ScriptingNoob

I am having the same challenge and oddities; I can delete values from Win7 to XP, but not keys; I am returned error -2. Curious if you had found a fix for this issue.

OK, I think after much (more) Googling and trial and error I found that if I use "While..WEnd" instead of For...Next and combine it with "If @error <> 0 then ExitLoop", I get better results. Local $i = 1 While 1 $Key = RegEnumKey("" & $Target & "HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Options", $i) $i += 1 If @error <> 0 then ExitLoop ;MsgBox(0, $i, $Key) For $i2 = 1 to 3; will look up to 3 values deep $Value = RegEnumVal("" & $Target & "HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Options" & $Key, $i2) If $Value = "Debugger" Then MsgBox(0, "Found One", "HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Options" & $Key) ; Add RegDelete here for said key Else EndIf Next WEnd thoughts?

Hi all, I am trying to write a script that can read all sub-keys of a particular registry key, and them from there I can analyze each sub-key. I am trying to script a Malware Cleanup utility that will only remove the bad keys from this portion of the registry. The bad keys have the value of "Debugger" in them. Here is the key I am trying to read from: "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\"; and here is what I put together so far. $Target = "My Target IP Address" For $i = 1 to 1000 $Key = RegEnumKey("\\" & $Target & "\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options", $i) For $i2 = 1 to 2 $Value = RegEnumVal("\\" & $Target & "\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\" & $Key, $i2) If $Value = "Debugger" Then MsgBox(0, "Found One", "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\" & $Key) Else EndIf Next Next Right now I am using a For..Next statement as my loop, but on some systems there are 20 sub-keys and others there are 1000. If I leave my For...Next with a limit of 1000 it will take much longer to run then necessary. Is there a way to go through all Sub-keys (only one level necessary) of a particular key? Thank you,

This works like a champ; thank you very much for your time and assistance. I know its not easy helping Newbs @ times.

So far, looks good. The only alerts that had been returned were 0's for Folder access / Extended ; Item create / Extended; and Add recipient / Extended. I assume zeros are OK; I guess from here I can comment out or delete the lines for MsgBox and $iOL_Debug.

Yes, I saw the typo when it first failed, not a problem. As for the: _OL_FolderAccess($oOL, "", "", $olMailItem) I was not aware of that function; it was not part of the wiki, so I left it s default. I think I just confused myself. What parameters should be in 2-4?

FolderAccess: @error = 5, @extended = 0

This is what I get in the output window; C:Program Files (x86)AutoIt3IncludeOutlookEx.au3 (2489) : ==> Error in expression.: $oOL_Item = $oOL_Folder.Items.Add($iOL_ItemType) $oOL_Item = ^ ERROR ->15:22:08 AutoIT3.exe ended.rc:1 >Exit code: 1 Time: 1.627 No seperate popup with error this time. If it means anything, Win7 (x64), Office 07 SP2, Exchange '03 Thanks again

Ohh and to add: If I run the above text word for word I get the following: OutlookEX UDF version = 0.6.0 Scriptline = 1474 NumberHex = 800200009 Number = -2147352567 WinDescription = Description = The operation failed. An object could not be found. Source = Microsoft Office Outlook HelpFile = Help Context = 0 LastDLLError = 0 ItemCreate: @Error = 1 Add Rcipient: @Error = 1

Thanks for your response; If i try the example from the Wiki, I am curious what I should put for; *Outlook-UDF-TestTargetFolderMail I assume I would use the example as indicated but change the fields for "Doe, Jane" Thanks again.

Hi, I am having a bit of a challenge understanding how to Send On Behalf of another mailbox; its not a permissions issue since I can currently send on behalf via Outlook etc (and I am the admin). I am certain its me not fully understanding how to work the UDF. Dont get me wrong its awesome, but sometimes it takes a bit to click. I have been able to successfully incorporate sending an email with the "_OL_Wrapper_SendMail", but need to extend that function to use Send on Behalf, or add a "from" command as indicated in this post. I have read this thread and see what was posted in Post 11 & 12 () In post 12 and in (http://www.autoitscript.com/wiki/OutlookEX_UDF_-_Mail_Item) they reference using "OL_ItemCreate" but I cannot wrap my head around that. Is there an easy way to incorporate $sFrom into _OL_Wrapper_SendMail or is it easier to use the new referenced function (_OL_ItemCreate). Thanks in advance.

OK, I think I figured this out... I used the registry key of: "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList" as a guide. $MWFolder = "C:\MALWARE\" $Machine = "Destination Folder Name" Opt("ExpandEnvStrings", 1) DirCreate($MWFolder & $Machine) For $i = 1 to 100 $Profile = RegEnumKey("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList", $i) $UserFolder = RegRead("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\" & $Profile, "ProfileImagePath") If @error <> 0 then ExitLoop FileCopy($UserFolder & "\Application Data\*.exe", $MWFolder & $Machine & "\") FileCopy($UserFolder & "\Local Settings\Application Data\*.exe", $MWFolder & $Machine & "\") Next FileCopy("C:\Documents and Settings\All Users\Application Data\*.exe", $MWFolder & $Machine & "\") So what I did was read through the reg key, find the users profile path under each SID, and use that as a variable to use in my FileCopy statement. When this is done, it will copy .exe's & .Dll's from the above locations on remote PC's (which I have permissions on). I can analyze these files locally to see if they are Malware. I have not found in my experience any legitimate reason for .exe's to exist in these locations, 9/10 its malware.

Hi There, I am trying to write a script that will call all files of a particular file type (.exe, .dll etc) from the following directories: <User Profile>\Application data\ <User Profile>\Local Settings\Application Data\ I was able to author a script that reads and copies the files if I specify the users profile, but would like it to cycle through all users on the target machine. I am new to scripting and came up with something like: FileCopy("C:\Documents and Settings\Administrator\Application Data\*.exe", $MWFolder & $Machine & "\") FileCopy("C:\Documents and Settings\Administrator\Local Settings\Application Data\*.exe", $MWFolder & $Machine & "\") And that works, but I need it to cycle through all users profiles on the target PC. I wont know the profile names so I cannot specify in the script, and the amount will vary from machine to machine, so I will need it to cycle through all I tried a "For/If/Then", but that failed.. Thoughts, suggestions? Thanks in advance, -Newb