@echo offREM Copyright (c) 2015 - Nick Stanton - SNS Computing - http://Solian

1. @echo off
2. REM Copyright (c) 2015 - Nick Stanton - SNS Computing - http://Solian.ca - http://www.snscomputing.com/
3. REM This script has been tested on Windows 7 x86/x64 and Windows 8.1 x64.
4. REM Change Log:
5. REM v1.2.6
6. REM -Added Ammyy Admin, FileZilla, WireShark, and Procmon to download list
7. REM -Fixed dropbox.exe and hid the error if not found
8. REM -Encountered a bug where under the right circumstances, commands the toolkit uses are disabled and simply will not
9. REM     run from where ever it is located. To test if this is the case, try to access the ping and/or tracert
10. REM     commands using a standard command prompt (not elevated). If this is the case, then the pathing to system32 is incorrect.
11. REM -WORKAROUND: Place the toolkit inside the system32 folder and it should open normally. There is currently no fix for this.
12. REM -Added "Power Efficiency Diagnostics Report" to PC House keeping list
13. REM -If a known PUP has a static uninstaller program, it will be executed during the pup / toolbar script (number 2 in main menu)
14. REM -Found personally that it's a pain in the ass to keep opening more command prompts on the side, especailly when im trying to
15. REM     do other things while running the toolkit.
16. REM -Added function where if you type 'cmd' in the main menu, opens an elevated command prompt
17. REM -Changed System file checker to export found issues to a text file on desktop called 'sfcdetails.txt'
18. REM -Added programs to bloatware list:
19. REM -HP (Added more)
20. REM -Microsoft Office Wrapper
21. REM -Gadwin PrintScreen
22. REM -HP LaserJet Fax Receive Utility
23. REM     -UPS Monitor
24. REM -TheWeatherNetwork
25. REM -Dropbox
26. REM v1.2.5
27. REM -Alot of malware programs end up in %temp%. Changed 1 so when it starts killing malware it cleans the temp folder first.
28. REM -Added VNC Enterprise to Downloads page
29. REM -Removed any/all traces of "lemons" from when this script was created. Replaced entries with SNS.
30. REM -Added programs to malware list:
31. REM -GlobalUpdate (Added more)
32. REM -WordShark
33. REM -Space Sound Pro
34. REM -Rapid Media Converter
35. REM     -System Notifier
36. REM -MindSpark (Added more)
37. REM -TelevisionFanatic
38. REM -Petty Court
39. REM -Ioartlieme
40. REM -WebSteroids
41. REM -Added programs to bloatware list:
42. REM -ASUS AXSP
43. REM -Toshiba FlashCards
44. REM -Toshiba Service Station
45. REM -Toshiba Power Saver
46. REM -Toshiba BulletinBoard
47. REM -Toshiba ReelTime
48. REM -Toshiba HDD SSD Alert
49. REM -Toshiba ConfigFree
50. REM -Added programs to services list:
51. REM -"Petty Court"
52. REM -TelevisionFanaticService
53. REM -3e02e3c9
54. REM -TrustMix
55. REM -VideoDownloadConverter_4zService
56. REM -VideoDownloadConverterService
57. REM -fixed CCleaner installer. (everything was still in the old directory on my server of /lemons/ when i was updating the /sns/ folder instead xD
58. REM v1.2.4
59. REM -Added a function that attempts to stop the malicious services before disabling them
60. REM -Made some subtle visual changes.
61. REM -Changed the disclaimer when running 1. You now have to type in "AGREE" in order to start killing processes.
62. REM -Added programs to bloatware list:
63. REM     -ActivateDesktop
64. REM     -AcerPortal
65. REM     -MSG
66. REM     -Setting
67. REM     -TriggerFramework
68. REM     -UBTService
69. REM     -NASvc
70. REM     -NANotify
71. REM -Added programs to malware list:
72. REM     -Privoxy (Added more)
73. REM     -GlobalUpdate
74. REM     -"firmware installer"
75. REM     -desktop
76. REM     -aLgPg2wPM
77. REM     -KoOOigEwAlw3ZEOy2NOtE1uFnU
78. REM     -pmUeRxMXrc2wXt
79. REM     -check
80. REM     -utils
81. REM     -soc3hen
82. REM     -soc6hen
83. REM     -socahen
84. REM     -socdhen
85. REM     -socwhen
86. REM     -CinemaPlus-3.2cV23.07
87. REM     -EpsanDrive
88. REM     -SoftConfigTest
89. REM -Added services to malware list:
90. REM     -bebtosho
91. REM     -Checker
92. REM     -ipucatyj
93. REM     -aaf818c3
94. REM     -LiveReader
95. REM     -"Update Mgr SeeResultsHub"
96. REM     -"Service Mgr SeeResultsHub"
97. REM v1.2.3
98. REM -Added programs to malware list:
99. REM     -CloudScout
100. REM     -SearchProtect (Added more)
101. REM     -PluginContainer
102. REM     -Updater
103. REM -Added services to malware list:
104. REM     -Service Mgr RecordPage
105. REM     -Update Mgr RecordPage
106. REM     -bca22949
107. REM v1.2.2
108. REM -Added programs to malware list:
109. REM     -SlimCleanerPlus
110. REM     -mdp
111. REM     -DriverUpdate
112. REM -Added programs to bloatware list:
113. REM     -CNQMACNF
114. REM     -CNQMINST
115. REM     -CNQMLNCR
116. REM     -CNQMSWCS
117. REM     -CNQMULNC
118. REM     -CNQMUPDT
119. REM     -CNSEMAIN
120. REM v1.2.1
121. REM -Added services to malware list:
122. REM     -WtuSystemSupport
123. REM     -vToolbarUpdater18.4.0
124. REM     -WajamUpdaterV3
125. REM -Added programs to malware list:
126. REM     -DefaultTab
127. REM     -vToolbar
128. REM     -PC Health Kit
129. REM     -Wajam
130. REM     -Betcat
131. REM -Added programs to bloatware list:
132. REM     -Teamviewer 8
133. REM     -AVG Web Tuneup
134. REM     -Apple Mobile Device Support
135. REM     -BingBar
136. REM     -HP Software (4500 ENVY)
137. REM     -OtShot
138. REM     -Speech Recognition Software
139. REM -Fixed a few more visual glitches.
140. REM v1.2
141. REM -Added services to malware list:
142. REM     -MapsGalaxyService
143. REM     -MapsGalaxy_39Service
144. REM     -EZ Software Updater
145. REM     -f1f78e38 (WinSpeed)
146. REM -Added programs to malware list:
147. REM     -39barsvc.exe (MapsGalaxy)
148. REM     -AppIntegrator64.exe (MapsGalaxy)
149. REM     -39SrchMn.exe (MapsGalaxy)
150. REM     -39bar.dll (MapsGalaxy)
151. REM     -39SrcAs.dll (MapsGalaxy)
152. REM     -JYI.exe (SamartCOmpuare)
153. REM     -EZ Software Updater.exe (EZ%20Software%20Updater.exe)
154. REM -Cleaned up visuals for 1 & 2
155. REM -Changed downloads for Java, Adobe Reader, Adobe Flash
156. REM     -These programs do not have auto updaters, and it's annoying having to constantly update the files i have on the server (if they're not up to date, they don't even run)
157. REM     -Removed the setup file completely, and added a redirect to the website which always has an up to date version that can be downloaded.
158. REM -Changed "Clean temp and disk" to "PC House Keeping"
159. REM     -Added recycle bin cleanup
160. REM     -Added Browser Cleanup
161. REM -Added Menu Option "AV Scan"
162. REM     -Clam Anti-Virus
163. REM -Added a function to remove reg keys when needed. Will be using this later on.
164. REM -Removed Emergency Scan option from main menu (nobody used it anyways)
165. REM -Added Teamviewer 10, Google Chrome, and Mozilla FireFox to downloads page.
166. REM v1.1.1
167. REM Added programs to bloatware list: LogitechUpdate
168. REM Added services to malware list:
169. REM     UpdateCheck, SPBIUpd, SMUpd, OfMQduaBIJq, CoupoonService, BrsHelper,
170. REM     gykoruqo
171. REM Added programs to malware list:
172. REM     a4SpeedCheckJ53, ansv95, beExpU, bnsg82, cltmng, CltMngSvc, cltmngui,
173. REM     cnsx98, gmsd_ca_497, gmsd_us_619, ConsumerInputUpdate, hnsl69.tmp, jnsz65.tmp,
174. REM     N2ox192, nsd11E.tmp, nsdBD.tmp, nsf50.tmpfs, nsm519.tmpfs, smss, snss594,
175. REM     UMVPFSrv, upgmsd_ca_497, upgmsd_us_619, vnsy37, CALMAIN, CameraHelperShell,
176. REM     COCIManager, crossbrowse, daemonu, dca-monitoring, FlashBeat, upgmsd_ca_493,
177. REM     gmsd_ca_493, HDeck, IAAnotif, IAANTmon, jnse53A, Kikblaster, LULnchr, LWS,
178. REM     UpdateCheck, YTDownloader, SSScheduler, unsecapp, wueooalu
179. REM v1.1
180. REM -Removed bitsadmin as the download client. Using a custom vbscript to download files now. Will make an exe later on.
181. REM -Added malware to list
182. REM     -Privoxy
183. REM     -MyWinLocker
184. REM     -GeniusBox
185. REM     -DriverDetective
186. REM -Added various acer programs to bloatware list
187. REM -Updated java, adobe, and mbam installers
188. REM
189. REM v1.02
190. REM -Added ListCWall (Cryptowall Detector) under anti-rootkit
191. REM -Added RogueKiller under anti-rootkit
192. REM -Changed how files are downloaded. Using a VBS script now instead of bitsadmin
193. REM -Added the following malicious programs:
194. REM -Privoxy
195. REM -PrivoxyService
196. REM.
197. REM v1.01
198. REM -Fixed some visual things
199. REM -Added the following malicious programs:
200. REM -Pokki
201. REM -Added new kill progs: iTunes, iPod support, Blackberry progs, Android progs, Samsung keis
202. REM     -They pose no threat, but are annoying when trying to clean out a pc.
203. REM v1.0
204. REM -Initial Release
205.  
206.  
207. CLS
208. ECHO =============================
209. ECHO Running Admin shell
210. ECHO =============================
211.  
212.  
213.  
214. :CHECKPRIVS
215. REM Checking if we have admin rights.
216. NET FILE 1>NUL 2>NUL
217. if '%errorlevel%' == '0' ( goto ARCHTYPE ) else ( goto GETPRIVS )
218.  
219.  
220.  
221.  
222. :GETPRIVS
223. REM We don't have admin privs. Writing a temp VBScript file that when executed, will re-open lemonaid with admin rights.
224. if '%1'=='ELEV' (shift & goto gotPrivileges)
225. ECHO =============================
226. ECHO Invoking UAC for Privilege Escalation
227. ECHO =============================
228. setlocal DisableDelayedExpansion
229. set "batchPath=%~0"
230. setlocal EnableDelayedExpansion
231. ECHO Set UAC = CreateObject^("Shell.Application"^) > "%temp%\OEgetPrivileges.vbs"
232. ECHO UAC.ShellExecute "!batchPath!", "ELEV", "", "runas", 1 >> "%temp%\OEgetPrivileges.vbs"
233. "%temp%\OEgetPrivileges.vbs"
234. exit /B
235.  
236.  
237.  
238.  
239.    
240.  
241.  
242.  
243. :ARCHTYPE
244. REM We have admin rights. Let's check to see if we are running x86 or x64 for later use.
245. setlocal & pushd .
246. Set RegQry=HKLM\Hardware\Description\System\CentralProcessor\0
247. REG.exe Query %RegQry% > checkOS.txt
248. Find /i "x86" < CheckOS.txt > StringCheck.txt
249. If %ERRORLEVEL% == 0 (
250.     SET ARCH=32
251. ) ELSE (
252.     SET ARCH=64
253. )
254. GOTO LEMONPREP
255.  
256.  
257. :LEMONPREP
258. REM Creating new sns directory in temp. Cleaning up files left behind by archtype and getprivs.
259. RD /S /Q %temp%\sns\
260. md %temp%\sns
261. del checkOS.txt
262. del StringCheck.txt
263. Set dlflag=0
264. Set zipflag=0
265. GOTO DISCLAIMER
266.  
267.  
268.  
269. :DISCLAIMER
270. REM Main disclaimer. Will change in time.
271. color 17
272. TITLE Software N Systems Toolkit v1.2.6
273. cls
274. echo                        Software N Systems Toolkit v1.2.6
275. echo -------------------------------------------------------------------------------
276. echo This program is designed to terminate malware / bloatware processes running
277. echo in the background on the target computer while providing tools to permanently
278. echo remove any/all infections that may be present.
279. echo
280. echo We are not responsible for any damage caused by this script. By agreeing to
281. echo this disclaimer and running this script, you (the user) take full
282. echo responsibility for anything that may happen while this program is removing
283. echo running processes from this system.
284. echo.
285. echo.
286. echo              =================================================
287. echo                              Please make sure to
288. echo               !!!  SAVE YOUR WORK and CLOSE ALL PROGRAMS  !!!
289. echo                               before continuing.
290. echo              =================================================
291. echo.
292. echo.
293. echo.
294. SET KFLAG=2
295. SET /P ANSWER=Type "AGREE" to continue:
296. IF %ANSWER%==AGREE (
297.     GOTO HOME
298. ) ELSE (
299.     EXIT
300. )
301.  
302.  
303.  
304. :HOME
305. REM Main Menu.
306.  
307. cls
308. echo.
309. echo SNS Toolkit v1.2.6
310. ECHO -------------------------------------------
311. echo.
312. ECHO Please select one of the following actions:
313. echo.
314. echo 1. Kill known malware processes and services
315. echo 2. Remove PUP toolbars
316. echo 3. Flush TCP/IP Settings and Winsock Catalog
317. echo.
318. echo 4. Anti-Virus Scanners...
319. echo 5. Downloads...
320. echo 6. PC House Keeping...
321. echo 7. Malware/Rootkit Removal...
322. echo ---
323. echo.
324. SET /P ANSWER=Selection:
325. IF %ANSWER%==1 (
326.     GOTO PREKILL
327. ) ELSE IF %ANSWER%==2 (
328.     GOTO TOOLBAR
329. ) ELSE IF %ANSWER%==3 (
330.     GOTO TCP
331. ) ELSE IF %ANSWER%==4 (
332.     GOTO AV
333. ) ELSE IF %ANSWER%==5 (
334.     GOTO DOWNLOADS
335. ) ELSE IF %ANSWER%==6 (
336.     GOTO HOUSEKEEPING
337. ) ELSE IF %ANSWER%==7 (
338.     GOTO ROOTKIT
339. ) ELSE IF %ANSWER%==showmesomecrack (
340.     GOTO CRACK
341. ) ELSE IF %ANSWER%==putty (
342.     GOTO PUTTY
343. ) ELSE IF %ANSWER%==cmd (
344.     GOTO CMDPROMPT
345. ) ELSE (
346.     GOTO HOME
347. )
348.  
349.  
350. :CMDPROMPT
351. START /realtime cmd.exe
352. GOTO HOME
353.  
354.  
355. :DIST2010CHK
356. REM Querying the registry to see if a specific folder exists. This folder would have been created if C++ 2010 Redist was installed.
357. REG.exe Query HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VisualStudio\10.0\VC\VCRedist
358. If %ERRORLEVEL% == 0 (
359.     GOTO %returnchk%
360. ) ELSE (
361.     GOTO NO2010DIST
362. )
363.  
364.  
365.  
366.  
367.  
368. :NO2010DIST
369. cls
370. If %ARCH% == 32 (
371.     Set dlvbsurl=http://solian.ca/sns/vcredist_x86.exe
372.     Set dlvbsexe=vcredist_x86.exe
373.     Set dlvbsreturn=NO2010DIST
374.     IF %DLFLAG%==0 GOTO DOWNLOADSCRIPT
375.     cls
376.     echo Downloading Microsoft Visual C++ 2010 Redist x86. Please Wait...
377.     START /W /REALTIME %temp%\dl.vbs
378.     echo.
379.     echo Opening installer... Please follow the prompts that appear on screen.
380.     start /w /REALTIME %TEMP%\sns\vcredist_x86.exe
381.     Set dlflag=0
382.     GOTO DLCLAM2
383. ) ELSE (
384.     Set dlvbsurl=http://solian.ca/sns/vcredist_x64.exe
385.     Set dlvbsexe=vcredist_x64.exe
386.     Set dlvbsreturn=NO2010DIST
387.     IF %DLFLAG%==0 GOTO DOWNLOADSCRIPT
388.     cls
389.     echo Downloading Microsoft Visual C++ 2010 Redist x64. Please Wait...
390.     START /W /REALTIME %temp%\dl.vbs
391.     echo.
392.     echo Opening installer... Please follow the prompts that appear on screen.
393.     start /w /REALTIME %TEMP%\sns\vcredist_x64.exe
394.     Set dlflag=0
395.     GOTO DLCLAM2
396. )
397. GOTO DLCLAM2
398.  
399.  
400. :PUTTY
401. Set dlvbsurl=http://solian.ca/sns/putty.exe
402. Set dlvbsexe=putty.exe
403. Set dlvbsreturn=PUTTY
404. IF %DLFLAG%==0 GOTO DOWNLOADSCRIPT
405. cls
406. echo Downloading PuTTY SSH/Telnet client. Please Wait...
407. START /W /REALTIME %temp%\dl.vbs
408. echo.
409. echo.
410. echo Opening PuTTY. When closed, it will perform a cleanup.
411. start /w /REALTIME %TEMP%\sns\putty.exe
412. echo.
413. echo.
414. echo.
415. echo Putty closed. Flushing cache.
416. start /w /REALTIME %TEMP%\sns\putty.exe -cleanup
417. echo removing putty.
418. del %TEMP%\sns\putty.exe
419. Set dlflag=0
420. GOTO HOME
421.  
422.  
423.  
424.  
425. :DOWNLOADSCRIPT
426. echo dim xHttp: Set xHttp = createobject("Microsoft.XMLHTTP") > %temp%\dl.vbs
427. echo dim bStrm: Set bStrm = createobject("Adodb.Stream") >> %temp%\dl.vbs
428. echo xHttp.Open "GET", "%dlvbsurl%", False >> %temp%\dl.vbs
429. echo xHttp.Send >> %temp%\dl.vbs
430. echo with bStrm >> %temp%\dl.vbs
431. echo     .type = 1 '//binary >> %temp%\dl.vbs
432. echo     .open >> %temp%\dl.vbs
433. echo     .write xHttp.responseBody >> %temp%\dl.vbs
434. echo     .savetofile "%temp%\sns\%dlvbsexe%", 2 '//overwrite >> %temp%\dl.vbs
435. echo end with >> %temp%\dl.vbs
436. Set dlflag=1
437. GOTO %dlvbsreturn%
438.  
439.  
440.  
441.  
442.  
443.  
444. :CRACK
445. REM Microsoft Activation Toolkit is used for cracking Windows Operating Systems and Microsoft Office installs.
446. Set dlvbsurl=http://solian.ca/sns/mat.exe
447. Set dlvbsexe=mat.exe
448. Set dlvbsreturn=CRACK
449. IF %DLFLAG%==0 GOTO DOWNLOADSCRIPT
450. cls
451. echo Downloading Microsoft Activation Toolkit. Please Wait...
452. START /W /REALTIME %temp%\dl.vbs
453. echo Opening Activator...
454. start /REALTIME %temp%\sns\mat.exe
455. echo.
456. echo.
457. echo.
458. pause
459. GOTO HOME
460.  
461.  
462.  
463.  
464.  
465. :PREKILL
466. REM Taking measures before killing processes
467. echo ---Preparing . . .
468. del %temp%\*.* /F /Q 2> nul
469. RMDIR /S /Q %temp%\ 2> nul
470. cls
471. SET KFLAG=2
472. GOTO KILL
473.  
474.  
475.  
476.  
477. :AV
478. cls
479. echo ---------------ANTI-VIRUS---------------
480. echo.
481. echo 1. Clam Anti-Virus Portable [auto-scan]
482. echo.
483. echo 4. Microsoft Security Essentials (x86/x64) [.msi installer]
484. echo.
485. echo.
486. echo.
487. echo 9. back...
488. echo ---
489. echo.
490. SET /P ANSWER=Selection:
491. IF %ANSWER%==1 (
492.     GOTO DLCLAM
493. ) ELSE IF %ANSWER%==4 (
494.     GOTO DLMSE
495. ) ELSE IF %ANSWER%==9 (
496.     GOTO HOME
497. ) ELSE (
498.     GOTO AV
499. )
500.  
501.  
502.  
503.  
504.  
505.  
506.  
507. :UNZIP
508. REM Writing a VBS unzip script with global variables set by the download functions.
509. echo ZipFile="%UNZIPDIR%" > %temp%\unzip.vbs
510. echo ExtractTo="%UNZIPNEWDIR%" >> %temp%\unzip.vbs
511. echo Set fso = CreateObject("Scripting.FileSystemObject") >> %temp%\unzip.vbs
512. echo If NOT fso.FolderExists(ExtractTo) Then >> %temp%\unzip.vbs
513. echo    fso.CreateFolder(ExtractTo) >> %temp%\unzip.vbs
514. echo End If >> %temp%\unzip.vbs
515. echo set objShell = CreateObject("Shell.Application") >> %temp%\unzip.vbs
516. echo set FilesInZip=objShell.NameSpace(ZipFile).items >> %temp%\unzip.vbs
517. echo objShell.NameSpace(ExtractTo).CopyHere(FilesInZip) >> %temp%\unzip.vbs
518. echo Set fso = Nothing >> %temp%\unzip.vbs
519. echo Set objShell = Nothing >> %temp%\unzip.vbs
520. set zipflag=1
521. GOTO %dlvbsreturn%
522.  
523.  
524.  
525.  
526.  
527.  
528.  
529. :DLCLAM
530. md %temp%\sns\av
531. md %temp%\sns\av\clam
532. REM Checking Visual C++ 2010 Redist install
533. Set returnchk==DLCLAM2
534. GOTO DIST2010CHK
535.  
536. :DLCLAM2
537. Set dlvbsurl=http://solian.ca/sns/clamav-0.98.7-win32.zip
538. Set dlvbsexe=clamav-0.98.7-win32.zip
539. Set dlvbsreturn=DLCLAM2
540. IF %DLFLAG%==0 GOTO DOWNLOADSCRIPT
541. IF %DLFLAG%==1 CLS
542. IF %ZIPFLAG%==0 echo Downloading Clam Anti-Virus. Please Wait...
543. START /W /REALTIME %temp%\dl.vbs
544.  
545. set unzipdir=%TEMP%\sns\clamav-0.98.7-win32.zip
546. set unzipnewdir=%TEMP%\sns\av\clam\
547. IF %ZIPFLAG%==0 GOTO UNZIP
548. echo.
549. echo Unzipping...
550. START /W /REALTIME %temp%\unzip.vbs
551.  
552. md %temp%\sns\av\clam\ClamAV\database\
553. md %temp%\sns\av\clam\ClamAV\quarantine\
554. echo.
555. echo Updating virus/malware definitions. This will take a few minutes.
556. echo.
557. echo DatabaseMirror database.clamav.net > %temp%\sns\av\clam\ClamAV\freshclam.conf
558. start /w /REALTIME %temp%\sns\av\clam\ClamAV\freshclam.exe
559. echo ---
560. echo Beginning scan. This can take up to 1 hour to complete for slower machines.
561. echo.
562. echo Only infected files will appear in the scan window. You will hear the sound of
563. echo a bell if an infected file has been found and quarantined.
564. echo.
565. echo -Quarantine DIR: %temp%\sns\av\clam\ClamAV\quarantine\
566. echo.
567. start /w /REALTIME %temp%\sns\av\clam\ClamAV\clamscan.exe -r --bell --move=%temp%\sns\av\clam\ClamAV\quarantine\ --scan-pe=yes --scan-elf=yes --scan-pdf=yes --scan-html=yes --scan-archive=yes -r C:\
568. echo.
569. echo.
570. echo.
571. Set dlflag=0
572. Set zipflag=0
573. GOTO HOME
574.  
575.  
576.  
577.  
578. :ROOTKIT
579. cls
580. echo ---------------MALWARE/ROOTKIT REMOVAL---------------
581. echo.
582. echo 1. MalwareBytes Anti-Malware [installer]
583. echo 2. MalwareBytes Anti-Exploit [installer]
584. echo 3. RKILL Anti-Malware
585. echo 4. AdwCleaner
586. echo 5. ListCWall - CryptoWall Detector
587. echo 6. RogueKiller Anti-Malware
588. echo 7. ComboFix Anti-Malware/Rootkit [installer]
589. echo 8. TDSS Killer Anti-Rootkit
590. echo.
591. echo.
592. echo.
593. echo 9. back...
594. echo ---
595. echo.
596. SET /P ANSWER=Selection:
597. IF %ANSWER%==1 (
598.     GOTO DLMBAM
599. ) ELSE IF %ANSWER%==2 (
600.     GOTO DLMBAE
601. ) ELSE IF %ANSWER%==3 (
602.     GOTO DLRKILL
603. ) ELSE IF %ANSWER%==4 (
604.     GOTO DLADW
605. ) ELSE IF %ANSWER%==5 (
606.     GOTO DLLCW
607. ) ELSE IF %ANSWER%==6 (
608.     GOTO DLROGUE
609. ) ELSE IF %ANSWER%==7 (
610.     GOTO DLCOMBO
611. ) ELSE IF %ANSWER%==8 (
612.     GOTO DLTDSS
613. ) ELSE IF %ANSWER%==9 (
614.     GOTO HOME
615. ) ELSE (
616.     SET ERRORFLAG==1
617.     GOTO ROOTKIT
618. )
619.  
620.  
621.  
622.  
623.  
624.  
625.  
626.  
627. :DLROGUE
628. Set dlvbsurl=http://solian.ca/sns/roguekiller.exe
629. Set dlvbsexe=roguekiller.exe
630. Set dlvbsreturn=DLROGUE
631. IF %DLFLAG%==0 GOTO DOWNLOADSCRIPT
632. cls
633. echo Downloading RogueKiller Anti-Malware. Please Wait...
634. START /W /REALTIME %temp%\dl.vbs
635. echo.
636. echo Opening installer... Please follow the prompts that appear on screen.
637. start /w /REALTIME %TEMP%\sns\roguekiller.exe
638. echo.
639. echo.
640. echo.
641. Set dlflag=0
642. GOTO ROOTKIT
643.  
644.  
645.  
646.  
647.  
648.  
649. :DLLCW
650. Set dlvbsurl=http://solian.ca/sns/listcwall.exe
651. Set dlvbsexe=listcwall.exe
652. Set dlvbsreturn=DLLCW
653. IF %DLFLAG%==0 GOTO DOWNLOADSCRIPT
654. cls
655. echo Downloading ListCWall Cryptowall Detector. Please Wait...
656. START /W /REALTIME %temp%\dl.vbs
657. echo.
658. echo Opening installer... Please follow the prompts that appear on screen.
659. start /w /REALTIME %TEMP%\sns\listcwall.exe
660. echo.
661. echo.
662. echo.
663. Set dlflag=0
664. GOTO ROOTKIT
665.  
666.  
667.  
668.  
669.  
670.  
671. :DLADW
672. Set dlvbsurl=http://solian.ca/sns/adwcleaner.exe
673. Set dlvbsexe=adwcleaner.exe
674. Set dlvbsreturn=DLADW
675. IF %DLFLAG%==0 GOTO DOWNLOADSCRIPT
676. cls
677. echo Downloading AdwCleaner Anti-Adware. Please Wait...
678. START /W /REALTIME %temp%\dl.vbs
679. echo.
680. echo Opening installer... Please follow the prompts that appear on screen.
681. start /w /REALTIME %TEMP%\sns\adwcleaner.exe
682. echo.
683. echo.
684. echo.
685. Set dlflag=0
686. GOTO ROOTKIT
687.  
688.  
689.  
690.  
691.  
692.  
693.  
694. :DLCOMBO
695. Set dlvbsurl=http://solian.ca/sns/combofix.exe
696. Set dlvbsexe=combofix.exe
697. Set dlvbsreturn=DLCOMBO
698. IF %DLFLAG%==0 GOTO DOWNLOADSCRIPT
699. cls
700. echo Downloading ComboFix Anti-Malware/Rootkit. Please Wait...
701. START /W /REALTIME %temp%\dl.vbs
702. echo.
703. echo.
704. echo Please save/close all files and programs before proceeding.
705. echo.
706. echo.
707. echo.
708. pause
709. echo Opening installer... Please follow the prompts that appear on screen.
710. start /w /REALTIME %TEMP%\sns\combofix.exe
711. cls
712. echo.
713. echo Please follow the instructions provided by ComboFix.
714. echo -Waiting 30s then terminating this script.
715. ping 127.0.0.1 -n 30>nul
716. exit.
717.  
718.  
719.  
720.  
721.  
722.  
723.  
724. :DLTDSS
725. Set dlvbsurl=http://solian.ca/sns/tdss.exe
726. Set dlvbsexe=tdss.exe
727. Set dlvbsreturn=DLTDSS
728. IF %DLFLAG%==0 GOTO DOWNLOADSCRIPT
729. cls
730. echo Downloading TDSSKiller Anti-Rootkit. Please Wait...
731. START /W /REALTIME %temp%\dl.vbs
732. echo.
733. echo Opening installer... Please follow the prompts that appear on screen.
734. start /w /REALTIME %TEMP%\sns\tdss.exe
735. echo.
736. echo.
737. echo.
738. Set dlflag=0
739. GOTO ROOTKIT
740.  
741.  
742.  
743.  
744.  
745.  
746.  
747. :DLRKILL
748. Set dlvbsurl=http://solian.ca/sns/rkill.exe
749. Set dlvbsexe=rkill.exe
750. Set dlvbsreturn=DLRKILL
751. IF %DLFLAG%==0 GOTO DOWNLOADSCRIPT
752. cls
753. echo Downloading rKill Anti-Rootkit. Please Wait...
754. START /W /REALTIME %temp%\dl.vbs
755. echo.
756. echo Opening installer... Please follow the prompts that appear on screen.
757. start /w /REALTIME %TEMP%\sns\rkill.exe
758. echo.
759. echo.
760. echo.
761. Set dlflag=0
762. GOTO ROOTKIT
763.  
764.  
765.  
766.  
767.  
768.  
769.  
770. :HOUSEKEEPING
771. cls
772. echo ---------------PC House Keeping---------------
773. echo.
774. echo 1. Remove all temporary folders and files
775. echo 2. Verify integrity of system files [sfc]
776. echo 3. Disk Cleanup
777. echo 4. Browser Cleanup (Resets to factory default)
778. echo 5. Power Efficiency Diagnostics Report
779. echo.
780. echo.
781. echo.
782. echo 9. back...
783. echo ---
784. echo.
785. SET /P ANSWER=Selection:
786. IF %ANSWER%==1 (
787.     GOTO TEMPCLEAN
788. ) ELSE IF %ANSWER%==2 (
789.     GOTO WINSFC
790. ) ELSE IF %ANSWER%==3 (
791.     GOTO WINCLEAN
792. ) ELSE IF %ANSWER%==4 (
793.         GOTO BROWSERS
794. ) ELSE IF %ANSWER%==5 (
795.     GOTO POWERCFG
796. ) ELSE IF %ANSWER%==9 (
797.     GOTO HOME
798. ) ELSE (
799.     GOTO HOUSEKEEPING
800. )
801.  
802.  
803.  
804.  
805. :POWERCFG
806. cls
807. echo.
808. echo Starting analysis...
809. powercfg -energy
810. echo.
811. echo.
812. echo Copying report...
813. copy C:\Windows\system32\energy-report.html %temp%\sns\energy-report.html /I
814. echo Opening report...
815. start iexplore.exe %temp%\sns\energy-report.html
816. echo.
817. echo.
818. pause
819. GOTO HOUSEKEEPING
820.  
821.  
822. :BROWSERS
823. cls
824. echo Removing temp internet files, history, cookies, etc.
825.  
826. REM Google Chrome
827. set DataDir=C:\Users\%USERNAME%\AppData\Local\Google\Chrome\User Data 2> nul
828. del /q /s /f "%DataDir%" 2> nul
829. rd /s /q "%DataDir%" 2> nul
830.  
831. REM Mozilla Firefox
832. set DataDir=C:\Users\%USERNAME%\AppData\Local\Mozilla\Firefox\Profiles 2> nul
833. del /q /s /f "%DataDir%" 2> nul
834. rd /s /q "%DataDir%" 2> nul
835. for /d %%x in (C:\Users\%USERNAME%\AppData\Roaming\Mozilla\Firefox\Profiles\*) do del /q /s /f %%x\*sqlite 2> nul
836.  
837. REM Opera
838. set DataDir=C:\Users\%USERNAME%\AppData\Local\Opera\Opera 2> nul
839. set DataDir2=C:\Users\%USERNAME%\AppData\Roaming\Opera\Opera 2> nul
840. del /q /s /f "%DataDir%" 2> nul
841. rd /s /q "%DataDir%" 2> nul
842. del /q /s /f "%DataDir2%" 2> nul
843. rd /s /q "%DataDir2%" 2> nul
844.  
845. REM Apple Safari
846. set DataDir=C:\Users\%USERNAME%\AppData\Local\Applec~1\Safari 2> nul
847. set DataDir2=C:\Users\%USERNAME%\AppData\Roaming\Applec~1\Safari 2> nul
848. del /q /s /f "%DataDir%\History" 2> nul
849. rd /s /q "%DataDir%\History" 2> nul
850. del /q /s /f "%DataDir%\Cache.db" 2> nul
851. del /q /s /f "%DataDir%\WebpageIcons.db" 2> nul
852. del /q /s /f "%DataDir2%" 2> nul
853. rd /s /q "%DataDir2%" 2> nul
854.  
855. REM Internet Explorer
856. RunDll32.exe InetCpl.cpl,ClearMyTracksByProcess 255 2> nul
857. RunDll32.exe InetCpl.cpl,ClearMyTracksByProcess 4351 2> nul
858.  
859. GOTO HOUSEKEEPING
860.  
861.  
862.  
863.  
864.  
865.  
866. :TEMPCLEAN
867. cls
868. ECHO Deleting temporary files
869. echo.
870. del %temp%\*.* /F /Q 2> nul
871. ECHO Deleting temporary directories
872. echo.
873. RMDIR /S /Q %temp%\ 2> nul
874. ECHO Cleaning Recycle Bin
875. echo.
876. rmdir /Q /S "C:\$RECYCLE.BIN" 2> nul
877. md %temp%\sns
878. echo.
879. echo.
880. echo.
881. pause
882. GOTO HOUSEKEEPING
883.  
884.  
885.  
886.  
887.  
888. :WINSFC
889. cls
890. sfc /scannow
891. echo.
892. echo.
893. echo.
894. echo ---
895. echo Exporting results from SFC to text.
896. findstr /c:"[SR]" %windir%\Logs\CBS\CBS.log >"%userprofile%\Desktop\sfcdetails.txt"
897. echo Location: %userprofile%\Desktop\sfcdetails.txt
898. echo.
899. pause
900. GOTO HOUSEKEEPING
901.  
902.  
903.  
904.  
905.  
906. :WINCLEAN
907. REM Cleaning blank space on hard drive. this may take a while. using 3rd party microsoft program, not through batch file.
908. cls
909. echo Launching windows disk cleanup. Please wait.
910. c:\windows\system32\cleanmgr.exe /lowdiskspace >nul
911. echo.
912. echo.
913. echo.
914. echo ---
915. pause
916. GOTO HOUSEKEEPING
917.  
918.  
919.  
920.  
921. :DOWNLOADS2
922. cls
923. echo ---------------DOWNLOADS---------------
924. echo Note: All downloads are installers unless otherwise specified
925. echo.
926. echo.
927. echo 1. Mozilla FireFox Browser
928. echo 2. Real VNC Enterprise
929. echo 3. PuTTY Telnet/SSH Client
930. echo 4. Ammyy Admin [portable]
931. echo 5. FileZilla FTP Client
932. echo 6. Procmon [portable]
933. echo 7. Wireshark
934. echo.
935. echo.
936. echo.
937. echo 9. Back...
938. echo ---
939. echo.
940. SET /P ANSWER=Selection:
941. IF %ANSWER%==1 GOTO DLFIREFOX
942. IF %ANSWER%==2 GOTO DLVNC
943. IF %ANSWER%==3 GOTO PUTTY
944. IF %ANSWER%==4 GOTO DLAMMYY
945. IF %ANSWER%==5 GOTO DLFZ
946. IF %ANSWER%==6 GOTO DLPROCMON
947. IF %ANSWER%==7 GOTO DLSHARK
948. IF %ANSWER%==9 GOTO DOWNLOADS
949.  
950.  
951. :DLSHARK
952. Set dlvbsurl=http://solian.ca/sns/wireshark.exe
953. Set dlvbsexe=wireshark.exe
954. Set dlvbsreturn=DLSHARK
955. IF %DLFLAG%==0 GOTO DOWNLOADSCRIPT
956. cls
957. echo Downloading WireShark Packet Tracer/Sniffer. Please Wait...
958. START /W /REALTIME %temp%\dl.vbs
959. echo.
960. echo Opening installer... Please follow the prompts that appear on screen.
961. start /w /REALTIME %TEMP%\sns\wireshark.exe
962. echo.
963. echo.
964. echo.
965. Set dlflag=0
966. GOTO HOME
967.  
968.  
969. :DLPROCMON
970. Set dlvbsurl=http://solian.ca/sns/procmon.exe
971. Set dlvbsexe=procmon.exe
972. Set dlvbsreturn=DLPROCMON
973. IF %DLFLAG%==0 GOTO DOWNLOADSCRIPT
974. cls
975. echo Downloading Procmon Process Analyzer. Please Wait...
976. START /W /REALTIME %temp%\dl.vbs
977. echo.
978. echo Opening installer... Please follow the prompts that appear on screen.
979. start /w /REALTIME %TEMP%\sns\procmon.exe
980. echo.
981. echo.
982. echo.
983. Set dlflag=0
984. GOTO HOME
985.  
986.  
987. :DLFZ
988. Set dlvbsurl=http://solian.ca/sns/filezilla.exe
989. Set dlvbsexe=filezilla.exe
990. Set dlvbsreturn=DLFZ
991. IF %DLFLAG%==0 GOTO DOWNLOADSCRIPT
992. cls
993. echo Downloading FileZilla FTP Client. Please Wait...
994. START /W /REALTIME %temp%\dl.vbs
995. echo.
996. echo Opening installer... Please follow the prompts that appear on screen.
997. start /w /REALTIME %TEMP%\sns\filezilla.exe
998. echo.
999. echo.
1000. echo.
1001. Set dlflag=0
1002. GOTO HOME
1003.  
1004.  
1005.  
1006. :DLAMMYY
1007. Set dlvbsurl=http://solian.ca/sns/ammyy.exe
1008. Set dlvbsexe=ammyy.exe
1009. Set dlvbsreturn=DLAMMYY
1010. IF %DLFLAG%==0 GOTO DOWNLOADSCRIPT
1011. cls
1012. echo Downloading Ammyy Admin Remote Desktop Software. Please Wait...
1013. START /W /REALTIME %temp%\dl.vbs
1014. echo.
1015. echo Opening installer... Please follow the prompts that appear on screen.
1016. start /w /REALTIME %TEMP%\sns\ammyy.exe
1017. echo.
1018. echo.
1019. echo.
1020. Set dlflag=0
1021. GOTO HOME
1022.  
1023.  
1024.  
1025.  
1026. :DOWNLOADS
1027. cls
1028. echo ---------------DOWNLOADS---------------
1029. echo Note: All downloads are installers unless otherwise specified
1030. echo.
1031. echo.
1032. echo 1. Teamviewer 10
1033. echo 2. Skype
1034. echo 3. CCleaner
1035. echo 4. Java SE Version 8 Rev 45
1036. echo 5. Adobe Flash Player
1037. echo 6. Adobe Reader DC
1038. echo 7. Google Chrome Browser
1039. echo.
1040. echo.
1041. echo 8. Next page...
1042. echo.
1043. echo.
1044. echo 9. Home...
1045. echo ---
1046. echo.
1047. SET /P ANSWER=Selection:
1048. IF %ANSWER%==1 GOTO DLTV
1049. IF %ANSWER%==2 GOTO DLSKYPE
1050. IF %ANSWER%==3 GOTO DLCCLEANER
1051. IF %ANSWER%==4 GOTO DLJAVA
1052. IF %ANSWER%==5 GOTO DLFLASH
1053. IF %ANSWER%==6 GOTO DLREADER
1054. IF %ANSWER%==7 GOTO DLCHROME
1055. IF %ANSWER%==8 GOTO DOWNLOADS2
1056. IF %ANSWER%==9 GOTO HOME
1057.  
1058.  
1059.  
1060. :DLVNC
1061. Set dlvbsurl=http://solian.ca/sns/VNC_Enterprise_v451.exe
1062. Set dlvbsexe=VNC_Enterprise_v451.exe
1063. Set dlvbsreturn=DLVNC
1064. IF %DLFLAG%==0 GOTO DOWNLOADSCRIPT
1065. cls
1066. echo Downloading Real VNC Enterprise v451. Please Wait...
1067. START /W /REALTIME %temp%\dl.vbs
1068. echo.
1069. echo Opening installer... Please follow the prompts that appear on screen.
1070. start /w /REALTIME %TEMP%\sns\VNC_Enterprise_v451.exe
1071. echo.
1072. echo.
1073. echo.
1074. Set dlflag=0
1075. GOTO DOWNLOADS
1076.  
1077.  
1078.  
1079.  
1080. :DLSKYPE
1081. Set dlvbsurl=http://solian.ca/sns/SkypeSetup.exe
1082. Set dlvbsexe=SkypeSetup.exe
1083. Set dlvbsreturn=DLSKYPE
1084. IF %DLFLAG%==0 GOTO DOWNLOADSCRIPT
1085. cls
1086. echo Downloading Skype for Windows Desktop. Please Wait...
1087. START /W /REALTIME %temp%\dl.vbs
1088. echo.
1089. echo Opening installer... Please follow the prompts that appear on screen.
1090. start /w /REALTIME %TEMP%\sns\SkypeSetup.exe
1091. echo.
1092. echo.
1093. echo.
1094. Set dlflag=0
1095. GOTO DOWNLOADS
1096.  
1097.  
1098.  
1099.  
1100. :DLTV
1101. Set dlvbsurl=http://solian.ca/sns/TeamViewer_Setup_en.exe
1102. Set dlvbsexe=TeamViewer_Setup_en.exe
1103. Set dlvbsreturn=DLTV
1104. IF %DLFLAG%==0 GOTO DOWNLOADSCRIPT
1105. cls
1106. echo Downloading TeamViewer 10. Please Wait...
1107. START /W /REALTIME %temp%\dl.vbs
1108. echo.
1109. echo Opening installer... Please follow the prompts that appear on screen.
1110. start /w /REALTIME %TEMP%\sns\TeamViewer_Setup_en.exe
1111. echo.
1112. echo.
1113. echo.
1114. Set dlflag=0
1115. GOTO DOWNLOADS
1116.  
1117.  
1118.  
1119.  
1120.  
1121.  
1122. :DLCHROME
1123. Set dlvbsurl=http://solian.ca/sns/ChromeStandaloneSetup.exe
1124. Set dlvbsexe=ChromeStandaloneSetup.exe
1125. Set dlvbsreturn=DLCHROME
1126. IF %DLFLAG%==0 GOTO DOWNLOADSCRIPT
1127. cls
1128. echo Downloading Google Chrome Web Browser. Please Wait...
1129. START /W /REALTIME %temp%\dl.vbs
1130. echo.
1131. echo Opening installer... Please follow the prompts that appear on screen.
1132. start /w /REALTIME %TEMP%\sns\ChromeStandaloneSetup.exe
1133. echo.
1134. echo.
1135. echo.
1136. Set dlflag=0
1137. GOTO DOWNLOADS
1138.  
1139.  
1140.  
1141.  
1142.  
1143.  
1144. :DLFIREFOX
1145. Set dlvbsurl=http://solian.ca/sns/Firefox.exe
1146. Set dlvbsexe=Firefox.exe
1147. Set dlvbsreturn=DLFIREFOX
1148. IF %DLFLAG%==0 GOTO DOWNLOADSCRIPT
1149. cls
1150. echo Downloading Mozilla FireFox Web Browser. Please Wait...
1151. START /W /REALTIME %temp%\dl.vbs
1152. echo.
1153. echo Opening installer... Please follow the prompts that appear on screen.
1154. start /w /REALTIME %TEMP%\sns\Firefox.exe
1155. echo.
1156. echo.
1157. echo.
1158. Set dlflag=0
1159. GOTO DOWNLOADS
1160.  
1161.  
1162.  
1163.  
1164.  
1165.  
1166. :DLFLASH
1167. cls
1168. echo Opening download link to Adobe Flash Player 18.
1169. ping 127.0.0.1 >nul
1170. start iexplore "https://get.adobe.com/flashplayer/"
1171. GOTO DOWNLOADS
1172.  
1173.  
1174.  
1175.  
1176.  
1177. :DLREADER
1178. cls
1179. echo Opening download link to Adobe Reader DC.
1180. ping 127.0.0.1 >nul
1181. start iexplore "https://get.adobe.com/reader/"
1182. GOTO DOWNLOADS
1183.  
1184.  
1185.  
1186. :DLJAVA
1187. cls
1188. echo Opening download link to Java Version 8.
1189. ping 127.0.0.1 >nul
1190. start iexplore https://www.java.com/inc/BrowserRedirect1.jsp?locale=en
1191. GOTO DOWNLOADS
1192.  
1193.  
1194.  
1195.  
1196.  
1197. :DLMBAE
1198. Set dlvbsurl=http://solian.ca/sns/mbae.exe
1199. Set dlvbsexe=mbae.exe
1200. Set dlvbsreturn=DLMBAE
1201. IF %DLFLAG%==0 GOTO DOWNLOADSCRIPT
1202. cls
1203. echo Downloading MalwareBytes Anti-Expoit. Please Wait...
1204. START /W /REALTIME %temp%\dl.vbs
1205. echo.
1206. echo Opening installer... Please follow the prompts that appear on screen.
1207. start /w /REALTIME %TEMP%\sns\mbae.exe
1208. echo.
1209. echo.
1210. echo.
1211. Set dlflag=0
1212. GOTO DOWNLOADS
1213.  
1214.  
1215.  
1216.  
1217.  
1218. :DLCCLEANER
1219. Set dlvbsurl=http://solian.ca/sns/ccsetup508.exe
1220. Set dlvbsexe=ccsetup504.exe
1221. Set dlvbsreturn=DLCCLEANER
1222. IF %DLFLAG%==0 GOTO DOWNLOADSCRIPT
1223. cls
1224. echo Downloading CCleaner 5.08. Please Wait...
1225. START /W /REALTIME %temp%\dl.vbs
1226. echo.
1227. echo Opening installer... Please follow the prompts that appear on screen.
1228. start /w /REALTIME %TEMP%\sns\ccsetup508.exe
1229. echo.
1230. echo.
1231. echo.
1232. Set dlflag=0
1233. GOTO DOWNLOADS
1234.  
1235.  
1236.  
1237.  
1238.  
1239. :DLMBAM
1240. Set dlvbsurl=http://solian.ca/sns/mbam.exe
1241. Set dlvbsexe=mbam.exe
1242. Set dlvbsreturn=DLMBAM
1243. IF %DLFLAG%==0 GOTO DOWNLOADSCRIPT
1244. cls
1245. echo Downloading MalwareBytes Anti-Malware. Please Wait...
1246. START /W /REALTIME %temp%\dl.vbs
1247. echo.
1248. echo Opening installer... Please follow the prompts that appear on screen.
1249. start /w /REALTIME %TEMP%\sns\mbam.exe
1250. echo.
1251. echo.
1252. echo.
1253. Set dlflag=0
1254. GOTO ROOTKIT
1255.  
1256.  
1257.  
1258.  
1259.  
1260. :DLMSE
1261. cls
1262. If %ARCH% == 32 (
1263.     Set dlvbsurl=http://solian.ca/sns/mse_x86.exe
1264.     Set dlvbsexe=mse_x86.exe
1265.     Set dlvbsreturn=DLMSE
1266.     IF %DLFLAG%==0 GOTO DOWNLOADSCRIPT
1267.     cls
1268.     echo Downloading Microsoft Security Essentials x86. Please Wait...
1269.     START /W /REALTIME %temp%\dl.vbs
1270.     echo.
1271.     echo Opening installer... Please follow the prompts that appear on screen.
1272.     start /w /REALTIME %TEMP%\sns\mse_x86.exe
1273.     Set dlflag=0
1274.     GOTO AV
1275. ) ELSE (
1276.     Set dlvbsurl=http://solian.ca/sns/mse_x64.exe
1277.     Set dlvbsexe=mse_x64.exe
1278.     Set dlvbsreturn=DLMSE
1279.     IF %DLFLAG%==0 GOTO DOWNLOADSCRIPT
1280.     cls
1281.     echo Downloading Microsoft Security Essentials x64. Please Wait...
1282.     START /W /REALTIME %temp%\dl.vbs
1283.     echo.
1284.     echo Opening installer... Please follow the prompts that appear on screen.
1285.     start /w /REALTIME %TEMP%\sns\mse_x64.exe
1286.     Set dlflag=0
1287.     GOTO AV
1288. )
1289. GOTO HOME
1290.  
1291.  
1292.  
1293.  
1294.  
1295.  
1296. :TCP
1297. cls
1298. echo.
1299. echo ---resetting tcp connections
1300. echo.
1301. netsh interface tcp reset >nul
1302. echo ---resetting https tunnels
1303. echo.
1304. netsh interface httpstunnel reset >nul
1305. echo ---resetting portproxy settings
1306. echo.
1307. netsh interface portproxy reset >nul
1308. echo ---resetting ip interfaces
1309. echo.
1310. netsh int ip reset >nul
1311. echo ---resetting winsock catalog
1312. echo.
1313. netsh winsock reset >nul
1314. echo ---flushing log buffer
1315. echo.
1316. netsh http flush logbuffer >nul
1317. echo ---flushing dns
1318. echo.
1319. ipconfig /flushdns >nul
1320. echo ---registering new dns
1321. echo.
1322. ipconfig /registerdns >nul
1323. echo ---releasing dynamic ip
1324. ipconfig /release >nul
1325. echo      ---waiting 10s for complete release.
1326. ping 127.0.0.1 -n 10 >nul
1327. echo ---renewing dynamic ip
1328. ipconfig /renew >nul
1329. GOTO HOME
1330.  
1331.  
1332.  
1333.  
1334.  
1335. :TOOLBAR
1336. cls
1337. echo.
1338. echo.
1339. echo Please close browsers before continuing.
1340. echo.
1341. echo.
1342. echo.
1343. echo.
1344. echo.
1345. pause
1346. cls
1347. echo.
1348. echo ---Killing browsers
1349. echo.
1350.  
1351. taskkill /f /im iexplore.exe /im firefox.exe /im chrome.exe 2> nul
1352.  
1353. echo.
1354. echo ---Removing Live Modules
1355. echo.
1356.  
1357. REM removing Live Mesh
1358. start /wait msiexec.exe /x {DECDCB7C-58CC-4865-91AF-627F9798FE48} /quiet /norestart 2> nul
1359.  
1360. REM removing Live Mesh ActiveX
1361. start /wait msiexec.exe /x {2902F983-B4C1-44BA-B85D-5C6D52E2C441} /quiet /norestart 2> nul
1362.  
1363. REM removing Live Messager
1364. start /wait msiexec.exe /x {EB4DF488-AAEF-406F-A341-CB2AAA315B90} /quiet /norestart 2> nul
1365.  
1366. REM removing Cisco EAP Fast Modules
1367. start /wait msiexec.exe /x {64bf0187-f3d2-498b-99ea-163af9ae6ec9} /qn /norestart 2> nul
1368.  
1369. REM removing Cisco LEAP Module
1370. start /wait msiexec.exe /x {51c7ad07-c3f6-4635-8e8a-231306d810fe} /qn /norestart 2> nul
1371.  
1372. REM removing Cisco PEAP Module
1373. start /wait msiexec.exe /x {ed5776d5-59b4-46b7-af81-5f2d94d7c640} /qn /norestart 2> nul
1374.  
1375. REM removing Energy Star
1376. start /wait msiexec.exe /x {bd1a34c9-4764-4f79-ae1f-112f8c89d3d4} /qn /norestart 2> nul
1377.  
1378. REM removing Evernote
1379. start /wait msiexec.exe /x {f761359c-9ced-45ae-9a51-9d6605cd55c4} /qn /norestart 2> nul
1380.  
1381. REM removing Winzip
1382. start /wait msiexec.exe /x {cd95f661-a5c4-44f5-a6aa-ecdd91c240bd} /qn /norestart 2> nul
1383.  
1384. REM removing SQL Compact
1385. start /wait msiexec.exe /x {f0b430d1-b6aa-473d-9b06-aa3dd01fd0b8} /qn /norestart 2> nul
1386.  
1387. echo.
1388. echo ---Uninstalling known malware/adware toolbars and PUPs
1389. echo.
1390.  
1391.  
1392. REM removing RegClean Pro
1393. "C:\Program Files (x86)\RegClean Pro\unins000.exe" /silent 2> nul
1394. "C:\Program Files\RegClean Pro\unins000.exe" /silent 2> nul
1395.  
1396. REM removing Registry Mechanic
1397. "C:\Program Files\PC Tools Registry Mechanic\unins000.exe" /SILENT 2> nul
1398. "C:\Program Files (x86)\PC Tools Registry Mechanic\unins000.exe" /SILENT 2> nul
1399.  
1400. REM removing Arcade Candy
1401. "%UserProfile%\Local Settings\Application Data\ArcadeCandy\candyRemove.exe" 2> nul
1402.  
1403. REM removing PriceGong
1404. "C:\Program Files\PriceGong\Uninst.exe" 2> nul
1405. "C:\Program Files (x86)\PriceGong\Uninst.exe" 2> nul
1406.  
1407. REM removing Smart Shopper
1408. "C:\Program Files\ShopperReports3\bin\3.0.491.0\ShopperReportsUninstaller.exe" Web 2> nul
1409. "C:\Program Files (x86)\ShopperReports3\bin\3.0.491.0\ShopperReportsUninstaller.exe" Web 2> nul
1410.  
1411. REM removing Select Rebates
1412. "C:\Program Files\SelectRebates\SelectRebatesUninstall.exe" 2> nul
1413. "C:\Program Files (x86)\SelectRebates\SelectRebatesUninstall.exe" 2> nul
1414.  
1415. REM vGrabber-software
1416. "C:\Program Files (x86)\vGrabber-software\Uninstall.exe" 2> nul
1417. "C:\Program Files\vGrabber-software\Uninstall.exe" 2> nul
1418.  
