Blog

CleanupStartup

Here again with another script, this time to clean-up what runs on a computer.
Can kill off start-up entries, services and tasks.
Tasks only works from vista and above as I don’t have a XP machine to play around on.

Anyways, just add to the array the names of the programs you want removed.
Here are a few ive found but be sure to let me know which ones you add to the list so I can keep it updated.

Thanks! 🙂

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
Dim RemoveStartups, RemoveTasks, DisableServices, objWMIService, WshShell
Set WshShell = CreateObject("WScript.Shell")
 
'Change your programs here
RemoveStartups = Array("Dell Registration","Adobe Reader Speed Launcher","SunJavaUpdateScged","Switchboard","AdobeCS6ServiceManager","AdobeCS5ServiceManager","AdobeCS4ServiceManager","AdobeAAMUpdater-1.0","AdobeARM","UpdReg","RoxWatchTray","Desktop Disc Tool","ATICustomerCare","QuickTime Task","iTunesHelper","Google Update","IAStorIcon")
RemoveTasks = Array("AdobeAAMUpdater-1.0","GoogleUpdateTaskUser", "Adobe Flash Player Updater")
DisableServices = Array("AdobeARMservice","AdobeFlashPlayerUpdateSvc","SwitchBoard")
 
'Dont Modify Below this

For Each Item in RemoveStartups
	DeleteStartup(Item)
Next
 
WScript.Echo " "
 
For Each Item in RemoveTasks
	DeleteScheduledTask(Item)
Next
 
WScript.Echo " "
 
For Each Item in DisableServices
	DisableService(Item)
Next
 
WScript.Echo " "
 
ShowStartupItems()
WScript.Echo " "
ShowScheduledTasks()
 
Sub DisableService(strName)
	strComputer = "."
	Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\cimv2")
 
	Set colServiceList = objWMIService.ExecQuery("Select * from Win32_Service where Name = '" & strName & "'")
 
	For Each objService in colServiceList
		If objService.State = "Running" Then
			objService.StopService()
			Wscript.Sleep 5000
		End If
		errReturnCode = objService.ChangeStartMode("Disabled")   
		WScript.Echo "Disabled Service: " & strName
	Next
End Sub
 
Sub DeleteStartup(strName)
	If KeyExists(strKey & strName) Then 
		WshShell.RegDelete strKey & strName
		WScript.Echo "Removing Startup: " & strName
	End If
 
	If KeyExists(strKey64 & strName) Then 
		WshShell.RegDelete strKey64 & strName
		WScript.Echo "Removing Startup: " & strName
	End If
End Sub
 
Sub DeleteScheduledTask(strName)
' Create the TaskService object.
Set service = CreateObject("Schedule.Service")
call service.Connect()
 
' Get the task folder that contains the tasks. 
Dim rootFolder
Set rootFolder = service.GetFolder("\")
 
Dim taskCollection
Set taskCollection = rootFolder.GetTasks(0)
 
    Dim registeredTask
 
    For Each registeredTask In taskCollection
		If instr(registeredTask.Name, strName) <> 0 then
			rootFolder.DeleteTask registeredTask.Name, 0 
			WScript.Echo "Deleted Task: " & registeredTask.Name
		End If
    Next
End Sub
 
Function KeyExists(strKey)
	On Error Resume Next 
	WshShell.RegRead(strKey)
	bFound = (err.number = 0) 
	On Error Goto 0 
 
	If bFound then
		KeyExists = True
	Else
		KeyExists = False
	End if
End Function
 
Sub ShowStartupItems()
	'------------------------------------------------------------------------------- 
	'Display startup program list. 
	'By: Umesh C. Thakur (ucthakur@hotmail.com) 
	'------------------------------------------------------------------------------- 
	dim strKey, strComputer, oReg, strKeyValue 
	const HKEY_LOCAL_MACHINE = &H80000002 
	strKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Run" 
	strComputer = "." 
 
