut down the system                      Disabled
SeDebugPrivilege                Debug programs                            Disabled
SeSystemEnvironmentPrivilege    Modify firmware environment values        Disabled
SeChangeNotifyPrivilege         Bypass traverse checking                  Enabled 
SeRemoteShutdownPrivilege       Force shutdown from a remote system       Disabled
SeUndockPrivilege               Remove computer from docking station      Disabled
SeManageVolumePrivilege         Perform volume maintenance tasks          Disabled
SeImpersonatePrivilege          Impersonate a client after authentication Enabled 
SeCreateGlobalPrivilege         Create global objects                     Enabled 
SeIncreaseWorkingSetPrivilege   Increase a process working set            Disabled
SeTimeZonePrivilege             Change the time zone                      Disabled
SeCreateSymbolicLinkPrivilege   Create symbolic links                     Disabled
-
04-Jul-14 14:43:12.59 WHOAMI Command Done                       - error level - 1
-
-
Get basic system information . . .
Number of processors . . . . 8
PC Brand . . . . . . . . . . 
Platform . . . . . . . . . . 
Processor Architecture . . . x86
Processor Identifier . . . . Intel64 Family 6 Model 42 Stepping 7, GenuineIntel
Processor Level. . . . . . . 6
Processor Revision . . . . . 2a07
Operating system . . . . . . Windows_NT
Windows Dir. . . . . . . . . C:\Windows
User Profile Dir . . . . . . C:\Users\Roy
-
04-Jul-14 14:43:12.61 Starting msinfo32 - save in NFO format
-
04-Jul-14 14:43:12.82 msinfo32 Started                          - error level - 0
-
-
04-Jul-14 14:43:12.82 Starting dxdiag
-
04-Jul-14 14:43:12.86 dxdiag Started                            - error level - -
-
-
04-Jul-14 14:43:12.86 Copy Hosts File
-
04-Jul-14 14:43:12.87 Copy Hosts File Done                      - error level - 0
-
-
04-Jul-14 14:43:12.87 Starting Driver Query #1
-
04-Jul-14 14:43:12.92 Driver Query #1 Started                   - error level - 0
-
-
04-Jul-14 14:43:12.92 Starting Driver Query #2
-
04-Jul-14 14:43:12.95 Driver Query #2 Started                   - error level - 0
-
-
04-Jul-14 14:43:12.95 Starting Driver Query #3
-
04-Jul-14 14:43:13.00 Driver Query #3 Started                   - error level - 0
-
-
         D R I V E R      Q U E R Y      E N D
-
-
04-Jul-14 14:43:13.01 Starting Event Viewer log dump - apps
-
04-Jul-14 14:43:13.06 Event Viewer log dump - apps - Started    - error level - 0
-
-
04-Jul-14 14:43:13.06 Starting Event Viewer log dump - System
-
04-Jul-14 14:43:13.09 Event Viewer log dump - System - Started  - error level - 0
-
-
04-Jul-14 14:43:13.09 Starting TRACERT and IPCONFIG
-
-
04-Jul-14 14:43:13.14 TRACERT Started                           - error level - 0
-
04-Jul-14 14:43:13.31 Running IPCONFIG Done                     - error level - 0
-
-
04-Jul-14 14:43:13.32 Starting SystemInfo
-
04-Jul-14 14:43:13.35 SystemInfo Started                        - error level - 0
-
-
04-Jul-14 14:43:13.37 Export current variables
-
04-Jul-14 14:43:13.40 Export current variables Done             - error level - 0
-
-
04-Jul-14 14:43:13.40 Starting WHERE *.sys Command
-
04-Jul-14 14:43:13.48 -- WHERE  *.sys Started                   - error level - 0
-
-
04-Jul-14 14:43:13.49 Starting WHERE *.dll Command
-
04-Jul-14 14:43:13.56 -- WHERE  *.dll Started                   - error level - 0
-
-
04-Jul-14 14:43:13.56 Running NETSH Commands
-
04-Jul-14 14:43:14.07 NETSH Commands Done                       - error level - 1
-
-
04-Jul-14 14:43:14.09 Running NETSTAT Command
-
04-Jul-14 14:43:19.45 NETSTAT Command Done                      - error level - 0
-
-
04-Jul-14 14:43:19.45 Obtaining Windows Error Reporting information
-
04-Jul-14 14:43:19.68 Windows Error Reporting Done              - error level - 0
-
-
04-Jul-14 14:43:19.70 Running Windows Management Instrumentation
-
04-Jul-14 14:43:20.28 Windows Management Instrumentation Done   - error level - 0
-
-
04-Jul-14 14:43:20.28 Listing running Tasks
-
04-Jul-14 14:44:14.89 Running executing Tasks Listing . . . DONE

