Skip to content

Latest commit

 

History

History
663 lines (388 loc) · 36.7 KB

README.md

File metadata and controls

663 lines (388 loc) · 36.7 KB
NAME Tron, an automated PC cleanup script
AUTHOR vocatus on reddit.com/r/TronScript (vocatus.gate@gmail) // PGP ID: 0x07d1490f82a211a2
BACKGROUND Why the name? Tron "Fights for the User"

DO NOT DOWNLOAD TRON FROM GITHUB, IT WILL NOT WORK!! YOU NEED THE ENTIRE PACKAGE FROM /r/TronScript !!

I got tired of running these utilities manually and decided to just script everything, so Tron is essentially a glorified batch file that automates a variety of tasks to clean up and disinfect Windows machines.

CONTENTS

  1. Usage Summary

  2. Command-Line Use

  3. Script Interruption

  4. Notes on Safe Mode

  5. Sending a Post-Run Email Report

  6. Changing Defaults

  7. Executing Custom/3rd-party Scripts

  8. Executing bundled WSUS Offline updates

  9. Pack Integrity

  10. License

  11. Contact Info

  12. Full description of ALL actions

USE

  1. FIRST THINGS FIRST: If there are pending Windows updates, reboot the machine and allow them to install. This isn't required but is strongly recommended.

  2. Download Tron. The download links are in the top post in /r/TronScript. If you download the self-extracting .exe, run it, let it extract tron.bat and the \resources folder, then place them on the Desktop of target machine.

  3. Boot into Safe Mode with Network Support. If you skip this step Tron will prompt you to automatically reboot into Safe Mode. NOTE: Sometimes Tron works better in Normal mode, and sometimes Safe Mode. You don't have to run Tron in Safe Mode, though it generally seems to be more effective that way.

  4. Run tron.bat as an ADMINISTRATOR

  5. Wait anywhere from 3-10 hours (yes, it really takes that long; no, do not cancel it in the middle of it running)

Note: You'll need to manually click "scan" in the MBAM window that appears part of the way through Stage 3: Disinfect. Tron will continue in the background with its other tasks while waiting for you though, so the script won't stall if you're not around to hit "scan" immediately.

  1. Reboot! Reboot the system before doing anything else.

By default the master log file is at C:\Logs\tron\tron.log. If you want to change this, read the section on changing defaults below.

Tron will briefly check for a newer version when it starts up and notify you if one is available. It will also automatically download updates to the Stage 2: De-bloat lists of unwanted programs to target.

Depending how badly the system is infected, it could take anywhere from 3 to 10 hours to run. I've personally observed times between 4-8 hours, and one user reported a run time of 30 hours. Basically set it and forget it.

COMMAND-LINE USE

Command-line use is fully supported. All flags are optional and can be used simultaneously. *

tron.bat [-a -c -d -dev -e -er -m -o -p -r -sa -sap -scs -sdb -sd -sdc -sdu
          -se -sk -sm -spr -ss -str -swo -swu -udl -v -x] | [-h]

Optional flags (can be combined):

 -a   Automatic mode (no welcome screen or prompts; implies -e)
 
 -c   Config dump (display current config. Can be used with other
      flags to see what WOULD happen, but script will never execute
      if this flag is used)

 -d   Dry run (run through script without executing any jobs)

 -dev Override OS detection (allow running on unsupported Windows versions)

 -e   Accept EULA (suppress disclaimer warning screen)

 -er  Email a report when finished. Requires you to configure SwithMailSettings.xml

 -m   Preserve default Metro apps (don't remove them)

 -o   Power off after running (overrides -r)

 -p   Preserve power settings (don't reset to Windows default)

 -r   Reboot automatically (auto-reboot 15 seconds after completion)

 -sa  Skip ALL anti-virus scans (KVRT, MBAM, SAV)

 -sap Skip application patches (don't patch Java Runtime, Adobe Flash or Reader)

