[SOLVED] Error Downloading Autoruns While Running SysnativeFileCollectionApp

[blueelvis]

Hi everyone ^_^,


I just tried to run the SysnativeFileCollectionApp and saw this while the app was still running -

09-06-2015 13:55:38.37

Downloading and executing autorunsc.exe. . .
Input Error: There is no script engine for file extension ".js".
'autorunsc.exe' is not recognized as an internal or external command,
operable program or batch file.
Could Not Find C:\Users\Blueelvis_RoXXX\Documents\autorunsc.exe


09-06-2015 13:55:38.63


Autoruns. . . D O N E

I confirmed that my internet was working fine. Once the ZIP file was created, I took a look inside and the Autoruns.txt was empty.


EDIT :- Also, can anyone please post the difference between Error Level 0 & 1 which are mentioned in the jcgriff2.txt log? Asking because I got some Error Level 0's and some Error Level 1's.

-Pranav

 

[Tekno Venus]

What program do you have associated with .js files?

Also see here: Fix "There is no script engine for file extension - Microsoft Community

BTW, there's currently a bug which means Autoruns doesn't actually produce an output anyway! It will be fixed in version 4.6.1

 

[blueelvis]

What program do you have associated with .js files?

Also see here: Fix "There is no script engine for file extension - Microsoft Community

BTW, there's currently a bug which means Autoruns doesn't actually produce an output anyway! It will be fixed in version 4.6.1

The JS files were associated with Notepad. I tried the fix which you suggested and it worked.

Is the bug related to the below output of Autoruns?

Autorunsc shows programs configured to autostart during boot.

Usage: autorunsc [-a <*|bdeghiklmoprsw>] [-c|-ct] [-h] [-m] [-s] [-u] [-vt] [[-z <systemroot> <userprofile>] | [user]]]
-a Autostart entry selection:
* All.
b Boot execute.
d Appinit DLLs.
c Codecs.
e Explorer addons.
g Sidebar gadgets (Vista and higher)
h Image hijacks.
i Internet Explorer addons.
k Known DLLs.
l Logon startups (this is the default).
m WMI entries.
n Winsock protocol and network providers.
o Office addins.
p Printer monitor DLLs.
r LSA security providers.
s Autostart services and non-disabled drivers.
t Scheduled tasks.
w Winlogon entries.
-c Print output as CSV.
-ct Print output as tab-delimited values.
-h Show file hashes.
-m Hide Microsoft entries (signed entries if used with -v).
-s Verify digital signatures.
-t Show timestamps in normalized UTC (YYYYMMDD-hhmmss).
-u If VirusTotal check is enabled, show files that are unknown
by VirusTotal or have non-zero detection, otherwise show only
unsigned files.
-x Print output as XML.
-v[rs] Query VirusTotal (VirusTotal - Free Online Virus, Malware and URL Scanner) for malware based on file hash.
Add 'r' to open reports for files with non-zero detection. Files
reported as not previously scanned will be uploaded to VirusTotal
if the 's' option is specified. Note scan results may not be
available for five or more minutes.
-vt Before using VirusTotal features, you must accept
VirusTotal terms of service. See:


https://www.virustotal.com/en/about/terms-of-service/


If you haven't accepted the terms and you omit this
option, you will be interactively prompted.
-z Specifies the offline Windows system to scan.
user Specifies the name of the user account for which
autorun items will be shown. Specify '*' to scan
all user profiles.

Thanks Stephen ^_^

-Pranav

 

[Tekno Venus]

Yeah, that's the issue.

It always downloads the latest version of autoruns and the syntax slightly changed for the latest version. Only a small change so should be fixed soon

 

[blueelvis]

Ok great.

Stephen, could you please tell me what does the different types of error levels in the program's output mean?

 

[Tekno Venus]

Error level 0 indicates the command was successful.

1 implies there was an error or problem.

