Created
February 25, 2026 20:59
-
-
Save DerekZiemba/24d0b809718c8a12bd59b9c87135554b to your computer and use it in GitHub Desktop.
Applied Rater gather-logs.ps1
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # -- Prepare output folder -- | |
| $dest = Join-Path $env:USERPROFILE "Desktop\SemcatLogs.$(Get-Date -Format 'yyMMdd_HHmm')" | |
| Write-Host 'Creating LogFile Directory ' -NoNewline | |
| Write-Host $dest -ForegroundColor Green | |
| New-Item -ItemType Directory -Path $dest -Force | Out-Null | |
| $pathsOfInterest = @() | |
| # -- Collect system diagnostics -- | |
| Write-Host "`nCollecting system info ..." | |
| try { | |
| systeminfo 2>$null | Out-File (Join-Path $dest '.systeminfo.txt') -Encoding UTF8 | |
| } catch { | |
| Write-Warning ' Could not collect systeminfo' | |
| } | |
| try { | |
| Get-ChildItem Env: | Sort-Object Name | Format-Table -AutoSize -Wrap | Out-File (Join-Path $dest '.environment-variables.txt') -Encoding UTF8 | |
| Write-Host 'Collected environment variables' | |
| } catch { | |
| Write-Warning ' Could not collect environment variables' | |
| } | |
| try { | |
| $evtFilter = @{ LogName = 'Application'; StartTime = (Get-Date).AddDays(-7) } | |
| $pattern = 'SEMCAT(Installer)?|LiveFill(Renderer)?|AppliedLiveFill(Setup)?|palemoon|xulrunner(-stub)?|plugin.?(container|hang.?ui)|chromedriver|npLiveFillPlugin|npFeral|TAM_(AUTO|HOME)|Applied|Allied|WER' | |
| $events = Get-WinEvent -FilterHashtable $evtFilter -ErrorAction SilentlyContinue | Where-Object { | |
| $_.ProviderName -imatch $pattern -or | |
| ($_.Message -and $_.Message -imatch $pattern) | |
| } | |
| if ($events) { | |
| $events | | |
| Select-Object TimeCreated, Id, LevelDisplayName, ProviderName, Message | | |
| Export-Csv (Join-Path $dest '.WindowsEventLog.csv') -NoTypeInformation -Encoding UTF8 | |
| Write-Host 'Collected ' -NoNewline | |
| Write-Host $events.Count -ForegroundColor Yellow -NoNewline | |
| Write-Host ' relevant Windows Event Log entries (last 7 days)' | |
| } else { | |
| Write-Host 'No matching Windows Event Log entries found (last 7 days)' | |
| } | |
| } catch { | |
| Write-Warning " Could not collect Windows Event Log entries: $_" | |
| } | |
| # -- Registry keys of interest -- | |
| $registryKeys = @( | |
| 'HKCU:\Software\Microsoft\Windows\CurrentVersion\Uninstall\SEMCAT' | |
| 'HKCU:\Software\Microsoft\Windows\CurrentVersion\Uninstall\LiveFill' | |
| 'HKCU:\Software\Microsoft\Windows\CurrentVersion\Uninstall\Applied Epic Desktop Connector' | |
| 'HKCU:\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SEMCAT' | |
| 'HKCU:\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\LiveFill' | |
| 'HKCU:\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Applied Epic Desktop Connector' | |
| 'HKCU:\Software\Applied Systems\Applied Epic Desktop Connector' | |
| 'HKCU:\Software\WOW6432Node\Applied Systems\Applied Epic Desktop Connector' | |
| 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SEMCAT' | |
| 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\LiveFill' | |
| 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Applied Epic Desktop Connector' | |