 -scs Skip custom scripts (has no effect if you haven't supplied custom scripts)

 -sdb Skip de-bloat (OEM bloatware removal; implies -m)

 -sd  Skip defrag (force Tron to ALWAYS skip Stage 5 defrag)
 
 -sdc Skip DISM component (SxS store) cleanup
 
 -sdu Skip debloat update. Prevent Tron from auto-updating the S2 debloat lists

 -se  Skip Event Log backup and clear (don't clear Windows Event Logs)

 -sk  Skip Kaspersky Virus Rescue Tool (KVRT) scan

 -sm  Skip Malwarebytes Anti-Malware (MBAM) installation

 -spr Skip page file reset (don't set to "Let Windows manage the page file")

 -ss  Skip Sophos Anti-Virus (SAV) scan

 -str Skip Telemetry Removal (just turn telemetry off instead of removing it)

 -swu Skip Windows Updates entirely (ignore both WSUS Offline and online methods)

 -swo Skip only bundled WSUS Offline updates (online updates still attempted)
 
 -udl Upload debug logs. Send tron.log and the system GUID dump to the Tron developer

 -v   Verbose. Show as much output as possible. NOTE: Significantly slower!

 -x   Self-destruct. Tron deletes itself after running and leaves logs intact

Misc flags (must be used alone):

 -h   Display help text

* There is probably no -upm flag

SCRIPT INTERRUPTION

If the script is interrupted e.g. from a crash or a forced reboot (often encountered during stage_2_de-bloat), it will attempt to resume from the last stage successfully started. Tron accomplishes this by creating a RunOnce registry key for the current user at the beginning of Stage 0 (e.g. when jobs start executing), and deleting it at the end of the script if everything finished without interruption.

It will also re-use any previously-used command-line switches when it starts back up.

More details about this function can be found in the list of all actions Tron performs at the bottom of this document.

SAFE MODE

When Tron launches it will briefly check if the computer is in Safe Mode with Networking, and if not it will prompt you to automatically reboot into it.

Tron doesn't need to be run in Safe Mode, but it is strongly recommended.

EMAIL REPORT

To have Tron send an email report at completion, edit this file:

\tron\resources\stage_7_wrap-up\email_report\SwithMailSettings.xml

Specify your SMTP server, username, and password. After specifying your settings you can use the -er flag to have Tron send the email report. The summary logs (tron_removed_files.txt and tron_removed_programs.txt) will be attached as well.

Keep in mind the username and password for the email account will be stored in PLAIN TEXT so don't leave it lying around on a system you don't trust.

CHANGE DEFAULTS (advanced)

If you don't want to use the command-line and don't like Tron's defaults, you can change the following default variables. Keep in mind command-line flags will always override their respective default option when used.

These settings are stored in: \tron\resources\functions\tron_settings.bat

  • To change the master directory where all of Tron's output goes, edit this line:

    set LOGPATH=%SystemDrive%\Logs\tron
    
  • To change the name of the master log file, edit this line:

    set LOGFILE=tron.log
    
  • To change where Tron stores quarantined files, change this path (note: this is currently unused by Tron, setting it has no effect):

    set QUARANTINE_PATH=%LOGPATH%\quarantine
    
  • To change the location of the backups Tron makes (Registry, Event Logs, power scheme, etc), edit this line:

    set BACKUPS=%LOGPATH%\backups
    
  • To change where Tron saves raw unprocessed logs from the various sub-tools, edit this line:

    set RAW_LOGS=%LOGPATH%\raw_logs
    
  • To change where Tron saves summary logs, edit this line:

    set SUMMARY_LOGS=%LOGPATH%\summary_logs
    
  • To always run automatically (no welcome screen, implies acceptance of EULA), change this to yes:

    set AUTORUN=no
    
  • To do a dry run (don't actually execute jobs), change this to yes:

    set DRY_RUN=no
    
  • To override OS detection (allow Tron to run on unsupported Windows versions), change this to yes:

    set DEV_MODE=no
    
  • To permanently accept the End User License Agreement (suppress display of disclaimer warning screen), change this to yes:

    set EULA_ACCEPTED=no
    
  • To have Tron send an email report when finished, change this to yes:

    set EMAIL_REPORT=no
    
  • To preserve default Metro apps (don't remove them), change this to yes:

    set PRESERVE_METRO_APPS=no
    
  • To shut down the computer when Tron is finished, change this to yes:

    set AUTO_SHUTDOWN=no
    
  • To preserve the power scheme (instead of resetting to Windows defaults), change this to yes:

    set PRESERVE_POWER_SCHEME=no
    
  • To configure post-run reboot, change this value (in seconds). 0 disables auto-reboot:

    set AUTO_REBOOT_DELAY=0
    
  • To skip ALL anti-virus scan engines (MBAM, KVRT, Sophos), change this to yes:

    set SKIP_ANTIVIRUS_SCANS=no
    
  • To skip application patches (don't patch 7-Zip, Java, Adobe Flash and Reader) change this to yes:

    set SKIP_APP_PATCHES=no
    
  • To skip custom scripts (stage 8) regardless whether or not .bat files are present in the stage_8_custom_scripts folder, change this to yes:

    set SKIP_CUSTOM_SCRIPTS=no
    
  • To skip OEM debloat, change this to yes:

    set SKIP_DEBLOAT=no
    
  • To always skip defrag (even on mechanical drives; Tron automatically skips SSD defragmentation), change this to yes:

    set SKIP_DEFRAG=no
    
  • To skip DISM component (SxS store) cleanup, change this to yes:

    set SKIP_DISM_CLEANUP=no
    
  • To prevent Tron from connecting to Github and automatically updating the Stage 2 debloat lists, set this to yes:

    set SKIP_DEBLOAT_UPDATE=no
    
  • To skip Windows Event Log clearing, change this to yes:

    set SKIP_EVENT_LOG_CLEAR=no
    
  • To skip scanning with Kaspersky Virus Rescue Tool (KVRT), change this to yes:

    set SKIP_KASPERSKY_SCAN=no
    
  • To skip installation of Malwarebytes Anti-Malware (MBAM), change this to yes:

    set SKIP_MBAM_INSTALL=no
    
  • To prevent Tron from resetting the page file to Windows defaults, change this to yes:

    set SKIP_PAGEFILE_RESET=no
    
  • To skip scanning with Sophos Anti-Virus (SAV), change this to yes:

    set SKIP_SOPHOS_SCAN=no
    
  • To skip removal of the Windows "telemetry" (user tracking) updates, change this to yes:

    set SKIP_TELEMETRY_REMOVAL=no
    
  • To skip only bundled WSUS Offline updates (online updates still attempted) change this to yes:

    set SKIP_WSUS_OFFLINE=no
    
  • To skip Windows Updates entirely (ignore both WSUS Offline and online methods), change this to yes:

    set SKIP_WINDOWS_UPDATES=no
    
  • To automatically upload debug logs to the Tron developer (vocatus), change this to yes:

set UPLOAD_DEBUG_LOGS=no
  • To display as much output as possible (verbose), change this to yes:

    set VERBOSE=no
    
  • To have Tron delete itself after running (self-destruct), change this to yes:

    set SELF_DESTRUCT=no
    
  • There is no -UPM flag

EXECUTING 3RD-PARTY CUSTOM SCRIPTS:

Tron supports executing custom scripts just prior to the end-screen.

