SysnativeBSODCollectionApp need correction

[SleepyDude]

Hi,

Just to report that checking the zip generated by the last version of the tool v4.6.0 I notice that the export of results of running Autoruns is failing because is duping the help for the programs instead of the autorun entries, it seems the programs arguments have changed on recent versions!

Generated Autoruns.txt:

Read More:

Autorunsc shows programs configured to autostart during boot.

Usage: autorunsc [-a <*|bdeghiklmoprsw>] [-c|-ct] [-h] [-m] [-s] [-u] [-vt] [[-z <systemroot> <userprofile>] | [user]]]
-a Autostart entry selection:
* All.
b Boot execute.
c Codecs.
d Appinit DLLs.
e Explorer addons.
g Sidebar gadgets (Vista and higher)
h Image hijacks.
i Internet Explorer addons.
k Known DLLs.
l Logon startups (this is the default).
m WMI entries.
n Winsock protocol and network providers.
o Office addins.
p Printer monitor DLLs.
r LSA security providers.
s Autostart services and non-disabled drivers.
t Scheduled tasks.
w Winlogon entries.
-c Print output as CSV.
-ct Print output as tab-delimited values.
-h Show file hashes.
-m Hide Microsoft entries (signed entries if used with -s).
-s Verify digital signatures.
-t Show timestamps in normalized UTC (YYYYMMDD-hhmmss).
-u If VirusTotal check is enabled, show files that are unknown
by VirusTotal or have non-zero detection, otherwise show only
unsigned files.
-x Print output as XML.
-v[rs] Query VirusTotal (www.virustotal.com) for malware based on file hash.
Add 'r' to open reports for files with non-zero detection. Files
reported as not previously scanned will be uploaded to VirusTotal
if the 's' option is specified. Note scan results may not be
available for five or more minutes.
-vt Before using VirusTotal features, you must accept
VirusTotal terms of service. See:

ToS - VirusTotal

If you haven't accepted the terms and you omit this
option, you will be interactively prompted.
-z Specifies the offline Windows system to scan.
user Specifies the name of the user account for which
autorun items will be shown. Specify '*' to scan
all user profiles.
-nobanner
Do not display the startup banner and copyright message.

 

[Tekno Venus]

Thanks for reporting this.

This will be fixed in 4.6.1 or 4.6.2 after Christmas :)

-Stephen

 

[SleepyDude]

Testing post...

 

[jcgriff2]

@SleepyDude

I am sorry to say that I doubt we will make a change to the app anytime soon for this. It involves AutoRuns TEXT output, which I find to be near worthless when compared to the AutoRuns ARN file output. The problem here has something to do with AutoRuns and not the jcgriff2/Sysnative BSOD Dump + File Collection app.

We used to get the AutoRuns ARN file output in the jcgriff2/Sysnative ZIP file, but something with AutoRuns went south and it was taking over 5 minutes for the AutoRuns ARN file to be written, so we switched over to text output. Since then, I have never used the AutoRuns text output ever again.

I now ask OPs for the AutoRuns ARN file when needed.

Simple instructions for the AutoRuns ARN file -

Please download SysInternals AutoRuns and save to Desktop.

Direct download from Microsoft Live SysInternals - https://live.sysinternals.com/autoruns.exe

Go to Desktop; RIGHT-click on autoruns.exe; select "Run as Administrator"

Allow AutoRuns to scan the Registry - status is located on bottom-left of AutoRuns screen; when "Ready" -

Click on File (top-left of screen); Click on Save;

Save to Desktop as an ARN file (default file extension - name the file whatever you wish to)

Zip up the file - RIGHT-Click on the ARN file; select Send To; select Compressed (Zipped) Folder

Upload and attach the ZIP file to your next post

NOPARSE CODE FOR POSTS -

 [noparse]
Please download SysInternals AutoRuns and save to Desktop.