 

[blueelvis]

Not sure if it is significant or not but I see some errors despite the files being present and having the proper output. For example, the TRACERT job reports an error even though the proper output of the command is there in the SysnativeFileCollectionApp. Below is the jcgriff2.txt log file -

Read More:

09-06-2015 16:04:13.15 Begin Logging


v4.6.0 compiled EXE
v4.6.0 compiled EXE
v4.6.0 compiled EXE
v4.6.0 compiled EXE


09-06-2015 16:04:13.16 Finished set commands - error level - 0




09-06-2015 16:04:13.17 Changed the title of the screen - error level - 0
09-06-2015 16:04:13.18 Did a PushD to HomeDrive:HomePath\Document- error level - 0
09-06-2015 16:04:13.24 Copying mini-kernel dump files - error level - 0
09-06-2015 16:04:13.29 Copying mini-kernel dump files Done - error level - 0
-
* * * B S O D F I L E C O L L E C T I O N S C R I P T * * *
Authors:
jcgriff2 - J. C. Griffith, Microsoft MVP
TheOutcaste - Jerry Wines, Microsoft MVP
Patrick - Patrick Barker, Microsoft MVP
niemiro - Richard
Tekno Venus - Stephen
© https://www.sysnative.com/
© sysnative.com - MVP
© 2008 - 2014 sysnative.com
Last Update: July 2014
New Jersey, USA; Oregon, USA; New York, USA
ALL RIGHTS RESERVED
-
09-06-2015 16:04:08.37 ----- Actual Start execution time
-
B E G I N jcgriff2 B A T C H E X E C U T I O N
B E G I N jcgriff2 B A T C H E X E C U T I O N
-
-
09-06-2015 16:04:13.33
-
Original home drive = C:
home path = \Users\Blueelvis_RoXXX
current directory = C:\Users\Blueelvis_RoXXX\Documents
-
09-06-2015 16:04:13.35 Running WHOAMI command - error level - 0
-
ALL user SIDs ------


USER INFORMATION
----------------


User Name SID
========================= ==============================================
blueelvis\pranav v jituri S-1-5-21-3164719981-2174186639-2197569014-1004




GROUP INFORMATION
-----------------


Group Name Type SID Attributes
============================================================= ================ ============================================================================================================= ===============================================================
Mandatory Label\High Mandatory Level Label S-1-16-12288
Everyone Well-known group S-1-1-0 Mandatory group, Enabled by default, Enabled group
NT AUTHORITY\Local account and member of Administrators group Well-known group S-1-5-114 Mandatory group, Enabled by default, Enabled group
BLUEELVIS\ORA_DBA Alias S-1-5-21-3164719981-2174186639-2197569014-1005 Mandatory group, Enabled by default, Enabled group
BUILTIN\Administrators Alias S-1-5-32-544 Mandatory group, Enabled by default, Enabled group, Group owner
BUILTIN\Performance Log Users Alias S-1-5-32-559 Mandatory group, Enabled by default, Enabled group
BUILTIN\Users Alias S-1-5-32-545 Mandatory group, Enabled by default, Enabled group
NT AUTHORITY\INTERACTIVE Well-known group S-1-5-4 Mandatory group, Enabled by default, Enabled group
CONSOLE LOGON Well-known group S-1-2-1 Mandatory group, Enabled by default, Enabled group
NT AUTHORITY\Authenticated Users Well-known group S-1-5-11 Mandatory group, Enabled by default, Enabled group
NT AUTHORITY\This Organization Well-known group S-1-5-15 Mandatory group, Enabled by default, Enabled group
MicrosoftAccount\blueelvisrocks@gmail.com User S-1-11-96-3623454863-58364-18864-2661722203-1597581903-1979038170-2490400029-2420599316-4204873054-1830258813 Mandatory group, Enabled by default, Enabled group
NT AUTHORITY\Local account Well-known group S-1-5-113 Mandatory group, Enabled by default, Enabled group
LOCAL Well-known group S-1-2-0 Mandatory group, Enabled by default, Enabled group
NT AUTHORITY\Microsoft Account Authentication Well-known group S-1-5-64-32 Mandatory group, Enabled by default, Enabled group




PRIVILEGES INFORMATION
----------------------


Privilege Name Description State
=============================== ========================================= ========
SeLockMemoryPrivilege Lock pages in memory Disabled
SeIncreaseQuotaPrivilege Adjust memory quotas for a process Disabled
SeSecurityPrivilege Manage auditing and security log Disabled
SeTakeOwnershipPrivilege Take ownership of files or other objects Disabled
SeLoadDriverPrivilege Load and unload device drivers Disabled
SeSystemProfilePrivilege Profile system performance Disabled
SeSystemtimePrivilege Change the system time Disabled
SeProfileSingleProcessPrivilege Profile single process Disabled
SeIncreaseBasePriorityPrivilege Increase scheduling priority Disabled
SeCreatePagefilePrivilege Create a pagefile Disabled
SeBackupPrivilege Back up files and directories Disabled
SeRestorePrivilege Restore files and directories Disabled
SeShutdownPrivilege Shut down the system Disabled
SeDebugPrivilege Debug programs Disabled
SeSystemEnvironmentPrivilege Modify firmware environment values Disabled
SeChangeNotifyPrivilege Bypass traverse checking Enabled
SeRemoteShutdownPrivilege Force shutdown from a remote system Disabled
SeUndockPrivilege Remove computer from docking station Disabled
SeManageVolumePrivilege Perform volume maintenance tasks Disabled
SeImpersonatePrivilege Impersonate a client after authentication Enabled
SeCreateGlobalPrivilege Create global objects Enabled
SeIncreaseWorkingSetPrivilege Increase a process working set Disabled
SeTimeZonePrivilege Change the time zone Disabled
SeCreateSymbolicLinkPrivilege Create symbolic links Disabled