Place any batch files you want to execute just prior to Tron completion in this folder: \tron\resources\stage_8_custom_scripts

Custom scripts work like so:

  • If there are any .bat files in the \stage_8_custom_scripts folder, Tron will execute each one sequentially by name. When they're done, it will finish cleanup and end the script as normal

  • If there are no .bat files in the \stage_8_custom_scripts folder, Stage 8 will be silently skipped

  • Supporting files may be placed in the folder, for example any files required by the custom scripts, but Tron will ignore anything that isn't a .bat file

  • If you want to use supporting batch files but don't want Tron executing them, use the .cmd file extension instead of .bat and Tron will ignore them

  • It is the users responsibility what their scripts do. I will provide no support for custom scripts other than having Tron attempt to run them

  • Use the -scs flag or edit the file \tron\resources\functions\tron_settings.bat and set SKIP_CUSTOM_SCRIPTS to yes to direct Tron to ignore all custom scripts even if they are present. Can be useful if you have a set of scripts you only want to execute on certain systems and don't want to carry two copies of Tron around

EXECUTING BUNDLED WSUS OFFLINE UPDATES

Tron supports using bundled WSUS Offline update packages over the traditional online update method.

To add offline update packages to Tron:

  1. Download WSUS Offline

  2. Run it and have it download the updates you want

  3. Copy the client folder (usually at \wsusoffline\client) to \tron\resources\stage_5_patch\wsus_offline\client\

  4. Make sure that Update.cmd is present in this path: \tron\resources\stage_5_patch\wsus_offline\client\Update.cmd

  5. Run Tron, it should automatically detect and use the offline updates

If for some reason you want to skip the bundled update package on a certain system, use the -swo switch or edit the file \tron\resources\functions\tron_settings.bat and set SKIP_WSUS_OFFLINE to yes, and Tron will use the regular online update method for that run.

INTEGRITY

In each release, the file \tron\integrity_verification\checksums.txt contains SHA-256 hashes of every file included in Tron, and is signed with my PGP key (0x07d1490f82a211a2, included). You can use it to verify package integrity.

LICENSE

Tron and any included subscripts and .reg files I've written are free to use/redistribute/whatever under the MIT license. It'd be nice if you sent an email and let me know if you do something cool with it, but it's not required. All 3rd-party tools Tron calls (MBAM, TDSSK, etc) are bound by their respective licenses. It is YOUR responsibility to determine if you can use them in your specific situation.

OTHER

I try to respond to messages quickly. If you have a question, suggestion or problem, post it to the subreddit so everyone can get eyes on it. As a last resort you may email me directly.

Hope this is helpful to other PC techs,

– Vocatus

If you feel overly charitable, bitcoin donations are accepted at this address:

1FeJmtRUEqkC2Uh8q84Ycb4tramEyg5Hb3

FULL TRON DESCRIPTION

The best way to see what Tron does is simply crack open Tron.bat or one of the stage-specific subscripts with a text editor (preferably one with syntax highlighting) or on GitHub and just read the code. Every section has comments explaining exactly what it does, and you don't need to be able to read code to understand it. Barring that, here's a general description of every action Tron performs.

tron.bat

link to code

Master script that launches everything else. It performs many actions on its own, but for any task not performed directly, we call an external utility or script. Each stage (e.g. Stage 1: Tempclean) has its own master script that Tron calls in sequence. Sub-stage scripts can be found in each stages subdirectory under the \resources folder. e.g. \tron\resources\stage_1_tempclean\stage_1_tempclean.bat

Tron-internal prep jobs

(These are executed even if Tron is canceled before running)

  1. Detect TEMP execution: Detect if we're running from the TEMP directory and prevent Tron from executing if so. TEMP is one of the first places to get wiped when Tron starts so we cannot run from there

  2. Make log directories: Create the master log directory and sub-directories if they don't exist. By default this is %SystemDrive%\Logs\tron.log

  3. Detect Windows & IE versions: Determines quite a few things in the script, such as which versions of various commands get executed

  4. Unsupported OS blocker: Throw an alert message if running on an unsupported OS, then exit. Use the -dev flag to override this behavior and allow running on unsupported Windows versions

  5. Disk configuration check: Check if the system drive is an SSD, Virtual Disk, or throws an unspecified error (couldn't be read by smartctl.exe) and set the SKIP_DEFRAG variable to yes_ssd, yes_vm, or yes_error respectively. If any of these conditions are triggered, Tron skips Stage 5 defrag automatically

