'InUse Destroyer.vbs -- replaces or deletes at the next reboot files being used by any version of Windows ' 'DO NOT REMOVE THIS HEADER! 'Copyright Andrew ARONOFF, 06 April 2010 ' http://www.silentrunners.org/ 'Inspired by the CWS removal procedure developed with Rossano FERRARIS 'This script is provided without any warranty, either expressed or implied 'It may not be copied or distributed without permission '** YOU RUN THIS SCRIPT AT YOUR OWN RISK! ** 'HEADER ENDS HERE Option Explicit 'Revision 05 'objects Dim Wshso : Set Wshso = WScript.CreateObject("WScript.Shell") Dim Fso : Set Fso = CreateObject("Scripting.FileSystemObject") Dim oReg 'WMI registry object - note that if this variable is not 'disassociated from its object, the WMI reboot will fail under NT4 '(only) with a WSH "Privilege not held." error, code 80041062, 'source: SWbemObject at the line containing "oWOS.Win32ShutDown" Dim oTempFi 'temp file Dim oShellApp 'shell application 'constants Const HKLM = &H80000002 Const SysFolder = 1, WinFolder = 0, TempFolder = 2 Const KQV = &H1, KSV = &H2 Const DQ = """" 'public variables Public strOS : strOS = "Unknown" Public flagNT : flagNT = False : Public flag9x : flag9x = False Public strFPSF : strFPSF = Fso.GetSpecialFolder(SysFolder).Path 'FullPathSystemFolder Public strFPWF : strFPWF = Fso.GetSpecialFolder(WinFolder).Path 'FullPathWindowsFolder Public strFPTF : strFPTF = Fso.GetSpecialFolder(TempFolder).Path 'FullPathTempFolder Public strAppend : strAppend = "" 'PFRO/WII append indicator Public strRD 'replace or delete flag 'main pgm variables Dim strOSLong : strOSLong = "Unknown" Dim intErrNum, intMB 'Err.Number, MsgBox return value Dim strSysVer 'Winver.exe version number Dim strURL 'URL for NT4 WMI Dim strRegLoc, flagAccess 'registry key, registry permissions flag Dim strAddlInstr 'OS-dependent message box string strAddlInstr = "You must log on as an Administrator to use this script." Dim strTempFN, strTempFC 'temp file name/contents Dim flagElevated : flagElevated = False 'existence of elevated privileges under WVa/Wn7 Dim strLine : strLine = "" 'MsgBox text string 'Winver.exe is in \Windows under W98, but in \System32 for other O/S's 'trap GetFileVersion error for VBScript version < 5.1 On Error Resume Next If Fso.FileExists (strFPSF & "\Winver.exe") Then strSysVer = Fso.GetFileVersion(strFPSF & "\Winver.exe") Else strSysVer = Fso.GetFileVersion(strFPWF & "\Winver.exe") End If intErrNum = Err.Number On Error Goto 0 Err.Clear 'if old VBScript version If intErrNum <> 0 Then 'explain the problem intMB = MsgBox ("This script requires VBScript 5.1 or higher " &_ "to run.", vbOKOnly + vbCritical + vbSystemModal,"Unsupported VBScript Version!") 'quit the script WScript.Quit End If 'error encountered? 