-
09-06-2015 16:04:13.42 WHOAMI Command Done - error level - 0
-
-
Get basic system information . . .
Number of processors . . . . 4
PC Brand . . . . . . . . . .
Platform . . . . . . . . . .
Processor Architecture . . . AMD64
Processor Identifier . . . . Intel64 Family 6 Model 42 Stepping 7, GenuineIntel
Processor Level. . . . . . . 6
Processor Revision . . . . . 2a07
Operating system . . . . . . Windows_NT
Windows Dir. . . . . . . . . C:\Windows
User Profile Dir . . . . . . C:\Users\Blueelvis_RoXXX
-
09-06-2015 16:04:13.44 Starting msinfo32 - save in NFO format
-
09-06-2015 16:04:13.48 msinfo32 Started - error level - 0
-
-
09-06-2015 16:04:13.49 Starting dxdiag
-
09-06-2015 16:04:13.51 dxdiag Started - error level - -
-
-
09-06-2015 16:04:13.52 Copy Hosts File
-
09-06-2015 16:04:13.55 Copy Hosts File Done - error level - 1
-
-
09-06-2015 16:04:13.56 Starting Driver Query #1
-
09-06-2015 16:04:13.63 Driver Query #1 Started - error level - 1
-
-
09-06-2015 16:04:13.65 Starting Driver Query #2
-
09-06-2015 16:04:13.70 Driver Query #2 Started - error level - 1
-
-
09-06-2015 16:04:13.72 Starting Driver Query #3
-
09-06-2015 16:04:13.81 Driver Query #3 Started - error level - 1
-
-
D R I V E R Q U E R Y E N D
-
-
09-06-2015 16:04:14.09 Starting Event Viewer log dump - apps
-
09-06-2015 16:04:14.22 Event Viewer log dump - apps - Started - error level - 1
-
-
09-06-2015 16:04:14.24 Starting Event Viewer log dump - System
-
09-06-2015 16:04:14.31 Event Viewer log dump - System - Started - error level - 1
-
-
09-06-2015 16:04:14.32 Starting TRACERT and IPCONFIG
-
-
09-06-2015 16:04:14.40 TRACERT Started - error level - 1
-
09-06-2015 16:04:15.36 Running IPCONFIG Done - error level - 0
-
-
09-06-2015 16:04:15.37 Starting SystemInfo
-
09-06-2015 16:04:15.58 SystemInfo Started - error level - 0
-
-
09-06-2015 16:04:15.59 Starting SysInfo e-mail removing vbs script
-
-)
09-06-2015 16:04:15.81 Export current variables Done - error level - 0
-
-
09-06-2015 16:04:15.83 Starting WHERE *.sys Command
-
-)
09-06-2015 16:04:20.36 NETSH Commands Done - error level - 1
-
-
09-06-2015 16:04:20.37 Running NETSTAT Command
-
09-06-2015 16:04:49.86 NETSTAT Command Done - error level - 0
-
-
09-06-2015 16:04:49.87 Obtaining Windows Error Reporting information
-
09-06-2015 16:04:50.84 Windows Error Reporting Done - error level - 0
-
-
09-06-2015 16:04:50.94 Running Windows Management Instrumentation
-
09-06-2015 16:04:51.89 Windows Management Instrumentation Done - error level - 0
-
-
09-06-2015 16:04:51.95 Listing running Tasks
-
09-06-2015 16:04:55.77 Running executing Tasks Listing . . . DONE


Issue cd cmd - Where are we? . . .
C:\Users\Blueelvis_RoXXX\Documents
09-06-2015 16:04:55.78 cd command issued - error level - 0




09-06-2015 16:04:55.85 Downloading and executing autorunsc.exe. . .




