resolved issue #10. Services +verbose.

general tidying up

PrivWindoze.bat

@@ -62,7 +62,12 @@ whoami /user>"%TEMP%\privwindozelogwho.txt"
 GREP -Es "S-1-5-21-[0-9]{10}-[0-9]{10}-[0-9]{10}-[0-9]{3,4}$" <"%TEMP%\privwindozelogwho.txt" >"%TEMP%\privwindozelogwho2.txt"
 IF ERRORLEVEL 1 ( GOTO :AdminChk )
 SED -r "s/^.*(S-1-5-21-[0-9]{10}-[0-9]{10}-[0-9]{10}-[0-9]{3,4})$/\1/" <"%TEMP%\privwindozelogwho2.txt" >"%TEMP%\privwindozelogwho3.txt"
-FOR /F %%G in (%TEMP%\privwindozelogwho3.txt) DO ( SET SID=%%G )
+FOR /F %%G in (%TEMP%\privwindozelogwho3.txt) DO SET SID=%%G
+
+IF EXIST "%APPDATA%\Mozilla\Firefox\Profiles" @(
+  DIR /B/A:D "%APPDATA%\Mozilla\Firefox\Profiles" 2>NUL|GREP -Esi "\.default-release$">"%TEMP%\privwindozeff.txt"
+  FOR /F %%G in (%TEMP%\privwindozeff.txt) DO SET FFPROFILE=%%G
+  )
 REM ~~~~~~~~~~~~~~~~~~~~~~~~>
 ECHO.========================================================
 ECHO.*                                                      *
@@ -147,42 +152,42 @@ REM DISM /Online /Cleanup-Image /CheckHealth (other useful command)
 :: REGISTRY ::
 :Registry
 Echo([^|^|^|   ] Scanning Registry
-@FOR /F "TOKENS=*" %%G IN ( regbad.dat ) DO @REG QUERY "%%G" 2>NUL|GREP -Es "^HKEY_" >>temp00
+@FOR /F "TOKENS=*" %%G IN ( regbad.dat ) DO @REG QUERY "%%G" 2>NUL|GREP -Es "^HKEY_">>temp00
 FOR /F "TOKENS=*" %%G IN ( temp00 ) DO @(
-  ECHO.%%G ^(Registry Key^) >>"%TEMP%\004"
+  ECHO.%%G ^(Registry Key^)>>"%TEMP%\004"
   REG DELETE "%%G" /F >NUL 2>&1
   )
 DEL /A/F/Q temp0? >NUL 2>&1
 
 :: icacls %%G /grant "%username%":(d,wdac)
 REM ~~~~~ NON MALWARE ENTRIES ~~~~~~~\/
-REG DELETE "HKCR\.htm\OpenWithProgids" /V MSEdgeHTM /F >NUL 2>&1
-REG DELETE "HKCR\.html\OpenWithProgids" /V MSEdgeHTM /F >NUL 2>&1
-REG DELETE "HKCR\.mht\OpenWithProgids" /V MSEdgeMHT /F >NUL 2>&1
-REG DELETE "HKCR\.pdf\OpenWithProgids" /V MSEdgePDF /F >NUL 2>&1
-REG DELETE "HKCR\.shtml\OpenWithProgids" /V MSEdgeHTM /F >NUL 2>&1
-REG DELETE "HKCU\Environment" /V "OneDrive" /F >NUL 2>&1
-REG DELETE "HKCU\Environment" /V "OneDriveConsumer" /F >NUL 2>&1
-REG DELETE "HKCU\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run" /V OneDriveSetup /F >NUL 2>&1
 REG DELETE "HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache" /VA /F >NUL 2>&1
-REG DELETE %URun% /V Microsoft.Lists /F >NUL 2>&1
-REG DELETE %URun% /V OneDrive /F >NUL 2>&1
+REG DELETE "HKLM\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION" /V OneDrive.exe /F >NUL 2>&1
+REG DELETE %StartupApprovedRun% /VA /F >NUL 2>&1
 REG DELETE %URun% /V com.slatedigital.analytics /F >NUL 2>&1
 REG DELETE %URun% /V com.squirrel.Teams.Teams /F >NUL 2>&1
 REG DELETE %URun% /V LenovoVantageToolbar /F >NUL 2>&1
-REG DELETE "HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce" /V OneDrive /F >NUL 2>&1
-REG DELETE "HKLM\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION" /V OneDrive.exe /F >NUL 2>&1
-REG DELETE "HKLM\Software\Microsoft\Windows\CurrentVersion\Run" /V HPOneAgentService /F >NUL 2>&1
-REG DELETE "HKLM\Software\Microsoft\Windows\CurrentVersion\Run" /V TeamsMachineInstaller /F >NUL 2>&1
-REG DELETE "HKLM\Software\Microsoft\Windows\CurrentVersion\Run" /V XboxStat /F >NUL 2>&1
-REG DELETE "HKLM\Software\RegisteredApplications" /V "Microsoft Edge" /F >NUL 2>&1
-REG DELETE "HKU\S-1-5-19\Environment" /V OneDrive /F >NUL 2>&1
-REG DELETE "HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce" /V OneDrive /F >NUL 2>&1
-REG DELETE "HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce" /V OneDriveSetup /F >NUL 2>&1
+REG DELETE %URun% /V Microsoft.Lists /F >NUL 2>&1
+REG DELETE %URun% /V OneDrive /F >NUL 2>&1
+REG DELETE HKCR\.htm\OpenWithProgids /V MSEdgeHTM /F >NUL 2>&1
+REG DELETE HKCR\.html\OpenWithProgids /V MSEdgeHTM /F >NUL 2>&1
+REG DELETE HKCR\.mht\OpenWithProgids /V MSEdgeMHT /F >NUL 2>&1
+REG DELETE HKCR\.pdf\OpenWithProgids /V MSEdgePDF /F >NUL 2>&1
+REG DELETE HKCR\.shtml\OpenWithProgids /V MSEdgeHTM /F >NUL 2>&1
+REG DELETE HKCU\Environment /V OneDrive /F >NUL 2>&1
+REG DELETE HKCU\Environment /V OneDriveConsumer /F >NUL 2>&1
+REG DELETE HKCU\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run /V OneDriveSetup /F >NUL 2>&1
+REG DELETE HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce /V OneDrive /F >NUL 2>&1
+REG DELETE HKLM\Software\Microsoft\Windows\CurrentVersion\Run /V HPOneAgentService /F >NUL 2>&1
+REG DELETE HKLM\Software\Microsoft\Windows\CurrentVersion\Run /V TeamsMachineInstaller /F >NUL 2>&1
+REG DELETE HKLM\Software\Microsoft\Windows\CurrentVersion\Run /V XboxStat /F >NUL 2>&1
+REG DELETE HKLM\Software\RegisteredApplications /V "Microsoft Edge" /F >NUL 2>&1
+REG DELETE HKU\S-1-5-19\Environment /V OneDrive /F >NUL 2>&1
+REG DELETE HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce /V OneDrive /F >NUL 2>&1
+REG DELETE HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce /V OneDriveSetup /F >NUL 2>&1
 REG DELETE HKU\S-1-5-20\Environment /V OneDrive /F >NUL 2>&1
 REG DELETE HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce /V OneDrive /F >NUL 2>&1
 REG DELETE HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce /V OneDriveSetup /F >NUL 2>&1
-REG DELETE %StartupApprovedRun% /VA /F >NUL 2>&1
 REM ~~~~~ NON MALWARE ENTRIES ~~~~~~~/\
 
 REM ~~~~~ START OF MALWARE ~~~~~~~\/
@@ -243,6 +248,7 @@ FOR /F %%G in (%TEMP%\privwindozelogr2.txt) DO (
     ECHO(%URun%\\%%G ^(Registry Value^)>>"%TEMP%\004"
     REG DELETE "%URun%" /V "%%G" /F >NUL 2>&1
 )
+
 :SubscribedContent
 REG QUERY %CUCDM% 2>NUL|GREP -Eis "SubscribedContent-[0-9]{5,}Enabled">"%TEMP%\privwindozelogr.txt"
 IF ERRORLEVEL 1 ( GOTO :Policies )
@@ -254,28 +260,7 @@ FOR /F %%G in (%TEMP%\privwindozelogr2.txt) DO (
 
