Saving User Registry

[SaintedRogue]

So I have a script that queries the PC for all users and then saves the user's registry hive. Or, at least it's supposed to. Best I can tell it's running properly but it's getting caught up on where to save it, which I believe is an issue with my quotations (something I cannot figure out for the life of me). Here is the code:

;Run script as an administrator.
#RequireAdmin
;Need to find the system date.
#include<date.au3>
;Make a TimeStamp
$TimeStamp = @MON & "-" & @MDAY & "-" & @YEAR
;Check for Evidence Folder
If Not FileExists(@ScriptDir&"\"&$TimeStamp&"\Evidence") Then DirCreate(@ScriptDir&"\"&$TimeStamp&"\Evidence")

Local $s_Out = ""
$h_Proc = Run(@ComSpec & " /c " & "REG QUERY HKU", "", @SW_HIDE, 0x08)
While 1
    $sTemp = StdoutRead($h_Proc)
    $s_Out &= $sTemp
    If @error Then ExitLoop
WEnd

$aLines = StringRegExp($s_Out, "(?m:^)\h*\S.+(?:\v|$)+", 3)
If Not @error Then
    For $i = 0 To UBound($aLines) - 1
        $s_Val = $aLines[$i]
        $s_Val = StringStripWS($s_Val, 2)
        RunWait('cmd.exe /c REG SAVE "' & $s_Val & ' "' & @ScriptDir & '\"' &$TimeStamp & '\Evidence\' & @ComputerName &'_"' & $i+1 & '.dat /y"') 
    Next
EndIf

What do you guys think?

[Sticky]

Your suspicions were correct:

RunWait('cmd.exe /c REG SAVE "' & $s_Val & ' "' & @ScriptDir & '\"' &$TimeStamp & '\Evidence\' & @ComputerName &'_"' & $i+1 & '.dat /y"')

Should be:

RunWait('cmd.exe /c REG SAVE ' & $s_Val & ' "' & @ScriptDir & '\' &$TimeStamp & '\Evidence\' & @ComputerName &'_' & $i+1 & '.dat" /y')

I just outputted the string of what you were submitting to the RunWait function, this eases the visualization of your command to help fix it.

[SaintedRogue]

Thank you so much! I appreciate the comparison. I have so much difficulty getting a hang on the uses of the various quotations. I just had so many variables I got lost.

Thanks again, mate!!!