| 'HKLM:\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SEMCAT' | |
| 'HKLM:\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\LiveFill' | |
| 'HKLM:\SOFTWARE\WOW6432Node\Applied Systems\Applied Epic Desktop Connector' | |
| ) | |
| $registryData = @() | |
| foreach ($key in $registryKeys) { | |
| if (Test-Path $key) { | |
| $props = Get-ItemProperty $key -ErrorAction SilentlyContinue | |
| if ($props) { | |
| $registryData += [PSCustomObject]@{ Key = $key; Values = ($props | Out-String).Trim() } | |
| # Add install path to paths of interest: try InstallPath, InstallLocation, then DisplayIcon | |
| $installPath = $props.InstallPath | |
| if (-not $installPath) { $installPath = $props.InstallLocation } | |
| if (-not $installPath -and $props.DisplayIcon) { | |
| $installPath = Split-Path $props.DisplayIcon -Parent | |
| } | |
| # Strip quotes — registry values sometimes contain literal quotes | |
| if ($installPath) { $installPath = $installPath.Trim('"', "'", ' ').TrimEnd('\') } | |
| if ($installPath -and (Test-Path $installPath)) { | |
| Write-Host ' Found install path in registry: ' -ForegroundColor Cyan -NoNewline | |
| Write-Host $installPath -ForegroundColor Green | |
| $pathsOfInterest = @($pathsOfInterest) + @($installPath) | |
| } | |
| } | |
| } | |
| } | |
| if ($registryData.Count -gt 0) { | |
| $registryData | ForEach-Object { | |
| "=== $($_.Key) ===`n$($_.Values)`n" | |
| } | Out-File (Join-Path $dest '.registry-keys.txt') -Encoding UTF8 | |
| Write-Host 'Collected ' -NoNewline | |
| Write-Host $registryData.Count -ForegroundColor Yellow -NoNewline | |
| Write-Host ' registry keys' | |
| } else { | |
| Write-Warning 'No matching registry keys found' | |
| } | |
| $pathsOfInterest = $pathsOfInterest | Sort-Object -Unique | |
| # -- Find any potential paths -- | |
| $rootCandidates = @( | |
| "$PWD" | |
| , $env:HOME | |
| , $env:HOMEDrive | |
| , $env:USERPROFILE | |
| , $env:AppData | |
| , $env:LocalAppData | |
| , $env:ALLUSERSPROFILE | |
| , $env:ProgramData | |
| , "${env:ProgramFiles(x86)}" | |
| , $env:ProgramFiles | |
| , $env:SystemDrive | |
| , 'C:\' | |
| # , 'D:\' | |
| ) | ForEach-Object { "$_".TrimEnd('\') } | Sort-Object -Unique | |
| $productFolders = $rootCandidates | ForEach-Object { | |
| @("$_\Applied", "$_\AppliedSystems", "$_\AlliedStrategy", "$_\Applied Systems", "$_\Allied Strategy") | |
| } | Where-Object { Test-Path $_ } | ForEach-Object { | |
| (Resolve-Path $_).Path.TrimEnd('\') | |
| } | Sort-Object -Unique | |
| $productFolders = $productFolders | ForEach-Object { | |
| @("$_", "$_\SEMCAT", "$_\LiveFill", "$_\Rater") | |
| } | Where-Object { Test-Path $_ } | ForEach-Object { | |
| Get-ChildItem $_ -Directory -ErrorAction SilentlyContinue -Depth 1 | |
| } | ForEach-Object { $_.FullName } | Sort-Object -Unique | Where-Object { | |
| $_ -inotmatch 'Applied Epic .+? (Editor|Builder|Add-in|Viewer|Center)\b' | |
| } | |
| $pathsOfInterest = ($pathsOfInterest + $productFolders) | Sort-Object -Unique | |
| # Also collect Windows Error Reporting crash dumps | |
| $werCrashDumps = Join-Path $env:LocalAppData 'CrashDumps' | |
| if (Test-Path $werCrashDumps) { | |
| $pathsOfInterest = @($pathsOfInterest) + @($werCrashDumps) | |
| } | |
| Write-Host "Found " -NoNewline | |
| Write-Host $pathsOfInterest.Count -ForegroundColor Yellow -NoNewline | |
| Write-Host " Directories of Interest:" | |
| $pathsOfInterest | ForEach-Object { Write-Host " $_" -ForegroundColor Green } | |
| # -- Collect files of interest -- | |
| $filesOfInterest = $pathsOfInterest | ForEach-Object { | |
| Get-ChildItem $_ -Recurse -File -ErrorAction SilentlyContinue | |
| } | ForEach-Object { $_.FullName } | Where-Object { | |
| $_ -imatch '[\\/](preferences|crashes|minidump|reports|datareporting|Databases?|Sessions?|Storage|CrashDumps)[\\/]?' -or | |
| $_ -imatch '(LOG|\.(log|db|ldb|mozlz4|dmp|ini|sqlite(-wal|-shm|-journal)?))[\.\-]?(?:old|\d+)?$' -or | |
| $_ -imatch '(prefs\.js|pluginreg\.dat|sessionCheckpoints\.json|xulstore\.json|localstore\.rdf)$' | |
| } | Where-Object { | |
| -not ( | |
| $_ -imatch '[\\/](distribution[\\/]bundles)[\\/]?' -or | |
| $_ -imatch '(counties|zipcodes|places|geodata|downloads|formhistory|webappstore)\.sqlite$' -or | |
| $_ -imatch '(explorer)\.exe(\b.+)?\.dmp$' -or | |
| $_ -imatch '(cert8)\.db$' -or | |
| $_ -imatch '[\\/]LOCK$' | |
| ) | |
| } | |
| Write-Host "`nFound " -NoNewline | |
| Write-Host $filesOfInterest.Count -ForegroundColor Yellow -NoNewline | |
| Write-Host " files to collect." | |
| # -- Copy files into staging folder -- | |
| foreach ($file in $filesOfInterest) { | |
| # Note that '⧸' is actually the Big Solidus unicode character & not the normal '/' | |
| # Windows doesn't allow '/' in file names | |
| $flatpath = (Split-Path ($file -replace '^.+?(?=Applied|Allied|CrashDumps)', '') -Parent) -replace '[\\/]+', '⧸' | |
| $filename = Split-Path $file -Leaf | |
| $ext = [System.IO.Path]::GetExtension($filename) | |
| if ((![System.IO.Path]::HasExtension($filename)) -or ($ext -eq 'old') -or ($ext -match '^\.\d+$')) { | |
| $ext = ".txt" | |
| } | |
| $target = Join-Path $dest "$filename ($flatpath)$ext" | |
| try { | |
| # Use FileStream with shared read to handle locked files (e.g. active logs) | |
| $inStream = New-Object System.IO.FileStream($file, 'Open', 'Read', 'ReadWrite,Delete') | |
| $outStream = [System.IO.File]::Create($target) | |
| try { $inStream.CopyTo($outStream) } | |
| finally { $outStream.Close() } | |
| $inStream.Close() | |
| } catch { | |
| Write-Warning " Skipped (locked or inaccessible): $file" | |
| } | |
| } | |
| # -- Zip and clean up -- | |
| $zipPath = "$dest.zip" | |
| Write-Host "`nCompressing to " -NoNewline | |
| Write-Host "$zipPath " -ForegroundColor Green -NoNewline | |
| Write-Host "..." | |
| try { | |
| Compress-Archive -Path "$dest\*" -DestinationPath $zipPath -Force | |
| } catch { | |
| # Fallback: use .NET compression directly (works even if Archive module missing) | |
| Add-Type -AssemblyName System.IO.Compression.FileSystem | |
| [System.IO.Compression.ZipFile]::CreateFromDirectory($dest, $zipPath) | |
| } | |
| Remove-Item $dest -Recurse -Force | |
| Write-Host "Done - zipped to " -NoNewline | |
| Write-Host $zipPath -ForegroundColor Green |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment