Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- :::::::::::::::::::::::::::::::::::::::::
- :: Automatically check & get admin rights
- :::::::::::::::::::::::::::::::::::::::::
- @echo off
- CLS
- ECHO.
- ECHO =============================
- ECHO Running Admin shell
- ECHO =============================
- :checkPrivileges
- NET FILE 1>NUL 2>NUL
- if '%errorlevel%' == '0' ( goto gotPrivileges ) else ( goto getPrivileges )
- :getPrivileges
- if '%1'=='ELEV' (shift & goto gotPrivileges)
- ECHO.
- ECHO **************************************
- ECHO Invoking UAC for Privilege Escalation
- ECHO **************************************
- setlocal DisableDelayedExpansion
- set "batchPath=%~0"
- setlocal EnableDelayedExpansion
- ECHO Set UAC = CreateObject^("Shell.Application"^) > "%temp%\OEgetPrivileges.vbs"
- ECHO UAC.ShellExecute "!batchPath!", "ELEV", "", "runas", 1 >> "%temp%\OEgetPrivileges.vbs"
- "%temp%\OEgetPrivileges.vbs"
- exit /B
- :gotPrivileges
- ::::::::::::::::::::::::::::
- ::START
- ::::::::::::::::::::::::::::
- set "searchDir=%WINDIR%\System32\Drivers\"
- :main
- cls
- echo ### Release Paragon ###
- echo.
- echo This script will find leftover Paragon HFS+ system
- echo files and registry values and disable them.
- echo.
- echo Run Search first, then restart, and run Destroy.
- echo.
- echo 1. Search (Disable files and delete Reg entries)
- echo 2. Destroy (Delete disabled files)
- echo.
- set /p "menu=Please select an option: "
- if /i "%menu%"=="1" goto search
- if /i "%menu%"=="2" goto remove
- goto main
- :search
- cls
- echo ### Searching for Files/Reg Values ###
- echo.
- echo Searching "%searchDir%"...
- set /a didFind=0
- call :destroy "apmwin.sys" "%searchDir%" didFind
- call :destroy "gpt_loader.sys" "%searchDir%" didFind
- call :destroy "hfsplus.sys" "%searchDir%" didFind
- call :destroy "hfsplusrec.sys" "%searchDir%" didFind
- call :destroy "mounthlp.sys" "%searchDir%" didFind
- echo.
- echo Renamed %didFind% file^(s^).
- echo.
- echo Deleting Registry Key^(s^)...
- echo HKLM\SYSTEM\CurrentControlSet\Services\apmwin
- REG DELETE HKLM\SYSTEM\CurrentControlSet\Services\apmwin /f
- echo HKLM\SYSTEM\CurrentControlSet\Services\HFSPlus
- REG DELETE HKLM\SYSTEM\CurrentControlSet\Services\HFSPlus /f
- echo HKLM\SYSTEM\CurrentControlSet\Services\HFSPlusRec
- REG DELETE HKLM\SYSTEM\CurrentControlSet\Services\HFSPlusRec /f
- echo HKLM\SYSTEM\CurrentControlSet\Services\gpt_loader
- REG DELETE HKLM\SYSTEM\CurrentControlSet\Services\gpt_loader /f
- echo HKLM\SYSTEM\CurrentControlSet\Services\mounthlp
- REG DELETE HKLM\SYSTEM\CurrentControlSet\Services\mounthlp /f
- echo.
- echo Removing Registry Upper Filters...
- set "currentReg=HKLM\SYSTEM\CurrentControlSet\Control\Class\{71A27CDD-812A-11D0-BEC7-08002BE2092F}"
- echo HKLM\SYSTEM\CurrentControlSet\Control\Class\{71A27CDD-812A-11D0-BEC7-08002BE2092F}\UpperFilters
- echo mounthlp
- call :removeReg "%currentReg%" "UpperFilters" "mounthlp"
- set "currentReg=HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E967-E325-11CE-BFC1-08002BE10318}"
- echo HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E967-E325-11CE-BFC1-08002BE10318}\UpperFilters
- echo gpt_loader
- call :removeReg "%currentReg%" "UpperFilters" "gpt_loader"
- echo apmwin
- call :removeReg "%currentReg%" "UpperFilters" "apmwin"
- REM REG QUERY HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E967-E325-11CE-BFC1-08002BE10318} /v UpperFilters
- echo.
- echo.
- echo Please restart your computer, then run this script
- echo again, and pick the Destroy option to complete
- echo the removal.
- pause
- goto :EOF
- :removeReg <reglocation> <keyname> <keytoremove>
- setlocal enableDelayedExpansion
- set "value="
- FOR /F "skip=2 tokens=1,2*" %%a in ('REG QUERY "%~1" /v "%~2"') DO (
- set value=%%c
- )
- set "re=%~3"
- if /i "%value%"=="" (
- echo ERROR: The system was unable to find the specified registry key or value.
- endlocal
- exit /b
- ) else if /i "!value:%re%=!"=="%value%" (
- echo ERROR: The system was unable to find the specified registry key or value.
- endlocal
- exit /b
- ) else (
- REM we found our value, let's check for trailing spacers
- if "!value:%re%\0=!"=="%value%" (
- REM No trailing spacers
- set value=!value:%re%=!
- ) else (
- set value=!value:%re%\0=!
- )
- )
- REM If we made it this far, let's write our value
- REG ADD "%~1" /t REG_MULTI_SZ /v "%~2" /d "%value%" /f
- endlocal
- exit /b
- :remove
- cls
- echo ### Destroying Files ###
- echo.
- echo ### WARNING ###
- echo.
- echo Only run this part if you have already
- echo rebooted after running the Search function.
- echo.
- echo Press [enter] to continue...
- pause > nul
- cls
- echo ### Destroying Files ###
- echo.
- echo Searching "%searchDir%"...
- set /a didFind=0
- call :kill "_apmwin.sy_" "%searchDir%" didFind
- call :kill "_gpt_loader.sy_" "%searchDir%" didFind
- call :kill "_hfsplus.sy_" "%searchDir%" didFind
- call :kill "_hfsplusrec.sy_" "%searchDir%" didFind
- call :kill "_mounthlp.sy_" "%searchDir%" didFind
- echo Done.
- echo.
- echo Destroyed %didFind% file^(s^).
- pause
- goto :EOF
- :kill
- setlocal enableDelayedExpansion
- set "var1=%~1"
- set "var2=%~2"
- set /a var3=!%~3!
- pushd "%var2%"
- if EXIST "%var1%" (
- echo Found %var1%...
- echo Destroying "%var1%"
- DEL "%var1%"
- set /a var3 += 1
- )
- popd
- endlocal & set var3=%var3%
- set %~3=%var3%
- goto :EOF
- :destroy
- setlocal enableDelayedExpansion
- set "var1=%~1"
- set "var2=%~2"
- set /a var3=!%~3!
- pushd "%var2%"
- if EXIST "%var1%" (
- echo Found %var1%...
- echo Renaming "%var1%" to "_%var1:~0,-1%_"
- REN "%var1%" "_%var1:~0,-1%_"
- set /a var3 += 1
- )
- popd
- endlocal & set var3=%var3%
- set %~3=%var3%
- goto :EOF
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement