Search the Community

Weeds will take over the garden if left unattended. More ammunition for the battle ... ; RegFix_Redirects v1.0 ; Released: January 24, 2012 by ripdad #RequireAdmin ; RegFix_FindRedirects() ; Func RegFix_FindRedirects() Local $title = 'RegFix_Redirects v1.0' Local $found, $sub, $subkey, $string, $val Local $type, $fVal, $dStr, $fStr, $detected = 0 Local $key = 'HKEY_USERS64' If @OSArch <> 'X64' Then $key = 'HKEY_USERS' ; ; Find Random Multiple Redirects (usually over 200 entries) For $n = 1 To 2 Switch $n Case 1; [type1] $type = '' Case 2; [type2] $type = '\shell\open\command' EndSwitch $dStr = '' $fStr = '' $found = 0 ; For $i = 1 To 10000 $subkey = RegEnumKey($key, $i) If @error <> 0 Then ExitLoop If StringRight($subkey, 8) <> '_Classes' Then ContinueLoop $string = '' ; For $j = 1 To 10000 $sub = RegEnumKey($key & '\' & $subkey, $j) If @error <> 0 Then ExitLoop $val = RegRead($key & '\' & $subkey & '\' & $sub & $type, '') If @error <> 0 Then ContinueLoop ; If $found Then If StringInStr($val, $fVal) Then $fStr &= '|[Type' & $n & '] ' & $key & '\' & $subkey & '\' & $sub & $type & ' (Default)=' & $val $dStr &= '|' & $key & '\' & $subkey & '\' & $sub EndIf Else $string &= '|' & $val; add value to string StringReplace($string, $val, ''); use to count If @extended > 20 Then; count occurrences of value $fVal = $val; copy value $found = 1; change mode $i = 0; reset loop 2 ExitLoop; restart loop 2 EndIf EndIf Next Next If $found Then $detected = True RegFix_DeleteRedirects($fStr, $dStr) EndIf Next $dStr = '' $fStr = '' $found = 0 ; ; [type3] - Find Known Single Redirects Local $a = StringSplit('.bat|.cmd|.com|.exe|.reg|ah|exefile|pezfile|secfile|sezfile', '|') For $i = 1 To 10000 $subkey = RegEnumKey($key, $i) If @error <> 0 Then ExitLoop If StringRight($subkey, 8) <> '_Classes' Then ContinueLoop ; For $j = 1 To 10000 $sub = RegEnumKey($key & '\' & $subkey, $j) If @error <> 0 Then ExitLoop ; For $n = 1 To $a[0] If $sub = $a[$n] Then $val = RegRead($key & '\' & $subkey & '\' & $sub, '') $fStr &= '|[Type3] ' & $key & '\' & $subkey & '\' & $sub & ' (Default)=' & $val $dStr &= '|' & $key & '\' & $subkey & '\' & $sub $found = 1 EndIf Next Next Next If $found Then $detected = True RegFix_DeleteRedirects($fStr, $dStr) EndIf $dStr = '' $fStr = '' $found = 0 ; ; [type4] - Find Debugger Redirects $key = 'HKEY_LOCAL_MACHINE64\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options' If @OSArch <> 'X64' Then $key = StringReplace($key, '64', '') ; For $i = 1 To 10000 $subkey = RegEnumKey($key, $i) If @error <> 0 Then ExitLoop If $subkey = 'Your Image File Name Here without a path' Then ContinueLoop $val = RegRead($key & '\' & $subkey, 'Debugger') If @error <> 0 Then ContinueLoop ; If $val Then $fStr &= '|[Type4] ' & $key & '\' & $subkey & ' (Debugger)=' & $val $dStr &= '|' & $key & '\' & $subkey $found = 1 EndIf Next If $found Then $detected = True RegFix_DeleteRedirects($fStr, $dStr) EndIf ; If Not $detected Then MsgBox(8256, $title, 'Nothing Found' & @TAB & @TAB) EndFunc ; Func RegFix_DeleteRedirects($fStr, $dStr) Local $title = 'RegFix_Redirects v1.0' Local $a = StringSplit(StringTrimLeft($fStr, 1), '|') Local $gui = GUICreate($title, 600, 400, -1, -1, 0x00CF0000) Local $hLv = GUICtrlCreateListView('Redirects Found: ' & $a[0], 5, 5, 590, 370) For $i = 1 To $a[0] GUICtrlCreateListViewItem($a[$i], $hLv) Next GUICtrlSetResizing($hLv, 0x0066) GUICtrlSendMsg($hLv, 0x101E, 0, 900) GUICtrlSendMsg($hLv, 0x1036, 0x1, 0x1) GUISetState(@SW_SHOW, $gui) Do Until GUIGetMsg() = -3 GUIDelete($gui) ; ;Prompt: Yes/No If MsgBox(8228, $title, 'Delete Redirects?') <> 6 Then Return ; $a = StringSplit(StringTrimLeft($dStr, 1), '|') For $i = 1 To $a[0] RegDelete($a[$i]) Next EndFunc ; This script processes all user keys, including SYSTEM and NETWORK - and prompts before making any changes. Please let me know if any problems.