Expanded Post-D7II Cleanup

* Fixes issue #4

.bin/Scripts/functions/cleanup.py

@@ -2,11 +2,29 @@
 
 from functions.common import *
 
+# STATIC VARIABLES
+D7_HKCR_CLEANUP = {
+    r'batfile\shell\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}': {'Recurse': True},
+    r'cmdfile\shell\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}': {'Recurse': True},
+    r'exefile\shell\ResourceHacker': {'Recurse': True},
+    r'regfile\shell\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}': {'Recurse': True},
+    }
+D7_HKCU_CLEANUP = {
+    r'Software\Malwarebytes': {'Recurse': False},
+    }
+D7_HKLM_CLEANUP = {
+    r'Software\Emsisoft': {'Recurse': False},
+    }
+HKU =  winreg.HKEY_USERS
+HKCR = winreg.HKEY_CLASSES_ROOT
+HKCU = winreg.HKEY_CURRENT_USER
+HKLM = winreg.HKEY_LOCAL_MACHINE
+
 def cleanup_adwcleaner():
     """Move AdwCleaner folders into the ClientDir."""
     source_path = r'{SYSTEMDRIVE}\AdwCleaner'.format(**global_vars['Env'])
     source_quarantine = r'{}\Quarantine'.format(source_path)
-    
+
     # Quarantine
     if os.path.exists(source_quarantine):
         os.makedirs(global_vars['QuarantineDir'], exist_ok=True)
@@ -14,13 +32,13 @@ def cleanup_adwcleaner():
             **global_vars)
         dest_name = non_clobber_rename(dest_name)
         shutil.move(source_quarantine, dest_name)
-    
+
     # Delete source folder if empty
     try:
         os.rmdir(source_path)
     except OSError:
         pass
-    
+
     # Main folder
     if os.path.exists(source_path):
         os.makedirs(global_vars['LogDir'], exist_ok=True)
@@ -31,10 +49,10 @@ def cleanup_adwcleaner():
 
 def cleanup_cbs(dest_folder):
     """Safely cleanup a known CBS archive bug under Windows 7.
-    
+
     If a CbsPersist file is larger than 2 Gb then the auto archive feature
     continually fails and will fill up the system drive with temp files.
-    
+
     This function moves the temp files and CbsPersist file to a temp folder,
     compresses the CbsPersist files with 7-Zip, and then opens the temp folder
     for the user to manually save the backup files and delete the temp files.
@@ -43,7 +61,7 @@ def cleanup_cbs(dest_folder):
     temp_folder = r'{backup_folder}\Temp'.format(backup_folder=backup_folder)
     os.makedirs(backup_folder, exist_ok=True)
     os.makedirs(temp_folder, exist_ok=True)
-    
+
     # Move files into temp folder
     cbs_path = r'{SYSTEMROOT}\Logs\CBS'.format(**global_vars['Env'])
     for entry in os.scandir(cbs_path):
@@ -59,7 +77,7 @@ def cleanup_cbs(dest_folder):
             dest_name = r'{}\{}'.format(temp_folder, entry.name)
             dest_name = non_clobber_rename(dest_name)
             shutil.move(entry.path, dest_name)
-    
+
     # Compress CbsPersist files with 7-Zip
     cmd = [
         global_vars['Tools']['SevenZip'],
@@ -73,7 +91,7 @@ def cleanup_d7ii():
     d7_path = r'{}\d7II'.format(global_vars['ClientDir'])
     d7_reports = r'{}_Reports'.format(d7_path)
     d7_temp = r'{}\Temp'.format(d7_path)
-    
+
     # Logs & Reports
     if os.path.exists(d7_reports):
         for entry in os.scandir(d7_reports):
@@ -94,7 +112,7 @@ def cleanup_d7ii():
                     pass
                 except OSError:
                     pass
-            
+
             # Malware Logs
             if os.path.exists(d7_mlogs):
                 for m_entry in os.scandir(d7_mlogs):
@@ -126,6 +144,14 @@ def cleanup_d7ii():
             except OSError:
                 pass
 