  6. Detect free space: Detect and save available hard drive space to compare against later. Simply used to show how much space was reclaimed; does not affect any script functions

  7. Detect resume: Detect whether or not we're resuming after an interrupted run (e.g. from a reboot)

  8. Enable F8 Safe Mode selection: Re-enable the ability to use the F8 key on bootup (Windows 8 and up only; enabled by default on Server 2012/2012 R2)

  9. Check for network connection: Check for an active network connection, and skip the update checks if one isn't found

  10. Check for update: Compare the local copy of Tron to the version on the official repo (does this by reading latest version number from sha256sums.txt). If the local copy is out of date, Tron will ask to automatically download the latest copy (always recommended). If permitted, it will download a copy to the desktop, verify the SHA256 hash, then self-destruct (delete) the current outdated copy

  11. Update debloat lists: Connect to Github and download the latest version of the Stage 2 debloat lists at initial launch. Use the -sdu (SKIP_DEBLOAT_UPDATE) switch to prevent this behavior. I recommend letting Tron update the lists unless you have a good, specific reason not to

  12. Detect Administrator rights: Detect whether or not we're running as Administrator and alert the user if we're not

  13. Detect Safe Mode: Detect whether or not we're in Safe Mode and notify the user if we're not. If not, Tron will prompt to automatically reboot into Safe Mode with Networking.

  14. Create RunOnce entry: Create the following registry key to support resuming if there is an interruption: HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce /v "tron_resume" /t REG_SZ /d "%~dp0tron.bat %-resume"

Note: -resume is an internal flag not meant for human use at the command-line. If you use it, things will break and I will laugh at you.

  1. SMART check: Dump the SMART status of all hard disks in the system, then display an alert if any drive reports one of the following status codes: Error,Degraded,Unknown,PredFail,Service,Stressed,NonRecover

STAGE 0: Prep

link to Stage 0 code

  1. Create System Restore point: Create a pre-run system restore point. Vista and up only, client OS's only (not supported on Server OS's, and on Windows 10 does not work if the system is in any form of Safe Mode. This is a known bug, and I spent hours trying to find a workaround but was not able to find a solution, so if you absolutely require a system restore point, recommend running in normal mode

  2. Rkill: Rkill is an anti-malware prep tool; it looks for and kills a number of known malware that interfere with removal tools. Rkill will NOT kill any process listed in \resources\stage_0_prep\rkill\rkill_process_whitelist.txt (link)

  3. Create pre-run profile: Dump list of installed programs and list of all files on the system so we can compare later and see exactly what was removed

  4. GUID dump: Dump list of all installed program GUIDs. These dumps are useful in helping the project bolster the blacklist of known-bad GUIDs

  5. ProcessKiller: Utility provided by /u/cuddlychops06 which kills various userland processes. We use this to further kill anything that might interfere with Tron. ProcessKiller will kill everything in userland EXCEPT: ClassicShellService.exe, explorer.exe, dwm.exe, cmd.exe, mbam.exe, teamviewer.exe, TeamViewer_Service.exe, Taskmgr.exe, Teamviewer_Desktop.exe, MsMpEng.exe, tv_w32.exe, VTTimer.exe, Tron.bat, rkill.exe, rkill64.exe, rkill.com, rkill64.com, conhost.exe, dashost.exe, wget.exe

  6. Safe mode: Set system to reboot into Safe Mode with Networking if a reboot occurs. Removes this and resets to normal bootup at the end of the script. Accomplished via this command:

    bcdedit /set {default} safeboot network
    
  7. Set system time via NTP: Set the system clock to sync against the following NTP servers, in this order: 2.pool.ntp.org, time.windows.com, time.nist.gov

  8. Check and repair WMI: Check WMI interface and attempt repair if broken. Tron uses WMI for a lot of stuff including ISO date format conversion, OEM bloatware removal, and various other things, so having it functioning is critical

