C:\WINDOWS\System32\gatherWiredInfo.vbs C:\WINDOWS\System32\gatherWirelessInfo.vbs gatherWiredInfo.vbs Dim FSO, shell, xslProcessor Sub GetOSInfo(outputFileName) On Error Resume Next strComputer = "." HKEY_LOCAL_MACHINE = &H80000002 Dim objReg, outputFile Dim buildDetailNames, buildDetailRegValNames buildDetailNames = Array("Product Name", "Version", "Build Lab", "Type") buildDetailRegValNames = Array("ProductName", "CurrentVersion", "BuildLabEx", "CurrentType") Set outputFile = FSO.OpenTextFile(outputFileName, 2, True) Set objReg = GetObject("winmgmts:{impersonationLevel=impersonate}!\\" &_ strComputer & "\root\default:StdRegProv") outputFile.WriteLine("[Architechture/Processor Information]") outputFile.WriteLine() outputFile.Close cmd = "cmd /c set processor >> " & outputFileName shell.Run cmd, 0, True Set outputFile = FSO.OpenTextFile(outputFileName, 8, True) outputFile.WriteLine() outputFile.WriteLine("[Operating System Information]") outputFile.WriteLine() strKeyPath = "SOFTWARE\Microsoft\Windows NT\CurrentVersion" for I = 0 to UBound(buildDetailNames) objReg.GetStringValue HKEY_LOCAL_MACHINE, strKeyPath, buildDetailRegValNames(I), info outputFile.WriteLine(buildDetailNames(I) + " = " + info) Next outputFile.WriteLine() strKeyPath = "SYSTEM\SETUP" objReg.GetDWordValue HKEY_LOCAL_MACHINE, strKeyPath, "Upgrade", upgradeInfo if IsNull(upgradeInfo) Then outputFile.WriteLine("This is a clean installed system") Else outputFile.WriteLine("This is an upgraded system") End If outputFile.WriteLine(buildDetailNames(I) + " = " + info) outputFile.WriteLine() outputFile.WriteLine("[File versions]") outputFile.WriteLine() Set shell = WScript.CreateObject( "WScript.Shell" ) windir = shell.ExpandEnvironmentStrings("%windir%\system32\") Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\cimv2") Dim FileSet FileSet = Array("onex.dll", "dot3api.dll", "dot3cfg.dll", "dot3dlg.dll", "dot3gpclnt.dll", "dot3gpui.dll", "dot3msm.dll", "dot3svc.dll", "dot3ui.dll") For Each file in FileSet filename = windir + file strQuery = "Select * from CIM_Datafile Where Name = '" + Replace(filename, "\", "\\") + "'" Set fileProp = objWMIService.ExecQuery _ (strQuery) For Each objFile in fileProp outputFile.WriteLine(file + " " + objFile.Version) Next Next call GetBatteryInfo(outputFile) outputFile.Close Set outputFile = FSO.OpenTextFile(outputFileName, 8, True) outputFile.WriteLine("") outputFile.WriteLine("[System Information]") outputFile.WriteLine("") outputFile.Close 'Comments: Dumping System Information using "systeminfo" command cmd = "cmd /c systeminfo >> " & outputFileName shell.Run cmd, 0, True Set outputFile = FSO.OpenTextFile(outputFileName, 8, True) outputFile.WriteLine("") outputFile.WriteLine("[User Information]") outputFile.WriteLine("") outputFile.Close cmd = "cmd /c set u >> " & outputFileName shell.Run cmd, 0, True End Sub Sub GetBatteryInfo(outputFile) On Error Resume Next strComputer = "." outputFile.WriteLine() outputFile.WriteLine("[Power Information]") outputFile.WriteLine() Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\cimv2") Set colItems = objWMIService.ExecQuery("Select * from Win32_Battery") if colItems.Count = 0 Then outputFile.WriteLine("It is a Desktop running on AC") Else For Each objItem in colItems if objItem.Availability = 2 Then outputFile.WriteLine("Machine is running on AC Adapter") Else if objitem.Availability = 3 Then outputFile.WriteLine("Machine is running on Battery") End If End If Next End If End Sub Sub GetAdapterInfo(outputFile) On Error Resume Next Dim adapters, objReg Dim adapterDetailNames, adapterDetailRegValNames adapterDetailNames = Array("Driver Description", "Adapter Guid", "Hardware ID", "Driver Date", "Driver Version", "Driver Provider") adapterDetailRegValNames = Array("DriverDesc", "NetCfgInstanceId", "MatchingDeviceId", "DriverDate", "DriverVersion", "ProviderName") HKEY_LOCAL_MACHINE = &H80000002 strComputer = "." Set objReg = GetObject("winmgmts:{impersonationLevel=impersonate}!\\" &_ strComputer & "\root\default:StdRegProv") strKeyPath = "SYSTEM\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002BE10318}\" objReg.EnumKey HKEY_LOCAL_MACHINE, strKeyPath, adapterSet For Each adapter In adapterSet If StrComp("Properties", adapter) Then fullstrKeyPath = strKeyPath + adapter objReg.GetDWORDValue HKEY_LOCAL_MACHINE, fullstrKeyPath, "*IfType", ifType If ifType = 6 Then for I = 0 to UBound(adapterDetailNames) objReg.GetStringValue HKEY_LOCAL_MACHINE, fullstrKeyPath, adapterDetailRegValNames(I), info outputFile.WriteLine(adapterDetailNames(I) + " = " + info) Next outputFile.WriteLine() End If End If Next End Sub Sub GetEnvironmentInfo(outputFileName) On Error Resume Next Dim envInfoFile Set objShell = WScript.CreateObject( "WScript.Shell" ) cmd = "cmd /c netsh lan show interfaces > " & outputFileName objShell.Run cmd, 0, True cmd = "cmd /c netsh lan show settings >> " & outputFileName objShell.Run cmd, 0, True cmd = "cmd /c netsh lan show profiles >> " & outputFileName objShell.Run cmd, 0, True cmd = "cmd /c ipconfig /all >> " & outputFileName objShell.Run cmd, 0, True Set envInfoFile = FSO.OpenTextFile(outputFileName, 8, True) envInfoFile.WriteLine("") envInfoFile.WriteLine("Machine certificates...") envInfoFile.WriteLine("") envInfoFile.Close cmd = "cmd /c certutil -v -store -silent My >> " & outputFileName objShell.Run cmd, 0, True Set envInfoFile = FSO.OpenTextFile(outputFileName, 8, True) envInfoFile.WriteLine("") envInfoFile.WriteLine("User certificates...") envInfoFile.WriteLine("") envInfoFile.Close cmd = "cmd /c certutil -v -store -silent -user My >> " & outputFileName objShell.Run cmd, 0, True End Sub 'Comments: Function to dump a tree under a registry path into a file Sub DumpRegKey(outputFileName,regpath) On Error Resume Next Dim cmd Set objShell = WScript.CreateObject( "WScript.Shell" ) cmd = "cmd /c reg export " & regpath & " " & outputFileName & " /y" objShell.Run cmd, 0, True End Sub Sub DumpAllKeys On Error Resume Next Dim NotifRegFile, RegFolder, Key RegFolder = "Reg" if Not FSO.FolderExists(RegFolder) Then FSO.CreateFolder RegFolder End If LMDot3SvcRegFile = RegFolder + "\HKLMDot3Svc.reg.txt" CUDot3SvcRegFile = RegFolder + "\HKCUDot3Svc.reg.txt" LGPPolicyFile = RegFolder + "\L2GP.reg.txt" call DumpRegKey(LMDot3SvcRegFile ,"""HKLM\SOFTWARE\Microsoft\dot3svc""") call DumpRegKey(CUDot3SvcRegFile ,"""HKCU\SOFTWARE\Microsoft\dot3svc""") call DumpRegKey(LGPPolicyFile ,"""HKLM\SOFTWARE\Policies\Microsoft\Windows\WiredL2\GP_Policy""") End Sub Sub FormatTrace(basename, tmfPath, omitLevels) On Error Resume Next Dim subdir subdir = "traces\" Dim cmd cmd = "tracerpt """ & subdir & basename & ".etl"" -o """ & subdir & basename & ".xml"" -summary """ & subdir & basename & ".sum"" -tmf """ & tmfPath & """ -y" Dim exitcode exitcode = shell.Run(cmd, 0, True) ' run synchronous and hide the window If exitcode <> 0 Then Err.Raise exitcode, "gatherWiredInfo.FormatTrace", "tracerpt failed" End If FSO.DeleteFile subdir & basename & ".sum" Const ForReading = 1 Const TristateFalse = 0 Dim ansiFile Set ansiFile = FSO.OpenTextFile(subdir & basename & ".xml", ForReading, False, TristateFalse) xslProcessor.Input = CreateObject("MSXML2.DOMDocument.6.0") xslProcessor.Input.Async = False xslProcessor.Input.ValidateOnParse = True If Not xslProcessor.Input.LoadXml(ansiFile.ReadAll()) Then Err.Raise xslProcessor.Input.ParseError.ErrorCode, "gatherWiredInfo.FormatTrace", basename & ".xml line " & xslProcessor.Input.ParseError.Line & " column " & xslProcessor.Input.ParseError.LinePos & ": " & xslProcessor.Input.ParseError.Reason End If Dim output Set output = FSO.CreateTextFile(subdir & basename & ".txt", True, True) xslProcessor.AddParameter "omit-levels", " " & omitLevels & " " xslProcessor.Reset xslProcessor.Transform Dim buf Do ' FSO text file doesn't implement IStream, have to flush internal buffer manually buf = xslProcessor.Output output.Write buf Loop While buf <> "" ansiFile.Close FSO.DeleteFile subdir & basename & ".xml" End Sub Sub FormatEventLog(basename) On Error Resume Next Dim subdir subdir = "eventlog\" if Not FSO.FolderExists(subdir) Then FSO.CreateFolder subdir End If Dim cmd Set objShell = WScript.CreateObject( "WScript.Shell" ) cmd = "cmd /c tracerpt -y -of EVTX " + basename + ".etl -o " + subdir + basename + ".evtx" objShell.Run cmd, 0, True End Sub On Error Resume Next Dim adapterInfoFile, netInfoFile Set FSO = CreateObject("Scripting.FileSystemObject") Set shell = WScript.CreateObject( "WScript.Shell" ) sysdrive = shell.ExpandEnvironmentStrings("%SystemDrive%\") configFolder = "config" osinfoFileName = configFolder + "\osinfo.txt" adapterinfoFileName = configFolder + "\adapterinfo.txt" envinfoFileName = configFolder + "\envinfo.txt" if Not FSO.FolderExists(configFolder) Then FSO.CreateFolder configFolder End If call DumpAllKeys call GetOSInfo(osinfoFileName) Set adapterInfoFile = FSO.OpenTextFile(adapterInfoFileName, 2, True) call GetAdapterInfo(adapterInfoFile) adapterInfoFile.Close call GetEnvironmentInfo(envinfoFileName) Set stylesheet = CreateObject("MSXML2.FreeThreadedDOMDocument.6.0") stylesheet.Async = False stylesheet.ValidateOnParse = True If Not stylesheet.Load(shell.ExpandEnvironmentStrings("%windir%\system32\gatherWiredInfo.xslt")) Then Err.Raise stylesheet.ParseError.ErrorCode, "gatherWiredInfo", "gatherWiredInfo.xml line " & stylesheet.ParseError.Line & " column " & stylesheet.ParseError.LinePos & ": " & stylesheet.ParseError.Reason End If Set template = CreateObject("MSXML2.XSLTemplate.6.0") template.Stylesheet = stylesheet Set xslProcessor = template.CreateProcessor onex_tmf = shell.ExpandEnvironmentStrings("%windir%\system32\onex.tmf") onex_omit = "ONEX_DEV_REFCOUNTS ONEX_DEV_TRACK UTILS_LIB_TRACK UTILS_LIB_INFO WLAN_UTL_DEV_INFO WLAN_UTL_DEV_TRACK WLAN_UTL_DEV_ERROR WLAN_UTL_DEV_MEMORY Noise Perf Trace" dot3_tmf = shell.ExpandEnvironmentStrings("%windir%\system32\dot3.tmf") dot3_omit = "ACDLG_DEV_TRACK DEVICE_LAYER_TRACK DOT3_LOG_LEVEL_TRACE DOT3_MSM_REFCOUNTS DOT3_MSM_TRACK UTILS_LIB_TRACK UTILS_LIB_INFO Noise Perf Trace" eaphost_tmf = shell.ExpandEnvironmentStrings("%windir%\system32\eaphost.tmf") eaphost_omit = "ONEX_DEV_REFCOUNTS ONEX_DEV_TRACK UTILS_LIB_TRACK UTILS_LIB_INFO WLAN_UTL_DEV_INFO WLAN_UTL_DEV_TRACK WLAN_UTL_DEV_ERROR WLAN_UTL_DEV_MEMORY Noise Perf Trace" l2nacp_omit = "L2NACP_LOG_LEVEL_TRACE" FormatTrace "onex", onex_tmf, onex_omit FormatTrace "dot3dlg", dot3_tmf, dot3_omit FormatTrace "dot3gp", dot3_tmf, dot3_omit FormatTrace "dot3msm", dot3_tmf, dot3_omit FormatTrace "dot3svc", dot3_tmf, dot3_omit FormatTrace "dot3gp", dot3_tmf, dot3_omit FormatTrace "eaphost", eaphost_tmf, eaphost_omit FormatTrace "l2nacp", onex_tmf, l2nacp_omit FormatEventLog "WiredAutocfgEventLog" gatherWirelessInfo.vbs Dim FSO, shell, xslProcessor Sub GetOSInfo(outputFileName) On Error Resume Next strComputer = "." HKEY_LOCAL_MACHINE = &H80000002 Dim objReg, outputFile Dim buildDetailNames, buildDetailRegValNames buildDetailNames = Array("Product Name", "Version", "Build Lab", "Type") buildDetailRegValNames = Array("ProductName", "CurrentVersion", "BuildLabEx", "CurrentType") Set outputFile = FSO.OpenTextFile(outputFileName, 2, True) Set objReg = GetObject("winmgmts:{impersonationLevel=impersonate}!\\" &_ strComputer & "\root\default:StdRegProv") outputFile.WriteLine("[Architechture/Processor Information]") outputFile.WriteLine() outputFile.Close cmd = "cmd /c set processor >> " & outputFileName shell.Run cmd, 0, True Set outputFile = FSO.OpenTextFile(outputFileName, 8, True) outputFile.WriteLine() outputFile.WriteLine("[Operating System Information]") outputFile.WriteLine() strKeyPath = "SOFTWARE\Microsoft\Windows NT\CurrentVersion" for I = 0 to UBound(buildDetailNames) objReg.GetStringValue HKEY_LOCAL_MACHINE, strKeyPath, buildDetailRegValNames(I), info outputFile.WriteLine(buildDetailNames(I) + " = " + info) Next outputFile.WriteLine() strKeyPath = "SYSTEM\SETUP" objReg.GetDWordValue HKEY_LOCAL_MACHINE, strKeyPath, "Upgrade", upgradeInfo if IsNull(upgradeInfo) Then outputFile.WriteLine("This is a clean installed system") Else outputFile.WriteLine("This is an upgraded system") End If outputFile.WriteLine(buildDetailNames(I) + " = " + info) outputFile.WriteLine() outputFile.WriteLine("[File versions]") outputFile.WriteLine() Set shell = WScript.CreateObject( "WScript.Shell" ) windir = shell.ExpandEnvironmentStrings("%windir%\system32\") Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\cimv2") Dim FileSet FileSet = Array("onex.dll", "l2nacp.dll", "wlanapi.dll", "wlancfg.dll", "wlanconn.dll", "wlandlg.dll", "wlanext.exe", "wlangpui.dll", "wlanhc.dll", "wlanhlp.dll", "wlaninst.dll", "wlanmm.dll", "wlanmmhc.dll", "wlanmsm.dll", "wlanpref.dll", "wlansec.dll", "wlansvc.dll", "wlanui.dll") For Each file in FileSet filename = windir + file strQuery = "Select * from CIM_Datafile Where Name = '" + Replace(filename, "\", "\\") + "'" Set fileProp = objWMIService.ExecQuery _ (strQuery) For Each objFile in fileProp outputFile.WriteLine(file + " " + objFile.Version) Next Next call GetBatteryInfo(outputFile) outputFile.Close Set outputFile = FSO.OpenTextFile(outputFileName, 8, True) outputFile.WriteLine("") outputFile.WriteLine("[System Information]") outputFile.WriteLine("") outputFile.Close 'Comments: Dumping System Information using "systeminfo" command cmd = "cmd /c systeminfo >> " & outputFileName shell.Run cmd, 0, True Set outputFile = FSO.OpenTextFile(outputFileName, 8, True) outputFile.WriteLine("") outputFile.WriteLine("[User Information]") outputFile.WriteLine("") outputFile.Close cmd = "cmd /c set u >> " & outputFileName shell.Run cmd, 0, True End Sub Sub GetBatteryInfo(outputFile) On Error Resume Next strComputer = "." outputFile.WriteLine() outputFile.WriteLine("[Power Information]") outputFile.WriteLine() Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\cimv2") Set colItems = objWMIService.ExecQuery("Select * from Win32_Battery") if colItems.Count = 0 Then outputFile.WriteLine("It is a Desktop running on AC") Else For Each objItem in colItems if objItem.Availability = 2 Then outputFile.WriteLine("Machine is running on AC Adapter") Else if objitem.Availability = 3 Then outputFile.WriteLine("Machine is running on Battery") End If End If Next End If End Sub Sub GetAdapterInfo(outputFile) On Error Resume Next Dim adapters, objReg Dim adapterDetailNames, adapterDetailRegValNames adapterDetailNames = Array("Driver Description", "Adapter Guid", "Hardware ID", "Driver Date", "Driver Version", "Driver Provider") adapterDetailRegValNames = Array("DriverDesc", "NetCfgInstanceId", "MatchingDeviceId", "DriverDate", "DriverVersion", "ProviderName") IHVDetailNames = Array("ExtensibilityDLL", "UIExtensibilityCLSID", "GroupName", "DiagnosticsID") IHVDetailRegValNames = Array("ExtensibilityDLL", "UIExtensibilityCLSID", "GroupName", "DiagnosticsID") HKEY_LOCAL_MACHINE = &H80000002 strComputer = "." Set objReg = GetObject("winmgmts:{impersonationLevel=impersonate}!\\" &_ strComputer & "\root\default:StdRegProv") strKeyPath = "SYSTEM\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002BE10318}\" objReg.EnumKey HKEY_LOCAL_MACHINE, strKeyPath, adapterSet For Each adapter In adapterSet If StrComp("Properties", adapter) Then fullstrKeyPath = strKeyPath + adapter objReg.GetDWORDValue HKEY_LOCAL_MACHINE, fullstrKeyPath, "*IfType", ifType If ifType = 71 Then for I = 0 to UBound(adapterDetailNames) objReg.GetStringValue HKEY_LOCAL_MACHINE, fullstrKeyPath, adapterDetailRegValNames(I), info outputFile.WriteLine(adapterDetailNames(I) + " = " + info) Next ihvKeyPath = fullstrKeyPath + "\Ndi\IHVExtensions" For J = 0 to UBound(IHVDetailNames) objReg.GetStringValue HKEY_LOCAL_MACHINE, ihvKeyPath, IHVDetailRegValNames(J), ihvInfo outputFile.WriteLine(IHVDetailNames(J) + " = " + ihvInfo) Next objReg.GetDWordValue HKEY_LOCAL_MACHINE, ihvKeyPath, "AdapterOUI", ihvInfo outputFile.WriteLine("AdapterOUI = " + CSTR(ihvInfo)) outputFile.WriteLine() End If End If Next Set objShell = WScript.CreateObject( "WScript.Shell" ) tempFile = "tempfile.txt" cmd = "cmd /c tasklist > " & tempFile objShell.Run cmd, 0, True Set objTextFile = FSO.OpenTextFile(tempFile, 1) strIHVOutput = objTextFile.ReadAll() Set regEx = New RegExp regEx.Pattern = "^wlanext.exe[\s|a-z|A-Z|\d]*" regEx.Multiline = True regEx.IgnoreCase = True regEx.Global = True Set Matches = regEx.Execute(strIHVOutput) For Each match in Matches outputFile.WriteLine(match.Value) Next End Sub Sub GetEnvironmentInfo(outputFileName) On Error Resume Next Dim envInfoFile Set objShell = WScript.CreateObject( "WScript.Shell" ) cmd = "cmd /c netsh wlan show all > " & outputFileName objShell.Run cmd, 0, True cmd = "cmd /c ipconfig /all >> " & outputFileName objShell.Run cmd, 0, True Set envInfoFile = FSO.OpenTextFile(outputFileName, 8, True) envInfoFile.WriteLine("") envInfoFile.WriteLine("Machine certificates...") envInfoFile.WriteLine("") envInfoFile.Close cmd = "cmd /c certutil -v -store -silent My >> " & outputFileName objShell.Run cmd, 0, True Set envInfoFile = FSO.OpenTextFile(outputFileName, 8, True) envInfoFile.WriteLine("") envInfoFile.WriteLine("User certificates...") envInfoFile.WriteLine("") envInfoFile.Close cmd = "cmd /c certutil -v -store -silent -user My >> " & outputFileName objShell.Run cmd, 0, True End Sub Sub FormatTrace(basename, tmfPath, omitLevels, options) On Error Resume Next Dim subdir subdir = "traces\" Dim cmd cmd = "tracerpt """ & subdir & basename & ".etl"" -o """ & subdir & basename & ".xml"" -summary """ & subdir & basename & ".sum"" -tmf """ & tmfPath & """ -y" Dim exitcode exitcode = shell.Run(cmd, 0, True) ' run synchronous and hide the window If exitcode <> 0 Then Err.Raise exitcode, "gatherWirelessInfo.FormatTrace", "tracerpt failed" End If FSO.DeleteFile subdir & basename & ".sum" Const ForReading = 1 Const TristateFalse = 0 Dim ansiFile Set ansiFile = FSO.OpenTextFile(subdir & basename & ".xml", ForReading, False, TristateFalse) xslProcessor.Input = CreateObject("MSXML2.DOMDocument.6.0") xslProcessor.Input.Async = False xslProcessor.Input.ValidateOnParse = True If Not xslProcessor.Input.LoadXml(ansiFile.ReadAll()) Then Err.Raise xslProcessor.Input.ParseError.ErrorCode, "gatherWirelessInfo.FormatTrace", basename & ".xml line " & xslProcessor.Input.ParseError.Line & " column " & xslProcessor.Input.ParseError.LinePos & ": " & xslProcessor.Input.ParseError.Reason End If Dim output Set output = FSO.CreateTextFile(subdir & basename & ".txt", True, True) xslProcessor.AddParameter "omit-levels", " " & omitLevels & " " xslProcessor.AddParameter "options", " " & options & " " xslProcessor.Reset xslProcessor.Transform Dim buf Do ' FSO text file doesn't implement