there are 5 subkey of HKLM .i.e. SAM. Security, Software, Hardware and System
Virus edit HKLM\SOFTWARE\ HKLM\SYSTEM\CurrentControlSet\Services\ HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\ HKEY_LOCAL_MACHINE\Software\MicrosoftWindows\CurrentVersion\RunServices Never edit reg files if you do not know how to edit them.This could make your computer stop running .
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
Try another browser, like Firefox. Solution: 1: Create restore point and take registry backup. 2: we can get to the root of the problems with your system. I don't think MSN is the culpreit here. I'd like to focus on your startup programs. Let's go to the registry - what are in these keys.. anything that you thought was un-installed ? HKLM\Software\Microsoft\Windows\CurrentVersion\Run HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce HKCU\Software\Microsoft\Windows\CurrentVersion\Run HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce 3: If you face still problem and then download and install mozilla firefox browser and check it.
Some guys complained that vbs is not working, so I'm presenting here another solution.Copy the following code,paste in any notepad and save as "EnableRegEdit.inf" . Right-click and install; your regedit will be enabled.(Be careful to copy the code exactly as presented here including everything.Code is in Italic to avoid any misunderstanding...___________________________________________________________________________________[Version]Signature="$Chicago$"Provider=Symantec[DefaultInstall]AddReg=UnhookRegKey[UnhookRegKey]HKLM, Software\CLASSES\batfile\shell\open\command,,,"""%1"" %*"HKLM, Software\CLASSES\comfile\shell\open\command,,,"""%1"" %*"HKLM, Software\CLASSES\exefile\shell\open\command,,,"""%1"" %*"HKLM, Software\CLASSES\piffile\shell\open\command,,,"""%1"" %*"HKLM, Software\CLASSES\regfile\shell\open\command,,,"regedit.exe ""%1"""HKLM, Software\CLASSES\scrfile\shell\open\command,,,"""%1"" %*"HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\System,DisableRegistryTools,0x00000020,0_________________________________________________________________________________To enable Folder Options, copy following code,paste it in any notepad and save as "folderoptions.reg" file. Double click it and your folder options will be restored._________________________________________________________________________________Windows Registry Editor Version 5.00[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]"NoFolderOptions"=dword:0000000[HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Restrictions]"NoBrowserOptions"=dword:00000000__________________________________________________________________________________To enable Task Manager, copy following code,paste it in any notepad and save as "EnableTaskManager.reg" file. Double click it and your folder options will be restored._________________________________________________________________________Windows Registry Editor Version 5.00[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]"DisableTaskMgr"=dword:0000000
HKLM\System\CurrentControlSet\Control\SafeBoot
Run the command:reg export Example: reg export hklm\software\myco\myapp appbackup.regThis command will export all sub key and values of key "myapp" to the file "appbackup.reg"
how can i do remove nhatguanglan Solution[[User:Lander19|Lander19]] 15:09, 14 Jan 2008 (UTC)Enable Regedit, Task Manager, Regedit, Hidden Files, etc.Enable Task Manager-------1. Start> runreg add HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 0 /f2. Start> runreg add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 0 /fEnable Regedit-----1. Start> runreg add HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableRegistryTools /t REG_DWORD /d 0 /f2. Start> runreg add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableRegistryTools /t REG_DWORD /d 0 /fFolder Option & Hidden Files----------1. Start> runreg add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer /v NoFolderOptions /t REG_DWORD /d 0 /f2. Start> runreg add HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer /v NoFolderOptions /t REG_DWORD /d 0 /f3. Start> runreg add HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced /v Hidden /t REG_DWORD /d 1 /f4. Start>runreg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL /v CheckedValue /t REG_DWORD /d 1 /freg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL /v DefaultValue /t REG_DWORD /d 2 /freg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN /v CheckedValue /t REG_DWORD /d 2 /freg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN /v DefaultValue /t REG_DWORD /d 2 /fOther steps------Delete the filesC:\WINDOWS\SCVHSOT.exeC:\WINDOWS\hinhem.scrC:\WINDOWS\system32\SCVHSOT.exeC:\WINDOWS\system32\blastclnnn.exeC:\WINDOWS\system32\autorun.iniC:\Documents and Settings\All Users\Documents\SCVHSOT.exeModify some registries\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\ Shell REG_SZ --> explorer.exe\Software\Microsoft\Windows\CurrentVersion\Run\ Yahoo Messengger -->deletePrecaution[[User:Lander19|Lander19]] 15:09, 14 Jan 2008 (UTC)[[User:Lander19|Lander19]] 15:09, 14 Jan 2008 (UTC)~ Never double click on such files which look like folders, instead use folder view for navigation.You may like to disable "Shared Documents".
When Trojan.Hider.i is executed, it performs the following activities: It creates the below file which is copy of itself %system%\isass.exe For autoexecution it create the below registry entry "ImagePath" = "%System%\isass.exe " HKLM\System\CurrentControlSet\Services\CSNetManagerXp "UncheckedValue" = "1" HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\HideFileExt "HideFileExt"="1" HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced The file isass.exe is registered as a new system driver service named "CSNetManagerXp", with a display name of "CSNetManagerXp" and a startup type of automatic, so that it is started automatically during system startup.
HKLM\Hardware
HKEY_LOCAL_MACHINE and HKEY_USERS---- Book says HKLM and \Documents and Settings\username\Local Settings\Application Data\Microsoft\Windows\Usrclass.dat The essentials book says software hive and the Usrclass.dat file
System Registry Hive.