Tron-internal prep jobs:(These are all executed even if Tron is canceled befor

1. Tron-internal prep jobs:
2. (These are all executed even if Tron is canceled before running)
3. . Detect TEMP execution Detect if we're running from the TEMP directory and prevent Tron from executing if so. TEMP is one of the first places to get wiped when Tron starts so we cannot run from there
4. . Make log directories Create the master log directory and sub-directories if they don't exist. By default this is %SystemDrive%\Logs\tron.log
5. . Detect Windows & IE versions Determines quite a few things in the script, such as which versions of various commands get executed
6. . Unsupported OS blocker Throw an alert message if running on an unsupported OS, then exit. Use the -dev flag to override this behavior and allow running on unsupported Windows versions
7. . Disk configuration check Check if the system drive is an SSD, Virtual Disk, or threw an unspecified error (couldn't be read by smartctl.exe) and set the SKIP_DEFRAG variable to yes_ssd, yes_vm, or yes_error respectively. If any of these conditions are triggered, Tron skips **Stage 5 defrag** automatically
8. . Detect free space Detect and save available hard drive space to compare against later. Simply used to show how much space was reclaimed; does not affect any script functions
9. . Detect resume Detect whether or not we're resuming after an interrupted run (e.g. from a reboot)
10. . Enable F8 Safe Mode selection Re-enable the ability to use the F8 key on bootup (Windows 8/8.1 only; enabled by default on Server 2012/2012 R2)
11. . Check for network connection Check for an active network connection, and skip the update checks if one isn't found
12. . Check for update Compare the local copy of Tron to the version on the official repo (does this by reading latest version number from sha256sums.txt). If the local copy is out of date, Tron will ask to automatically download the latest copy (**always** recommended). If permitted, it will download a copy to the desktop, verify the SHA256 hash, then self-destruct (delete) the current outdated copy
13. . Update debloat lists Connect to Github and download the latest version of the Stage 2 debloat lists at initial launch. Use the -sdu (SKIP_DEBLOAT_UPDATE) switch to prevent this behavior. I recommend letting Tron update the lists unless you have a good, specific reason not to
14. . Detect Administrator rights Detect whether or not we're running as Administrator and alert the user if we're not
15. . Detect Safe Mode Detect whether or not we're in Safe Mode and notifies the user if we're not
16. . SMART check Run a quick SMART disk health check and notify if any drives don't report "OK" for their status
17. . Create RunOnce entry Create the following registry key to support resuming if there is an interruption: HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce /v "tron_resume" /t REG_SZ /d "%~dp0tron.bat %-resume"
18.  
19.  
20. STAGE 0: Prep
21. . Create System Restore point Create a pre-run system restore point. Vista and up only, client OS's only (not supported on Server OS's, and on Windows 10 does not work if the system is in any form of Safe Mode. This is a known bug, and I spent hours trying to find a workaround but was not able to find a solution, so if you absolutely require a system restore point, recommend running in normal mode
22. . Rkill rkill is an anti-malware prep tool; it looks for and kills a number of known malware that interfere with removal tools. Rkill will exclude any process listed in \resources\stage_0_prep\rkill\rkill_process_whitelist.txt from being closed
23. . Create pre-run profile Dump list of installed programs and list of all files on the system so we can compare later and see exactly what was removed
24. . GUID dump Dump list of all installed program GUIDs. These dumps are useful in helping the project bolster the blacklist of known-bad GUIDs
25. . caffeine.exe Tron uses Caffeine to keep the system awake during the scan. At the end of the script it re-enables the screensaver and resets power settings to Windows defaults. Use the -p switch to prevent resetting the power scheme to Windows defaults
26. . ProcessKiller Utility provided by /u/cuddlychops06 which kills various userland processes. You can customize this list in the accompanying whitelist.txt file in the same directory as the ProcessKiller .exe. We use this to further kill anything that might interfere with Tron. Specifically, it kills everything in userland with the exception of the following processes: ClassicShellService.exe, explorer.exe, dwm.exe, cmd.exe, mbam.exe, teamviewer.exe, TeamViewer_Service.exe, Taskmgr.exe, Teamviewer_Desktop.exe, MsMpEng.exe, tv_w32.exe, VTTimer.exe, Tron.bat, rkill.exe, rkill64.exe, rkill.com, rkill64.com, conhost.exe, dashost.exe
27. . Safe Mode Set system to reboot into Safe Mode with Networking if a reboot occurs. Removes this and resets to normal bootup at the end of the script. Accomplished via this command: bcdedit /set {default} safeboot network
28. . Set system time via NTP Sync the system clock to time.nist.gov, 3.pool.ntp.org and time.windows.com
29. . check and repair WMI Check the WMI interface and attempt repair if broken. Tron uses WMI for a lot of stuff including ISO date format conversion, OEM bloatware removal, and various other things, so having it functioning is critical
30. . McAfee Stinger anti-malware/rootkit/virus standalone scanner from McAfee. Does not support plain-text logs so we save its HTML log to %LOGPATH%\tron_raw_logs (by default). Tron executes Stinger as follows: stinger32.exe --GO --SILENT --PROGRAM --REPORTPATH="%LOGPATH%" --RPTALL --DELETE
31. . TDSS Killer anti-rootkit utility from Kaspersky Labs. Tron executes TDSSKiller as follows: tdsskiller.exe -l %TEMP%\tdsskiller.log -silent -tdlfs -dcexact -accepteula -accepteulaksn
32. . erunt used to backup the registry before beginning a Tron run
33. . VSS purge purges oldest set of Volume Shadow Service files (basically snapshot-in-time copies of files). Malware can often hide out here.
34. . Reduce system restore space Restrict System Restore to only use 7% of available hard drive space
35.  
36.  
37. STAGE 1: Tempclean
38. . Internet Explorer cleanup Runs built-in Windows tool to clean and reset Internet Explorer ( rundll32.exe inetcpl.cpl,ClearMyTracksByProcess 4351 ). Runs on IE 7 and up
39. . TempFileCleanup.bat Script I wrote to clean some areas that other tools seem to miss. Note: it specifically targets, among other things, any .txt or .bat files at the root of C:\
40. . CCLeaner CCLeaner utility by Piriform. Used to clean temp files before running AV scanners
41. . BleachBit BleachBit utility. Used to clean temp files before running AV scanners
42. . Cleanup duplicate downloads Searches for and delete duplicate files found in the Downloads folders of each user profile (ChromeInstaller(1).exe, ChromeInstaller(2)exe, etc). Does not touch any other folders. Uses Sentex's [Find Dupe](http://www.sentex.net/~mwandel/finddupe/) utility
43. . USB Device cleanup Uninstalls unused or not present USB devices from the system (non-existent thumb drives, etc). Uses drivecleanup.exe from Uwe Sieber ( www.uwe-sieber.de )
44. . Clear Windows event logs Backs up Windows event logs to the LOGPATH directory, then clears all log files
45. . Clear Windows Update cache Purges uninstaller files for already-installed Windows Updates. Typically frees up quite a bit of space
46.  
47.  
48. STAGE 2: De-bloat
49. . OEM de-bloat (by name) Use WMI to attempt to uninstall any program listed in this file: \resources\stage_2_de-bloat\oem\programs_to_target_by_name.txt
50. . OEM de-bloat (by GUID) Use WMI to attempt to remove specific list of GUIDs in this file: \resources\stage_2_de-bloat\oem\programs_to_target_by_GUID.txt
51. . Toolbar & BHOs (by GUID) Use WMI to attempt to remove specific list of GUIDs in this file: \resources\stage_2_de-bloat\oem\toolbars_BHOs_to_target_by_GUID.txt
52. . Metro de-bloat Remove many built-in Metro apps that aren't commonly used (does NOT remove things like Calculator, Paint) then purges them from the cache (can always fetch later from Windows Update). On Windows 8/8.1, removes all stock "Modern" apps. On Windows 10 and up, only removes a few specific Modern apps. Use the -sdb switch (skip ALL de-bloat) or -m switch (skip only Metro de-bloat) to skip this action. The list of Metro apps to target are in the \resources\stage_2_de-bloat\metro\ folder
53. . Remove OneDrive integration Remove forced OneDrive integration (Windows 10 only). Tron first checks if any files exist in the default OneDrive folder (%USERPROFILE%\OneDrive\) and skips removal if any are found. As a an additional safety precaution, Tron leaves the OneDrive folder intact regardless whether OneDrive is removed or not
54.  
55.  
56. STAGE 3: Disinfect
57. . Clear CryptNet SSL cache Wipe the Windows CryptNet SSL certificate cache by executing this command: certutil -URLcache * delete
58. . Malwarebytes Anti-Malware Anti-malware scanner. Because there is no command-line support for MBAM, we simply install it and continue with the rest of the script. This way a tech can click "scan" whenever they're around, but the script doesn't stall while waiting for user input. Use the -sa or -sm flags skip this component
59. . Kaspersky Virus Removal Tool Command-line anti-virus scanner. Use the -sa or -sk flags skip this component
60. . Sophos Virus Removal Tool Command-line anti-virus scanner. Use the -v flag gives more verbose output. Use the -sa or -ss flags skip this component
61.  
62.  
63. STAGE 4: Repair
64. . MSI installer cleanup Use the Microsoft 'msizap' utility to remove orphaned MSI installer files from the installer cache
65. . DISM image check & repair Microsoft utility for checking the Windows Image Store (basically like System File Checker on crack). Windows 8 and up only
66. . System File Checker Microsoft utility for checking the filesystem for errors and attempting to repair if found. Tron runs this on Windows Vista and up only (XP and below require a reboot)
67. . chkdsk Checks disk for errors and schedules a chkdsk with repair at next reboot
68. . Disable Windows "telemetry" Disable Windows "telemetry" (user tracking), Windows 7 and up only. If the system is running Windows 7/8/8.1, Tron removes the "bad" updates Microsoft pushed to Windows 7/8/8.1 systems after the Windows 10 release. These updates backport the surveillance/spyware functions that are by default present in Windows 10. See the code to see exactly which updates are removed. Tron also stops and deletes the Diagtrack ("Diagnostics Tracking Service") service. If the system is running Windows 10, Tron does a more in-depth disabling of the Windows telemetry features, including automatically applying all the immunizations from the Spybot Anti-Beacon and O&O ShutUp10 tools. Go over the code in \tron\resources\stage_4_repair\disable_windows_telemetry\ to see exactly what is removed and disabled. NOTE: This section takes a LONG time to run, DO NOT CANCEL IT. Use the -str switch to just turn telemetry off instead of removing it
69. . Disable Windows 10 upgrade Disables the Windows 10 upgrade nagger on Windows 7/8/8.1 by flipping the appropriate registry switches. Users can still manually upgrade the machine if they desire, but it will no longer nag via the system tray, auto-download, or auto-install Windows 10 without their permission
70. . Network repair Tron performs minor network repair. Specifically it runs these commands: ipconfig /flushdns, netsh interface ip delete arpcache, netsh winsock reset catalog
71. . File extension repair Tron repairs most default file extensions with a batch file that loops through a series of registry files stored in \tron\resources\stage_4_repair\repair_file_extensions\. Thanks to /u/cuddlychops06
72.  
73.  
74. STAGE 5: Patch Tron installs or updates these programs:
75. . 7-zip Open-source compression and extraction tool. Far superior to just about everything (including the venerable WinRAR). Use the -sap switch to skip this action
76. . Adobe Flash Player Used by YouTube and various other sites. Use the -sap switch to skip this action
77. . Adobe Reader Standard PDF reader. Use the -sap switch to skip this action
78. . Java Runtime Environment I hate Java, but it is still widely used so we at least get the system on the latest version. Use the sp switch to skip this component
79. . Windows updates Runs Windows update via this command: wuauclt /detectnow /updatenow
80. . DISM base reset Recompile the "Windows Image Store" (SxS store deflation). This typically results in multiple GB's of space freed up. Windows 8 and up only. Any Windows Updates installed *prior* to this point will become "baked in" (uninstallable). Use the -sdc switch to skip this action
81.  
82.  
83. STAGE 6: Optimize
84. . Page file reset Reset the system page file settings to "let Windows manage the page file." Accomplished via this command: %WMIC% computersystem where name="%computername%" set AutomaticManagedPagefile=True. Use the -spr flag skips this action
85. . Defraggler Command-line defrag tool from Piriform that's a little faster than the built-in Windows defragmenter
86.  
87.  
88. STAGE 7: Wrap-up
89. . generate summary logs Generate before and after logs detailing which files were deleted and which programs were removed. These are placed in LOGPATH\tron_summary_logs. Additionally, if -er flag was used or EMAIL_REPORT variable was set, these logs will be attached to the email that is sent out
90. . Create restore point Create a post-run system restore point to mirror the one we created in Stage 0: Prep. Vista and up only, client OS's only, on Windows 10 does not work if the system is in any form of Safe Mode. See notes on System Restore in Stage 0 documentation for more information
91. . email_report Sends an email report with log file when Tron finishes. Requires you to specify your SMTP settings in \resources\stage_6_wrap-up\email_report\SwithMailSettings.xml
92. . upload debug logs Upload 'tron.log' and the system GUID dump (list of all installed program GUIDs) to the Tron developer (vocatus). Please use this option if possible, log files are extremely helpful in developing Tron! NOTE: tron.log can contain personal information like names of files on the system, the computer name, user name, etc, so if you're concerned about this please look through a Tron log first to understand what will be sent. I don't care what files are on random systems on the Internet, but just something to be aware of
93.  
94.  
95. STAGE 8: Custom Scripts
96. . Execute custom scripts Tron will execute any .bat files placed in the \tron\resources\stage_8_custom_scripts directory. See "Executing 3rd-party Scripts" section above for more information
97.  
98.  
99. STAGE 9: Manual tools Tron does not run these automatically because most of them don't support command-line use, or are only useful in special cases
100. . ADSSpy Scan for hidden NTFS Alternate Data Streams
101. . AdwCleaner Popular user-suggested adware removal tool
102. . aswMBR Rootkit scanner
103. . autoruns Examine and remove programs that run at startup
104. . ComboFix The "scorched-earth policy" of malware removal. Only works on Windows XP through Windows 8 (no Windows 8.1 or above)
105. . PCHunter Tool to scan for rootkits and other malicious items. Replaces gmer
106. . Junkware Removal Tool Temp files and random junkware remover
107. . Net Adapter Repair Utility to repair most aspects of Windows network connections
108. . Remote Support Reboot Config Tool to quickly configure auto-login and other parameters for running Tron via a remote connection. Thanks to /u/cuddlychops06
109. . Safe Mode Boot Selector.bat Batch file to quickly select bootup method to use (Safe Mode, Network, etc). Thanks to /u/cuddlychops06
110. . ServicesRepair.exe ESET utility for fixing broken Windows services
111. . TempFileCleaner OldTimer utility for cleaning temp files
112. . Tron Reset Tool Tool to quickly reset Tron if it gets interrupted or breaks while running
113. . UserBenchMark.exe Quick automatic system benchmark utility, compares the system to an online database of similar systems
114. . VirusTotal uploader tool Uploads a file directly to VirusTotal for scanning