IStream, have to flush internal buffer manually buf = xslProcessor.Output output.Write buf Loop While buf <> "" ansiFile.Close FSO.DeleteFile subdir & basename & ".xml" End Sub 'Comments: Function to dump a tree under a registry path into a file Sub DumpRegKey(outputFileName,regpath) On Error Resume Next Dim cmd Set objShell = WScript.CreateObject( "WScript.Shell" ) cmd = "cmd /c reg export " & regpath & " " & outputFileName & " /y" objShell.Run cmd, 0, True End Sub Sub DumpAllKeys On Error Resume Next Dim NotifRegFile, RegFolder, Key RegFolder = "Reg" if Not FSO.FolderExists(RegFolder) Then FSO.CreateFolder RegFolder End If AllCredRegFile = RegFolder + "\AllCred.reg.txt" AllCredFilterFile = RegFolder + "\AllCredFilter.reg.txt" CredRegFileA = RegFolder + "\{07AA0886-CC8D-4e19-A410-1C75AF686E62}.reg.txt" CredRegFileB = RegFolder + "\{33c86cd6-705f-4ba1-9adb-67070b837775}.reg.txt" CredRegFileC = RegFolder + "\{edd749de-2ef1-4a80-98d1-81f20e6df58e}.reg.txt" APIPermRegFile = RegFolder + "\APIPerm.reg.txt" NotifRegFile = RegFolder + "\Notif.reg.txt" GPTRegFile = RegFolder + "\GPT.reg.txt" CUWlanSvcRegFile = RegFolder + "\HKCUWlanSvc.reg.txt" LMWlanSvcRegFile = RegFolder + "\HKLMWlanSvc.reg.txt" call DumpRegKey(NotifRegFile ,"""HKLM\SYSTEM\CurrentControlSet\Control\Winlogon\Notifications""") call DumpRegKey(AllCredRegFile ,"""HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers""") call DumpRegKey(AllCredFilterFile,"""HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Provider Filters""") call DumpRegKey(CredRegFileA ,"""HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers\{07AA0886-CC8D-4e19-A410-1C75AF686E62}""") call DumpRegKey(CredRegFileB ,"""HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers\{33c86cd6-705f-4ba1-9adb-67070b837775}""") call DumpRegKey(CredRegFileC ,"""HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Provider Filters\{edd749de-2ef1-4a80-98d1-81f20e6df58e}""") call DumpRegKey(APIPermRegFile ,"""HKLM\SYSTEM\CurrentControlSet\Services\Wlansvc\Parameters\WlanAPIPermissions""") call DumpRegKey(GPTRegFile , """HKLM\SOFTWARE\Policies\Microsoft\Windows\Wireless\GPTWirelessPolicy""") call DumpRegKey(CUWlanSvcRegFile ,"""HKCU\SOFTWARE\Microsoft\Wlansvc""") call DumpRegKey(LMWlanSvcRegFile ,"""HKLM\SOFTWARE\Microsoft\Wlansvc""") End Sub Sub FormatEventLog(basename) On Error Resume Next Dim subdir subdir = "eventlog\" Dim cmd Set objShell = WScript.CreateObject( "WScript.Shell" ) cmd = "cmd /c tracerpt -y -of EVTX " + basename + ".etl -o " + subdir + basename + ".evtx" objShell.Run cmd, 0, True End Sub On Error Resume Next Dim adapterInfoFile, netInfoFile Set FSO = CreateObject("Scripting.FileSystemObject") Set shell = WScript.CreateObject( "WScript.Shell" ) sysdrive = shell.ExpandEnvironmentStrings("%SystemDrive%\") configFolder = "config" osinfoFileName = configFolder + "\osinfo.txt" adapterinfoFileName = configFolder + "\adapterinfo.txt" envinfoFileName = configFolder + "\envinfo.txt" eventlogFolder = "eventlog" if Not FSO.FolderExists(configFolder) Then FSO.CreateFolder configFolder End If if Not FSO.FolderExists(eventlogFolder) Then FSO.CreateFolder eventlogFolder End If call DumpAllKeys call GetOSInfo(osinfoFileName) Set adapterInfoFile = FSO.OpenTextFile(adapterInfoFileName, 2, True) call GetAdapterInfo(adapterInfoFile) adapterInfoFile.Close call GetEnvironmentInfo(envinfoFileName) Set stylesheet = CreateObject("MSXML2.FreeThreadedDOMDocument.6.0") stylesheet.Async = False stylesheet.ValidateOnParse = True If Not stylesheet.Load(shell.ExpandEnvironmentStrings("%windir%\system32\gatherWirelessInfo.xslt")) Then Err.Raise stylesheet.ParseError.ErrorCode, "gatherWirelessInfo", "gatherWirelessInfo.xml line " & stylesheet.ParseError.Line & " column " & stylesheet.ParseError.LinePos & ": " & stylesheet.ParseError.Reason End If Set template = CreateObject("MSXML2.XSLTemplate.6.0") template.Stylesheet = stylesheet Set xslProcessor = template.CreateProcessor onex_tmf = shell.ExpandEnvironmentStrings("%windir%\system32\onex.tmf") onex_omit = "ONEX_DEV_REFCOUNTS ONEX_DEV_TRACK UTILS_LIB_TRACK UTILS_LIB_INFO WLAN_UTL_DEV_INFO WLAN_UTL_DEV_TRACK WLAN_UTL_DEV_ERROR WLAN_UTL_DEV_MEMORY Noise Perf Trace" wlan_tmf = shell.ExpandEnvironmentStrings("%windir%\system32\wlan.tmf") wlan_omit = "DOT11_LOG_LEVEL_TRACE MSMSEC_DEV_TRACK MSMSEC_DEV_VERBOSE UTILS_LIB_TRACK UTILS_LIB_INFO WLAN_UTL_DEV_TRACK WLAN_UTL_DEV_MEMORY Noise Perf Trace" nwifi_omit = "DOT11_LOG_LEVEL_INFO DOT11_LOG_LEVEL_TRACE DOT11_LOG_LEVEL_NOISE" eaphost_tmf = shell.ExpandEnvironmentStrings("%windir%\system32\eaphost.tmf") eaphost_omit = "ONEX_DEV_REFCOUNTS ONEX_DEV_TRACK UTILS_LIB_TRACK UTILS_LIB_INFO WLAN_UTL_DEV_INFO WLAN_UTL_DEV_TRACK WLAN_UTL_DEV_ERROR WLAN_UTL_DEV_MEMORY Noise Perf Trace" l2nacp_omit = "L2NACP_LOG_LEVEL_TRACE" FormatTrace "onex", onex_tmf, onex_omit, "" FormatTrace "msmsec", wlan_tmf, wlan_omit, "" FormatTrace "nwifi", wlan_tmf, nwifi_omit, "" FormatTrace "wlan", wlan_tmf, wlan_omit, "" FormatTrace "l2nacp", onex_tmf, l2nacp_omit, "" FormatTrace "ext", wlan_tmf, wlan_omit, "include-pid" FormatTrace "diaghc", wlan_tmf, wlan_omit, "" FormatTrace "wlangp", wlan_tmf, wlan_omit, "" FormatTrace "eaphost", eaphost_tmf, eaphost_omit, "" FormatEventLog "diagnosticsEventLog" FormatEventLog "WirelessAutocfgEventLog" and My question is what does this VBS gather? FYI I found these in the "system32" Folder go thur Task scheduler to find them in the tabs " Task Scheduler Library -> Microsoft -> Windows "Wired & Wireless" Folder
I found that too... I seen there was something collecting data from that gatheredWiredInfo file and I know it has been collecting it, I am just not sure to where. Initially my free AVG found two files from that same H... source and now it ignores them....funny thing is sometimes I can't access my cookies file and the computer denies me access even though I am the Admin...wtf? If you find more info on this I would like to know as it seems that I might be getting data siphoned from me. This becomes a concern when I have confidential client info on my laptop. I can't see any real pipeline output in the file but I think there is one in there, we need a tech. Anyone read this drivel? Seems we might be first....