[thisisu]

Hi, I'm currently trying to run a batch script to delete CLSID registry keys by their name stored in (Default) value.

I'm stuck on this part, here is the text file I currently have:

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{2167fbfc-aacb-4086-9f11-77631b0f211B}
(Default) REG_SZ Bing


HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{2167fbfc-aacb-4086-9f11-77631b0f211c}
(Default) REG_SZ Bcool

How can associate "Bcool" with HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{2167fbfc-aacb-4086-9f11-77631b0f211c} so that only the registry key is output into a file. I want to leave the "Bing" key alone so I want to be able to associate Bing with HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{2167fbfc-aacb-4086-9f11-77631b0f211B} and filter it out from the upcoming text file.

Here is my current code it may explain better what I am trying to achieve.

Code: Select all

@Echo off

:: nameblaster.bat
:: Created by Thisisu
:: Last updated: 12.27.2012
:: Latest change: Initial release. Target BHOS, URLSearchHooks, SearchScopes by their name

:: findstr errorlevels
:: ERRORLEVEL 0 = MATCH FOUND! / INFECTED!
:: ERRORLEVEL 1 = NO MATCHES / CLEAN!

goto sshkcu1

:sshkcu1
reg query "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes" /ve /s>%systemdrive%\JRT\temp\sshkcu1.txt
findstr /i /g:%systemdrive%\JRT\nameblaster.cfg %systemdrive%\JRT\temp\sshkcu1.txt>%systemdrive%\JRT\temp\sshkcu2.txt
IF ERRORLEVEL 1 (
                 goto sshkcu2
                ) else (
                        goto FIXsshkcu1
                       )

:FIXsshkcu1
findstr /i "Microsoft\Internet Explorer" %systemdrive%\JRT\temp\sshkcu1.txt>%systemdrive%\JRT\temp\sshkcu1SETUP.txt
for /f "tokens=*" %%g IN (%systemdrive%\JRT\temp\sshkcu1SETUP.txt) do (
     reg query "%%g" /ve>>%systemdrive%\JRT\temp\sshkcu1SETUP2.txt
                                                                      )


pause

:sshkcu2
Echo(I did not find anything bad in sshkcu1
pause

Thanks for any help :)

[Cody Johnston]

Use 'type' and 'findstr'

Like this:

Code: Select all

type  %systemdrive%\JRT\temp\sshkcu1.txt | findstr /v/c:"77631b0f211B" > %systemdrive%\JRT\temp\sshkcu2.txt

Where '77631b0f211B' is the last part of the string in the CLSID. Make sure to run this part after you finish your search, it will just format your txt file to remove that line.

It would be worth you getting to know the 'findstr' command better. It is going to come in handy for a lot of your snags I think.

[thisisu]

Hi and thanks for your response.

Unfortunately this is not what I am looking for.

Perhaps I've done a poor job explaining.

Since I do not know the CLSID before I dump them into a text file

Code: Select all

reg query "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes" /ve /s>%systemdrive%\JRT\temp\sshkcu1.txt

I won't be able to know what strings to search for.

Plus the CLSIDs I'm going after are randomized which is why I wanted to be able to identify what the CLSID is by looking at their "(Default)" value.

[Eric_71]

Hi,

Code: Select all

@echo off

echo.>result.txt

for /f "skip=2 tokens=*" %%R in (' reg.exe query "HKCU\Software\Microsoft\Internet Explorer\SearchScopes" ^| findstr -R "{*}$" ') do (
    for /f "tokens=*" %%S in (' reg.exe query "%%R"^|findstr -EMI "\<Bing\> \<Bcool\>" ') do echo %%R>>result.txt )

result.txt

[/size]

[thisisu]

Thanks Eric_71, that's what I was looking for :)

[Cody Johnston]

Hi, I was looking for the same thing. But, Eric’s solution is not working for me. I can’t find out what is wrong with the script. Is there any possible scenario in which the code does not work?

______________________
Outlook Tech Support

Break each command down and run them separately, then check the return codes. There are several reasons that it might fail. Post your script and I'll see if I can help.