  9. McAfee Stinger: Anti-malware/rootkit/virus standalone scanner from McAfee. Does not support plain-text logs so we save HTML log to Tron's %LOGPATH%. Tron executes Stinger as follows:

stinger32.exe --GO --SILENT --PROGRAM --REPORTPATH="%LOGPATH%" --RPTALL --DELETE
  1. TDSS Killer: Anti-rootkit utility from Kaspersky Labs. Tron executes TDSSKiller as follows:
tdsskiller.exe -l %TEMP%\tdsskiller.log -silent -tdlfs -dcexact -accepteula -accepteulaksn
  1. Backup registry:: Use erunt to backup the registry prior to commencing scans

  2. VSS purge: Purge oldest set of Volume Shadow Service files (basically snapshot-in-time copies of files). Malware can often hide out here

  3. Reduce system restore space: Restrict System Restore to only use 7% of available hard drive space

  4. Disable sleep mode: Tron uses caffeine.exe to disable sleep mode when the script starts. At the end of the script it resets power settings to Windows defaults. Use the -p flag prevents resetting power settings to Windows default.

STAGE 1: Tempclean

link to Stage 1 code

  1. Internet Explorer cleanup: Runs built-in Windows tool to clean and reset Internet Explorer:
rundll32.exe inetcpl.cpl,ClearMyTracksByProcess 4351

Executes only on Internet Explorer v7 and up

  1. CCLeaner: CCLeaner utility by Piriform. Used to clean temp files before running AV scanners

  2. BleachBit: BleachBit utility. Used to clean temp files before running AV scanners

  3. TempFileCleanup.bat: Script I wrote to clean some areas that other tools seem to miss

  4. USB Device Cleanup: Uninstalls unused or not present USB devices from the system (non-existent thumb drives, etc etc). Uses drivecleanup.exe from Uwe Sieber

  5. Cleanup duplicate downloads: Searches for and delete duplicate files found in the Downloads folders of each user profile (ChromeInstaller(1).exe, ChromeInstaller(2)exe, etc). Does not touch any other folders. Uses Sentex's Find Dupe utility

  6. Clear Windows event logs: Back up Windows event logs to %LOGPATH% directory, then clear all entries

  7. Clear Windows Update cache: Purge uninstaller files for already-installed Windows Updates. Typically frees up quite a bit of space. Accomplished via this command:

    rmdir /s /q %windir%\softwaredistribution\download
    

STAGE 2: De-bloat

link to Stage 2 code

  1. OEM de-bloat (by name): Use WMI to attempt to uninstall any program listed in this file:
\tron\resources\stage_2_de-bloat\oem\programs_to_target_by_name.txt
  1. OEM de-bloat (by GUID): Use WMI to attempt to remove specific list of GUIDs listed in this file:
\tron\resources\stage_2_de-bloat\oem\programs_to_target_by_GUID.bat
  1. Toolbar & BHOs (by GUID): Use WMI to attempt to remove specific list of GUIDs listed in this file:
\tron\resources\stage_2_de-bloat\oem\toolbars_BHOs_to_target_by_GUID.bat
  1. Metro de-bloat: Remove many built-in Metro apps that aren't commonly used (does NOT remove things like Calculator, Paint, etc) then purges them from the cache (can always fetch later from Windows Update). On Windows 8/8.1, removes all stock "Modern" apps. On Windows 10 and up, only removes a few specific Modern apps. You can see the full list of Metro apps removed here (Microsoft) and here (OEM/3rd party). Use the -sb switch (skip all de-bloat) or -m switch (skip only Metro de-bloat) to skip this action

  2. Remove OneDrive integration: Remove forced OneDrive integration (Windows 10 only). Tron first checks if any files exist in the default OneDrive folder (%USERPROFILE%\OneDrive\) and skips removal if any are found. As a additional safety precaution, Tron leaves the OneDrive folder intact regardless whether OneDrive is removed or not.

STAGE 3: Disinfect

link to Stage 3 code

  1. Clear CryptNet SSL cache: Wipe the Windows CryptNet SSL certificate cache by executing this command: certutil -URLcache * delete

  2. Malwarebytes Anti-Malware: Anti-malware scanner. Because there is no command-line support for MBAM, we simply install it and continue with the rest of the script. This way a tech can click Scan whenever they're around, but the script doesn't stall waiting for user input. Use the -sa or -sm flags skip this component

  3. KVRT: Kaspersky Virus Removal Tool. Use the -sa or -sk flags skip this component

-l %TEMP%\tdsskiller.log -silent -tdlfs -dcexact -accepteula -accepteulaksn
  1. Sophos Virus Removal Tool: Command-line anti-virus scanner. Use the -v flag gives more verbose output. Use the -sa or -ss flags skip this component

STAGE 4: Repair

link to Stage 4 code

  1. MSI installer cleanup: Use the Microsoft msizap.exe utility to remove orphaned MSI installer files from the installer cache

  2. DISM image check & repair: Microsoft utility for checking the Windows Image Store (sort of a more powerful System File Checker). Windows 8 and up only

  3. Registry permissions reset: Grant SYSTEM and Administrator users full permissions on HKLM, HKCU, and HKCR hives. This is an add-only permissions operation (does not remove any permissions). Use the -srr flag skips this operation

  4. Filesystem permissions reset: Grant SYSTEM and Administrator users full permissions on everything in the %WinDir% directory tree. Use the -sfr flag skips this operation

  5. System File Checker: Microsoft utility for checking the filesystem for errors and attempting to repair if found. Tron runs this on Windows Vista and up only (XP and below require a reboot)

  6. chkdsk: Checks disk for errors and schedules a chkdsk with repair at next reboot (marks volume dirty) if errors are found

  7. Disable Windows "telemetry": Disable Windows "telemetry" (user tracking), Windows 7 and up only. Tron removes the "bad" updates Microsoft pushed to Windows 7/8/8.1 systems after the Windows 10 release. These updates backport the surveillance/spyware functions that are by default present in Windows 10. See the code to see exactly which updates are removed. See the code (Win7/8/8.1, Win10) to see exactly which KB's are removed. Tron also stops and deletes the DiagTrack ("Diagnostics Tracking Service") service. If the system is running Windows 10, Tron does a more in-depth disabling of the Windows telemetry features, including automatically applying all the immunizations from the Spybot Anti-Beacon and O&O ShutUp10 tools. Go over the code in \tron\resources\stage_4_repair\disable_windows_telemetry\ to see exactly what is removed and disabled. NOTE: This section takes a LONG time to run, DO NOT CANCEL IT. Use the -str switch to just turn telemetry off instead of removing it

  8. Disable Windows 10 upgrade: Disables the Windows 10 upgrade nagger on Windows 7/8/8.1 by flipping the appropriate registry switches. Users can still manually upgrade the machine if they desire, but it will no longer nag via the system tray, auto-download, or auto-install Windows 10 without their permission

  9. Network repair: Tron performs minor network repair. Specifically it runs these commands: ipconfig /flushdns, netsh interface ip delete arpcache, netsh winsock reset catalog

  10. File extension repair: Tron repairs most default file extensions with a batch file that loops through a series of registry files stored in \tron\resources\stage_4_repair\repair_file_extensions\

STAGE 5: Patch

link to Stage 5 code

Tron updates these programs if they exist on the system. If a program does not exist, it is skipped:

  1. 7-Zip: Open-source compression and extraction tool. Far superior to just about everything (including the venerable WinRAR). Use the -sap switch to skip this action

  2. Adobe Flash Player: Used by YouTube and various other sites. Use the -sap switch to skip this action

  3. Adobe Reader: Standard PDF reader. Use the -sap switch to skip this action

  4. Java Runtime Environment: I personally hate Java, but it is still widely used, so we at least get the system on the latest version. Use the -sap switch to skip this action