1419. "C:\PROGRA~1\FROMDO~1\bar\1.bin\unins000.exe" 2> nul
1420. "C:\Program Files\TweakBit\PCSpeedUp\unins000.exe" 2> nul
1421. "C:\Program Files\VS Revo Group\Revo Uninstaller Pro\unins000.exe" 2> nul
1422. "C:\Program Files (x86)\Super Optimizer\unins000.exe" 2> nul
1423. "C:\Program Files (x86)\Optimizer Pro 3.56\unins000.exe" 2> nul
1424. "C:\Program Files (x86)\WildTangent Games\App\unins000.exe" 2> nul
1425. "C:\Program Files (x86)\Infonaut_1.10.0.14\Service\insvc.exe -uninstall" 2> nul
1426. "C:\Program Files\015\lxrrlxtleh32\unins000.exe" 2> nul
1427. "C:\Program Files (x86)\VideoDownloadConverter_4zEI\unins000.exe" 2> nul
1428. "C:\Program Files\VideoDownloadConverter_4zEI" 2> nul
1429. "C:\Program Files (x86)\Tuneup computer\unins000.exe" 2> nul
1430. "C:\Program Files (x86)\Portable WeatherApp\unins000.exe" 2> nul
1431.  
1432.  
1433. echo.
1434. echo ---Removing mainstream toolbars
1435. echo.
1436.  
1437. REM removing Ask Toolbar
1438. "C:\Program Files\Ask.com\Updater\Updater.exe" -uninstall 2> nul
1439. "C:\Program Files (x86)\Ask.com\Updater\Updater.exe" -uninstall 2> nul
1440. start /wait msiexec.exe /x {13F537F0-AF09-11D6-9029-0002B31F9E59} /qn /norestart 2> nul
1441. start /wait msiexec.exe /x {2318C2B1-4965-11D4-9B18-009027A5CD4F} /qn /norestart 2> nul
1442. start /wait msiexec.exe /x {2E5E800E-6AC0-411E-940A-369530A35E43} /qn /norestart 2> nul
1443. start /wait msiexec.exe /x {4E7BD74F-2B8D-469E-C0FB-F778B590AD7D} /qn /norestart 2> nul
1444. start /wait msiexec.exe /x {5A263CF7-56A6-4D68-A8CF-345BE45BC911} /qn /norestart 2> nul
1445. start /wait msiexec.exe /x {86D4B82A-ABED-442A-BE86-96357B70F4FE} /qn /norestart 2> nul
1446. start /wait msiexec.exe /x {AA58ED58-01DD-4D91-8333-CF10577473F7} /qn /norestart 2> nul
1447. start /wait msiexec.exe /x {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} /qn /norestart 2> nul
1448. start /wait msiexec.exe /x {D4027C7F-154A-4066-A1AD-4243D8127440} /qn /norestart 2> nul
1449. start /wait msiexec.exe /x {EF99BD32-C1FB-11D2-892F-0090271D4F88} /qn /norestart 2> nul
1450. start /wait MsiExec.exe /X {4152532D-4D45-4400-76A7-A758B70C0A06} /qn /norestart 2> nul
1451. start /wait MsiExec.exe /X {41525333-2D56-3700-76A7-A758B70C0300} /qn /norestart 2> nul
1452. start /wait MsiExec.exe /X {41525333-0076-A76A-76A7-A758B70C0A02} /qn /norestart 2> nul
1453. start /wait MsiExec.exe /X {4F524A2D-5637-4300-76A7-A758B70C0A03} /qn /norestart 2> nul
1454. start /wait msiexec.exe /x {42435041-2d53-4154-00a7-a758b70b0a00} /qn /norestart 2> nul
1455.  
1456. REM Bing/Windows Live Bar Removal
1457. Start /wait msiexec.exe /x {C28D96C0-6A90-459E-A077-A6706F4EC0FC} /qn /norestart 2> nul
1458. Start /wait MsiExec.exe /X {786C4AD1-DCBA-49A6-B0EF-B317A344BD66} /qn /norestart 2> nul
1459. Start /wait MsiExec.exe /X {A5C4AD72-25FE-4899-B6DF-6D8DF63C93CF} /qn /norestart 2> nul
1460. Start /wait MsiExec.exe /X {341201D4-4F61-4ADB-987E-9CCE4D83A58D} /qn /norestart 2> nul
1461. Start /wait MsiExec.exe /X {F084395C-40FB-4DB3-981C-B51E74E1E83D} /qn /norestart 2> nul
1462. Start /wait MsiExec.exe /X {D5A145FC-D00C-4F1A-9119-EB4D9D659750} /qn /norestart 2> nul
1463. start /wait msiexec.exe /x {1e03db52-d5cb-4338-a338-e526dd4d4db1} /qn /norestart 2> nul
1464.  
1465. REM Remove AOL Toolbar
1466. "C:\Program Files\AOL\AOL Toolbar 4.0\uninstall.exe" 2> nul
1467. "C:\Program Files (x86)\AOL\AOL Toolbar 4.0\uninstall.exe" 2> nul
1468. "C:\Program Files\AOL\AOL Toolbar 5.0\uninstall.exe" 2> nul
1469. "C:\Program Files (x86)\AOL\AOL Toolbar 5.0\uninstall.exe" 2> nul
1470.  
1471. REM Remove Yahoo Toolbar
1472. "C:\Program Files\Yahoo!\Common\unyt.exe" /S 2> nul
1473. RD "C:\Program Files\Yahoo!\" /S /Q 2> nul
1474. "C:\Program Files (x86)\Yahoo!\Common\unyt.exe" 2> nul
1475. RD "C:\Program Files (x86)\Yahoo!\" /S /Q 2> nul
1476.  
1477. echo.
1478. echo ---Removing junk toolbars
1479. echo.
1480.  
1481. REM DVDVideosoftTBToolbar
1482. "C:\Program Files\DVDVideoSoftTB\uninstall.exe" 2> nul
1483. "C:\Program Files (x86)\DVDVideoSoftTB\uninstall.exe" 2> nul
1484.  
1485. REM removing PDForge Toolbar V6
1486. Start /Wait MsiExec.exe /X{96B3C2A3-ADD6-4E63-89D3-1E3AC115D3FA} /qn /norestart 2> nul
1487.  
1488. REM Virtual DJ Toolbar
1489. start /wait MsiExec.exe /X{56444A2D-5637-006A-76A7-A758B70C0A06} /qn /norestart 2> nul
1490.  
1491. REM AVG Toolbars
1492. "C:\Program Files\AVG SafeGuard toolbar\UNINSTALL.exe" /PROMPT /UNINSTALL 2> nul
1493. "C:\Program Files\AVG Secure Search\UNINSTALL.exe" /PROMPT /UNINSTALL 2> nul
1494. "C:\Program Files (x86)\AVG SafeGuard toolbar\UNINSTALL.exe" /PROMPT /UNINSTALL 2> nul
1495. "C:\Program Files (x86)\AVG Secure Search\UNINSTALL.exe" /PROMPT /UNINSTALL 2> nul
1496.  
1497. REM BT Toolbar
1498. "C:\Program Files (x86)\bttb\uninstall.exe" 2> nul
1499. "C:\Program Files\bttb\uninstall.exe" 2> nul
1500.  
1501. REM Buenosearch Toolbar
1502. "C:\Program Files (x86)\buenosearch LTD\buenosearch\1.8.28.7\GUninstaller.exe" -uprtc -ask "Bueno Toolbar" -rmbus "buenosearch toolbar" -nontfy -key "buenosearch" 2> nul
1503. "C:\Program Files\buenosearch LTD\buenosearch\1.8.28.7\GUninstaller.exe" -uprtc -ask "Bueno Toolbar" -rmbus "buenosearch toolbar" -nontfy -key "buenosearch" 2> nul
1504.  
1505. REM removing Xobi
1506. "C:\Program Files (x86)\Xobni\UninstallerWizard.exe" -uninstall 2> nul
1507. "C:\Program Files\Xobni\UninstallerWizard.exe" -uninstall 2> nul
1508.  
1509. REM Browser Defender
1510. "C:\ProgramData\BrowserDefender\2.6.1562.221\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\uninstall.exe" /Uninstall /{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693} /su=3a6664ea8d80382b /um 2> nul
1511.  
1512. REM Search Protect by Conduit
1513. "C:\Program Files\SearchProtect\bin\uninstall.exe" /S 2> nul
1514. "C:\Program Files (x86)\SearchProtect\bin\uninstall.exe" /S 2> nul
1515.  
1516. REM SearchFlyBar2 Toolbar
1517. "C:\Program Files\SearchFlyBar2\uninstall.exe" toolbar 2> nul
1518. "C:\Program Files (x86)\SearchFlyBar2\uninstall.exe" toolbar 2> nul
1519.  
1520. REM FLV Runner Toolbar
1521. "C:\Program Files\FLV_Runner\uninstall.exe" toolbar 2> nul
1522. "C:\Program Files (x86)\FLV_Runner\uninstall.exe" toolbar 2> nul
1523. "C:\Program Files\FLV_Runner_B2\uninstall.exe" toolbar 2> nul
1524. "C:\Program Files (x86)\FLV_Runner_B2\uninstall.exe" toolbar 2> nul
1525. "C:\Program Files\Begin-download_FLV_B2\uninstall.exe" toolbar 2> nul
1526. "C:\Program Files (x86)\Begin-download_FLV_B2\uninstall.exe" toolbar 2> nul
1527.  
1528. REM xVidly4 Toolbar
1529. "C:\Program Files\xvidly4\uninstall.exe" toolbar 2> nul
1530. "C:\Program Files (x86)\xvidly4\uninstall.exe" toolbar 2> nul
1531.  
1532. REM BitTorrentControl_v12 Toolbar
1533. "C:\Program Files (x86)\BitTorrentControl_v12\uninstall.exe" toolbar 2> nul
1534. "C:\Program Files\BitTorrentControl_v12\uninstall.exe" toolbar 2> nul
1535.  
1536. REM Whittesmoke Toolbar
1537. "C:\Program Files (x86)\WhiteSmoke_New\uninstall.exe" toolbar 2> nul
1538. "C:\Program Files\WhiteSmoke_New\uninstall.exe" toolbar 2> nul
1539.  
1540. REM Easyfundraising Toolbar
1541. "C:\Program Files (x86)\easyfundraising toolbar\tbunsy24A.tmp\uninstaller.exe" 2> nul
1542. "C:\Program Files\easyfundraising toolbar\tbunsy24A.tmp\uninstaller.exe" 2> nul
1543.  
1544. REM Inbox Toolbar
1545. "C:\Program Files\Inbox Toolbar\unins000.exe" /silent 2> nul
1546. "C:\Program Files (x86)\Inbox Toolbar\unins000.exe" /silent 2> nul
1547.  
1548. REM ALOT Toolbar
1549. "C:\Program Files\alot\alotUninst.exe" 2> nul
1550. "C:\Program Files (x86)\alot\alotUninst.exe" 2> nul
1551.  
1552. REM browserTweeks Toolbar
1553. "C:\Program Files\BrowserTweaks\IEScreenshot\unins000.exe" /silent 2> nul
1554. "C:\Program Files (x86)\BrowserTweaks\IEScreenshot\unins000.exe" /silent 2> nul
1555.  
1556. REM Chatzum Toolbar
1557. "C:\Program Files (x86)\ChatZum Toolbar\tbunsb9EE4.tmp\uninstaller.exe" 2> nul
1558. "C:\Program Files\ChatZum Toolbar\tbunsb9EE4.tmp\uninstaller.exe" 2> nul
1559.  
1560. REM Data Toolbar 2.3.2
1561. msiexec.exe /x{39238ce4-f7e3-4289-820d-4575907a2cad} /qn 2> nul
1562.  
1563. REM Facemoods Toolbar
1564. "C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.11\uninstall.exe" 2> nul
1565. "C:\Program Files\facemoods.com\facemoods\1.4.17.11\uninstall.exe" 2> nul
1566.  
1567. REM Free_Game_ Bar_2
1568. "C:\Program Files\Free_Game_Bar_2\uninstall.exe" 2> nul
1569. "C:\Program Files (x86)\Free_Game_Bar_2\uninstall.exe" 2> nul
1570.  
1571. REM Games Bar A Toolbar
1572. "C:\Program Files\Games_Bar_A\uninstall.exe" toolbar 2> nul
1573. "C:\Program Files (x86)\Games_Bar_A\uninstall.exe" toolbar 2> nul
1574.  
1575. REM FromDoctoPDF Chrome Toolbar
1576. "C:\Program Files\FromDocToPDF_65 Chrome Extension\bar\FromDocToPDFCrxSetup.F5979297-4067-4543-81F5-9A037A2C173B.exe /u mindsparktoolbarkey='FromDocToPDF_65 Chrome Extension'" 2> nul
1577. "C:\Program Files (x86)\FromDocToPDF_65 Chrome Extension\bar\FromDocToPDFCrxSetup.F5979297-4067-4543-81F5-9A037A2C173B.exe /u mindsparktoolbarkey='FromDocToPDF_65 Chrome Extension'" 2> nul
1578.  
1579. REM Incredibar Toolbar for IE
1580. "C:\Program Files\Incredibar.com\incredibar\1.5.11.14\uninstall.exe" 2> nul
1581. "C:\Program Files\IncrediMail_MediaBar_2\uninstall.exe" toolbar 2> nul
1582. "C:\Program Files (x86)\Incredibar.com\incredibar\1.5.11.14\uninstall.exe" 2> nul
1583. "C:\Program Files (x86)\IncrediMail_MediaBar_2\uninstall.exe" toolbar 2> nul
1584.  
1585. REM IE Toolbar 4.6 by Sweetpacks
1586. msiexec.exe /x{c3e85ee9-5892-4142-b537-bceb3dac4c3d} /qn 2> nul
1587.  
1588. REM IsoBuster Toolbar
1589. "C:\Program Files\IsoBuster\uninstall.exe" toolbar 2> nul
1590. "C:\Program Files (x86)\IsoBuster\uninstall.exe" toolbar 2> nul
1591.  
1592. REM NCH Toolbar
1593. "C:\Program Files\NCH\uninstall.exe" 2> nul
1594. "C:\Program Files (x86)\NCH\uninstall.exe" 2> nul
1595.  
1596. REM Nectar Search Toolbars
1597. "C:\Program Files\Nectar Search Toolbar\Uninst.exe" 2> nul
1598. "C:\Program Files (x86)\Nectar Search Toolbar\Uninst.exe" 2> nul
1599.  
1600. REM Winzip Bar
1601. "C:\Program Files\WinZipBar\uninstall.exe" 2> nul
1602. "C:\Program Files (x86)\WinZipBar\uninstall.exe" 2> nul
1603.  
1604. REM PageRank Toolbar
1605. "C:\Program Files\PageRage\uninstall.exe" 2> nul
1606. "C:\Program Files (X86)\PageRage\uninstall.exe" 2> nul
1607.  
1608. REM Radio TV 2.1 Toolbar
1609. "C:\Program Files\Radio_TV_2.1\uninstall.exe" 2> nul
1610. "C:\Program Files (x86)\Radio_TV_2.1\uninstall.exe" 2> nul
1611.  
1612. REM TV Bar 2 B Toolbar
1613. "C:\Program Files (x86)\TV_Bar_2_B\uninstall.exe" 2> nul
1614. "C:\Program Files\TV_Bar_2_B\uninstall.exe" 2> nul
1615.  
1616. REM Radio Bar 1 Toolbar
1617. "C:\Program Files\Radio_Bar_1\uninstall.exe" 2> nul
1618. "C:\Program Files (x86)\Radio_Bar_1\uninstall.exe" 2> nul
1619.  
1620. REM StartNow Toolbar
1621. "C:\Program Files (x86)\StartNow Toolbar\StartNowToolbarUninstall.exe" 2> nul
1622. "C:\Program Files\StartNow Toolbar\StartNowToolbarUninstall.exe" 2> nul
1623.  
1624. REM Search Results Toolbar
1625. "C:\Program Files (x86)\searchresults1\uninstall.exe" 2> nul
1626. "C:\Program Files\searchresults1\uninstall.exe" 2> nul
1627.  
1628. REM Search-Results Toolbar
1629. C:\PROGRA~1\SEARCH~1\Datamngr\SRTOOL~1\uninstall.exe 2> nul
1630. C:\PROGRA~2\SEARCH~1\Datamngr\SRTOOL~1\uninstall.exe 2> nul
1631.  
1632. REM SearchQU Toolbar
1633. "C:\Program Files\Searchqu Toolbar\uninstall.exe" 2> nul
1634. "C:\Program Files (x86)\Searchqu Toolbar\uninstall.exe" 2> nul
1635. "C:\Program Files (x86)\Windows searchqu Toolbar\uninstall.exe" 2> nul
1636. "C:\Program Files\Windows searchqu Toolbar\uninstall.exe" 2> nul
1637.  
1638. REM Stumbleupon Toolbar
1639. "C:\Program Files (x86)\StumbleUpon\uninstall.exe" 2> nul
1640. "C:\Program Files\StumbleUpon\uninstall.exe" 2> nul
1641.  
1642. REM SmilboxEN Toolbar
1643. "C:\Program Files (x86)\SmileBox_EN\uninstall.exe" 2> nul
1644. "C:\Program Files\SmileBox_EN\uninstall.exe" 2> nul
1645.  
1646. REM Utorrent Toolbar
1647. "C:\Program Files\uTorrentBar\uninstall.exe" 2> nul
1648. "C:\Program Files (x86)\uTorrentBar\uninstall.exe" 2> nul
1649.  
1650. REM WiseConvert B Toolbar
1651. "C:\Program Files\WiseConvert_B\uninstall.exe" toolbar 2> nul
1652. "C:\Program Files (x86)\WiseConvert_B\uninstall.exe" toolbar 2> nul
1653.  
1654. REM Wise Convert B2 Toolbat for IE
1655. "C:\ProgramData\Conduit\IE\CT3297951\UninstallerUI.exe" -ctid=CT3297951 -toolbarName=WiseConvert B2 -toolbarEnv=conduit -type=IE 2> nul
1656.  
1657. REM WiseConvert Toolbar
1658. "C:\Program Files\WiseConvert\uninstall.exe"  2> nul
1659. "C:\Program Files (x86)\WiseConvert\uninstall.exe" 2> nul
1660.  
1661. REM xVidly4 Toolbar
1662. "C:\Program Files (x86)\xvidly4\uninstall.exe" toolbar 2> nul
1663. "C:\Program Files\xvidly4\uninstall.exe" toolbar 2> nul
1664.  
1665. REM YTD Toolbar V7.2
1666. msiexec.exe /x{4bbd417f-13b6-4477-b7c2-ae705864058d} /qn 2> nul
1667.  
1668. REM YTD Toolbar V7.5
1669. msiexec.exe /x{5af054b4-ee0f-4492-90b2-d82ea28e0711} /qn 2> nul
1670.  
1671. REM Zynga Toolbar
1672. "C:\Program Files (x86)\Zynga\uninstall.exe" 2> nul
1673. "C:\Program Files\Zynga\uninstall.exe" 2> nul
1674.  
1675. REM Web Accessibility Toolbar 2011
1676. "C:\Program Files\WAT_EN\unins000.exe" /silent 2> nul
1677. "C:\Program Files (x86)\WAT_EN\unins000.exe" /silent 2> nul
1678.  
1679. REM Web Accessibility Toolbar
1680. "C:\Program Files\Accessibility_Toolbar\unins000.exe" /silent 2> nul
1681. "C:\Program Files (x86)\Accessibility_Toolbar\unins000.exe" /silent 2> nul
1682.  
1683. REM Web Accessibility Toolbar 2013
1684. "C:\Program Files (x86)\Accessibility_Toolbar\unins000.exe" /silent 2> nul
1685. "C:\Program Files\Accessibility_Toolbar\unins000.exe" /silent 2> nul
1686.  
1687. REM Windows iLivid Toolbar
1688. "C:\Program Files\Windows iLivid Toolbar\uninstall.exe" 2> nul
1689. "C:\Program Files (x86)\Windows iLivid Toolbar\uninstall.exe" 2> nul
1690.  
1691. REM Movies Toolbar
1692. "C:\PROGRA~2\MOVIES~1\Datamngr\SRTOOL~1\GC\uninstall.exe" /UN=CR /PID=^AG6 2> nul
1693. "C:\PROGRA~1\MOVIES~1\Datamngr\SRTOOL~1\FF\uninstall.exe" /UN=FF /PID=LVD2-DTX 2> nul
1694. "C:\PROGRA~1\MOVIES~1\Datamngr\SRTOOL~1\IE\uninstall.exe" /UN=IE /PID=LVD2-DTX 2> nul
1695.  
1696. REM Babylon Toolbar (IE)
1697. "C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\uninstall.exe" 2> nul
1698. "C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\uninstall.exe" 2> nul
1699.  
1700. REM Babylon Toolbar
1701. msiexec.exe /x{e55e7026-ef2a-4a17-aaa7-db98ea3fd1b1} /qn 2> nul
1702.  
1703. "C:\Program Files\BabylonToolbar\BabylonToolbar\1.8.4.9\GUninstaller.exe" -uprtc -key "BabylonToolbar" 2> nul
1704. "C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.8.4.9\GUninstaller.exe" -uprtc -key "BabylonToolbar" 2> nul
1705.  
1706. REM Delta Toolbar
1707. "C:\Program Files\Delta\delta\1.8.21.5\GUninstaller.exe" -uprtc -ask -rmbus 'delta' -key "delta" 2> nul
1708. "C:\Program Files\Delta\delta\1.8.24.6\GUninstaller.exe" -uprtc -ask -rmbus "Delta toolbar" -nontfy -bname=dlt -key "delta" 2> nul
1709. "C:\Program Files (x86)\Delta\delta\1.8.21.5\GUninstaller.exe" -uprtc -ask -rmbus 'delta' -key "delta" 2> nul
1710. "C:\Program Files (x86)\Delta\delta\1.8.24.6\GUninstaller.exe" -uprtc -ask -rmbus "Delta toolbar" -nontfy -bname=dlt -key "delta" 2> nul
1711.  
1712. REM POKKI (Desktop Apps and Game Installer)
1713. "C:\Windows\system32\config\systemprofile\AppData\Local\Pokki\Uninstall.exe" 2> nul
1714.  
1715. REM FLV Runner Toolbar
1716. "C:\Program Files\FLV_Runner\uninstall.exe" toolbar 2> nul
1717. "C:\Program Files (x86)\FLV_Runner\uninstall.exe" toolbar 2> nul
1718.  
1719. REM Productivity 3.1 B2 Toolbar
1720. "C:\ProgramData\Conduit\IE\CT3297930\UninstallerUI.exe" -ctid=CT3297930 -toolbarName=Productivity 3.1 B2 -toolbarEnv=conduit -type=IE -origin=AddRemove -userMode=2 2> nul
1721.  
1722. REM Nation Toolbar
1723. "C:\Program Files\Nation Toolbar\tbunss2A93.tmp\uninstaller.exe" 2> nul
1724. "C:\Program Files (x86)\Nation Toolbar\tbunss2A93.tmp\uninstaller.exe" 2> nul
1725.  
1726. REM MyToolbar
1727. "C:\Program Files\My Toolbar\ATBPToolbar.1.0.Uninstall.exe" 2> nul
1728. "C:\Program Files (x86)\My Toolbar\ATBPToolbar.1.0.Uninstall.exe" 2> nul
1729.  
1730. REM Connect DLC Toolbar for IE
1731. "C:\ProgramData\Conduit\IE\CT3306061\UninstallerUI.exe" -ctid=CT3306061 -toolbarName=Connect DLC 5 -toolbarEnv=conduit -type=IE -origin=AddRemove -userMode=2 2> nul
1732.  
1733. REM BrowserPlus2 Toolbar
1734. "C:\ProgramData\Conduit\IE\CT3309350\UninstallerUI.exe" -ctid=CT3309350 -toolbarName=BrowserPlus2 -toolbarEnv=conduit -type=IE 2> nul
1735.  
1736. REM removing Coupon
1737. "C:\Program Files\Coupons\uninstall.exe" "/U:C:\Program Files\Coupons\Uninstall\uninstall.xml" 2> nul
1738. "C:\Program Files (x86)\Coupons\uninstall.exe" "/U:C:\Program Files (x86)\Coupons\Uninstall\uninstall.xml" /S 2> nul
1739. "C:\Program Files (x86)\Coupon Printer\uninstall.exe" "/U:C:\Program Files (x86)\Coupon Printer\Uninstall\uninstall.xml" 2> nul
1740. "C:\Program Files\Coupon Printer\uninstall.exe" "/U:C:\Program Files\Coupon Printer\Uninstall\uninstall.xml" 2> nul
1741. IF EXIST "C:\WINDOWS\CouponsBar.dll" regsvr32 /u /s "C:\WINDOWS\CouponsBar.dll" 2> nul
1742. IF EXIST "C:\WINDOWS\CouponsBar.dll" DEL "C:\WINDOWS\CouponsBar.dll" 2> nul
1743. IF EXIST "C:\Windows\cpbrkpie.ocx" DEL "C:\Windows\cpbrkpie.ocx" 2> nul
1744. echo.
1745. ping 127.0.0.1 >nul
1746. GOTO HOME
1747.  
1748.  
1749.  
1750.  
1751.  
1752.  
1753.  
1754.  
1755.  
1756.  
1757.  
1758.  
1759.  
1760.  
1761.  
1762.  
1763.  
1764.  
1765.  
1766.  
1767.  
1768.  
1769.  
1770.  
1771.  
1772.  
1773.  
1774.  
1775. :KILL
1776. IF %KFLAG%==1 ECHO ---Cleaning up stragglers
1777. IF %KFLAG%==1 ECHO.
1778. IF %KFLAG%==2 cls
1779. IF %KFLAG%==2 ECHO ---Killing known bloatware processes. Please wait...
1780. IF %KFLAG%==1 ECHO.
1781. echo.
1782.  
1783. REM =============BLOATWARE==============
1784.  
1785. REM -----------Found 9/18/2015-----------
1786.  
1787. REM Acer launch service (ALaunch)
1788. taskkill /im ALaunch.exe /t /f 2> nul
1789. taskkill /im ALaunchSvc.exe /t /f 2> nul
1790. taskkill /im RemoveALaunch.exe /t /f 2> nul
1791.  
1792. REM Acer Empowering Technology - eSettings - Service
1793. taskkill /im capuserv.exe /t /f 2> nul
1794.  
1795. REM Acer Empowering Technology - eDataSecurity
1796. taskkill /im decryption.exe /t /f 2> nul
1797. taskkill /im eDS_CCPSD.exe /t /f 2> nul
1798. taskkill /im eDScsp.exe /t /f 2> nul
1799. taskkill /im eDSfsu.exe /t /f 2> nul
1800. taskkill /im eDSloader.exe /t /f 2> nul
1801. taskkill /im eDSnstHelper.exe /t /f 2> nul
1802. taskkill /im eDSft.exe /t /f 2> nul
1803. taskkill /im eDSService.exe /t /f 2> nul
1804. taskkill /im eDStbmngr.exe /t /f 2> nul
1805. taskkill /im encryption.exe /t /f 2> nul
1806.  
1807. REM Acer Empowering Technology - eLock - Service
1808. taskkill /im eLockServ.exe /t /f 2> nul
1809. taskkill /im eLock.Serv.Service.exe /t /f 2> nul
1810. taskkill /im NotificationTip.exe /t /f 2> nul
1811.  
1812. REM Acer Empowering Technology - eNet
1813. taskkill /im CompileMOF.exe /t /f 2> nul
1814. taskkill /im "eNet Service.exe" /t /f 2> nul
1815. taskkill /im eNMTray.exe /t /f 2> nul
1816. taskkill /im WriteAcerAdapterKey.exe /t /f 2> nul
1817.  
1818. REM Acer Empowering Technology - eRecovery
1819. taskkill /im BurnMachine.exe /t /f 2> nul
1820. taskkill /im CheckD2DSystem.exe /t /f 2> nul
1821. taskkill /im eRAgent.exe /t /f 2> nul
1822. taskkill /im eRecovery.exe /t /f 2> nul
1823. taskkill /im eRecoveryForm.exe /t /f 2> nul
1824. taskkill /im eRecoveryService.exe /t /f 2> nul
1825. taskkill /im FullAccess.exe /t /f 2> nul
1826. taskkill /im imagex.exe /t /f 2> nul
1827. taskkill /im MBRwrWin.exe /t /f 2> nul
1828. taskkill /im OSCDIMG.EXE /t /f 2> nul
1829. taskkill /im PopupMsgBackup.exe /t /f 2> nul
1830. taskkill /im PopupMsgUpdat.exe /t /f 2> nul
1831. taskkill /im SetFDFolder.exe /t /f 2> nul
1832. taskkill /im ShowVerifyProgress.exe /t /f 2> nul
1833. taskkill /im SWCDExtract.exe /t /f 2> nul
1834.  
1835. REM Rand McNally - RNDDock
1836. taskkill /im RNDDock.exe /t /f 2> nul
1837. taskkill /im RNDDockLauncher.exe /t /f 2> nul
1838. taskkill /im RNDSetLanguage.exe /t /f 2> nul
1839. taskkill /im RM_Caliration.exe /t /f 2> nul
1840. taskkill /im RMLayer.exe /t /f 2> nul
1841. taskkill /im NAVI.EXE /t /f 2> nul
1842. taskkill /im NAVIAPP.EXE /t /f 2> nul
1843. taskkill /im OSVer.exe /t /f 2> nul
1844. taskkill /im RESTART.EXE /t /f 2> nul
1845. taskkill /im VideoPlayer.exe /t /f 2> nul
1846. taskkill /im Hermes.exe /t /f 2> nul
1847. taskkill /im Hermes3.exe /t /f 2> nul
1848. taskkill /im Hermes2.exe /t /f 2> nul
1849. taskkill /im pango-querymodules.exe /t /f 2> nul
1850. taskkill /im gspawn-win32-helper.exe /t /f 2> nul
1851. taskkill /im gspawn-win32-helper-console.exe /t /f 2> nul
1852. taskkill /im gtk-query-immodules-2.0.exe /t /f 2> nul
1853. taskkill /im gdk-pixbuf-query-loaders.exe /t /f 2> nul
1854.  
1855. REM -----------Found 8/13/2015-----------
1856. REM HP
1857. taskkill /im HP_Remote_Solution.exe /t /f 2> nul
1858. taskkill /im HPAdvisor.exe /t /f 2> nul
1859. taskkill /im HPBtnSrv.exe /t /f 2> nul
1860. taskkill /im hppusg.exe /t /f 2> nul
1861. taskkill /im HPSA_Service.exe /t /f 2> nul
1862. taskkill /im HPSIsvc.exe /t /f 2> nul
1863.  
1864. REM HP Smart Media
1865. taskkill /im StartMenu.exe /t /f 2> nul
1866.  
1867. REM Microsoft Office Wrapper
1868. taskkill /im OSA.exe /t /f 2> nul
1869.  
1870. REM Gadwin PrintScreen
1871. taskkill /im PrintScreen.exe /t /f 2> nul
1872.  
1873. REM HP LaserJet Fax Receive Utility
1874. taskkill /im ReceiveFaxUtility.exe /t /f 2> nul
1875.  
1876. REM UPS Monitor
1877. taskkill /im UPSMON.exe /t /f 2> nul
1878. taskkill /im UPSMON_Service.exe /t /f 2> nul
1879.  
1880. REM TheWeatherNetwork
1881. taskkill /im weathereye.exe /t /f 2> nul
1882.  
1883. REM Dropbox
1884. taskkill /im Dropbox.exe /t /f 2> nul
1885.  
1886. REM -----------Found 8/6/2015-----------
1887.  
1888. REM Toshiba FlashCards
1889. taskkill /im DisplayConf.exe /t /f 2> nul
1890. taskkill /im TCrdMain.exe /t /f 2> nul
1891. taskkill /im TfcConf.exe /t /f 2> nul
1892. taskkill /im TosTogKeyMon.exe /t /f 2> nul
1893.  
1894. REM Toshiba Service Station
1895. taskkill /im TMachInfo.exe /t /f 2> nul
1896. taskkill /im ToshibaServiceStation.exe /t /f 2> nul
1897. taskkill /im TssCleanup.exe /t /f 2> nul
1898.  
1899. REM Toshiba Power Saver
1900. taskkill /im TosCoSrv.exe /t /f 2> nul
1901. taskkill /im TPSLaunch.exe /t /f 2> nul
1902. taskkill /im TPwrMain.exe /t /f 2> nul
1903.  
1904. REM Toshiba BulletinBoard
1905. taskkill /im TosBBSplashScreen.exe /t /f 2> nul
1906. taskkill /im TosBulletinBoard.exe /t /f 2> nul
1907. taskkill /im TosNcCore.exe /t /f 2> nul
1908. taskkill /im UrlClipProc.exe /t /f 2> nul
1909.  
1910. REM Toshiba ReelTime
1911. taskkill /im TosEditFlags.exe /t /f 2> nul
1912. taskkill /im TosReelTime.exe /t /f 2> nul
1913. taskkill /im TosReelTimeMonitor.exe /t /f 2> nul
1914. taskkill /im TosRegisterEdit.exe /t /f 2> nul
1915. taskkill /im TosRTSplashScreen.exe /t /f 2> nul
1916.  
1917. REM Toshiba HDD SSD Alert
1918. taskkill /im OpenMUIHelp.exe /t /f 2> nul
1919. taskkill /im TosCPCBackup.exe /t /f 2> nul
1920. taskkill /im TosSENotify.exe /t /f 2> nul
1921. taskkill /im TosSmartSrv.exe /t /f 2> nul
1922. taskkill /im TosSSDAlert.exe /t /f 2> nul
1923. taskkill /im TosWaitSrv.exe /t /f 2> nul
1924.  
1925. REM Toshiba ConfigFree
1926. taskkill /im AddGadget.exe /t /f 2> nul
1927. taskkill /im cfAddGadgets.exe /t /f 2> nul
1928. taskkill /im CFIWmxSvcs64.exe /t /f 2> nul
1929. taskkill /im cfmain.exe /t /f 2> nul
1930. taskkill /im CFProcSRVC.exe /t /f 2> nul
1931. taskkill /im CFProfile.exe /t /f 2> nul
1932. taskkill /im CFSvcs.exe /t /f 2> nul
1933. taskkill /im CFSwHost.exe /t /f 2> nul
1934. taskkill /im CFSwHostU.exe /t /f 2> nul
1935. taskkill /im CFSwMgr.exe /t /f 2> nul
1936. taskkill /im sftsksch.exe /t /f 2> nul
1937. taskkill /im CFWAN.exe /t /f 2> nul
1938. taskkill /im NDSTray.exe /t /f 2> nul
1939. taskkill /im RunRegSvr32.exe /t /f 2> nul
1940. taskkill /im RunSidebar.exe /t /f 2> nul
1941. taskkill /im tosOpenProp.exe /t /f 2> nul
1942.  
1943. REM -----------Found 7/21/2015-----------
1944. REM ~Qualcomm Atheros Bluetooth~
1945. taskkill /im ActivateDesktop.exe /t /f 2> nul
1946.  
1947. REM ~Acer Bloatware~
1948. taskkill /im AcerPortal.exe /t /f 2> nul
1949.  
1950. REM ~Acer User Experience Improvement Program~
1951. taskkill /im MSG.exe /t /f 2> nul
1952. taskkill /im Setting.exe /t /f 2> nul
1953. taskkill /im TriggerFramework.exe /t /f 2> nul
1954. taskkill /im UBTService.exe /t /f 2> nul
1955.  
1956. REM ~Nero~
1957. taskkill /im NASvc.exe /t /f 2> nul
1958. taskkill /im NANotify.exe /t /f 2> nul
1959.  
1960. REM -----------Found 7/9/2015-----------
1961.  
1962. REM Cannon Printer Software~
1963. taskkill /im CNQMACNF.exe /t /f 2> nul
1964. taskkill /im CNQMINST.exe /t /f 2> nul
1965. taskkill /im CNQMLNCR.exe /t /f 2> nul
1966. taskkill /im CNQMSWCS.exe /t /f 2> nul
1967. taskkill /im CNQMULNC.exe /t /f 2> nul
1968. taskkill /im CNQMUPDT.exe /t /f 2> nul
1969. taskkill /im CNSEMAIN.exe /t /f 2> nul
1970.  
1971. REM -----------Found 7/2/2015-----------
1972.  