	Set oReg=GetObject("winmgmts:{impersonationLevel=impersonate}!\\" & strComputer & "\root\default:StdRegProv") 
	oReg.EnumValues HKEY_LOCAL_MACHINE, strKey,arrValueNames 
 
	'List header 
	wscript.echo "PROGRAM NAME" & vbTab & vbTab & "PROGRAM PATH" 
	wscript.echo "------------" & vbTab & vbTab & "---------------------------------" 
 
	'Loop through all programs, display their name and path. 
	For i = 0 To UBound(arrValueNames) 
		oReg.GetStringValue HKEY_LOCAL_MACHINE, strKey, arrValueNames(i), strKeyValue 
		wscript.echo arrValueNames(i) & vbTab & vbTab & strKeyValue 
	Next 
End Sub
 
Sub ShowScheduledTasks()
	WScript.Echo "Registed Tasks"
	WScript.Echo "-----------------"
	' Create the TaskService object.
	Set service = CreateObject("Schedule.Service")
	call service.Connect()
 
	' Get the task folder that contains the tasks. 
	Dim rootFolder
	Set rootFolder = service.GetFolder("\")
 
	Dim taskCollection
	Set taskCollection = rootFolder.GetTasks(0)
 
	Dim numberOfTasks
	numberOfTasks = taskCollection.Count
 
	If numberOfTasks = 0 Then 
		Wscript.Echo "No tasks are registered."
	Else
 
		Dim registeredTask
		For Each registeredTask In taskCollection
			WScript.Echo "Task Name: " & registeredTask.Name
		Next
	End If
End Sub

Posted in: Scripts

Leave a Comment (6) ↓

6 Comments

  1. Tim Beard June 21, 2013

    If I supply you with a XP machine to work on remotely can you modify this script so it will work with XP, Vista, 7 and 8?

    reply
    • Jake June 21, 2013

      Hey Tim,

      I can fire up XP in a virtual and work on it from there.
      It was just written on Windows 8 so I know it works for that.

      The only thing that wont work on XP is the service manipulation as it was only implemented from vista on-wards.
      If I get some time over the weekend ill let you know.

      I also wrote a little AutoIt script that will execute a remote AutoIt script so can actually be more powerful than this (Cross platform too)
      It was posted on the GFI G+ community but will need to revise it to make it easier for people to write their own scripts.

      Thanks! 🙂

      reply
  2. Xander September 5, 2013

    Jake, I couldn’t find the other discussion we’d had about this so had to use Google to find this.

    I’m wondering how (or if) one of the subroutines (DeleteStartup?) could be adapted to handle any registry entry.

    Malware Examples:
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\BabylonIEPI.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\BabylonTC.EXE
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\priam_bho.DLL
    Key Deleted : HKCU\Software\Microsoft\Office\Powerpoint\Addins\babylonofficeaddin.officeaddin
    Key Deleted : HKCU\Software\Microsoft\Office\Word\Addins\babylonofficeaddin.officeaddin

    Can it be done?

    reply
    • Jake September 11, 2013

      Of course it can be done 🙂
      The talk we had was in the G+ community where I suggested using that AutoIt Wrapper to create the remote scripts.
      A lot more powerful and easier to use than VBS.

      But heres something like your after.

      Dim WshShell, RemoveEntries
      Set WshShell = WScript.CreateObject(“WScript.Shell”)
      RemoveEntries = Array(“HKLM\SOFTWARE\Classes\AppID\BabylonIEPI.DLL”,”HKLM\SOFTWARE\Classes\AppID\BabylonTC.EXE”,”HKLM\SOFTWARE\Classes\AppID\escort.DLL”)

      For Each Entry in RemoveEntries
      WshShell.RegDelete Entry
      Next

      reply
  3. Xander September 23, 2013

    NICE.

    One question in looking to incorporate the Reg part into the original:

    Of the two lines
    Set WshShell = CreateObject(“WScript.Shell”)
    Set WshShell = WScript.CreateObject(“WScript.Shell”)
    I’m assuming one would supercede the other. Would one be more correct than the other?

    reply
  4. 70-410 December 2, 2015

    I used that codes that codes help me lot i am looking for update Thanks

    reply

Leave a Comment