CleanupStartup

Here again with another script, this time to clean-up what runs on a computer.
Can kill off start-up entries, services and tasks.
Tasks only works from vista and above as I don’t have a XP machine to play around on.

Anyways, just add to the array the names of the programs you want removed.
Here are a few ive found but be sure to let me know which ones you add to the list so I can keep it updated.

Thanks! 🙂

Dim RemoveStartups, RemoveTasks, DisableServices, objWMIService, WshShell
Set WshShell = CreateObject("WScript.Shell")

'Change your programs here
RemoveStartups = Array("Dell Registration","Adobe Reader Speed Launcher","SunJavaUpdateScged","Switchboard","AdobeCS6ServiceManager","AdobeCS5ServiceManager","AdobeCS4ServiceManager","AdobeAAMUpdater-1.0","AdobeARM","UpdReg","RoxWatchTray","Desktop Disc Tool","ATICustomerCare","QuickTime Task","iTunesHelper","Google Update","IAStorIcon")
RemoveTasks = Array("AdobeAAMUpdater-1.0","GoogleUpdateTaskUser", "Adobe Flash Player Updater")
DisableServices = Array("AdobeARMservice","AdobeFlashPlayerUpdateSvc","SwitchBoard")

'Dont Modify Below this

For Each Item in RemoveStartups
	DeleteStartup(Item)
Next

WScript.Echo " "

For Each Item in RemoveTasks
	DeleteScheduledTask(Item)
Next

WScript.Echo " "

For Each Item in DisableServices
	DisableService(Item)
Next

WScript.Echo " "

ShowStartupItems()
WScript.Echo " "
ShowScheduledTasks()

Sub DisableService(strName)
	strComputer = "."
	Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\cimv2")

	Set colServiceList = objWMIService.ExecQuery("Select * from Win32_Service where Name = '" & strName & "'")

	For Each objService in colServiceList
		If objService.State = "Running" Then
			objService.StopService()
			Wscript.Sleep 5000
		End If
		errReturnCode = objService.ChangeStartMode("Disabled")   
		WScript.Echo "Disabled Service: " & strName
	Next
End Sub

Sub DeleteStartup(strName)
	If KeyExists(strKey & strName) Then 
		WshShell.RegDelete strKey & strName
		WScript.Echo "Removing Startup: " & strName
	End If
	
	If KeyExists(strKey64 & strName) Then 
		WshShell.RegDelete strKey64 & strName
		WScript.Echo "Removing Startup: " & strName
	End If
End Sub

Sub DeleteScheduledTask(strName)
' Create the TaskService object.
Set service = CreateObject("Schedule.Service")
call service.Connect()

' Get the task folder that contains the tasks. 
Dim rootFolder
Set rootFolder = service.GetFolder("\")
 
Dim taskCollection
Set taskCollection = rootFolder.GetTasks(0)

    Dim registeredTask
	
    For Each registeredTask In taskCollection
		If instr(registeredTask.Name, strName) <> 0 then
			rootFolder.DeleteTask registeredTask.Name, 0 
			WScript.Echo "Deleted Task: " & registeredTask.Name
		End If
    Next
End Sub

Function KeyExists(strKey)
	On Error Resume Next 
	WshShell.RegRead(strKey)
	bFound = (err.number = 0) 
	On Error Goto 0 
	
	If bFound then
		KeyExists = True
	Else
		KeyExists = False
	End if
End Function

Sub ShowStartupItems()
	'------------------------------------------------------------------------------- 
	'Display startup program list. 
	'By: Umesh C. Thakur (ucthakur@hotmail.com) 
	'------------------------------------------------------------------------------- 
	dim strKey, strComputer, oReg, strKeyValue 
	const HKEY_LOCAL_MACHINE = &H80000002 
	strKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Run" 
	strComputer = "." 
	  
	Set oReg=GetObject("winmgmts:{impersonationLevel=impersonate}!\\" & strComputer & "\root\default:StdRegProv") 
	oReg.EnumValues HKEY_LOCAL_MACHINE, strKey,arrValueNames 
	 
	'List header 
	wscript.echo "PROGRAM NAME" & vbTab & vbTab & "PROGRAM PATH" 
	wscript.echo "------------" & vbTab & vbTab & "---------------------------------" 
	 
	'Loop through all programs, display their name and path. 
	For i = 0 To UBound(arrValueNames) 
		oReg.GetStringValue HKEY_LOCAL_MACHINE, strKey, arrValueNames(i), strKeyValue 
		wscript.echo arrValueNames(i) & vbTab & vbTab & strKeyValue 
	Next 
End Sub

Sub ShowScheduledTasks()
	WScript.Echo "Registed Tasks"
	WScript.Echo "-----------------"
	' Create the TaskService object.
	Set service = CreateObject("Schedule.Service")
	call service.Connect()

	' Get the task folder that contains the tasks. 
	Dim rootFolder
	Set rootFolder = service.GetFolder("\")
	 
	Dim taskCollection
	Set taskCollection = rootFolder.GetTasks(0)

	Dim numberOfTasks
	numberOfTasks = taskCollection.Count

	If numberOfTasks = 0 Then 
		Wscript.Echo "No tasks are registered."
	Else
	   
		Dim registeredTask
		For Each registeredTask In taskCollection
			WScript.Echo "Task Name: " & registeredTask.Name
		Next
	End If
End Sub
Tags:, ,

6 Comments

  • Tim Beard
    June 21, 2013 at 12:57 am

    If I supply you with a XP machine to work on remotely can you modify this script so it will work with XP, Vista, 7 and 8?

    Reply
    • Jake
      June 21, 2013 at 9:48 am

      Hey Tim,

      I can fire up XP in a virtual and work on it from there.
      It was just written on Windows 8 so I know it works for that.

      The only thing that wont work on XP is the service manipulation as it was only implemented from vista on-wards.
      If I get some time over the weekend ill let you know.

      I also wrote a little AutoIt script that will execute a remote AutoIt script so can actually be more powerful than this (Cross platform too)
      It was posted on the GFI G+ community but will need to revise it to make it easier for people to write their own scripts.

      Thanks! 🙂

      Reply
  • Xander
    September 5, 2013 at 12:24 pm

    Jake, I couldn’t find the other discussion we’d had about this so had to use Google to find this.

    I’m wondering how (or if) one of the subroutines (DeleteStartup?) could be adapted to handle any registry entry.

    Malware Examples:
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\BabylonIEPI.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\BabylonTC.EXE
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\priam_bho.DLL
    Key Deleted : HKCU\Software\Microsoft\Office\Powerpoint\Addins\babylonofficeaddin.officeaddin
    Key Deleted : HKCU\Software\Microsoft\Office\Word\Addins\babylonofficeaddin.officeaddin

    Can it be done?

    Reply
    • Jake
      September 11, 2013 at 10:19 pm

      Of course it can be done 🙂
      The talk we had was in the G+ community where I suggested using that AutoIt Wrapper to create the remote scripts.
      A lot more powerful and easier to use than VBS.

      But heres something like your after.

      Dim WshShell, RemoveEntries
      Set WshShell = WScript.CreateObject(“WScript.Shell”)
      RemoveEntries = Array(“HKLM\SOFTWARE\Classes\AppID\BabylonIEPI.DLL”,”HKLM\SOFTWARE\Classes\AppID\BabylonTC.EXE”,”HKLM\SOFTWARE\Classes\AppID\escort.DLL”)

      For Each Entry in RemoveEntries
      WshShell.RegDelete Entry
      Next

      Reply
  • Xander
    September 23, 2013 at 3:23 am

    NICE.

    One question in looking to incorporate the Reg part into the original:

    Of the two lines
    Set WshShell = CreateObject(“WScript.Shell”)
    Set WshShell = WScript.CreateObject(“WScript.Shell”)
    I’m assuming one would supercede the other. Would one be more correct than the other?

    Reply
  • 70-410
    December 2, 2015 at 9:02 pm

    I used that codes that codes help me lot i am looking for update Thanks

    Reply

Leave a Reply

Your email address will not be published.