'use WINVER.EXE file version to determine O/S If Instr(Left(strSysVer,3),"4.1") > 0 Then strOS = "W9x" : strOSLong = "Windows 98" : flag9x = True ElseIf Instr(Left(strSysVer,5),"4.0.1") > 0 Then strOS = "NT4" : strOSLong = "Windows NT 4.0" : flagNT = True ElseIf Instr(Left(strSysVer,8),"4.0.0.95") > 0 Then strOS = "W9x" : strOSLong = "Windows 95" : flag9x = True ElseIf Instr(Left(strSysVer,3),"4.9") > 0 Then strOS = "WME" : strOSLong = "Windows Millennium" : flag9x = True ElseIf Instr(Left(strSysVer,3),"5.0") > 0 Then strOS = "W2K" : strOSLong = "Windows 2000" : flagNT = True ElseIf Instr(Left(strSysVer,3),"5.1") > 0 Then strOS = "WXP" : strOSLong = "Windows XP" : flagNT = True ElseIf Instr(Left(strSysVer,3),"5.2") > 0 Then strOS = "WS2K3" : strOSLong = "Windows Server 2003" : flagNT = True ElseIf Instr(Left(strSysVer,3),"6.0") > 0 Then strOS = "WVA" : strOSLong = "Windows Vista" : flagNT = True ElseIf Instr(Left(strSysVer,3),"6.1") > 0 Then strOS = "WN7" : strOSLong = "Windows 7" : flagNT = True Else 'can't determine O/S version 'ask if user wants to send an e-mail message intMB = MsgBox ("The " & DQ & "InUse Destroyer" & DQ &_ " script cannot determine the operating system. " &_ vbCRLF & "A compatible version of the script may be available." &_ vbCRLF & vbCRLF &_ "Click " & DQ & "OK" & DQ & " to be directed to the script download location or" &_ vbCRLF & DQ & "Cancel" & DQ & " to quit.", _ vbOKCancel + vbExclamation + vbSystemModal,"OS Unknown!") If intMB = vbOK Then Wshso.Run "http://www.silentrunners.org/" WScript.Quit End If 'WINVER.EXE file version 'for NT-family OS (not needed for W9x), check for working WMI 'installation, check for admin rights - for WVa/Wn7, relaunch via 'Shell.Application with runas If flagNT Then 'use WMI to connect to the registry On Error Resume Next Set oReg = GetObject("winmgmts:root\default:StdRegProv") intErrNum = Err.Number Set oReg=Nothing On Error Goto 0 Err.Clear If intErrNum <> 0 Then 'for NT4, assume WMI not installed and direct to d/l URL If strOS = "NT4" Then strURL = "http://tinyurl.com/7wd7" 'invite user to download WMI & quit intMB = MsgBox ("This script requires " & DQ & "WMI" &_ DQ & ", Windows Management Instrumentation, to run." &_ vbCRLF & vbCRLF & "It can be downloaded at: " & strURL &_ vbCRLF & vbCRLF & "Press " & DQ & "OK" & DQ &_ " to direct your browser to the download site or " &_ DQ & "Cancel" & DQ & " to quit.",_ vbOKCancel + vbCritical + vbSystemModal,"WMI Not Installed!") If intMB = vbOK Then Wshso.Run strURL 'for W2K/WXP/WS2K3/WVa/Wn7, explain how to start the WMI service Else If strOS = "W2K" Then strLine = "Settings | Control Panel | " If strOS = "WXP" Then strLine = "Control Panel | " If strOS ="WS2K3" Then strLine = "Control Panel | " If strOS = "WVA" Then strLine = "Control Panel | Classic View | " If strOS = "WN7" Then strLine = "Control Panel | View by: Small icons | " MsgBox "This script requires Windows Management Instrumentation" &_ " to run." & vbCRLF & vbCRLF & "Click on Start | " & strLine &_ "Administrative Tools |" & vbCRLF & "Services, and start the " &_ DQ & "Windows Management Instrumentation" & DQ & vbCRLF &_ "service.", _ vbOKOnly + vbCritical + vbSystemModal, _ "WMI Service not running!" End If 'which O/S? WScript.Quit End If 'WMI execution error 'for WVa/Wn7, relaunch with admin rights unless elevated privileges already provided If strOS = "WVA" Or strOS = "WN7" Then 'form temp file name in temp directory