  5. Windows updates: Runs Windows update via this command: wuauclt /detectnow /updatenow. Use the -swu switch to skip this action. If bundled WSUS Offline updates are detected, Tron executes those instead. Use the -swo switch to force skipping WSUS Offline updates even if they're present in the relevant directory. See Executing bundled WSUS Offline updates above for more information on using offline update packages with Tron

  6. DISM base reset: Recompile the "Windows Image Store" (SxS store). This typically results in multiple GB's of space freed up. Windows 8 and up only. Any Windows Updates installed prior to this point will become "baked in" (uninstallable). Use the -sdc switch to skip this action

STAGE 6: Optimize

link to Stage 6 code

  1. Page file reset: Reset the system page file settings to "let Windows manage the page file." Accomplished via this command:

    %WMIC% computersystem where name="%computername%" set AutomaticManagedPagefile=True

    Use the -spr flag skips this action

  2. Defraggler: Command-line defrag tool from Piriform that's a little faster than the built-in Windows defragmenter. Defrag is automatically skipped if the system drive is an SSD. Use the -sd flag forces Tron to ALWAYS skip defrag

STAGE 7: Wrap-up

stage-specific code is in tron.bat

  1. generate summary logs: Generate before and after logs detailing which files were deleted and which programs were removed. These are placed in <LOGPATH>\tron_summary_logs. Additionally, if -er flag was used or EMAIL_REPORT variable was set, these logs will be attached to the email that is sent out

  2. Create restore point: Create a post-run system restore point to mirror the one we created in Stage 0: Prep. Vista and up only, client OS's only, on Windows 10 does not work if the system is in any form of Safe Mode. See notes on System Restore in Stage 0 documentation for more information

  3. email_report: Send an email report with the log file attached when Tron is finished. Requires you to specify your SMTP settings in \resources\stage_7_wrap-up\email_report\SwithMailSettings.xml

  4. upload debug logs: Upload 'tron.log' and the system GUID dump (list of all installed program GUIDs) to the Tron developer (vocatus). Please use this option if possible, log files are extremely helpful in developing Tron! NOTE: tron.log can contain personal information like names of files on the system, the computer name, user name, etc, so if you're concerned about this please look through a Tron log first to understand what will be sent. I don't care what files are on random systems on the Internet, but just something to be aware of

STAGE 8: Custom Scripts

stage-specific code is in tron.bat

  1. Execute custom scripts: Tron will execute any .bat files placed in the \tron\resources\stage_8_custom_scripts directory. See Executing Custom/3rd-party Scripts above for more information

STAGE 9: Manual tools

Tron does not run these automatically because most do not support command-line use, or are only useful in special cases.

  1. ADSSpy: Scans for hidden NTFS Alternate Data Streams

  2. AdwCleaner: Popular user-suggested adware removal tool

  3. aswMBR: Rootkit scanner

  4. autoruns: Examine and remove programs that run at startup

  5. ComboFix: The "scorched-earth policy" of malware removal. Only works on Windows XP through Windows 8 (no Windows 8.1 or above)

  6. PCHunter: Tool to scan for rootkits and other malicious items. Replaces gmer

  7. Junkware Removal Tool: Temp file and random junkware remover

  8. Net Adapter Repair: Utility to repair most aspects of Windows network connections

  9. Remote Support Reboot Config: Tool to quickly configure auto-login and other parameters for running Tron via a remote connection. Thanks to reddit.com/user/cuddlychops06

  10. Safe Mode Boot Selector.bat: Batch file to quickly select bootup method to use (Safe Mode, Network, etc). Thanks to reddit.com/user/cuddlychops06

  11. ServicesRepair.exe: ESET utility for fixing broken Windows services

  12. Tron Reset Tool: Tool to quickly reset Tron if it gets interrupted or breaks while running

  13. VirusTotal uploader tool: Uploads a file directly to VirusTotal for scanning