1973. REM HTC CellPhone~
1974. taskkill /im adb.exe /t /f 2> nul
1975. taskkill /im adb_cos.exe /t /f 2> nul
1976. taskkill /im NOutlookAccessX64.exe /t /f 2> nul
1977. taskkill /im NOutlookAccess.exe /t /f 2> nul
1978. taskkill /im fastboot.exe /t /f 2> nul
1979. taskkill /im HTCSyncManager.exe /t /f 2> nul
1980. taskkill /im HTCSyncManagerUpdate.exe /t /f 2> nul
1981. taskkill /im HSMConsole.exe /t /f 2> nul
1982. taskkill /im 7za.exe /t /f 2> nul
1983. taskkill /im CrashSender.exe /t /f 2> nul
1984. taskkill /im 7zr.exe /t /f 2> nul
1985. taskkill /im NMDllHost.exe /t /f 2> nul
1986. taskkill /im HSMServiceEntry.exe /t /f 2> nul
1987. taskkill /im PassThruSvr.exe /t /f 2> nul
1988. taskkill /im htcnat.exe /t /f 2> nul
1989.  
1990. REM Andrea Filters APO access service~
1991. taskkill /im AESTSr.exe /t /f 2> nul
1992. taskkill /im AESTSr64.exe /t /f 2> nul
1993.  
1994. REM ccleaner~
1995. taskkill /im CCleaner.exe /t /f 2> nul
1996. taskkill /im CCleaner64.exe /t /f 2> nul
1997.  
1998. REM Windows Metadata Export service~
1999. taskkill /im DVMExportService.exe /t /f 2> nul
2000.  
2001. REM Geek Buddy Remote Screen service~
2002. REM Part of team COMODO, legit but annoying~
2003. taskkill /im GeekBuddyRSP.exe /t /f 2> nul
2004.  
2005. REM Windows 10 Upgrade~
2006. taskkill /im GWX.exe /t /f 2> nul
2007. taskkill /im GWXConfigManager.exe /t /f 2> nul
2008. taskkill /im GWXUX.exe /t /f 2> nul
2009. taskkill /im GWXUXWorker.exe /t /f 2> nul
2010.  
2011. REM HP~
2012. taskkill /im CaslVer.exe /t /f 2> nul
2013. taskkill /im hpCaslNotification.exe /t /f 2> nul
2014. taskkill /im HPdvrMntSvc.exe /t /f 2> nul
2015. taskkill /im hpgac.exe /t /f 2> nul
2016. taskkill /im HpqToaster.exe /t /f 2> nul
2017. taskkill /im hpqWmiEx.exe /t /f 2> nul
2018. taskkill /im MCOEMInfo.exe /t /f 2> nul
2019. taskkill /im MCOEMInfo64.exe /t /f 2> nul
2020. taskkill /im Wireless.exe /t /f 2> nul
2021. taskkill /im WizLink.exe /t /f 2> nul
2022.  
2023. REM HP Wireless Assistant~
2024. taskkill /im DelayedAppStarter.exe /t /f 2> nul
2025. taskkill /im HPWA_Main.exe /t /f 2> nul
2026. taskkill /im HPWA_MobilityCenterTile.exe /t /f 2> nul
2027. taskkill /im HPWA_MobilityCenterTileLink.exe /t /f 2> nul
2028. taskkill /im HPWA_Service.exe /t /f 2> nul
2029. taskkill /im UninstallHelper.exe /t /f 2> nul
2030. taskkill /im WAMobCtr.exe /t /f 2> nul
2031. taskkill /im wireless.exe /t /f 2> nul
2032.  
2033. REM HP Quick Launch~
2034. taskkill /im Beats.exe /t /f 2> nul
2035. taskkill /im cnbSysInfo.exe /t /f 2> nul
2036. taskkill /im HPMSGSVC.exe /t /f 2> nul
2037. taskkill /im HPSCRCTL.exe /t /f 2> nul
2038. taskkill /im hpSmartAdapterHelp.exe /t /f 2> nul
2039. taskkill /im HPUSRMSG.exe /t /f 2> nul
2040. taskkill /im HPWMISVC.exe /t /f 2> nul
2041.  
2042. REM LightScribe~
2043. taskkill /im LightScribeControlPanel.exe /t /f 2> nul
2044. taskkill /im LSLauncher.exe /t /f 2> nul
2045. taskkill /im LSPrintDialog.exe /t /f 2> nul
2046. taskkill /im LSPrintingDialog.exe /t /f 2> nul
2047. taskkill /im LSRunOnce.exe /t /f 2> nul
2048. taskkill /im LSSrvc.exe /t /f 2> nul
2049.  
2050. REM Windows Live Updater Service~
2051. taskkill /im WLIDSVC.exe /t /f 2> nul
2052. taskkill /im WLIDSVCM.exe /t /f 2> nul
2053.  
2054. REM ------------Found in earlier versions-------------
2055.  
2056. REM Any remaining VBScripts running in the background.
2057. taskkill /im wscript.exe /t /f 2> nul
2058.  
2059. REM AVG Web Tuneup
2060. taskkill /im BundleInstall.exe /t /f 2> nul
2061. taskkill /im lip.exe /t /f 2> nul
2062. taskkill /im Uninstall.exe /t /f 2> nul
2063. taskkill /im vprot.exe /t /f 2> nul
2064. taskkill /im WtuSystemSupport.exe /t /f 2> nul
2065.  
2066. REM Apple Mobile Device Support
2067. taskkill /im AppleMobileBackup.exe /t /f 2> nul
2068. taskkill /im AppleMobileDeviceHelper.exe /t /f 2> nul
2069. taskkill /im AppleMobileDeviceService.exe /t /f 2> nul
2070. taskkill /im AppleMobileSync.exe /t /f 2> nul
2071. taskkill /im AppleSyncMapiInterfaceHelper_x64.exe /t /f 2> nul
2072. taskkill /im ATH.exe /t /f 2> nul
2073. taskkill /im com.apple.IE.client.exe /t /f 2> nul
2074. taskkill /im com.apple.WindowsContacts.client.exe /t /f 2> nul
2075. taskkill /im com.apple.WindowsMail.client.exe /t /f 2> nul
2076. taskkill /im MDCrashReportTool.exe /t /f 2> nul
2077. taskkill /im Mingler.exe /t /f 2> nul
2078. taskkill /im SyncDiagnostics.exe /t /f 2> nul
2079. taskkill /im syncli.exe /t /f 2> nul
2080. taskkill /im SyncPlanObserver.exe /t /f 2> nul
2081. taskkill /im SyncServer.exe /t /f 2> nul
2082. taskkill /im SyncUIHandler.exe /t /f 2> nul
2083. taskkill /im upgradedb.exe /t /f 2> nul
2084.  
2085. REM Microsoft Bing Bar
2086. taskkill /im BBSvc.EXE /t /f 2> nul
2087. taskkill /im BingApp.exe /t /f 2> nul
2088. taskkill /im BingBar.exe /t /f 2> nul
2089. taskkill /im bingsurrogate.exe /t /f 2> nul
2090. taskkill /im DefaultPack.exe /t /f 2> nul
2091. taskkill /im SeaPort.exe /t /f 2> nul
2092.  
2093. REM Kodak EasyShare Software
2094. taskkill /im EasyShare.exe /t /f 2> nul
2095. taskkill /im ptswia.exe /t /f 2> nul
2096.  
2097. REM HP Software
2098. taskkill /im DeviceSetup.exe /t /f 2> nul
2099. taskkill /im DeviceSetupLauncher.exe /t /f 2> nul
2100. taskkill /im HPCustPartic.exe /t /f 2> nul
2101. taskkill /im HPCustParticUI.exe /t /f 2> nul
2102. taskkill /im HPDeviceUpdateHost.exe /t /f 2> nul
2103. taskkill /im HPGoogleChromeLauncher.exe /t /f 2> nul
2104. taskkill /im HPNetworkCommunicatorCom.exe /t /f 2> nul
2105. taskkill /im HPPSDrDownloader.exe /t /f 2> nul
2106. taskkill /im hpqDTSS.exe /t /f 2> nul
2107. taskkill /im HPRewards.exe /t /f 2> nul
2108. taskkill /im HPSmartDeals.exe /t /f 2> nul
2109. taskkill /im InstanceFinderDlg.exe /t /f 2> nul
2110. taskkill /im ScanToPCActivationApp.exe /t /f 2> nul
2111. taskkill /im Toolbox.exe /t /f 2> nul
2112. taskkill /im "HP Envy 4500 series.exe" /t /f 2> nul
2113.  
2114. REM HP Software Update
2115. taskkill /im hpwucli.exe /t /f 2> nul
2116. taskkill /im hpwuschd2.exe /t /f 2> nul
2117.  
2118. REM OtShot
2119. taskkill /im otshot.exe /t /f 2> nul
2120.  
2121. REM Microsoft Speech Recognition Software
2122. taskkill /im sapisvr.exe /t /f 2> nul
2123.  
2124. REM Skype
2125. taskkill /im skype.exe /t /f 2> nul
2126.  
2127. REM ePower Software
2128. taskkill /im ePowerEvent.exe /t /f 2> nul
2129. taskkill /im ePowerSvc.exe /t /f 2> nul
2130. taskkill /im ePowerTray.exe /t /f 2> nul
2131.  
2132. REM Apple Application Support
2133. taskkill /im APSDaemon.exe /t /f 2> nul
2134. taskkill /im defaults.exe /t /f 2> nul
2135. taskkill /im distnoted.exe /t /f 2> nul
2136. taskkill /im plutil.exe /t /f 2> nul
2137. taskkill /im WebKit2WebProcess.exe /t /f 2> nul
2138.  
2139. REM Apple Internet Services
2140. taskkill /im AppleOutlookDAVConfig.exe /t /f 2> nul
2141. taskkill /im ApplePhotoStreams.exe /t /f 2> nul
2142. taskkill /im ApplePhotoStreamsDownloader.exe /t /f 2> nul
2143. taskkill /im BookmarkDAV_client.exe /t /f 2> nul
2144. taskkill /im iCloud.exe /t /f 2> nul
2145. taskkill /im iCloudServices.exe /t /f 2> nul
2146. taskkill /im MobileDocuments.exe /t /f 2> nul
2147. taskkill /im ubd.exe /t /f 2> nul
2148.  
2149. REM Acer Updater
2150. taskkill /im ALU.exe /t /f 2> nul
2151. taskkill /im ALU_Notify.exe /t /f 2> nul
2152. taskkill /im UpdaterService.exe /t /f 2> nul
2153.  
2154. REM Acer Backup Manager
2155. taskkill /im BackupManager.exe /t /f 2> nul
2156. taskkill /im BackupManagerTray.exe /t /f 2> nul
2157. taskkill /im IScheduleSvc.exe /t /f 2> nul
2158. taskkill /im StartServices.exe /t /f 2> nul
2159.  
2160. REM Rogers Connection Manager (Cell stick)
2161. REM This will kill an active internet connection if being used.
2162. taskkill /im AutoDect.exe /t /f 2> nul
2163. taskkill /im CMUpdater.exe /t /f 2> nul
2164. taskkill /im ejectdisk.exe /t /f 2> nul
2165. taskkill /im KillProcess2.exe /t /f 2> nul
2166. taskkill /im TUpdateConfig.exe /t /f 2> nul
2167. taskkill /im UIMain.exe /t /f 2> nul
2168. taskkill /im UpdateVersion.exe /t /f 2> nul
2169. taskkill /im USBDriverInstaller_x64.exe /t /f 2> nul
2170. taskkill /im USBDriverInstaller_x86.exe /t /f 2> nul
2171.  
2172. REM AGR/LSI Soft Modem
2173. taskkill /im agr64svc.exe /t /f 2> nul
2174.  
2175. REM Acer Arcade Deluxe
2176. taskkill /im AcradeDeluxeAgent.exe /t /f 2> nul
2177. taskkill /im CLDrvChk.exe /t /f 2> nul
2178. taskkill /im CLSM.exe /t /f 2> nul
2179. taskkill /im discautorun.exe /t /f 2> nul
2180. taskkill /im PlayMovie.exe /t /f 2> nul
2181. taskkill /im PMVService.exe /t /f 2> nul
2182. taskkill /im HomeMedia.exe /t /f 2> nul
2183. taskkill /im Launch_Movie.exe /t /f 2> nul
2184. taskkill /im Launch_SDMA.exe /t /f 2> nul
2185. taskkill /im RmDL.exe /t /f 2> nul
2186. taskkill /im TaskScheduler.exe /t /f 2> nul
2187. taskkill /im Update.exe /t /f 2> nul
2188.  
2189. REM GoogleUpdate
2190. Taskkill /im GoogleUpdate.exe /t /f 2> nul
2191.  
2192. REM Microsoft Office One Note
2193. taskkill /im ONENOTEM.exe /t /f 2> nul
2194.  
2195. REM Razer Synapse
2196. taskkill /im RzSynapse.exe /t /f 2> nul
2197.  
2198. REM Spotify
2199. taskkill /im SpotifyWebHelper.exe /t /f 2> nul
2200.  
2201. REM Steam
2202. taskkill /im Steam.exe /t /f 2> nul
2203. taskkill /im steamwebhelper.exe /t /f 2> nul
2204.  
2205. REM Acer Bloatware
2206. taskkill /im abDocsDllLoader.exe /t /f 2> nul
2207. taskkill /im abDocsDllLoaderMonitor.exe /t /f 2> nul
2208. taskkill /im BackgroundAgent.exe /t /f 2> nul
2209.  
2210. REM Acer Portal Bloatware
2211. taskkill /im AcerCloudTaskScheduler.exe /t /f 2> nul
2212. taskkill /im AcerPortalSetup.exe /t /f 2> nul
2213. taskkill /im acerVirtualDriveSetup.exe /t /f 2> nul
2214. taskkill /im acpanel_win.exe /t /f 2> nul
2215. taskkill /im actool_win.exe /t /f 2> nul
2216. taskkill /im ccd.exe /t /f 2> nul
2217. taskkill /im CCDMonitorService.exe /t /f 2> nul
2218. taskkill /im ClearfiPreferencePage.exe /t /f 2> nul
2219. taskkill /im cloudMediaAgent.exe /t /f 2> nul
2220. taskkill /im EnableWakeUpOption.exe /t /f 2> nul
2221. taskkill /im LauncherAsUser.exe /t /f 2> nul
2222. taskkill /im medialistdumper.exe /t /f 2> nul
2223.  
2224. REM ePower Bloatware
2225. taskkill /im ePowerEvent.exe /t /f 2> nul
2226. taskkill /im ePowerSvc.exe /t /f 2> nul
2227. taskkill /im ePowerTray.exe /t /f 2> nul
2228. taskkill /im ePowerWinMonitor.exe /t /f 2> nul
2229.  
2230. REM Acer Quick Access Bloatware
2231. taskkill /im QAEvent.exe /t /f 2> nul
2232. taskkill /im QAMsg.exe /t /f 2> nul
2233. taskkill /im QASvc.exe /t /f 2> nul
2234. taskkill /im QuickAccess.exe /t /f 2> nul
2235. taskkill /im RMSvc.exe /t /f 2> nul
2236.  
2237. REM Cyberlink Bloatware
2238. taskkill /im EffectExtractr.exe /t /f 2> nul
2239. taskkill /im RichVideo.exe /t /f 2> nul
2240. taskkill /im richvideoinstall.exe /t /f 2> nul
2241. taskkill /im richvideouninstall.exe /t /f 2> nul
2242.  
2243. REM Pokki start Menu Bloatware
2244. REM Uninstaller: C:\Users\mlissa\AppData\Local\Pokki\Uninstall.exe
2245. taskkill /im HostAppService.exe /t /f 2> nul
2246. taskkill /im StartMenuIndexer.exe /t /f 2> nul
2247. taskkill /im wow_helper.exe /t /f 2> nul
2248.  
2249. REM Android Software
2250. taskkill /im PCCompanion.exe /t /f 2> nul
2251. taskkill /im MyPhoneExplorer.exe /t /f 2> nul
2252.  
2253. REM Blackberry Software
2254. taskkill /im BbDevMgr.exe /t /f 2> nul
2255. taskkill /im BlackBerryLauncher.exe /t /f 2> nul
2256. taskkill /im Rim.Desktop.AutoUpdate.exe /t /f 2> nul
2257. taskkill /im Rim.Desktop.exe /t /f 2> nul
2258. taskkill /im Rim.DesktopHelper.exe /t /f 2> nul
2259. taskkill /im RIMBBLaunchAgent.exe /t /f 2> nul
2260. taskkill /im RIMDEV~1.exe /t /f 2> nul
2261.  
2262. REM iPod services
2263. taskkill /im iTunes.exe /t /f 2> nul
2264. taskkill /im iTunesHelper.exe /t /f 2> nul
2265. taskkill /im iPodService.exe /t /f 2> nul
2266. taskkill /im AppleMobileDeviceService.exe /t /f 2> nul
2267.  
2268. REM Adobe Acrobat Update Service
2269. taskkill /im armsvc.exe /t /f 2> nul
2270.  
2271.  
2272.  
2273.  
2274.  
2275.  
2276.  
2277.  
2278.  
2279.  
2280.  
2281.  
2282.  
2283. REM ==============MALWARE=============
2284. IF %KFLAG%==2 ECHO ---Killing known malware processes. Please wait...
2285. IF %KFLAG%==2 ECHO.
2286.  
2287. REM -----------Found 9/15/2015-----------
2288. taskkill /im lwsvc.exe /t /f 2> nul
2289.  
2290. REM vGrabber software
2291. taskkill /im VideoDownloader.exe /t /f 2> nul
2292.  
2293. REM Web Companion
2294. taskkill /im Lavasoft.SearchProtect.WinService.exe /t /f 2> nul
2295. taskkill /im WebCompanion.exe /t /f 2> nul
2296. taskkill /im AASearchCompanion.exe /t /f 2> nul
2297. taskkill /im "Ad-Aware Web Companion.exe" /t /f 2> nul
2298. taskkill /im WebCompanionInstaller.exe /t /f 2> nul
2299.  
2300. REM Web Companion TCP Service
2301. taskkill /im LavasoftTcpService.exe /t /f 2> nul
2302. taskkill /im LavasoftLSPInstaller.exe /t /f 2> nul
2303. taskkill /im LavasoftLSPInstaller64.exe /t /f 2> nul
2304.  
2305. REM Could be anything at this point... We warned you to close all programs and save your work...
2306. taskkill /im Setup.exe /t /f 2> nul
2307.  
2308. REM TweakBit PCSpeedUp
2309. REM C:\Program Files\TweakBit\PCSpeedUp
2310. taskkill /im Downloader.exe /t /f 2> nul
2311. taskkill /im GASender.exe /t /f 2> nul
2312. taskkill /im SendDebugLog.exe /t /f 2> nul
2313. taskkill /im unins000.exe /t /f 2> nul
2314. taskkill /im PCSpeedUp.exe /t /f 2> nul
2315.  