strTempFN = Wshso.ExpandEnvironmentStrings("%TEMP%") & "\" & Fso.GetTempName 'check for existence of whoami.exe If Not Fso.FileExists (strFPSF & "\whoami.exe") Then MsgBox "The Windows file " & DQ & "WHOAMI.EXE" & DQ &_ " cannot be found," & vbCRLF &_ "but it is necessary for proper function of this script." &_ vbCRLF & vbCRLF & "This script must exit.", _ vbOKOnly + vbCritical + vbSystemModal, _ "WHOAMI.EXE not found!" WScript.Quit End If 'run "whoami" hidden Wshso.Run "cmd.exe /C whoami /groups > " & strTempFN,0,True 'if whoami output redirected to temp file If Fso.FileExists(strTempFN) Then 'open and read the temp file Set oTempFi = Fso.OpenTextFile(strTempFN,1,False) strTempFC = oTempFi.ReadAll 'check temp file contents for elev priv If InStr(strTempFC, "S-1-16-12288") <> 0 Then flagElevated = True 'close and delete the temp file oTempFi.Close : Fso.DeleteFile(strTempFN) Else 'temp file not found MsgBox "The results of " & DQ & "WHOAMI.EXE" & DQ &_ " cannot be located," & vbCRLF &_ "but they are essential for continuation of this script." &_ vbCRLF & vbCRLF & "This script must exit.", _ vbOKOnly + vbCritical + vbSystemModal, _ "WHOAMI.EXE results file not found!" WScript.Quit End If 'FileExists? 'if on first pass w/o elevated privileges, launch re-entry 'via Shell.Application with runas If Not flagElevated Then Set oShellApp = CreateObject("Shell.Application") oShellApp.ShellExecute WScript.FullName, _ DQ & WScript.ScriptFullName & DQ, "", "runas", 1 WScript.Quit End If 'are elev priv not present? End If 'WVA or WN7? 'registry key strRegLoc = "System\CurrentControlSet\Control\Session Manager" Set oReg = GetObject("winmgmts:root\default:StdRegProv") intErrNum = oReg.CheckAccess(HKLM,strRegLoc,KQV + KSV,flagAccess) Set oReg=Nothing 'disassociation MUST occur here for NT4 reboot to 'proceed via WMI successfully 'if can't read & write to Session Manager If Not flagAccess Then 'say Admin rights are needed & quit MsgBox "This script must be run as an Administrator.", _ vbOKOnly + vbCritical + vbSystemModal,"Not an Admin!" WScript.Quit End If 'flagAccess? End If 'NT O/S? 'go to main menu to delete or replace a file ChooseFMO 'clean up Set Fso=Nothing Set Wshso=Nothing 'main menu - File Management Operation (replace or delete) Sub ChooseFMO 'reg key, error, PFRO array Dim strRegLoc, intErrNum, arFiles 'for NT, determine if PFRO already populated If flagNT Then If PFROPopped Then strAppend = " >>" 'for 9x, determine if WII has [rename] section with non-empty line Else 'flag9x 'if WII file exists If Fso.FileExists(strFPWF & "\wininit.ini") Then 'if file not empty, toggle append flag If Fso.GetFile(strFPWF & "\wininit.ini").Size > 0 Then strAppend = " >>" End If 'WII exists End If 'NT or 9x? 'choose the File Management Operation Dim intFMO : intFMO = MsgBox ("Press " & DQ & "Yes" & DQ &_ " to REPLACE a file at the next reboot," & vbCRLF & vbCRLF &_ Space(10) & DQ & "No" & DQ & " to DELETE a file at the" &_ " next reboot, or" & vbCRLF & vbCRLF & Space(10) & DQ & "Cancel" &_ DQ & " to quit.", _ vbYesNoCancel + vbQuestion + vbDefaultButton3 + vbSystemModal, _ "Main Menu: Replace, Delete or Quit?" & strAppend) If intFMO = vbYes Then ReplaceAtNextBoot ElseIf intFMO = vbNo Then DeleteAtNextBoot Else 'only way out! WScript.Quit End If End Sub 'determine the file to replace at boot and add the data to PFRO or WII Sub ReplaceAtNextBoot strRD = "R" 'counter, source/target files, message box string, counter Dim i, oFiS, oFiT, strMB 'source LFN & SFN, target LFN & SFN Dim strSrcLFN, strSrcSFN, strTgtLFN, strTgtSFN Dim strPFRO : strPFRO = "" 'PFRO value Dim strAdd : strAdd = "" 'string appended to PFRO Dim strIBMsg, strIBTitle 'Input Box msg, title Dim intTFSize, intSFSize 'Tgt File Size/Src File Size strIBMsg = "Enter the name of the file that will be " &_ "replaced" & vbCRLF & "at the next reboot, including the full path:" &_ vbCRLF & vbCRLF & "(Do not surround a long directory name" & vbCRLF &_ "or long file name in quotes. Use ASCII" & vbCRLF &_ "only -- do not use Unicode characters)" strIBTitle = "Replace This File at Reboot" & strAppend 'input target file (file to replace) GetFN strTgtLFN, strIBMsg, strIBTitle, strRD 'get short path & size Set oFiT = Fso.GetFile (strTgtLFN) strTgtSFN = oFiT.ShortPath intTFSize = oFiT.Size strIBMsg = "Enter the name of the file that will replace " &_ vbCRLF & "the first file, including the full path:" &_ vbCRLF & vbCRLF & "(Do not surround a long directory name" & vbCRLF &_ "or long file name in quotes. Use ASCII" & vbCRLF &_ "only -- do not use Unicode characters.)" strIBTitle = "Use This File to Replace The First File" & strAppend 'input source file (file used for replacement) GetFN strSrcLFN, strIBMsg, strIBTitle, strRD 'get short path & size Set oFiS = Fso.GetFile(strSrcLFN) strSrcSFN = oFiS.ShortPath intSFSize = oFiS.Size 'avoid LFN's in WII for W9x If flag9x Then 'pass src & tgt LFN's & SFN's StuffWII "r", strSrcLFN, strSrcSFN, strTgtLFN, strTgtSFN 'create message box text using SFN's strMB = "The file: " & vbCRLF & vbCRLF & strTgtLFN & vbCRLF & "(" & strTgtSFN &_ ", " & intTFSize & " bytes" & ")" & vbCRLF & vbCRLF &_ "will be replaced by the file: " & vbCRLF & vbCRLF & strSrcLFN &_ vbCRLF & " (" & strSrcSFN & ", " & intSFSize & "bytes" & ")" &_ vbCRLF & vbCRLF &_ "on the next reboot." & vbCRLF & vbCRLF &_ "Choose " & DQ & "Yes" & DQ & " to reboot now, or" & vbCRLF &_ Space(13) & DQ & "No" & DQ & " to return to the main menu." 'replace for NT systems via REG-file ElseIf flagNT Then 'append "\??\" & Src file & 00 strAdd = "5c,3f,3f,5c," 'if PFRO value is populated, extract it & append string If PFROPopped Then strPFRO = ExtractPFRO strAdd = "," & strAdd End If 'append Src FN For i = 1 To Len(strSrcLFN) strAdd = strAdd & Hex(Asc(Mid(strSrcLFN,i,1))) & "," Next 'append "00" strPFRO = strPFRO & strAdd & "00" 'append "!\??