 :: POLICIES ::
 :Policies
-REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\AdvertisingInfo" /T REG_DWORD /V Enabled /D 0 /F >NUL 2>&1
-REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Diagnostics\DiagTrack" /T REG_DWORD /V ShowedToastAtLevel /D 1 /F >NUL 2>&1
-REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /T REG_DWORD /V DisablePreviewDesktop /D 1 /F >NUL 2>&1
-REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /T REG_DWORD /V ShowCopilotButton /D 0 /F >NUL 2>&1
-REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /T REG_DWORD /V ShowCortanaButton /D 0 /F >NUL 2>&1
-REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /T REG_DWORD /V ShowInfoTip /D 0 /F >NUL 2>&1
-REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /T REG_DWORD /V ShowSyncProviderNotifications /D 0 /F >NUL 2>&1
-REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /T REG_DWORD /V Start_IrisRecommendations /D 0 /F >NUL 2>&1
-REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /T REG_DWORD /V Start_ShowClassicMode /D 1 /F >NUL 2>&1
-REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\UserProfileEngagement" /T REG_DWORD /V ScoobeSystemSettingEnabled /D 0 /F >NUL 2>&1
-REG ADD "HKCU\Software\Policies\Microsoft\Windows\EdgeUI" /T REG_DWORD /V DisableMFUTracking /D 1 /F >NUL 2>&1
-REG ADD "HKCU\Software\Policies\Microsoft\Windows\WindowsAI" /T REG_DWORD /V DisableAIDataAnalysis /D 1 /F >NUL 2>&1
-REG ADD "HKCU\Software\Policies\Microsoft\Windows\WindowsCopilot" /T REG_DWORD /V TurnOffWindowsCopilot /D 1 /F >NUL 2>&1
-REG ADD "HKLM\Software\Microsoft\PolicyManager\default\System\AllowTelemetry" /T REG_DWORD /V value /D 0 /F >NUL 2>&1
-REG ADD "HKLM\Software\Microsoft\PolicyManager\default\WindowsAI\TurnOffWindowsCopilot" /T REG_DWORD /V value /D 1 /F >NUL 2>&1
-REG ADD "HKLM\Software\Policies\Microsoft\Windows\AdvertisingInfo" /T REG_DWORD /V DisabledByGroupPolicy /D 1 /F >NUL 2>&1
-REG ADD "HKLM\Software\Policies\Microsoft\Windows\DataCollection" /T REG_DWORD /V AllowTelemetry /D 0 /F >NUL 2>&1
-REG ADD "HKLM\Software\Policies\Microsoft\Windows\DataCollection" /T REG_DWORD /V MaxTelemetryAllowed /D 0 /F >NUL 2>&1
-REG ADD "HKLM\Software\Policies\Microsoft\Windows\EdgeUI" /T REG_DWORD /V DisableMFUTracking /D 1 /F >NUL 2>&1
 REG ADD "HKLM\Software\Policies\Microsoft\Windows\Windows Error Reporting" /T REG_DWORD /V DontSendAdditionalData /D 1 /F >NUL 2>&1
-REG ADD "HKLM\Software\Policies\Microsoft\Windows\WindowsAI" /T REG_DWORD /V DisableAIDataAnalysis /D 1 /F >NUL 2>&1
-REG ADD "HKLM\Software\Policies\Microsoft\Windows\WindowsAI" /T REG_DWORD /V DisabledByGroupPolicy /D 1 /F >NUL 2>&1
 REG ADD %CUCDM% /T REG_DWORD /V ContentDeliveryAllowed /D 0 /F >NUL 2>&1
 REG ADD %CUCDM% /T REG_DWORD /V FeatureManagementEnabled /D 0 /F >NUL 2>&1
 REG ADD %CUCDM% /T REG_DWORD /V OemPreInstalledAppsEnabled /D 0 /F >NUL 2>&1