09-06-2015 16:05:11.09 Downloading and executing autorunsc.exe. . . DONE




09-06-2015 16:05:11.11 Copy dumps - 2nd time


09-06-2015 16:05:11.17 Copy dumps - 2nd time . . . Done - error level - 0


09-06-2015 16:05:11.18 Begin registry dump - program un-install strings in case needed


09-06-2015 16:05:17.35 Regquery 1 . . . D O N E - error level - 0


09-06-2015 16:05:17.43 Regquery 2 . . . D O N E - error level - 0


09-06-2015 16:05:17.52 Regquery 3 . . . D O N E - error level - 0


Volume in drive C has no label.
Volume Serial Number is 305D-572A


Directory of C:\Users\Blueelvis_RoXXX\Documents\SysnativeFileCollectionApp


09-06-2015 16:05 <DIR> .
09-06-2015 16:05 <DIR> ..
11-04-2015 16:21 790,424 041115-26984-01.dmp
14-04-2015 20:10 300,072 041415-14109-01.dmp
14-04-2015 19:46 300,128 041415-14765-01.dmp
14-04-2015 19:58 300,072 041415-14968-01.dmp
14-04-2015 13:15 300,128 041415-15750-01.dmp
15-04-2015 00:25 300,128 041515-13953-01.dmp
15-04-2015 00:29 300,016 041515-16781-01.dmp
09-06-2015 16:05 4,234 Autoruns.txt
09-06-2015 16:04 43,556 DriverqFo.txt
09-06-2015 16:04 11,180 DriverqSi.txt
09-06-2015 16:04 78,644 DriverqV.txt
09-06-2015 16:04 74,532 DxDiagx86.txt
09-06-2015 16:04 15,595,142 EvtxAppDump.txt
09-06-2015 16:04 10,896,323 EvtxSysDump.txt
09-06-2015 16:05 6,375 HKCUSoftMSWinCVUninstall.txt
09-06-2015 16:05 8,247 HKLMSoftMSA-SInstalledComponents.txt
09-06-2015 16:05 101,949 HKLMSoftMSWinCVUninstall.txt
09-06-2015 16:04 6,917 IPconfigAll.txt
09-06-2015 16:05 12,186 Jcgriff2Log.txt
09-06-2015 16:04 1,668 KernelDumpList.txt
09-06-2015 16:04 17,072 NetSHLAN1.txt
09-06-2015 16:04 27,638 NetstatJcgriff2
09-06-2015 16:04 0 NetstatJcgriff2.StdErr
09-06-2015 16:04 10,452 RAMInfo.html
09-06-2015 16:04 5,222 SetEnvironmentVar.txt
09-06-2015 16:04 141 SysList.txt
09-06-2015 16:04 9,873 SystemInfo.txt
09-06-2015 16:04 141,453 TasklistSVCHOST.txt
09-06-2015 16:05 953 Tracert.txt
09-06-2015 16:04 25 WERALL.txt
09-06-2015 16:04 256,922 WERLocalAppData
09-06-2015 16:04 81,792 WERProgramData
09-06-2015 16:04 1,358 WMICRecoveros.txt
33 File(s) 29,984,822 bytes
2 Dir(s) 66,691,751,936 bytes free


09-06-2015 16:05:17.54 Dir command . . . Done - error level - 0


09-06-2015 16:05:17.55 -- E O J - End of Job . . .
09-06-2015 16:05:17.56 -- E O J - End of Job . . .
09-06-2015 16:05:17.57 -- E O J - End of Job . . .




* * * B S O D F I L E C O L L E C T I O N S C R I P T * * *
Authors:
jcgriff2 - J. C. Griffith, Microsoft MVP
TheOutcaste - Jerry Wines, Microsoft MVP
Patrick - Patrick Barker, Microsoft MVP
niemiro - Richard
Tekno Venus - Stephen
© https://www.sysnative.com/
© sysnative.com - MVP
© 2008 - 2014 sysnative.com
Last Update: July 2014
New Jersey, USA; Oregon, USA; New York, USA
ALL RIGHTS RESERVED


09-06-2015 16:05:17.68 -- E O J - End of Job . . .
09-06-2015 16:05:17.69 -- E O J - End of Job . . .

-Pranav

 

[jcgriff2]

Nothing to be concerned about.

Not sure why the error levels came out like this.

 

[blueelvis]

Nothing to be concerned about.

Not sure why the error levels came out like this.

Yea, even I was wondering as to why the error levels came out like this.


Marking this thread as solved since the issue was on my end :)

Thanks!


-Pranav