\" & Tgt file strAdd = ",21,5c,3f,3f,5c," 'append Tgt FN For i = 1 To Len(strTgtLFN) strAdd = strAdd & Hex(Asc(Mid(strTgtLFN,i,1))) & "," Next 'append "00,00" to close PFRO strPFRO = strPFRO & strAdd & "00,00" 'write PFRO to REG-file in TEMP directory & merge REG-file WriteREG (strPFRO) 'prepare message box text with LFN's strMB = "The file: " & vbCRLF & vbCRLF & strTgtLFN &_ " (" & intTFSize & " bytes)" & vbCRLF & vbCRLF &_ "will be replaced by the file: " & vbCRLF & vbCRLF & strSrcLFN &_ " (" & intSFSize & " bytes)" & vbCRLF & vbCRLF &_ "on the next reboot." & vbCRLF & vbCRLF &_ "Choose " & DQ & "Yes" & DQ & " to reboot now, or" & vbCRLF &_ Space(13) & DQ & "No" & DQ & " to return to the main menu." End If 'W9x or NT? Set oFiS=Nothing Set oFiT=Nothing 'display target & source files and request reboot intMB = MsgBox (strMB,vbYesNo + vbQuestion + vbSystemModal, _ "All done -- reboot now?" & strAppend) 'if "Yes" button pushed, shutdown now If intMB = vbYes Then ShutDownNow Else 'return to main menu ChooseFMO End If End Sub 'determine the file to delete at boot and add the data to PFRO or WII Sub DeleteAtNextBoot strRD = "D" 'source LFN & SFN Dim strSrcLFN, strSrcSFN Dim strPFRO : strPFRO = "" 'PFRO value Dim strAdd : strAdd = "" 'string appended to PFRO Dim strIBMsg, strIBTitle 'Input Box msg, title 'counter, registry hive array, message box string Dim i, arRH(), strMB 'set up registry hive array If flagNT Then 'user profile environment variable to determine location of NTUSER.DAT Dim strUP : strUP = Wshso.ExpandEnvironmentStrings("%USERPROFILE%") ReDim arRH(6) arRH(0) = strFPSF & "\config\security" arRH(1) = strFPSF & "\config\sam" arRH(2) = strFPSF & "\config\system" arRH(3) = strFPSF & "\config\software" arRH(4) = strFPSF & "\config\default" arRH(5) = strFPSF & "\config\userdiff" arRH(6) = strUP & "\ntuser.dat" Else 'flagWx ReDim arRH(1) arRH(0) = strFPWF & "\system.dat" arRH(1) = strFPWF & "\user.dat" End If 'input file to delete strIBMsg = "Enter the name of the file to delete " &_ "at" & vbCRLF & "the next reboot, including the full path:" &_ vbCRLF & vbCRLF & "(Do not surround a long directory name" & vbCRLF &_ "or long file name in quotes. Use ASCII" & vbCRLF &_ "only -- do not use Unicode characters.)" strIBTitle = "Delete at Reboot" & strAppend 'input file to delete GetFN strSrcLFN, strIBMsg, strIBTitle, strRD 'set up standard message box text strMB = "The file: " & DQ & strSrcLFN & DQ & vbCRLF &_ "will be deleted on the next reboot." & vbCRLF & vbCRLF 'for every hive file For i = 0 To UBound(arRH) 'if file to delete is hive file or any other NTUSER.DAT, refuse to delete it If LCase(strSrcLFN) = LCase(arRH(i)) Or InStr(LCase(strSrcLFN),"ntuser.dat") > 0 Then _ MBE "The file: " & DQ & strSrcLFN & DQ & vbCRLF &_ "is a registry hive and cannot be deleted.", _ vbOKOnly + vbExclamation + vbSystemModal,"Cannot Delete Registry Hive!" Next 'if file doesn't exist, delete anyway or return to main menu If Not Fso.FileExists(strSrcLFN) Then intMB = MsgBox("The file: " & DQ & strSrcLFN & DQ & vbCRLF &_ "cannot be found." & vbCRLF & vbCRLF & "Choose " &_ DQ & "Yes" & DQ & " to schedule deletion anyway, or" &_ vbCRLF & Space(13) & DQ & "No" & DQ &_ " to return to the main menu.", _ vbYesNo + vbExclamation + vbSystemModal,"File Not Found!") 'return to main menu if "No" button pushed If intMB = vbNo Then ChooseFMO End If 'file exists? 