Issue cd cmd - Where are we? . . .
C:\Users\Roy\Documents
04-Jul-14 14:44:14.91 cd command issued                         - error level - 0

04-Jul-14 14:44:14.91 -- Check for AutoRuns file in documents folder . . .
 Volume in drive C has no label.
 Volume Serial Number is 1C98-8053

 Directory of C:\Users\Roy\documents


04-Jul-14 14:44:14.91 -- Check for AutoRuns file in documents folder . . . Done

04-Jul-14 14:44:14.92 Skipping autoruns, file not found

04-Jul-14 14:44:14.92 Copy dumps - 2nd time

04-Jul-14 14:44:14.94 Copy dumps - 2nd time . . . Done          - error level - 0

04-Jul-14 14:44:14.94 Begin registry dump - program un-install strings in case needed

04-Jul-14 14:44:19.59 Regquery 1 . . .  D O N E                 - error level - 0

04-Jul-14 14:44:19.62 Regquery 2 . . .  D O N E                 - error level - 0

04-Jul-14 14:44:19.66 Regquery 3 . . .  D O N E                 - error level - 0

 Volume in drive C has no label.
 Volume Serial Number is 1C98-8053

 Directory of C:\Users\Roy\Documents\Windows7_Vista_jcgriff2

04-Jul-14  02:44 PM    <DIR>          .
04-Jul-14  02:44 PM    <DIR>          ..
04-Jul-14  02:43 PM             1,025 !_kernel_dump_list.txt
04-Jul-14  02:43 PM         3,117,307 $dll_list.txt
04-Jul-14  02:43 PM         6,661,589 $evtx_app_dump.txt
04-Jul-14  02:43 PM        11,239,445 $evtx_sys_dump.txt
04-Jul-14  02:43 PM             5,198 $ipconfig_all.txt
04-Jul-14  02:44 PM            10,379 $jcgriff2_log.txt
04-Jul-14  02:44 PM                 0 $msinfo32.nfo
04-Jul-14  02:43 PM            10,592 $RAM_info.html
04-Jul-14  02:43 PM             3,585 $set_environment_var.txt
04-Jul-14  02:43 PM            10,139 $systeminfo.txt
04-Jul-14  02:43 PM           199,918 $sys_list.txt
04-Jul-14  02:44 PM           105,276 $Tasklist_SVCHOST.txt
04-Jul-14  02:43 PM             1,461 $tracert.txt
04-Jul-14  02:43 PM             4,242 $_netsh_lan1.txt
04-Jul-14  02:43 PM            17,735 $_netstat_jcgriff2
04-Jul-14  02:43 PM           263,055 $_WER_ALL.txt
04-Jul-14  02:43 PM            86,835 $_WER_localappdata
04-Jul-14  02:43 PM            29,312 $_WER_programdata
04-Jul-14  02:43 PM             1,338 $_WMIC_recoveros.txt
30-Jun-14  12:55 PM           285,360 063014-17908-01.dmp
01-Jul-14  11:51 AM            23,238 063014-17908-01.zip
04-Jul-14  02:43 PM            37,984 driverq_fo.txt
04-Jul-14  02:43 PM            15,959 driverq_si.txt
04-Jul-14  02:43 PM            65,882 driverq_v.txt
04-Jul-14  02:43 PM            31,767 dxdiag_x86t.txt
04-Jul-14  02:44 PM             1,476 HKCU_Soft_MS_Win_CV_Uninstall.txt
04-Jul-14  02:44 PM             7,546 HKLM_Soft_MS_A-S_Installed_Components.txt
04-Jul-14  02:44 PM           204,447 HKLM_Soft_MS_Win_CV_Uninstall.txt
10-Jun-09  11:00 PM               824 hosts.txt
              29 File(s)     22,442,914 bytes
               2 Dir(s)  19,835,330,560 bytes free

04-Jul-14 14:44:19.66 Dir command . . . Done                    - error level - 0

04-Jul-14 14:44:19.68 -- E  O  J  -  End of Job . . .
04-Jul-14 14:44:19.68 -- E  O  J  -  End of Job . . .
04-Jul-14 14:44:19.68 -- E  O  J  -  End of Job . . .


* * *    B S O D    F I L E    C O L L E C T I O N    S C R I P T    * * *
         Authors:
            jcgriff2 - J. C. Griffith, Microsoft MVP
            TheOutcaste - Jerry Wines, Microsoft MVP
           http://www.sysnative.com/
           sysnative.com - MVP
          2008 - 2011 sysnative.com
            Last Update: February 2011
         New Jersey, USA; Oregon, USA
         ALL RIGHTS RESERVED

04-Jul-14 14:44:19.73 -- E  O  J  -  End of Job . . .
04-Jul-14 14:44:19.74 -- E  O  J  -  End of Job . . .

04-Jul-14 14:44:30.38 All