+    # Registry Items
+    for key, settings in D7_HKCR_CLEANUP.items():
+        delete_registry_key(HKCR, key, recurse=settings['Recurse'])
+    for key, settings in D7_HKCU_CLEANUP.items():
+        delete_registry_key(HKCU, key, recurse=settings['Recurse'])
+    for key, settings in D7_HKLM_CLEANUP.items():
+        delete_registry_key(HKLM, key, recurse=settings['Recurse'])
+
     # Temp items
     if os.path.exists(d7_path):
         if os.path.exists(d7_temp):
@@ -139,7 +165,7 @@ def cleanup_desktop():
     """Move known backup files and reports into the ClientDir."""
     dest_folder = r'{ProgBackupDir}\{Date}\Desktop'.format(**global_vars)
     os.makedirs(dest_folder, exist_ok=True)
-    
+
     desktop_path = r'{USERPROFILE}\Desktop'.format(**global_vars['Env'])
     for entry in os.scandir(desktop_path):
         # JRT, RKill, Shortcut cleaner
@@ -147,7 +173,7 @@ def cleanup_desktop():
             dest_name = r'{}\{}'.format(dest_folder, entry.name)
             dest_name = non_clobber_rename(dest_name)
             shutil.move(entry.path, dest_name)
-    
+
     # Remove dir if empty
     try:
         os.rmdir(dest_folder)
@@ -166,7 +192,7 @@ def cleanup_emsisoft():
             **global_vars)
         dest_name = non_clobber_rename(dest_name)
         shutil.move(source_quarantine, dest_name)
-    
+
     # Remove program
     if os.path.exists(source_path):
         shutil.rmtree(source_path)
@@ -179,7 +205,7 @@ def cleanup_regbackups():
     # Bail early
     if not os.path.exists(source_path):
         return
-    
+
     # Move to backup folder
     for entry in os.scandir(source_path):
         os.makedirs(global_vars['ProgBackupDir'], exist_ok=True)
@@ -188,7 +214,7 @@ def cleanup_regbackups():
             **global_vars)
         dest_path = non_clobber_rename(dest_path)
         shutil.move(entry.path, dest_path)
-    
+
     # Delete source folders if empty
     try:
         os.rmdir(source_path)
@@ -196,6 +222,27 @@ def cleanup_regbackups():
     except OSError:
         pass
 
+def delete_registry_key(hive, key, recurse=False):
+    """Delete a registry key and all it's subkeys."""
+    access = winreg.KEY_ALL_ACCESS
+
+    if recurse:
+        # Delete all subkeys first
+        with winreg.OpenKeyEx(hive, key, 0, access) as k:
+            key_info = winreg.QueryInfoKey(k)
+            for x in range(key_info[0]):
+                subkey = r'{}\{}'.format(key, winreg.EnumKey(k, 0))
+                delete_registry_key(hive, subkey)
+
+    # Delete key
+    winreg.DeleteKey(hive, key)
+
+def delete_registry_value(hive, key, value):
+    """Delete a registry value."""
+    access = winreg.KEY_ALL_ACCESS
+    with winreg.OpenKeyEx(hive, key, 0, access) as k:
+        winreg.DeleteValue(k, value)
+
 if __name__ == '__main__':
     print("This file is not meant to be called directly.")
 

.bin/Scripts/functions/common.py

@@ -32,7 +32,8 @@ COLORS = {
     'BLUE': '\033[34m'
 }
 try:
-    HKU = winreg.HKEY_USERS
+    HKU =  winreg.HKEY_USERS
+    HKCR = winreg.HKEY_CLASSES_ROOT
     HKCU = winreg.HKEY_CURRENT_USER
     HKLM = winreg.HKEY_LOCAL_MACHINE
 except NameError:

.bin/Scripts/functions/setup.py

@@ -5,6 +5,8 @@ from functions.update import *
 from settings.sources import *
 
 # STATIC VARIABLES
+HKU =  winreg.HKEY_USERS
+HKCR = winreg.HKEY_CLASSES_ROOT
 HKCU = winreg.HKEY_CURRENT_USER
 HKLM = winreg.HKEY_LOCAL_MACHINE
 MOZILLA_FIREFOX_UBO_PATH = r'{}\{}\ublock_origin.xpi'.format(
@@ -208,7 +210,7 @@ def enable_system_restore():
         '-Command', 'Enable-ComputerRestore',
         '-Drive', '{}\\'.format(global_vars['Env']['SYSTEMDRIVE'])]
     run_program(cmd)
-    
+
     # Set disk usage
     cmd = [
         r'{}\System32\vssadmin.exe'.format(global_vars['Env']['SYSTEMROOT']),

.bin/Scripts/post_d7.py

@@ -11,7 +11,7 @@ from functions.cleanup import *
 from functions.setup import *
 init_global_vars()
 os.system('title {}: Post-d7II Work'.format(KIT_NAME_FULL))
-global_vars['LogFile'] = r'{LogDir}\User Checklist ({USERNAME}).log'.format(
+global_vars['LogFile'] = r'{LogDir}\Post-d7II Work.log'.format(
     **global_vars, **global_vars['Env'])
 
 if __name__ == '__main__':

.bin/Scripts/settings/launchers.py

@@ -19,6 +19,12 @@ LAUNCHERS = {
             'L_ITEM': 'install_eset_nod32_av.py',
             'L_ELEV': 'True',
             },
+        'Post-d7II Work': {
+            'L_TYPE': 'PyScript',
+            'L_PATH': 'Scripts',
+            'L_ITEM': 'post_d7.py',
+            'L_ELEV': 'True',
+            },
         'System Checklist': {
             'L_TYPE': 'PyScript',
             'L_PATH': 'Scripts',