'avoid LFN's in WII for W9x If flag9x Then Dim intLBS : intLBS = InStrRev(strSrcLFN,"\") 'find last backslash (bs) Dim strFNNP : strFNNP = Mid(strSrcLFN,intLBS+1) 'find file name after bs Dim intDot : intDot = InStr(strFNNP,".") 'find period strSrcSFN = strSrcLFN 'set SFN = LFN 'if LFN can be found, find SFN If Fso.FileExists(strSrcLFN) Then strSrcSFN = Fso.GetFile(strSrcLFN).ShortPath 'if file can't be found and name is in LFN format, display error 'and return to main menu If Not Fso.FileExists(strSrcLFN) And (Len(strFNNP) > 12 Or intDot > 8 _ Or InStr(strFNNP," ") > 0) Then 'request use of SFN for file that can't be found MsgBox "The file name: " & DQ & strSrcLFN & DQ & vbCRLF &_ "is in LFN format. Only an 8.3 path\file name " &_ "can be used." & vbCRLF & vbCRLF & "Press " &_ DQ & "OK" & DQ & " to return to the main menu.", _ vbOKOnly + vbExclamation + vbSystemModal,"LFN File Not Found!" ChooseFMO End If 'LFN & Not FileExists? 'if LFN identical to SFN, empty LFN If LCase(strSrcLFN) = LCase(strSrcSFN) Then strSrcLFN = "" 'pass LFN & SFN to WII-append sub StuffWII "d", strSrcLFN, strSrcSFN, "", "" 'if LFN not empty, set up message string with LFN & SFN If strSrcLFN <> "" Then _ strMB = "The file:" & vbCRLF & vbCRLF & DQ & strSrcLFN & DQ & vbCRLF &_ "(" & strSrcSFN & ")" & vbCRLF & vbCRLF & "will be deleted on the next " &_ "reboot." & vbCRLF & vbCRLF 'delete for NT systems via PFRO ElseIf flagNT Then 'append "\??\" & Src file & 00,00,00 strAdd = "5c,3f,3f,5c," 'if PFRO value is populated, extract it & append string If PFROPopped Then strPFRO = ExtractPFRO strAdd = "," & strAdd End If 'append Src FN For i = 1 To Len(strSrcLFN) strAdd = strAdd & Hex(Asc(Mid(strSrcLFN,i,1))) & "," Next 'append Tgt Null & closing Null: "00,00,00" strPFRO = strPFRO & strAdd & "00,00,00" 'write PFRO to REG-file in TEMP directory & merge REG-file WriteREG (strPFRO) End If 'flagNT? 'display file to delete and request reboot intMB = MsgBox (strMB &_ "Choose " & DQ & "Yes" & DQ & " to reboot now, or" & vbCRLF &_ Space(13) & DQ & "No" & DQ & " to return to the main menu.", _ vbYesNo + vbQuestion + vbSystemModal, "All done -- reboot now?" & strAppend) 'if "Yes" button pushed, shutdown now If intMB = vbYes Then ShutDownNow Else ChooseFMO End If End Sub 'fill WININIT.INI with lines to delete or replace files ' "d" or "r", LFN of file that will be used to replace, SFN of that ' file, LFN of file to be replaced, SFN of that file Sub StuffWII (strAction, strLFNparam1, strSFNparam1, strLFNparam2, strSFNparam2) 'read line, output line, file object, temp folder name, work file name Dim strLine, strOut, oWIIFi, strTmpFoName, oWIITmpFN Dim flagRen : flagRen = False 'TRUE if [rename] section found Dim flagLineWritten : flagLineWritten = False 'TRUE if output line written 'form output line for file deletion If LCase(strAction) = "d" Then strOut = "NUL=" & strSFNparam1 'form output line for replacement Else 'strAction = "r" strOut = strSFNparam2 & "=" & strSFNparam1 End If 'create WININIT.INI if file doesn't exist already If strAppend = "" Then Set oWIIFi = Fso.OpenTextFile(strFPWF & "\WININIT.INI",2,True,0) oWIIFi.WriteLine "[Rename]" : oWIIFi.WriteLine strOut oWIIFi.Close : Set oWIIFi=Nothing 'toggle append flag via msgbox string strAppend = " >>" Else 'WII not empty 'open WII for reading Set oWIIFi = Fso.OpenTextFile(strFPWF & "\wininit.ini",1,False,0) 'get the TEMP folder path strTmpFoName = Fso.GetSpecialFolder(2).Path 'create a WII work file in the TEMP folder Set oWIITmpFN = Fso.OpenTextFile(strTmpFoName & "\WININIT.INI",2,True,0) 'read each WII line looking for an existing [rename] section Do While Not oWIIFi.AtEndOfStream 'read a line strLine = oWIIFi.ReadLine 'if [rename] section already encountered and find start of another section If flagRen And InStr(LCase(strLine),"[") > 0 Then 'write the output line and toggle its flag oWIITmpFN.WriteLine strOut : flagLineWritten = True End If 'if encounter [rename] section at this line, toggle rename flag If Not flagRen And InStr(LCase(strLine),"[rename]") > 0 Then flagRen = True 'output the original WII line oWIITmpFN.WriteLine strLine Loop 'next WII line 'if reached EOF w/o finding [rename] section, output section name now If Not flagRen Then oWIITmpFN.WriteLine "[Rename]" 'if reached EOF w/o writing output line, do it now If Not flagLineWritten Then oWIITmpFN.WriteLine strOut 'close the WII and WII-work files oWIIFi.Close oWIITmpFN.Close 'copy the work file over the existing WII file Set oWIIFi = Fso.GetFile(strFPWF & "\wininit.ini") Set oWIITmpFN = Fso.GetFile(strTmpFoName & "\WININIT.INI") Fso.CopyFile oWIITmpFN.Path,oWIIFi.Path 'delete the work file Fso.DeleteFile oWIITmpFN.Path Set oWIIFi=Nothing Set oWIITmpFN=Nothing End If 'WII exists? End Sub Sub ShutDownNow 'reboot via WMI for NT systems; use rundll32.exe function for W9x If flagNT Then Dim oWOS 'Windows Operating System 'use WMI to reboot Dim colWOS : Set colWOS = GetObject("winmgmts:{(Shutdown)}\root\cimv2")._ InstancesOf("Win32_OperatingSystem") For Each oWOS In colWOS : oWOS.Win32ShutDown "6" : Exit For : Next Else 'flag9x Wshso.Run "rundll32.exe shell32.dll,SHExitWindowsEx 2",0,TRUE End If 'flagNT? WScript.Quit End Sub 'Message Box Error Sub MBE (strMsg, strButtons, strTitle) MsgBox strMsg, strButtons, strTitle ChooseFMO End Sub 'determine if PendingFileRenameOperations value is Populated (Popped) Function PFROPopped Dim strRegLoc, intErrNum, arFiles, oReg 'registry key strRegLoc = "System\CurrentControlSet\Control\Session Manager" 'retrieve the existing PendingFileRenameOperations array Set oReg = GetObject("winmgmts:root\default:StdRegProv") intErrNum = oReg.GetMultiStringValue(HKLM,strRegLoc,"PendingFileRenameOperations",arFiles) 'if array exists, PFRO already contains values If IsArray(arFiles) Then If UBound(arFiles) >= 0 Then strAppend = " >>" : PFROPopped = True End If Else PFROPopped = False End If Set oReg=Nothing End Function 'extract PFRO value from export file of Session Manager key Function ExtractPFRO 'PFRO data string, REG-file, beginning/end of hex-chr-coded data in line, 'location of trailing "00", REG-file line Dim strOut, oFi, intChrStart, intChrStop, intLast00, strLine Dim flagValue : flagValue = False 'TRUE if in PFRO value section 'file to store Session Manager export Dim strFN : strFN = strFPTF & "\PFROi.reg" Dim strCLP : strCLP = " /a " 'REGEDIT cmd-line parameter for W2K/WXP If strOS = "NT4" Then strCLP = " /e " 'REGEDIT cmd-line paramter for NT4 'export Session Manager key to TEMP directory Wshso.Run strFPWF & "\regedit.exe" & strCLP & strFN & " " &_ DQ & "HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager" &_ DQ,0,TRUE Set oFi = Fso.OpenTextFile(strFN,1,False,0) 'open the exported file 'for every line Do While Not oFi.AtEndOfStream strLine = LTrim(oFi.ReadLine) 'read a line '"PendingFileRenameOperations"=hex(7):hh,hh,hh,hh,hh,hh,hh,hh,hh,hh,hh,hh,hh,hh,\ 'if inside PFRO section, exit DO if read line has double-quote or [ or is blank 'since that means have reached end of section If flagVAlue And (InStr(strLine,DQ) Or InStr(strLine,"[") Or _ strLine = "") Then Exit Do 'if PFRO in line, toggle flag If InStr(strLine,"PendingFileRenameOperations") > 0 Then _ flagValue = True 'if flag toggled If flagValue Then 'find start & stop of PFRO data intChrStart = InStr(strLine,":") intChrStop = InStr(strLine,"\") 'if stop mark not found, set it to 1 more than line length If intChrStop = 0 Then intChrStop = Len(strLine)+1 'extract this line's data & append to previous strOut = strOut & Mid(strLine,intChrStart+1,intChrStop-intChrStart-1) '42 End If Loop 'read next line oFi.Close Set oFi=Nothing 'snip trailing ,00 intLast00 = InStrRev(strOut,",00") strOut = Left(strOut,intLast00 - 1) 'delete Session Manager REG-file in TEMP directory Fso.DeleteFile strFN, TRUE 'pass extracted PFRO data ExtractPFRO = strOut End Function 'retrieve file name via InputBox Sub GetFN (strFN, strMsg, strTitle, strSub) 'input target file (file to replace) strFN = InputBox(strMsg, strTitle,"enter path\filename.ext here") 'return to main menu if cancel button pressed If strFN = "" Then ChooseFMO If strSub = "R" Then 'return to main menu if file doesn't exist If Not Fso.FileExists(strFN) Then MBE "The file: " & DQ & strFN & DQ & vbCRLF &_ "cannot be found.",vbOKOnly + vbCritical + vbSystemModal,"File Not Found!" End If 'target file exists? End If 'strSub End Sub 'write out data to REG-file, merge into registry, delete REG-file Sub WriteREG (strOut) Dim strFN : strFN = strFPTF & "\PFROf.reg" Dim oREGFi : Set oREGFi = Fso.CreateTextFile (strFN, TRUE) oREGFi.WriteLine "REGEDIT4" & vbCRLF & vbCRLF &_ "[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager]" &_ vbCRLF & DQ & "PendingFileRenameOperations" & DQ & "=hex(7):" & strOut oREGFi.Close Set oREGFi=Nothing Wshso.Run strFPWF & "\regedit.exe /s " & DQ & strFN & DQ,0,TRUE Fso.DeleteFile strFN, TRUE End Sub 'R00, 2004-12-03 'R01 'changed name, modified append indicator to ">>" 'R02 'modified header, added "Main Menu" to window title 'R03 'added Vista as allowed OS, removed WSH download location for W98/NT4, 'added instructions for Vista elevated command prompt, added 'vbSystemModal attribute to all message boxes 'R04 'modified OS version error e-mail address 'R05 'added relaunch via Shell.Application with runas '** Update Revision Number on line #15 **