@@ -287,6 +272,27 @@ REG ADD %CUCDM% /T REG_DWORD /V SilentInstalledAppsEnabled /D 0 /F >NUL 2>&1
 REG ADD %CUCDM% /T REG_DWORD /V SoftLandingEnabled /D 0 /F >NUL 2>&1
 REG ADD %CUCDM% /T REG_DWORD /V SubscribedContentEnabled /D 0 /F >NUL 2>&1
 REG ADD %CUCDM% /T REG_DWORD /V SystemPaneSuggestionsEnabled /D 0 /F >NUL 2>&1
+REG ADD HKCU\Software\Microsoft\Windows\CurrentVersion\AdvertisingInfo /T REG_DWORD /V Enabled /D 0 /F >NUL 2>&1
+REG ADD HKCU\Software\Microsoft\Windows\CurrentVersion\Diagnostics\DiagTrack /T REG_DWORD /V ShowedToastAtLevel /D 1 /F >NUL 2>&1
+REG ADD HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /T REG_DWORD /V DisablePreviewDesktop /D 1 /F >NUL 2>&1
+REG ADD HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /T REG_DWORD /V ShowCopilotButton /D 0 /F >NUL 2>&1
+REG ADD HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /T REG_DWORD /V ShowCortanaButton /D 0 /F >NUL 2>&1
+REG ADD HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /T REG_DWORD /V ShowInfoTip /D 0 /F >NUL 2>&1
+REG ADD HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /T REG_DWORD /V ShowSyncProviderNotifications /D 0 /F >NUL 2>&1
+REG ADD HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /T REG_DWORD /V Start_IrisRecommendations /D 0 /F >NUL 2>&1
+REG ADD HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /T REG_DWORD /V Start_ShowClassicMode /D 1 /F >NUL 2>&1
+REG ADD HKCU\Software\Microsoft\Windows\CurrentVersion\UserProfileEngagement /T REG_DWORD /V ScoobeSystemSettingEnabled /D 0 /F >NUL 2>&1
+REG ADD HKCU\Software\Policies\Microsoft\Windows\EdgeUI /T REG_DWORD /V DisableMFUTracking /D 1 /F >NUL 2>&1
+REG ADD HKCU\Software\Policies\Microsoft\Windows\WindowsAI /T REG_DWORD /V DisableAIDataAnalysis /D 1 /F >NUL 2>&1
+REG ADD HKCU\Software\Policies\Microsoft\Windows\WindowsCopilot /T REG_DWORD /V TurnOffWindowsCopilot /D 1 /F >NUL 2>&1
+REG ADD HKLM\Software\Microsoft\PolicyManager\default\System\AllowTelemetry /T REG_DWORD /V value /D 0 /F >NUL 2>&1
+REG ADD HKLM\Software\Microsoft\PolicyManager\default\WindowsAI\TurnOffWindowsCopilot /T REG_DWORD /V value /D 1 /F >NUL 2>&1
+REG ADD HKLM\Software\Policies\Microsoft\Windows\AdvertisingInfo /T REG_DWORD /V DisabledByGroupPolicy /D 1 /F >NUL 2>&1
+REG ADD HKLM\Software\Policies\Microsoft\Windows\DataCollection /T REG_DWORD /V AllowTelemetry /D 0 /F >NUL 2>&1
+REG ADD HKLM\Software\Policies\Microsoft\Windows\DataCollection /T REG_DWORD /V MaxTelemetryAllowed /D 0 /F >NUL 2>&1
+REG ADD HKLM\Software\Policies\Microsoft\Windows\EdgeUI /T REG_DWORD /V DisableMFUTracking /D 1 /F >NUL 2>&1
+REG ADD HKLM\Software\Policies\Microsoft\Windows\WindowsAI /T REG_DWORD /V DisableAIDataAnalysis /D 1 /F >NUL 2>&1
+REG ADD HKLM\Software\Policies\Microsoft\Windows\WindowsAI /T REG_DWORD /V DisabledByGroupPolicy /D 1 /F >NUL 2>&1
 
 
 :: TASKS ::
@@ -420,15 +426,13 @@ FOR %%G in (
     )
 )
 
-DIR /B/A:-D "%SYS32%\Tasks" 2>NUL|GREP -Eis "^(MicrosoftEdgeUpdateTask|OneDrive|Omen(Install|Overlay)|NvTmRep_|Asus)" >temp00
-DIR /B/A:-D "%SYS32%\Tasks" 2>NUL|GREP -Eis "Telemetry" >>temp00
+DIR /B/A:-D "%SYS32%\Tasks" 2>NUL|GREP -Eis "^(MicrosoftEdgeUpdateTask|OneDrive|Omen(Install|Overlay)|NvTmRep_|Asus)|Telemetry">temp00
 SORT_ -f -u <temp00 >temp01
 @FOR /F "TOKENS=*" %%G IN ( temp01 ) DO @(
   ECHO..\"%%G" ^(Task^)>>"%TEMP%\002"
   SCHTASKS /DELETE /TN "%%G" /F >NUL 2>&1
   )
 )
-DEL /A/F temp0? >NUL 2>&1
 
 DIR /B/A:-D "%SYS32%\Tasks\Lenovo\ImController\TimeBasedEvents" 2>NUL|GREP -Eis "^[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$">temp00
 SORT_ -f -u <temp00 >temp01
@@ -437,7 +441,6 @@ SORT_ -f -u <temp00 >temp01
   SCHTASKS /DELETE /TN "Lenovo\ImController\TimeBasedEvents\%%G" /F >NUL 2>&1
   )
 )
-DEL /A/F temp0? >NUL 2>&1
 
 DIR /B/A:-D "%SYS32%\Tasks\Lenovo\UDC\MessagingPlugin" 2>NUL|GREP -Eis "^[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$">temp00
 SORT_ -f -u <temp00 >temp01
@@ -446,7 +449,6 @@ SORT_ -f -u <temp00 >temp01
   SCHTASKS /DELETE /TN "Lenovo\UDC\MessagingPlugin\%%G" /F >NUL 2>&1
   )
 )
-DEL /A/F temp0? >NUL 2>&1
 
 DIR /B/A:-D "%SYS32%\Tasks\Lenovo\UDC\SystemNotificationPlugin" 2>NUL|GREP -Eis "^[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$">temp00
 SORT_ -f -u <temp00 >temp01
@@ -455,19 +457,28 @@ SORT_ -f -u <temp00 >temp01
   SCHTASKS /DELETE /TN "Lenovo\UDC\SystemNotificationPlugin\%%G" /F >NUL 2>&1
   )
 )
-DEL /A/F temp0? >NUL 2>&1
 