2316. REM Revo App
2317. REM C:\Program Files\VS Revo Group
2318. REM C:\Program Files\VS Revo Group\Revo Uninstaller Pro
2319. taskkill /im RevoAppBar.exe /t /f 2> nul
2320. taskkill /im RevoCmd.exe /t /f 2> nul
2321. taskkill /im RevoUninPro.exe /t /f 2> nul
2322. taskkill /im ruplp.exe /t /f 2> nul
2323. taskkill /im unins000.exe /t /f 2> nul
2324.  
2325.  
2326. REM -----------Found 8/6/2015-----------
2327.  
2328. REM TelevisionFanatic
2329. taskkill /im 64barsvc.exe /t /f 2> nul
2330. taskkill /im 64brmon.exe /t /f 2> nul
2331. taskkill /im 64brmon64.exe /t /f 2> nul
2332. taskkill /im 64highin.exe /t /f 2> nul
2333. taskkill /im 64medint.exe /t /f 2> nul
2334. taskkill /im 64skplay.exe /t /f 2> nul
2335. taskkill /im 64SrchMn.exe /t /f 2> nul
2336. taskkill /im APPINTEGRATOR.exe /t /f 2> nul
2337. taskkill /im AppIntegrator64.exe /t /f 2> nul
2338. taskkill /im CrExtP64.exe /t /f 2> nul
2339. taskkill /im TPIMANAGERCONSOLE.exe /t /f 2> nul
2340. taskkill /im ASSIST.exe /t /f 2> nul
2341.  
2342. REM Petty Court
2343. taskkill /im "Petty Court.exe" /t /f 2> nul
2344.  
2345. REM Ioartlieme
2346. taskkill /im sreoraoi.exe /t /f 2> nul
2347.  
2348. REM WebSteroids
2349. taskkill /im Websteroids.exe /t /f 2> nul
2350. taskkill /im Websteroids64.exe /t /f 2> nul
2351. taskkill /im WebsteroidsService.exe /t /f 2> nul
2352. taskkill /im WebsteroidsUpdate.exe /t /f 2> nul
2353.  
2354. REM -----------Found 8/5/2015-----------
2355. REM WordShark
2356. taskkill /im wssvc.exe /t /f 2> nul
2357.  
2358. REM Space Sound Pro
2359. taskkill /im SpaceSoundPro.exe /t /f 2> nul
2360. taskkill /im silentconfigurator.exe /t /f 2> nul
2361. taskkill /im silentunconfigurator.exe /t /f 2> nul
2362. taskkill /im Uninstall.exe /t /f 2> nul
2363.  
2364. REM SpaceSondPro - Trojan.MSIL.Dropper
2365. taskkill /im SpaceSondPro_Service.exe /t /f 2> nul
2366. taskkill /im Spacesoundpro.exe /t /f 2> nul
2367. taskkill /im uninstall.exe /t /f 2> nul
2368.  
2369. REM Rapid Media Converter
2370. taskkill /im ffmpeg.exe /t /f 2> nul
2371. taskkill /im RapidMediaConverter.exe /t /f 2> nul
2372. taskkill /im RapidMediaConverterApp.exe /t /f 2> nul
2373. taskkill /im RapidMediaConverterappuninstall.exe /t /f 2> nul
2374. taskkill /im unins000.exe /t /f 2> nul
2375.  
2376. REM System Notifier V30.05
2377. taskkill /im 8a620da3-3138-4f95-a61c-3e490464bccb-10.exe /t /f 2> nul
2378. taskkill /im 8a620da3-3138-4f95-a61c-3e490464bccb-5.exe /t /f 2> nul
2379. taskkill /im utils.exe /t /f 2> nul
2380. taskkill /im UninstallBrw.exe /t /f 2> nul
2381. taskkill /im Uninstall.exe /t /f 2> nul
2382.  
2383.  
2384. REM -----------Found 7/30/2015-----------
2385. REM Found this shit on my own pc. Took a while to kill it. Found a method that works.
2386. REM This desktop.exe thing opens about 2-3 processes on your computer, and will keep 2-3 open at all times incase
2387. REM one of the instances shuts off. Best thing to do is run through this to kill all of them before they have a chance
2388. REM to open another instance and keep it alive. There's also a service running in the background that interacts with
2389. REM these instances, not quite sure what it's doing but it can't be good. It's called FLI20.
2390. taskkill /im desktop.exe /t /f 2> nul
2391. taskkill /im desktop.exe /t /f 2> nul
2392. taskkill /im desktop.exe /t /f 2> nul
2393. taskkill /im desktop.exe /t /f 2> nul
2394. taskkill /im desktop.exe /t /f 2> nul
2395. taskkill /im desktop.exe /t /f 2> nul
2396. taskkill /im desktop.exe /t /f 2> nul
2397. taskkill /im desktop.exe /t /f 2> nul
2398. taskkill /im ITHelper.exe /t /f 2> nul
2399. taskkill /im ITHelper.exe /t /f 2> nul
2400. taskkill /im ITHelper.exe /t /f 2> nul
2401. net stop FLI20 2> nul
2402. taskkill /im desktop.exe /t /f 2> nul
2403. taskkill /im desktop.exe /t /f 2> nul
2404. taskkill /im desktop.exe /t /f 2> nul
2405. taskkill /im desktop.exe /t /f 2> nul
2406. taskkill /im desktop.exe /t /f 2> nul
2407. taskkill /im desktop.exe /t /f 2> nul
2408.  
2409. taskkill /im 23erxzvc.exe /t /f 2> nul
2410. taskkill /im b5h0fd11.exe /t /f 2> nul
2411. taskkill /im rigsnmrr.exe /t /f 2> nul
2412. taskkill /im w0t2xdoh.exe /t /f 2> nul
2413.  
2414.  
2415. REM -----------Found 7/24/2015-----------
2416.  
2417. REM Privoxy
2418. taskkill /im amjob.exe /t /f 2> nul
2419. taskkill /im checkproxy.exe /t /f 2> nul
2420. taskkill /im gmff.exe /t /f 2> nul
2421.  
2422. REM GlobalUpdate
2423. taskkill /im globalupdate.exe /t /f 2> nul
2424. taskkill /im globalupdateBroker.exe /t /f 2> nul
2425. taskkill /im globalupdateCrashHandler.exe /t /f 2> nul
2426. taskkill /im globalupdateOnDemand.exe /t /f 2> nul
2427.  
2428. REM firmware
2429. taskkill /im "firmware installer.exe" /t /f 2> nul
2430.  
2431. REM Misc files
2432. taskkill /im desktop.exe /t /f 2> nul
2433. taskkill /im aLgPg2wPM.exe /t /f 2> nul
2434. taskkill /im KoOOigEwAlw3ZEOy2NOtE1uFnU.exe /t /f 2> nul
2435. taskkill /im pmUeRxMXrc2wXt.exe /t /f 2> nul
2436. taskkill /im check.exe /t /f 2> nul
2437. taskkill /im utils.exe /t /f 2> nul
2438. taskkill /im soc3hen.exe /t /f 2> nul
2439. taskkill /im soc6hen.exe /t /f 2> nul
2440. taskkill /im socahen.exe /t /f 2> nul
2441. taskkill /im socdhen.exe /t /f 2> nul
2442. taskkill /im socwhen.exe /t /f 2> nul
2443.  
2444. REM CinemaPlus-3.2cV23.07
2445. taskkill /im feab5f2b-8f2c-4846-9e79-044fd5cffcab-1-6.exe /t /f 2> nul
2446. taskkill /im feab5f2b-8f2c-4846-9e79-044fd5cffcab-1-7.exe /t /f 2> nul
2447. taskkill /im feab5f2b-8f2c-4846-9e79-044fd5cffcab-3.exe /t /f 2> nul
2448. taskkill /im feab5f2b-8f2c-4846-9e79-044fd5cffcab-4.exe /t /f 2> nul
2449. taskkill /im feab5f2b-8f2c-4846-9e79-044fd5cffcab-5.exe /t /f 2> nul
2450. taskkill /im feab5f2b-8f2c-4846-9e79-044fd5cffcab-6.exe /t /f 2> nul
2451. taskkill /im feab5f2b-8f2c-4846-9e79-044fd5cffcab-7.exe /t /f 2> nul
2452. taskkill /im feab5f2b-8f2c-4846-9e79-044fd5cffcab-10.exe /t /f 2> nul
2453. taskkill /im Uninstall.exe /t /f 2> nul
2454. taskkill /im UninstallBrw.exe /t /f 2> nul
2455.  
2456. REM EpsanDrive
2457. taskkill /im EpsanDrive.exe /t /f 2> nul
2458. taskkill /im SoftConfigTest.exe /t /f 2> nul
2459.  
2460.  
2461.  
2462. REM -----------Found 7/15/2015-----------
2463. REM CloudScout
2464. taskkill /im CloudOGLESBY.exe /t /f 2> nul
2465.  
2466. REM SearchProtect
2467. REM Doesn't completely kill the processes if run once. Must run multiple times.
2468. taskkill /im cltmng.exe /t /f 2> nul
2469. taskkill /im CltMngSvc.exe /t /f 2> nul
2470. taskkill /im cltmngui.exe /t /f 2> nul
2471. taskkill /im SPtool64.exe /t /f 2> nul
2472. taskkill /im cltmng.exe /t /f 2> nul
2473. taskkill /im CltMngSvc.exe /t /f 2> nul
2474. taskkill /im cltmngui.exe /t /f 2> nul
2475. taskkill /im SPtool64.exe /t /f 2> nul
2476. taskkill /im cltmng.exe /t /f 2> nul
2477. taskkill /im CltMngSvc.exe /t /f 2> nul
2478. taskkill /im cltmngui.exe /t /f 2> nul
2479. taskkill /im SPtool64.exe /t /f 2> nul
2480. taskkill /im cltmng.exe /t /f 2> nul
2481. taskkill /im CltMngSvc.exe /t /f 2> nul
2482. taskkill /im cltmngui.exe /t /f 2> nul
2483. taskkill /im SPtool64.exe /t /f 2> nul
2484.  
2485. REM PluginContainer
2486. taskkill /im plugincontainer.exe /t /f 2> nul
2487. taskkill /im PluginContainer.exe /t /f 2> nul
2488.  
2489. REM Updater
2490. taskkill /im updater.exe /t /f 2> nul
2491.  
2492. REM ----------Found 7/9/2015-----------
2493.  
2494. REM SlimCleaner
2495. REM C:\Program Files\SlimCleaner Plus\
2496. taskkill /im SlimCleanerPlus.exe /t /f 2> nul
2497. taskkill /im mdp.exe /t /f 2> nul
2498.  
2499. REM SlimService
2500. REM C:\Program Files\SlimService
2501. taskkill /im SlimService.exe /t /f 2> nul
2502. taskkill /im SlimServiceFactory.exe /t /f 2> nul
2503.  
2504. taskkill /im mdp.exe /t /f 2> nul
2505. taskkill /im DriverUpdate.exe /t /f 2> nul
2506.  
2507. REM -----------Found 7/2/2015-----------
2508. REM %temp%~
2509. taskkill /im ansnE3AE.exe /t /f 2> nul
2510. taskkill /im rnssF04D.exe /t /f 2> nul
2511. taskkill /im cnssF04C.tmp /t /f 2> nul
2512.  
2513. REM Infected Chrome~
2514. taskkill /im Discover.exe /t /f 2> nul
2515.  
2516. REM Ninja Loader~
2517. taskkill /im "Ninja Loader.exe" /t /f 2> nul
2518. taskkill /im NinjaMaintainer.exe /t /f 2> nul
2519.  
2520. REM PC Matic Plus~
2521. taskkill /im PCTunerFG.exe /t /f 2> nul
2522. taskkill /im Popialert.exe /t /f 2> nul
2523. taskkill /im Probsalert.exe /t /f 2> nul
2524. taskkill /im unitrack.exe /t /f 2> nul
2525. taskkill /im updater.exe /t /f 2> nul
2526.  
2527. REM Wajam~
2528. taskkill /im wajam.exe /t /f 2> nul
2529. taskkill /im wajam_64.exe /t /f 2> nul
2530.  
2531. REM -----------Found 6/23/2015-----------
2532. taskkill /im DefaultTabStart.exe /t /f 2> nul
2533. taskkill /im DefaultTabStart64.exe /t /f 2> nul
2534. taskkill /im DefaultTabUninstaller.exe /t /f 2> nul
2535. taskkill /im DTUpdate.exe /t /f 2> nul
2536. taskkill /im uninstalldt.exe /t /f 2> nul
2537. taskkill /im update.exe /t /f 2> nul
2538. taskkill /im loggingserver.exe /t /f 2> nul
2539. taskkill /im ToolbarUpdater.exe /t /f 2> nul
2540. taskkill /im PCHealthKit.exe /t /f 2> nul
2541. taskkill /im PCHKGuard.exe /t /f 2> nul
2542. taskkill /im PCHKLauncher.exe /t /f 2> nul
2543. taskkill /im PCHKReminder.exe /t /f 2> nul
2544. taskkill /im PCHKSchedule.exe /t /f 2> nul
2545. taskkill /im PCHKSmartScan.exe /t /f 2> nul
2546. taskkill /im PCHKUninstaller.exe /t /f 2> nul
2547. taskkill /im NativeMessageHost.exe /t /f 2> nul
2548. taskkill /im WajamUpdaterV3.exe /t /f 2> nul
2549. taskkill /im unins000.exe /t /f 2> nul
2550. taskkill /im uninstall.exe /t /f 2> nul
2551. taskkill /im WebCakeDesktop.exe /t /f 2> nul
2552.  
2553. REM Found and added 6-1-2015
2554. taskkill /im 39barsvc.exe /t /f 2> nul
2555. taskkill /im AppIntegrator64.exe /t /f 2> nul
2556. taskkill /im 39SrchMn.exe /t /f 2> nul
2557. taskkill /im 39bar.dll /t /f 2> nul
2558. taskkill /im 39SrcAs.dll /t /f 2> nul
2559. taskkill /im JYI.exe /t /f 2> nul
2560.  
2561. REM Found and added 5-25-2015
2562. taskkill /im a4SpeedCheckJ53.exe /t /f 2> nul
2563. taskkill /im ansv95.exe /t /f 2> nul
2564. taskkill /im beExpU.exe /t /f 2> nul
2565. taskkill /im bnsg82.exe /t /f 2> nul
2566. taskkill /im cltmng.exe /t /f 2> nul
2567. taskkill /im CltMngSvc.exe /t /f 2> nul
2568. taskkill /im cltmngui.exe /t /f 2> nul
2569. taskkill /im cnsx98.exe /t /f 2> nul
2570. taskkill /im gmsd_ca_497.exe /t /f 2> nul
2571. taskkill /im gmsd_us_619.exe /t /f 2> nul
2572. taskkill /im ConsumerInputUpdate.exe /t /f 2> nul
2573. taskkill /im hnsl69.tmp /t /f 2> nul
2574. taskkill /im jnsz65.tmp /t /f 2> nul
2575. taskkill /im mainserv.exe /t /f 2> nul
2576. taskkill /im N2ox192.exe /t /f 2> nul
2577. taskkill /im nsd11E.tmp /t /f 2> nul
2578. taskkill /im nsdBD.tmp /t /f 2> nul
2579. taskkill /im nsf50.tmpfs /t /f 2> nul
2580. taskkill /im nsm519.tmpfs /t /f 2> nul
2581. taskkill /im smss.exe /t /f 2> nul
2582. taskkill /im snss594.exe /t /f 2> nul
2583. taskkill /im UMVPFSrv.exe /t /f 2> nul
2584. taskkill /im upgmsd_ca_497.exe /t /f 2> nul
2585. taskkill /im upgmsd_us_619.exe /t /f 2> nul
2586. taskkill /im vnsy37.tmp /t /f 2> nul
2587. taskkill /im CALMAIN.exe /t /f 2> nul
2588. taskkill /im CameraHelperShell.exe /t /f 2> nul
2589. taskkill /im COCIManager.exe /t /f 2> nul
2590. taskkill /im crossbrowse.exe /t /f 2> nul
2591. taskkill /im daemonu.exe /t /f 2> nul
2592. taskkill /im dca-monitoring.exe /t /f 2> nul
2593. taskkill /im FlashBeat.exe /t /f 2> nul
2594. taskkill /im upgmsd_ca_493.exe /t /f 2> nul
2595. taskkill /im gmsd_ca_493.exe /t /f 2> nul
2596. taskkill /im HDeck.exe /t /f 2> nul
2597. taskkill /im IAAnotif.exe /t /f 2> nul
2598. taskkill /im IAANTmon.exe /t /f 2> nul
2599. taskkill /im jnse53A.tmp /t /f 2> nul
2600. taskkill /im Kikblaster.exe /t /f 2> nul
2601. taskkill /im LogitechUpdate.exe /t /f 2> nul
2602. taskkill /im LULnchr.exe /t /f 2> nul
2603. taskkill /im LWS.exe /t /f 2> nul
2604. taskkill /im UpdateCheck.exe /t /f 2> nul
2605. taskkill /im YTDownloader.exe /t /f 2> nul
2606. taskkill /im SSScheduler.exe /t /f 2> nul
2607. taskkill /im unsecapp.exe /t /f 2> nul
2608. taskkill /im wueooalu.exe /t /f 2> nul
2609.  
2610. REM MyWinLocker (EgisTec Software)
2611. REM C:\Program Files (x86)\EgisTec Egis Software Update
2612. REM C:\Program Files (x86)\EgisTec\MyWinLocker 3
2613. taskkill /im EgisUpdate.exe /t /f 2> nul
2614. taskkill /im Decryption.exe /t /f 2> nul
2615. taskkill /im Encryption.exe /t /f 2> nul
2616. taskkill /im mwlCCPSD.exe /t /f 2> nul
2617. taskkill /im mwlCSP.exe /t /f 2> nul
2618. taskkill /im mwlDaemon.exe /t /f 2> nul
2619. taskkill /im MSLfsu.exe /t /f 2> nul
2620. taskkill /im mwlMgtConsole.exe /t /f 2> nul
2621. taskkill /im mwlInstHelper.exe /t /f 2> nul
2622. taskkill /im mwlRF.exe /t /f 2> nul
2623. taskkill /im MWLService.exe /t /f 2> nul
2624. taskkill /im mwlTBMNGR.exe /t /f 2> nul
2625. taskkill /im OnlineHelp.exe /t /f 2> nul
2626. taskkill /im PMMdatamgr.exe /t /f 2> nul
2627. taskkill /im MiniLauncher.exe /t /f 2> nul
2628. taskkill /im Shredder.exe /t /f 2> nul
2629.  
