Jump to content
Sign in to follow this  
Casey

Search and Delete

Recommended Posts

Casey

Hello All,

I have some manual cleanup of the file system and registry that needs to be accomplished for all users who have local profiles. I have figured out one way to load the NTUSER.dat for each profile that isn't a system profile. I looked at other options that I found in the forum and the web but couldn't get Run(@ComSpec to pass the REG LOAD command correctly. Every time I tried it something in the system would get locked and then the command wouldn't load the hive. I ended up switching to the code below based off the help file and some posts which works well on my systems.

$search = FileFindFirstFile("C:\Documents and Settings\*.*")

; Check if the search was successful
If $search = -1 Then
    MsgBox(0, "Error", "No files/directories matched the search pattern")
    Exit
EndIf

While 1
    $file = FileFindNextFile($search)
    If @error Then ExitLoop
    If $file == "All Users" Or $file == "LocalService" Or $file == "NetworkService" Or $file == @UserName Then
    Else
    ;MsgBox(4096, "Profile:","C:\Documents and Settings\"& $file)
        $Fsearch = FileFindFirstFile("C:\Documents and Settings\" & $file & "\*.*")
    ; Check if the search was successful
        If $Fsearch = -1 Then
            MsgBox(0, "loop 2 Error", "No files/directories matched the search pattern")
            Exit
        EndIf
        While 1
            $Xfile = FileFindNextFile($Fsearch)
            If @error Then ExitLoop
            If $Xfile = "NTUSER.DAT" Then
            ;$Hive = $Xfile
                $XHive = ("C:\Documents and Settings\" & $file & "\" & $Xfile)
            ;MsgBox(4096, "", $XHive)
                Run("CMD.exe", "", @SW_MAXIMIZE)
                WinWait("C:\WINDOWS\system32\CMD.exe", "")
                If Not WinActive("C:\WINDOWS\system32\CMD.exe", "") Then WinActivate("C:\WINDOWS\system32\CMD.exe", "")
                WinWaitActive("C:\WINDOWS\system32\CMD.exe", "")
                ControlSend("C:\WINDOWS\system32\CMD.exe", "", "", "cd\" & "{ENTER}")
                Sleep(256)
                ControlSend("C:\WINDOWS\system32\CMD.exe", "", "", "cls" & "{ENTER}")
                Sleep(256)
                ControlSend("C:\WINDOWS\system32\CMD.exe", "", "", 'REG LOAD HKU\NT "' & $XHive & '"' & "{ENTER}")
                RegWrite("HKEY_USERS\NT\Software\Microsoft\CTF", "Disable Thread Input Manager", "REG_DWORD", "1")
                RegWrite("HKEY_USERS\NT\Software\Microsoft\CTF\LangBar", "ExtraIconsOnMinimized", "REG_DWORD", "0")
                RegWrite("HKEY_USERS\NT\Software\Microsoft\CTF\LangBar", "ShowStatus", "REG_DWORD", "2")
                RegWrite("HKEY_USERS\NT\Software\Microsoft\CTF\MSUTB", "ShowDeskBand", "REG_DWORD", "1")
                Sleep(456)
                ControlSend("C:\WINDOWS\system32\CMD.exe", "", "", 'REG UNLOAD HKU\NT' & "{ENTER}")
                Sleep(456)
                ControlSend("C:\WINDOWS\system32\CMD.exe", "", "", 'exit' & "{ENTER}")
            EndIf
        WEnd
    ; Close the search handle
        FileClose($Fsearch)
    EndIf
WEnd
; Close the search handle
FileClose($search)
MsgBox(0, "Disabling Language Bar Complete", "The script is complete you may continue with what ever you were going to do next." & @CRLF & @CRLF & "Note: For the curently logged on user the change will not appear until next logon.")

Where I am stuck is on is identifying a way to search each proilfe under documents and settings to identify and delete the existance of the following.

C:\Documents and Settings\%Username%\Application Data\PureEdge

C:\Documents and Settings\%Username%\Application Data\Microsoft\Excel\Excel.xlb

C:\Documents and Settings\%Username%\Application Data\Microsoft\Excel\Excel10.xlb

C:\Documents and Settings\%Username%\Application Data\Microsoft\Excel\Excel11.xlb

C:\Documents and Settings\%Username%\Application Data\Microsoft\Excel\Excel12.xlb

C:\Documents and Settings\%Username%\Application Data\Microsoft\Excel\casey.a.poppsa.xlb

C:\Documents and Settings\%Username%\Application Data\Microsoft\Excel\XLStart\ApproveItEx.xla ; or any variation of starting with ~

C:\Documents and Settings\%Username%\Application Data\Microsoft\Templates\~$Normal.dot

C:\Documents and Settings\%Username%\Application Data\Microsoft\Templates\Normal.dot ; or any variation of starting with ~

C:\Documents and Settings\%Username%\Application Data\Microsoft\Templates\Normal.dotm ; or any variation of starting with ~

C:\Documents and Settings\%Username%\Application Data\Microsoft\Templates\Normal11.dot ; or any variation of starting with ~

C:\Documents and Settings\%Username%\Application Data\Microsoft\Word\Startup\ApproveItEx.dot ; or any variation of starting with ~

C:\Documents and Settings\%Username%\Start Menu\Programs\ApproveIt Desktop

C:\Documents and Settings\%Username%\Start Menu\Programs\Startup\ApproveIt StartUp.lnk

C:\Documents and Settings\%Username%\Start Menu\Programs\Pureedge Viewer 6.5

So I come to you looking on advise on the best way to handle the identification of files the may have several temp files with the ~ at the beginning of them. I came across a great example of searching provided by MrCreatoR at http://www.autoitscript.com/forum/index.ph...83239&st=15

I thought that if I could understand it then I would have a powerful tool at my disposal but unfortunately my abysmal understanding of StringRegExpReplace and expressions in general has ruled that out. I started to parse through it and comment it so that I could see how it was done but I failed to see what was happening in $sPath = StringRegExpReplace($sPath, '\\+ *$', '\').

Could someone please point me in the right direction?

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.