Direct download from Microsoft Live SysInternals - https://live.sysinternals.com/autoruns.exe

Go to Desktop; RIGHT-click on [B]autoruns.exe[/B]; select "Run as Administrator"

Allow AutoRuns to scan the Registry - status is located on bottom-left of AutoRuns screen; when "[B]Ready[/B]" -

Click on [B]File[/B] (top-left of screen); Click on [B]Save;[/B]

Save to Desktop as an [b]ARN[/b] file (default file extension - name the file whatever you wish to)

Zip up the file - RIGHT-Click on the ARN file; select [B]Send To[/B]; select [B]Compressed (Zipped) Folder[/B]

Upload and attach the ZIP file to your next post

[/noparse]

Regards. . .

jcgriff2

 

[xilolee]

It gets 20 seconds on my machine with this command:

autoruns64 -a "%userprofile%\desktop\autoruns.arn"

Otherwise 15 seconds with the command line version of it (I excluded codecs and known dlls, i.e. c and k)

autorunsc64 -a bdeghilmnoprstw -m -ct -o "%userprofile%\desktop\autoruns-tab.txt"

 

[jcgriff2]

@xilolee - during testing by the admins, most ended up with a 0 byte ARN file. No idea why.

 

[xilolee]

Was it a recent test?

 

[jcgriff2]

A few years ago as I recall.

I myself never had any problems with the NFO file created by the app.

 

[Tekno Venus]

Yeah this was a weird one if I remember correctly

For some of us autoruns would crash whilst saving the arn file but for others it would work fine.

There are some recent posts with similar issues, so not sure if this is fixed or if you’re just one of the lucky ones where it works fine

• Sysinternals->Autoruns -> File-> Save-? *.arn - Microsoft Q&A
• AutoRuns v13.96 x86 - Crash when saving to .arn or when comparing current with a older arn file

 

[xilolee]

Yeah this was a weird one if I remember correctly

For some of us autoruns would crash whilst saving the arn file but for others it would work fine.

There are some recent posts with similar issues, so not sure if this is fixed or if you’re just one of the lucky ones where it works fine

• Sysinternals->Autoruns -> File-> Save-? *.arn - Microsoft Q&A
• AutoRuns v13.96 x86 - Crash when saving to .arn or when comparing current with a older arn file

The first didn't tell the autoruns version.
The second was using an older version and Win7 x86...

 

[jcgriff2]

The AutoRuns version was obviously an old one as this issue occurred several years ago.

 

[jcgriff2]

Yeah this was a weird one if I remember correctly

For some of us autoruns would crash whilst saving the arn file but for others it would work fine.

It was very weird to me because I never had an OP tell me that AutoRuns had crashed - only a few on staff here working on the app update. But I never encountered a problem.

 

[Tekno Venus]

I can still reproduce with the latest autoruns: 2021-03-06-16-35-02. About 20 seconds in autoruns stops responding then crashes.

 

[jcgriff2]

It works fine for me.

This is odd.

 

[Wrench97]

I have seen the issue sporadically, some have run it a second time without issue others never get it to run.

 

[xilolee]

I can still reproduce with the latest autoruns: 2021-03-06-16-35-02. About 20 seconds in autoruns stops responding then crashes.

But if you open autoruns normally, does It work?
It could be you have a lot of entries and then it freezes?

 

[Tekno Venus]

No crash, but it takes a very long time to save (5 minutes). The window remains responsive though. When launching from the command line, the window locks up and then crashes before the save finishes.

This is also a clean install of Windows 10, and I've experienced this on the last install of Windows 10 I had on this machine, and whatever install of Windows I had on my last PC when we last looked into this (I had an entirely different machine back then).

As per last time, we agreed it was just too unstable to use - whilst it works on some (or even most) systems fine, the BSOD app needs to be reliable and it just wasn't worth adding the instability caused by autoruns

 

[xilolee]

It currently creates an empty autoruns file, by the way...

 

[jcgriff2]

Yes it does - no idea why though.

It does not hurt anything so I just left it alone for the last few years or so.