2630. REM Privoxy
2631. REM C:\Program Files (x86)\Megasoft Security
2632. taskkill /im jptask.exe /t /f 2> nul
2633. taskkill /im jsff.exe /t /f 2> nul
2634. taskkill /im privoxy.exe /t /f 2> nul
2635. taskkill /im swchromium.exe /t /f 2> nul
2636. taskkill /im swchromium64.exe /t /f 2> nul
2637.  
2638. REM GeniusBox
2639. taskkill /im client.exe /t /f 2> nul
2640. taskkill /im certmanager.exe /t /f 2> nul
2641. taskkill /im makecert.exe /t /f 2> nul
2642. taskkill /im Tasks.exe /t /f 2> nul
2643. taskkill /im Uninstall.exe /t /f 2> nul
2644. taskkill /im Updater.exe /t /f 2> nul
2645. taskkill /im certutil.exe /t /f 2> nul
2646.  
2647. REM Driver Detective
2648. taskkill /im DriversHQ.DriverDetective.Client.exe /t /f 2> nul
2649.  
2650. REM Roller Coaster Park
2651. REM C:\Program Files (x86)\roller coaster park
2652. taskkill /im roller_coaster_park_notifier.exe /t /f 2> nul
2653.  
2654. REM Ask Toolbar
2655. REM C:\Program Files (x86)\AskPartnerNetwork\Toolbar
2656. REM C:\Program Files (x86)\AskPartnerNetwork
2657. taskkill /im TBNotifier.exe /t /f 2> nul
2658. REM Have to run this one a few times. it tends to create child processes that appear shortly after it has been killed...
2659. taskkill /im apnmcp.exe /t /f 2> nul
2660.  
2661. REM Mindspark
2662. taskkill /im 65barsvc.exe /t /f 2> nul
2663. taskkill /im APPINTEGRATOR.EXE /t /f 2> nul
2664. taskkill /im AppIntegrator.exe /t /f 2> nul
2665. taskkill /im APPINTEGRATOR64.exe /t /f 2> nul
2666. taskkill /im AppIntegrator64.exe /t /f 2> nul
2667. taskkill /im bfbarsvc.exe /t /f 2> nul
2668. taskkill /im cebarsvc.exe /t /f 2> nul
2669. taskkill /im CrExtPbf.exe /t /f 2> nul
2670. taskkill /im CrExtPce.exe /t /f 2> nul
2671. taskkill /im RebootRequired.exe /t /f 2> nul
2672. taskkill /im SnapMyScreen.exe /t /f 2> nul
2673. taskkill /im 4zbarsvc.exe /t /f 2> nul
2674. taskkill /im 4zbrmon.exe /t /f 2> nul
2675. taskkill /im 4zbrmon64.exe /t /f 2> nul
2676. taskkill /im 4zhighin.exe /t /f 2> nul
2677. taskkill /im 4zmedint.exe /t /f 2> nul
2678. taskkill /im 4zskplay.exe /t /f 2> nul
2679. taskkill /im 4zSrchMn.exe /t /f 2> nul
2680. taskkill /im AppIntegrator64.exe /t /f 2> nul
2681. taskkill /im CrExtP4z.exe /t /f 2> nul
2682. taskkill /im VideoDownloadConverterSetup.exe /t /f 2> nul
2683.  
2684. REM CrossBrowse
2685. REM This program will install CinemaPlus, or vice versa
2686. taskkill /im crossbrowse.exe /t /f 2> nul
2687.  
2688. REM Compete DCA Host ?? <-- Look into this
2689. taskkill /im dca-host.exe /t /f 2> nul
2690. taskkill /im dca-monitoring.exe /t /f 2> nul
2691.  
2692. REM Block and surf
2693. taskkill /im BlockAndSurf.exe /t /f 2> nul
2694.  
2695. REM Boost
2696. taskkill /im Boost.exe /t /f 2> nul
2697.  
2698. REM YSLoader
2699. taskkill /im AppleMobileDeviceService.exe /t /f 2> nul
2700.  
2701. REM PalMall exe
2702. taskkill /im 7e0c8f1a-041f-4b28-9c69-165dde7038f0-10.exe /t /f 2> nul
2703.  
2704. REM VideoDownloader_4z
2705. REM C:\Program Files\VideoDownloadConverter_4zEI
2706. REM C:\Program Files (x86)\VideoDownloadConverter_4zEI
2707. taskkill /im VideoDownloadConvert.exe /t /f 2> nul
2708. taskkill /im 4zbarsvc.exe /t /f 2> nul
2709. taskkill /im 4zbrmon.exe /t /f 2> nul
2710. taskkill /im 4zbrmon64.exe /t /f 2> nul
2711.  
2712. REM Tuneup Computer
2713. REM C:\Program Files (x86)\Tuneup computer\
2714. taskkill /im updater.exe /t /f 2> nul
2715. taskkill /im unitrack.exe /t /f 2> nul
2716. taskkill /im Probsalert.exe /t /f 2> nul
2717. taskkill /im PCTunerFG.exe /t /f 2> nul
2718. taskkill /im Popialert.exe /t /f 2> nul
2719.  
2720. REM Super Optimizer
2721. REM C:\Program Files (x86)\Super Optimizer\
2722. taskkill /im SuperOptimizer.exe /t /f 2> nul
2723. taskkill /im SupOptGuard.exe /t /f 2> nul
2724. taskkill /im SupOptLauncher.exe /t /f 2> nul
2725. taskkill /im SupOptReminder.exe /t /f 2> nul
2726. taskkill /im SupOptScheduler.exe /t /f 2> nul
2727. taskkill /im SupOptSmartScan.exe /t /f 2> nul
2728. taskkill /im SupOptStart.exe /t /f 2> nul
2729. taskkill /im unins000.exe /t /f 2> nul
2730.  
2731. REM Portable WeatherApp
2732. REM C:\Program Files (x86)\Portable WeatherApp\
2733. taskkill /im IEerror.exe /t /f 2> nul
2734. taskkill /im IEerror.vshost.exe /t /f 2> nul
2735. taskkill /im unitrack.exe /t /f 2> nul
2736. taskkill /im unitrack.vshost.exe /t /f 2> nul
2737. taskkill /im updater.exe /t /f 2> nul
2738. taskkill /im wdrguid.exe /t /f 2> nul
2739. taskkill /im wdrguid.vshost.exe /t /f 2> nul
2740. taskkill /im Weather.exe /t /f 2> nul
2741. taskkill /im Weather.vshost.exe /t /f 2> nul
2742.  
2743. REM Optimizer Pro
2744. REM C:\Program Files (x86)\Optimizer Pro 3.56\
2745. taskkill /im OptimizerPro.exe /t /f 2> nul
2746. taskkill /im OptProGuard.exe /t /f 2> nul
2747. taskkill /im OptProLauncher.exe /t /f 2> nul
2748. taskkill /im OptProReminder.exe /t /f 2> nul
2749. taskkill /im OptProSchedule.exe /t /f 2> nul
2750. taskkill /im OptProSmartScan.exe /t /f 2> nul
2751. taskkill /im OptProStart.exe /t /f 2> nul
2752. taskkill /im OptProUninstaller.exe /t /f 2> nul
2753.  
2754. REM WildTangent Games
2755. REM Not really malware, but really annoying.
2756. REM C:\Program Files (x86)\WildTangent Games\App\
2757. taskkill /im GameConsole.exe /t /f 2> nul
2758. taskkill /im GameConsole-wt.exe /t /f 2> nul
2759. taskkill /im GameLauncher.exe /t /f 2> nul
2760. taskkill /im GameLicensing.exe /t /f 2> nul
2761. taskkill /im GamesAppService.exe /t /f 2> nul
2762. taskkill /im PatchHelper.exe /t /f 2> nul
2763. taskkill /im GamesAppIntegrationService.exe /t /f 2> nul
2764. taskkill /im wtapp_ProtocolHandler.exe /t /f 2> nul
2765. taskkill /im BSDiff_Patch.exe /t /f 2> nul
2766. taskkill /im Park.exe /t /f 2> nul
2767. taskkill /im Updater.exe /t /f 2> nul
2768.  
2769. REM CinemaPlus-3.4cV18.04
2770. taskkill /im 4fe643af-6590-4f8e-a033-9b5cadb6ddc4-10.exe /t /f 2> nul
2771. taskkill /im f32c2b3f-2a90-4330-906c-411ddbdd2be4-1-6.exe /t /f 2> nul
2772. taskkill /im f32c2b3f-2a90-4330-906c-411ddbdd2be4-1-7.exe /t /f 2> nul
2773. taskkill /im f32c2b3f-2a90-4330-906c-411ddbdd2be4-5.exe /t /f 2> nul
2774. taskkill /im f32c2b3f-2a90-4330-906c-411ddbdd2be4-10.exe /t /f 2> nul
2775.  
2776. REM Gambali
2777. taskkill /im Gambali.exe /t /f 2> nul
2778.  
2779. REM Games Desktop Utility
2780. taskkill /im gmsd_us_458.exe /t /f 2> nul
2781. taskkill /im gmsd_us_467.exe /t /f 2> nul
2782. taskkill /im gamesdesktop_widget.exe /t /f 2> nul
2783. taskkill /im predm.exe /t /f 2> nul
2784.  
2785. REM shopperz
2786. taskkill /im csrcc.exe /t /f 2> nul
2787. taskkill /im grunt.exe /t /f 2> nul
2788. taskkill /im nfregdrv64.exe /t /f 2> nul
2789. taskkill /im nseven.exe /t /f 2> nul
2790. taskkill /im wrex.exe /t /f 2> nul
2791. taskkill /im wrex64.exe /t /f 2> nul
2792. taskkill /im 70F4EEDB-1367-4b4f-8247-3133551A7415.exe /t /f 2> nul
2793.  
2794. REM coupoon
2795. taskkill /im iiwjljrnpc64.exe /t /f 2> nul
2796. taskkill /im nfregdrv.exe /t /f 2> nul
2797.  
2798. REM Infonaut_1.10.0.14
2799. REM C:\Program Files (x86)\Infonaut_1.10.0.14\Service\insvc.exe -uninstall
2800.  
2801. REM 015
2802. REM C:\Program Files\015\lxrrlxtleh32
2803. taskkill /im lxrrlxtleh32.exe /t /f 2> nul
2804.  
2805. REM OLBPre
2806. taskkill /im OLBPre.exe /t /f 2> nul
2807.  
2808. REM Plugin
2809. taskkill /im plugin.exe /t /f 2> nul
2810. taskkill /im plugincontainer.exe /t /f 2> nul
2811.  
2812. REM SlimService
2813. taskkill /im SlimService.exe /t /f 2> nul
2814. taskkill /im SlimServiceFactory.exe /t /f 2> nul
2815.  
2816. REM SmartWebApp
2817. taskkill /im __u.exe /t /f 2> nul
2818. taskkill /im SmartWebApp.exe /t /f 2> nul
2819. taskkill /im SmartWebHelper.exe /t /f 2> nul
2820.  
2821. REM updater
2822. taskkill /im updater.exe /t /f 2> nul
2823.  
2824. REM WebProtectorPlus
2825. taskkill /im WebProtectorPlus.exe /t /f 2> nul
2826. taskkill /im SetupComponents.exe /t /f 2> nul
2827. taskkill /im LiveUpdateWWP.exe /t /f 2> nul
2828.  
2829.  
2830. IF %KFLAG%==1 ECHO.
2831. IF %KFLAG%==1 ECHO.
2832. IF %KFLAG%==1 ECHO.
2833. IF %KFLAG%==1 ECHO.
2834. IF %KFLAG%==1 ECHO.
2835. IF %KFLAG%==1 ECHO                All known malware and bloatware has been terminated.
2836. IF %KFLAG%==1 ECHO.
2837. IF %KFLAG%==1 ECHO --------------------------------------------------------------------------------
2838. IF %KFLAG%==1 ECHO     This means that you can continue to manually remove the infection (if any)
2839. IF %KFLAG%==1 ECHO     manually or using tools that are provided under the Downloads/Rootkit
2840. IF %KFLAG%==1 ECHO     sections in the main menu.
2841. IF %KFLAG%==1 ECHO.
2842. IF %KFLAG%==1 ECHO.
2843. IF %KFLAG%==1 ECHO.
2844. IF %KFLAG%==1 ECHO.
2845. IF %KFLAG%==1 ECHO.
2846. IF %KFLAG%==1 PAUSE
2847. IF %KFLAG%==1 GOTO HOME
2848. IF %KFLAG%==2 GOTO KILLSERV
2849.  
2850.  
2851.  
2852. :KILLSERV
2853. echo ---Stopping known malware services.
2854. echo.
2855. REM Found and added 9-15-2015
2856. net stop SearchProtectionService 2> nul
2857. net stop FromDocToPDF_65Service 2> nul
2858.  
2859. REM Found and added 8-6-2015
2860. net stop "Petty Court" 2> nul
2861. net stop TelevisionFanaticService 2> nul
2862. net stop 3e02e3c9 2> nul
2863. net stop TrustMix 2> nul
2864. net stop VideoDownloadConverter_4zService 2> nul
2865. net stop VideoDownloadConverterService 2> nul
2866.  
2867. REM Found and added 7-24-2015
2868. net stop bebtosho 2> nul
2869. net stop Checker 2> nul
2870. net stop ipucatyj 2> nul
2871. net stop aaf818c3 2> nul
2872. net stop LiveReader 2> nul
2873. net stop "Update Mgr SeeResultsHub" 2> nul
2874. net stop "Service Mgr SeeResultsHub" 2> nul
2875.  
2876. REM Found and added 7-15-2015
2877. net stop "Service Mgr RecordPage" 2> nul
2878. net stop "Update Mgr RecordPage" 2> nul
2879. net stop bca22949 2> nul
2880.  
2881. REM Found and added 6-23-2015
2882. net stop WtuSystemSupport 2> nul
2883. net stop vToolbarUpdater18.4.0 2> nul
2884. net stop WajamUpdaterV3 2> nul
2885.  
2886. REM Found and added 6-1-2015
2887. net stop MapsGalaxyService 2> nul
2888. net stop MapsGalaxy_39Service 2> nul
2889. net stop EZ Software Updater 2> nul
2890. net stop f1f78e38 2> nul
2891.  
2892. REM Found and added 5-25-2015
2893. net stop UpdateCheck 2> nul
2894. net stop SPBIUpd 2> nul
2895. net stop SMUpd 2> nul
2896. net stop OfMQduaBIJq 2> nul
2897. net stop CoupoonService 2> nul
2898. net stop BrsHelper 2> nul
2899. net stop gykoruqo 2> nul
2900.  
2901. net stop 70F4EEDB-1367-4b4f-8247-3133551A7415 2>nul
2902. net stop CoupoonService64 2> nul
2903. net stop csrcc 2> nul
2904. net stop EasyPDFCombineService 2> nul
2905. net stop FlashBeat 2> nul
2906. net stop FromDocToPDFService 2> nul
2907. net stop lxrrlxtleh32 2> nul
2908. net stop VideoDownloadConverterService 2> nul
2909. net stop SnapMyScreen 2> nul
2910. net stop shopperz 2> nul
2911. net stop PrivoxyService 2> nul
2912. net stop WINZIPSSDiskOptimizer 2> nul
2913. net stop MWLService 2> nul
2914.  
2915.  
2916. echo ---Disabling known malware services.
2917. echo.
2918. REM Found and added 9-15-2015
2919. sc config SearchProtectionService start= disabled >nul
2920. sc config FromDocToPDF_65Service start= disabled >nul
2921.  
2922. REM Found and added 8-6-2015
2923. sc config "Petty Court" start= disabled >nul
2924. sc config TelevisionFanaticService start= disabled >nul
2925. sc config 3e02e3c9 start= disabled >nul
2926. sc config TrustMix start= disabled >nul
2927. sc config VideoDownloadConverter_4zService start= disabled >nul
2928. sc config VideoDownloadConverterService start= disabled >nul
2929.  
2930. REM Found and added 7-24-2015
2931. sc config bebtosho start= disabled >nul
2932. sc config Checker start= disabled >nul
2933. sc config ipucatyj start= disabled >nul
2934. sc config aaf818c3 start= disabled >nul
2935. sc config LiveReader start= disabled >nul
2936. sc config "Update Mgr SeeResultsHub" start= disabled >nul
2937. sc config "Service Mgr SeeResultsHub" start= disabled >nul
2938.  
2939. REM Found and added 7-15-2015
2940. sc config "Service Mgr RecordPage" start= disabled >nul
2941. sc config "Update Mgr RecordPage" start= disabled >nul
2942. sc config bca22949 start= disabled >nul
2943.  
2944. REM Found and added 6-23-2015
2945. sc config WtuSystemSupport start= disabled >nul
2946. sc config vToolbarUpdater18.4.0 start= disabled >nul
2947. sc config WajamUpdaterV3 start= disabled >nul
2948.  
2949. REM Found and added 6-1-2015
2950. sc config MapsGalaxyService start= disabled >nul
2951. sc config MapsGalaxy_39Service start= disabled >nul
2952. sc config EZ Software Updater start= disabled >nul
2953. sc config f1f78e38 start= disabled >nul
2954.  
2955. REM Found and added 5-25-2015
2956. sc config UpdateCheck start= disabled >nul
2957. sc config SPBIUpd start= disabled >nul
2958. sc config SMUpd start= disabled >nul
2959. sc config OfMQduaBIJq start= disabled >nul
2960. sc config CoupoonService start= disabled >nul
2961. sc config BrsHelper start= disabled >nul
2962. sc config gykoruqo start= disabled >nul
2963.  
2964. sc config 70F4EEDB-1367-4b4f-8247-3133551A7415 start= disabled >nul
2965. sc config CoupoonService64 start= disabled >nul
2966. sc config csrcc start= disabled >nul
2967. sc config EasyPDFCombineService start= disabled >nul
2968. sc config FlashBeat start= disabled >nul
2969. sc config FromDocToPDFService start= disabled >nul
2970. sc config lxrrlxtleh32 start= disabled >nul
2971. sc config VideoDownloadConverterService start= disabled >nul
2972. sc config SnapMyScreen start= disabled >nul
2973. sc config shopperz start= disabled >nul
2974. sc config PrivoxyService start= disabled >nul
2975. sc config WINZIPSSDiskOptimizer start= disabled >nul
2976. sc config MWLService start= disabled >nul
2977. set KFLAG=1
2978. GOTO KILL