 :Services
 Echo([^|^|^|^|^| ] Scanning Services
-FOR /F %%G in ( svc_stop_disable.dat ) DO (
-    SC CONFIG "%%G" start= disabled>nul
-    SC STOP "%%G">nul
+@FOR /F "TOKENS=*" %%G IN ( svc_stop_disable.dat ) DO @(
+  SC CONFIG "%%G" start= disabled|GREP -Es "ChangeServiceConfig SUCCESS">temp00
+  IF NOT ERRORLEVEL 1 (
+    ECHO.%%G ^(Service Disabled^)>>"%TEMP%\000b"
+    )
 )
+
+@FOR /F "TOKENS=*" %%G IN ( svc_stop_disable.dat ) DO @(
+  SC STOP "%%G"|GREP -Es "STOP_PENDING|ControlService FAILED 1062">temp00
+  IF NOT ERRORLEVEL 1 (
+    ECHO.%%G ^(Service Stopped^)>>"%TEMP%\000b"
+    )
+)
+
 @FOR /F "TOKENS=*" %%G IN ( svc_delete.dat ) DO @(
-  SC QUERY "%%G" 2>NUL|GREP -Es "WAIT_HINT" >temp00
+  SC QUERY "%%G"|GREP -Es "WAIT_HINT">temp00
   IF NOT ERRORLEVEL 1 (
-    ECHO.%%G ^(Service^) >>"%TEMP%\000b"
-    SC DELETE "%%G" >nul
+    ECHO.%%G ^(Service Deleted^)>>"%TEMP%\000b"
+    SC DELETE "%%G">nul
     )
 )
 DEL /A/F temp0? >NUL 2>&1
@@ -552,13 +563,19 @@ FOR /F "usebackq delims=" %%G in ("%TEMP%\privwindozelogp_del.txt") DO (
 )
 :Blizzard
 DIR /B/A:-D "%LOCALA%\Blizzard Entertainment\Telemetry" 2>NUL|GREP -Es ".*">temp00
-IF ERRORLEVEL 1 ( GOTO :Rootkits )
+IF ERRORLEVEL 1 ( GOTO :Firefox )
 @FOR /F "TOKENS=*" %%G IN ( temp00 ) DO @(
   ECHO."%LOCALA%\Blizzard Entertainment\Telemetry\%%G" ^(File^)>>"%TEMP%\001"
   DEL /A/F/Q "%LOCALA%\Blizzard Entertainment\Telemetry\%%G" >NUL 2>&1
   )
-
-
+:Firefox
+IF NOT EXIST "%APPDATA%\Mozilla\Firefox\Profiles" GOTO :Rootkits
+DIR /B/A:D "%APPDATA%\Mozilla\Firefox\Profiles\%FFPROFILE%\storage\to-be-removed" 2>NUL|GREP -Eis "\{[A-F0-9]{8}-[A-F0-9]{4}-[A-F0-9]{4}-[A-F0-9]{4}-[A-F0-9]{12}\}">"%TEMP%\privwindozeff00.txt"
+IF ERRORLEVEL 1 ( GOTO :Rootkits )
+FOR /F "TOKENS=*" %%G IN ( %TEMP%\privwindozeff00.txt ) DO @(
+  ECHO."%APPDATA%\Mozilla\Firefox\Profiles\%FFPROFILE%\storage\to-be-removed\%%G">>"%TEMP%\001b"
+  RD /S/Q "%APPDATA%\Mozilla\Firefox\Profiles\%FFPROFILE%\storage\to-be-removed\%%G" >NUL 2>&1
+  )
 :Rootkits
 IF NOT EXIST %SYS32%\pnputil.exe ECHO pnputil.exe is missing! && GOTO :Files
 %SYS32%\pnputil.exe /enum-drivers 2>NUL|GREP -Es "^Original Name">"%TEMP%\privwindozelogrk.txt"
@@ -683,7 +700,7 @@ FOR %%G in (
 :DoLog
 
 Echo(~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~>"%TEMP%\pwindoze.txt"
-Echo(PrivWindoze v2.9.5 ^(11.27.2024^)>>"%TEMP%\pwindoze.txt"
+Echo(PrivWindoze v2.9.6 ^(11.27.2024^)>>"%TEMP%\pwindoze.txt"
 Echo(https://furtivex.net>>"%TEMP%\pwindoze.txt"
 Echo(Operating System: %OS% %ARCH%>>"%TEMP%\pwindoze.txt"
 Echo(Ran by "%username%" ^("%COMPUTERNAME%"^) ^(%USERSTATUS%^) on %StartDate% at %StartTime%>>"%TEMP%\pwindoze.txt"
@@ -760,7 +777,9 @@ SED "s/\x22//g; s/Sysnative/system32/; s/HKEY_LOCAL_MACHINE/HKLM/; s/HKEY_CURREN
 
 RD /S/Q %systemdrive%\PrivWindoze\dependencies >NUL 2>&1
 IF %DEBUG%==OFF @DEL %windir%\grep.exe %windir%\libiconv2.dll %windir%\libintl3.dll %windir%\pcre3.dll %windir%\regex2.dll %windir%\sed.exe %windir%\sort_.exe >NUL 2>&1
-
+FOR %%G in (
+temp0?
+) DO @DEL /A/F/Q "%CD%\%%G" >NUL 2>&1
 ECHO.
 ECHO.
 START /D "%userprofile%" /I %WINDIR%\explorer.exe