-
Notifications
You must be signed in to change notification settings - Fork 0
/
MC.ps1
417 lines (349 loc) · 18.1 KB
/
MC.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
Clear-Host
##Initialize Variables
$DesktopPath = [Environment]::GetFolderPath("Desktop")
$SecureUpdaterurl = "https://secureupdater.s3.us-east-2.amazonaws.com/downloads/SecureUpdater.msi"
$SUoutpath = "$PSScriptRoot\SecureUpdater.msi"
$DriveAdvisorurl = "https://secureupdater.s3.us-east-2.amazonaws.com/downloads/driveadviser.msi"
$DAoutpath = "$PSScriptRoot\driveadvisor.msi"
$MCZipUrl = "https://secureupdater.s3.us-east-2.amazonaws.com/downloads/mc.zip"
$MCzippath = "$PSScriptRoot\mc.zip"
$endlog = $PSScriptRoot + "\MCResults.txt"
<#
.SYNOPSIS
Main fuction
.DESCRIPTION
This is just this way in order for the script to keep the top down script style language while being able to utilize function calls
This just calls the menu so we can go from there.
Also initialize the enviornmental variables here.
.NOTES
General notes
#>
function Main {
#This sets the window to something more reasonable than the defaults on crappy 720p laptops
#powershell -noexit -command "[console]::WindowWidth=100; [console]::WindowHeight=30; [console]::BufferWidth=[console]::WindowWidth"
Menu
}
<#
.SYNOPSIS
Menu to select what we are doing
.DESCRIPTION
Menu system to select what part of the process we are on. easily extnedable to add new functions as needed
#>
Function Menu {
Clear-Host
Do {
Clear-Host
Write-Host -Object 'Please choose an option'
Write-Host -Object '**********************'
Write-Host -Object 'Maitance Check Options' -ForegroundColor Yellow
Write-Host -Object '**********************'
Write-Host -Object '1. Install DriveAdvisor/SecureUpdater '
Write-Host -Object ''
Write-Host -Object '2. Download and Install MC tools '
Write-Host -Object ''
Write-Host -Object '3. Run Scripts for MC '
Write-Host -Object ''
Write-Host -Object '4. Reports '
Write-Host -Object ''
Write-Host -Object '5. Cleanup '
Write-Host -Object $errout
$Menu = Read-Host -Prompt '(0-5 or Q to Quit)'
switch ($Menu) {
1 {
InstallDAandSU
anyKey
}
2 {
DownloadFiles
anyKey
}
3 {
RunMCScript
anyKey
}
4 {
Reports
anyKey
}
5 {
Cleanup
anyKey
}
Q {
Exit
}
default {
$errout = 'Invalid option please try again........Try 0-5 or Q only'
}
}
}
until ($Menu -eq 'q')
}
Function InstallDAandSU {
#checks for SU and Drive Advisor, if not found installs them from the folders.
if (Test-Path -Path "C:\Program Files (x86)\Secure Updater\Secure Updater.exe") {
Write-Host "SU is already installed"
}
else {
Invoke-WebRequest -Uri $SecureUpdaterurl -OutFile $SUoutpath
Start-Process $SUoutpath "/quiet"
}
if (Test-Path -Path "C:\Program Files (x86)\Drive Adviser\Drive Adviser.exe") {
Write-Host "Drive Adviser already installed"
}
else {
Invoke-WebRequest -Uri $DriveAdvisorurl -OutFile $DAoutpath
Start-Process $DAoutpath "/quiet"
Start-Process "C:\Program Files (x86)\Drive Adviser\Drive Adviser.exe"
}
#$DAschedualedtask = schtasks -query /TN "Drive Adviser"
#if ($DAschedualedtask -notmatch "Drive") {
# Set-ExecutionPolicy Bypass -Scope Process -Force; [System.Net.ServicePointManager]::SecurityProtocol = [System.Net.ServicePointManager]::SecurityProtocol -bor 3072; Invoke-Expression ((New-Object System.Net.WebClient).DownloadString('https://raw.githubusercontent.com/briantehowenerer/WorkScripts/main/DAFix.ps1'))
# Write-Host "Drive Adviser set to run at startup"
#}
#else { Write-host "Drive Adviser already set to start on boot" }
Write-Host 'Press any key to continue...';
$null = $Host.UI.RawUI.ReadKey('NoEcho,IncludeKeyDown');
}
Function DownloadFiles {
Write-Host "Downloading and running jrt/cpu test/ccleaner"
#Download and Extract zip file with MC programs
Invoke-WebRequest -Uri $MCZipUrl -OutFile $MCzippath
Expand-Archive -Path $MCzippath -DestinationPath $PSScriptRoot -force
#Installs a program called chocolatey https://chocolatey.org/ which will allow
#Us to install the latest MBAM/SAS/ADW
Write-Host "installing chocolatly for adw/mbam/sas."
#Gets Chocolatey and installs it from the internet
Set-ExecutionPolicy Bypass -Scope Process -Force; [System.Net.ServicePointManager]::SecurityProtocol = [System.Net.ServicePointManager]::SecurityProtocol -bor 3072; Invoke-Expression ((New-Object System.Net.WebClient).DownloadString('https://community.chocolatey.org/install.ps1'))
"Installing SAS, ADW, and MBAM..."
choco install adwcleaner malwarebytes superantispyware -y --ignore-checksums --allow-empty-checksums
Write-Host -NoNewLine 'Press any key to continue...';
$null = $Host.UI.RawUI.ReadKey('NoEcho,IncludeKeyDown');
}
Function RunMCScript {
Clear-Host
#This checks the name sophos sees for our online system, and if it doesnt match the regex requires the user
#to imput a valid name.
<#
if (Test-Path -Path "C:\Program Files\Sophos\Sophos File Scanner\SophosFS.exe") {
$Sophosreg = (Get-ItemProperty -Path 'HKLM:\SOFTWARE\WOW6432Node\Sophos\Management Communications System')
if ($Sophosreg.ComputerNameOverride -notmatch '\d{4} #(\d){4,12} \w* \w* \d\d\d-\d\d\d-\d\d\d\d') {
$SohposRegName = "nope"
$Originalsophosname = $Sophosreg.ComputerNameOverride
Set-ItemProperty -Path `
'HKLM:\SOFTWARE\WOW6432Node\Sophos\Management Communications System\' `
-Name ComputerNameOverride -Value $SohposRegName
$SohposRegName = Get-ItemPropertyValue -Path `
'HKLM:\SOFTWARE\WOW6432Node\Sophos\Management Communications System\' `
-Name ComputerNameOverride -ErrorAction Ignore
while ($SohposRegName -notmatch '\d{4} #(\d){4,12} \w* \w* \d\d\d-\d\d\d-\d\d\d\d') {
Write-Host "Imput the Sophos Name Here eg, 0311 #49382 Bob Boozer 555-403-2928"
Write-Host "Originaly this was named " $Originalsophosname
$SohposRegName = Read-Host -Prompt "Name "
Set-ItemProperty -Path `
'HKLM:\SOFTWARE\WOW6432Node\Sophos\Management Communications System\' `
-Name ComputerNameOverride -Value $SohposRegName
}
}
}#>
#turns on system restore for drive C and takes a snapshot.
Enable-ComputerRestore -Drive "C:\"
Write-host "System restore enabled"
Checkpoint-Computer -Description "Schrock Maintance Checkup" -RestorePointType "MODIFY_SETTINGS"
#Gets the current power configureation scheme
$powercfgGUID = powercfg /getactivescheme
#Splits out just the GUID from the active scheme
$powercfgGUID = $powercfgGUID.split(" ")[3]
#Imports our custom power config as that dumb GUID, then sets it as active
$newpwrcfg = $DesktopPath + "\SMC\MCpowercfg.pow"
powercfg /import $newpwrcfg 11111111-1111-2222-2222-333333333333
powercfg /import $PSScriptRoot + "\MCpowercfg.pow" 11111111-1111-2222-2222-333333333333
powercfg /setactive 11111111-1111-2222-2222-333333333333
#Optimize the C drive
Write-Output "Optimize c drive"
Optimize-Volume -DriveLetter C -ReTrim
#Killing web browser processess
taskkill.exe /IM chrome.exe /F
taskkill.exe /IM firefox.exe /F
taskkill.exe /IM msedge.exe /F
taskkill.exe /IM superantispyware.exe.exe /F
#Installs the intel CPU tester, then runs ccleaner and the battery info view
Start-Process $PSScriptRoot\CPUTester.exe /passive -wait
start-process "C:\Program Files\Intel Corporation\Intel Processor Diagnostic Tool 64bit\Win-IPDT64.exe" `
-WorkingDirectory "C:\Program Files\Intel Corporation\Intel Processor Diagnostic Tool 64bit\"
#Running sfc scan and placing file into the SMC cpuLogsResultsFolderSearch
start-process sfc /scannow -RedirectStandardOutput $PSScriptRoot\sfc.txt -NoNewWindow
#Starts an old CCleaner (does Tracking cookies, temp and reg without a lot of hastle)
Start-Process $PSScriptRoot\CCleaner64.exe -Wait
#runs a batch file that puts the batteryinfo to a text file to parase later
Start-Process $PSScriptRoot\BatteryInfoView.bat -WorkingDirectory $PSScriptRoot
#Running sfc scan and placing file onto desktop
start-process sfc /scannow -RedirectStandardOutput $PSScriptRoot\sfc.txt -NoNewWindow
#runs ADWCLEANER and cleans what it finds while loging to the MC Folder
Start-Process adwcleaner "/eula /clean /noreboot /path $PSScriptRoot" -passthru -wait
#Runs ADW and JRT, waits till jrt is closed
Start-Process $PSScriptRoot\get.bat -wait -passthru
#Runs HDtune, SAS and MBAM and pauses untill mbam is closed.
start-process $PSScriptRoot\HDTune.exe
Start-Process "C:\Program Files\SuperAntiSpyware\SuperAntiSpyware.exe"
Start-Process "C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe" -Wait
#reset powercfg settings to pre-MC settings and delete our custom powercfg
powercfg /setactive $powercfgGUID.split(" ")[3]
powercfg /delete 11111111-1111-2222-2222-333333333333
#wait for imput at the end of the script
Write-Host -NoNewLine 'Press any key to continue...';
$null = $Host.UI.RawUI.ReadKey('NoEcho,IncludeKeyDown');
}
Function Reports {
<#
if (Test-Path -Path "C:\Program Files\Sophos\Sophos File Scanner\SophosFS.exe") {
$SohposRegName = Get-ItemPropertyValue -Path `
'HKLM:\SOFTWARE\WOW6432Node\Sophos\Management Communications System\' `
-Name ComputerNameOverride
$SophosInstalled = "Sophos is Installed"
}
else {
$SophosInstalled = "Sophos is Not Installed"
$SohposRegName = "Sophos is Not Installed"
}#>
#Get Disks and match with partitions.
$partitions = Get-CimInstance Win32_DiskPartition
$physDisc = get-physicaldisk
$arr = @()
foreach ($partition in $partitions) {
$cims = Get-CimInstance -Query "ASSOCIATORS OF `
{Win32_DiskPartition.DeviceID='$($partition.DeviceID)'} `
WHERE AssocClass=Win32_LogicalDiskToPartition"
$regex = $partition.name -match "(\d+)"
$physDiscNr = $matches[0]
foreach ($cim in $cims) {
$arr += [PSCustomObject]@{
Drive = $cim.deviceID
Partition = $partition.name
MediaType = $($physDisc | Where-Object { $_.DeviceID -eq $physDiscNr } | Select-Object -expand MediaType)
}
}
}
$DiskList = $arr
#Pulls the current windows version formated 21H2 style with .DisplayVersion windows edition via ProductName
$Winverinfo = (Get-ItemProperty "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion")
#Pull SFC scan results
$sfclog = get-content $PSScriptRoot\sfc.txt -Encoding unicode | Select-String -Pattern Resource
#Im only going to comment one of these, as they are all the same.
#This grabs the location of the SAS Logs, ie the cpuLogsResultsFolderSearch they are in.
$SASlogLocation = $env:APPDATA + "\SUPERAntiSpyware.com\SUPERAntiSpyware\Logs\"
#This line grabs all the fimes, and then grabs the newest file from the list (ie the one that was just created by our last scan)
$SASlogFileName = Get-ChildItem $SASlogLocation | Sort-Object LastAccessTime | Select-Object -First 1
#And then puts them together for the full file path and name (C:\blabla\bla\log.txt)
$SASlognameandloc = $SASlogLocation + $SASlogFileName.name
#This reads through the file looking for the patterern "detected" and pulling out all lines with that pattern
$SASResults = get-content $SASlognameandloc | Select-String -Pattern detected -CaseSensitive
$MbamLogLocation = "C:\ProgramData\Malwarebytes\MBAMService\ScanResults\"
$MBAMLogName = Get-ChildItem $MbamLogLocation | Sort-Object LastAccessTime -Descending | Select-Object -First 1
$MBAMLogAndName = $MbamLogLocation + $MBAMLogName.name
$MBAMResults = get-content $MBAMLogAndName | Select-Object -Skip 1 | ConvertFrom-Json
$JRTLogAndName = $PSScriptRoot + "\jrt\temp\jrt.txt"
$JRTResults = get-content $JRTLogAndName | Select-String -Pattern ": [1-9]"
$ADWLogLocation = $PSScriptRoot + "\Logs\"
$ADWLogName = Get-ChildItem $ADWLogLocation | Sort-Object LastAccessTime -Descending | Select-Object -First 1
$ADWLogAndName = $ADWLogLocation + $ADWLogName.name
$ADWResults = get-content -Literalpath $ADWLogAndName | Select-String -Pattern Detected -CaseSensitive
$Batteryinfolog = $PSScriptRoot + "\BatteryInfoView.txt"
$BatteryResults = get-content $Batteryinfolog | Select-String -Pattern "Battery Health"
#check memory diagnostics results, if empty writes "no resutls found"
$Memdiagresults = (get-eventlog -logname system -Source "Microsoft-Windows-MemoryDiagnostics-Results" -newest 1)
$MemdiagresultsMessage = $Memdiagresults.Message
$MemdiagresultsTime = $Memdiagresults.Time
if (!$Memdiagresults) {
$MemdiagresultsMessage = "No results found for Windows Memory Diagnostics"
$MemdiagresultsTime = "No results found for Windows Memory Diagnostics"
}
#This block is a bit of a mess, so I put it into its own function.
#It loops through the processor diagnostics folder and snags all the RESULTS files
#Then searches for the word fail, if it finds it it adds that filename to a list
$CpuLogsResultsFolderSearch = "C:\Program Files\Intel Corporation\Intel Processor Diagnostic Tool 64bit\*"
$CpuLogsandFilenames = Get-ChildItem -Path $cpuLogsResultsFolderSearch -Include *_Results.txt
$CpuLogsResultsFolderLiteral = "C:\Program Files\Intel Corporation\Intel Processor Diagnostic Tool 64bit\"
CpuTestFailures = "CPU Test Results Failed"
foreach ( $filename in $CpuLogsandFilenames.name) {
$cpulogs = $CpuLogsResultsFolderLiteral + $filename
if (get-content -literalpath $cpulogs | Select-String -Pattern Fail) {
$CpuTestFailures += Write-Output $filename `n
}
}
$CpuTestFailures = $CpuTestFailures -replace "genintel_1_Results.txt", "Not an intel CPU"
$CpuTestFailures = $CpuTestFailures -replace "brandstring_1_Results.txt", "Branding string"
$CpuTestFailures = $CpuTestFailures -replace "cache_1_Results.txt", "Cache"
$CpuTestFailures = $CpuTestFailures -replace "mmxsse_1_Results.txt", "MMXSSE"
$CpuTestFailures = $CpuTestFailures -replace "imc_1_Results.txt", "IMC"
$CpuTestFailures = $CpuTestFailures -replace "Math_PrimeNum_Parallel_Math_1_Results.txt", "Prime Number Generation"
$CpuTestFailures = $CpuTestFailures -replace "Parallel_PrimeNum_1_Results.txt", "Prime Number Generation"
$CpuTestFailures = $CpuTestFailures -replace "Math_PrimeNum_Parallel_PrimeNum_1_Results.txt", "Prime Number Generation"
$CpuTestFailures = $CpuTestFailures -replace "Math_FP_Parallel_Math_1_Results.txt", "Floating Point Math"
$CpuTestFailures = $CpuTestFailures -replace "Math_FP_Parallel_FP_1_Results.txt", "Floating Point Math"
$CpuTestFailures = $CpuTestFailures -replace "Parallel_FP_1_Results.txt", "Floating Point Math"
$CpuTestFailures = $CpuTestFailures -replace "AVX_Parallel_Math_1_Results.txt FMA3_Parallel_Math_1_Results.txt", "Math"
$CpuTestFailures = $CpuTestFailures -replace "Parallel_GPUStressW_1_Results.txt", "Software Rendering Stress Test"
$CpuTestFailures = $CpuTestFailures -replace "AVX_Parallel_GPUStressW_1_Results.txt" , "Software Rendering Stress Test"
$CpuTestFailures = $CpuTestFailures -replace "FMA3_Parallel_GPUStressW_1_Results.txt", "Software Rendering Stress Test"
$CpuTestFailures = $CpuTestFailures -replace "dgemm_1_Results.txt", "CPU Load Stressing"
$CpuTestFailures = $CpuTestFailures -replace "cpufreq_1_Results.txt", "CPU Frequency Changing (Amd CPUs fail regularly)"
$CpuTestFailures = $CpuTestFailures -replace "pch_1_Results.txt", "PCH"
$CpuTestFailures = $CpuTestFailures -replace "spbc_1_Results.txt", "SPBC"
$CpuTestFailures = $CpuTestFailures -replace "Temperature_Results.txt", "Tempurature"
#Writes log via another fuction for results to try and keep it cleaner
"Full Mantiance Checkup Results" | Out-File -FilePath $endlog
$Winverinfo.ProductName + " Version: " + $Winverinfo.DisplayVersion | Out-File -FilePath $endlog -Append
$SophosInstalled | Out-File -FilePath $endlog -Append
#"With the name of " + $SohposRegName | Out-File -FilePath $endlog -Append
"==============================" | Out-File -FilePath $endlog -Append
"Memory diagnostics ran at " + $MemdiagresultsTime | Out-File -FilePath $endlog -Append
$MemdiagresultsMessage | Out-File -FilePath $endlog -Append
"==============================" | Out-File -FilePath $endlog -Append
$DiskList | Out-File -FilePath $endlog -Append
"==============================" | Out-File -FilePath $endlog -Append
"MalwareBytes Scan Results" | Out-File -FilePath $endlog -Append
"Total Pups Found: " + $MBAMResults.threatsDetected | Out-File -FilePath $endlog -Append
"==============================" | Out-File -FilePath $endlog -Append
"SAS Scan Results" | Out-File -FilePath $endlog -Append
$SASResults[0] | Out-File -FilePath $endlog -Append
$SASResults[1] | Out-File -FilePath $endlog -Append
$SASResults[2] | Out-File -FilePath $endlog -Append
"==============================" | Out-File -FilePath $endlog -Append
"ADW Cleaner Results: " | Out-File -FilePath $endlog -Append
$ADWResults | Out-File -FilePath $endlog -Append
"==============================" | Out-File -FilePath $endlog -Append
"JRT Cleaned up: " | Out-File -FilePath $endlog -Append
$JRTResults | Out-File -FilePath $endlog -Append
"==============================" | Out-File -FilePath $endlog -Append
"Battery Health state" | Out-File -FilePath $endlog -Append
$BatteryResults | Out-File -FilePath $endlog -Append
"==============================" | Out-File -FilePath $endlog -Append
"SFC Scan Results" | Out-File -FilePath $endlog -Append
$sfclog | Out-File -FilePath $endlog -Append
"==============================" | Out-File -FilePath $endlog -Append
$CpuTestFailures | Out-File -FilePath $endlog -Append
"==============================" | Out-File -FilePath $endlog -Append
"Full List Of MBAM Threats Cleaned up" | Out-File -FilePath $endlog -Append
$MBAMResults.threats.threatname | Out-File -FilePath $endlog -Append
#opens notepad with the log file.
notepad.exe $endlog
}
Function Cleanup {
Set-ExecutionPolicy -ExecutionPolicy Restricted
#this removes the install listing for an the migration tool we used during symantec to sophos migration.
Remove-Item -Path "HKLM:\Software\Microsoft\Windows\CurrentVersion\Uninstall\SophosMigrationUtility"
#Uninstalls SAS, MBAM, and ADW
choco uninstall adwcleaner malwarebytes superantispyware -y
#Delete downloaded files needs more testing before i let it delete everything
#Remove-Item $SUoutpath -Force
#Remove-Item $DAoutpath -Force
#Remove-Item $MCzippath -Force
#Remove-Item $PSScriptRoot/MC -recurse -Force
#delete Powershell MC Script itself
#Remove-Item -LiteralPath $MyInvocation.MyCommand.Path -Force
Write-Host -NoNewLine 'Press any key to continue...';
$null = $Host.UI.RawUI.ReadKey('NoEcho,IncludeKeyDown');
}
# Launch The Program. finnaly after all this code!
Main