Over 1 million tech questions and answers.

Removing leftover registry values?

Q: Removing leftover registry values?


I've got several programs that I've uninstalled in the past that haven't removed themselves from the registry(or so I assume). Things like WinAmp (2 and 3..). Doesn't exist on my computer but windows still believes it to be the default player for certain files. A while back on the forums I saw a link to a program that would remove these little leftovers without requiring the user (me) to use regedit, which I'm not comfortable with, but I can't for the life of me remember what it was. Any suggestions?



Running Windows XP Sp1, P4 1.6 mobile

Preferred Solution: Removing leftover registry values?

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

A: Removing leftover registry values?

I use all these .

RegSeeker is a perfect companion for your Windows regsitry !
RegSeeker includes a powerful registry cleaner and can display various informations like your
startup entries, several histories (even index.dat files), installed applications and much
more ! With RegSeeker you can search for any item inside your registry, export/delete the
results, open them in the registry. RegSeeker also includes a tweaks panel to optimize your
OS !

RegSeeker is FREE for personal use only !

Click on Clean the Registry & tick > Scan Drives for old exe entries in the registry. Click OK.
My personal use , is to delete only the Green entries .
Left click to highlight , hold the Shift key down , to highlght bulk Green entries .
Right click to delete .


jv16 PowerTools , which doesn't expire , is available here:
http://down.hengshui.com/download.asp?downid=1&id=726 .
Click on Registry Tool > Tools > Registry Cleaner > Continue > Start .
When finished , Click on Select > Special select > Items that should be safe to remove > Remove.


OleClean ( Freeware . I tick all the boxes in Options ) from ,


Click on Unnecessary .
Don't use Duplicate files unless you really know what your doing .


Seeks out the rubbish left behind by other programs. Use regularly it will save space. It can auto run at times set by you.


This is a program that fixes serious bugs in the Internet Explorer cache manager (versions 3.0
on up through and including Internet Explorer for Windows XP, and IE6). This program basically
takes over the job of managing the cache from Internet Explorer, and the result is your web
browsing session will be more enjoyable. CacheSentry isn't like those "web acceleration"
programs that hook into IE and attempt to make guesses about your browsing habits. CacheSentry
simply does a better job of removing files from the cache, and fixes a few other bugs present in
most versions of Internet Explorer.

Read other 1 answers

I like to reformat my computer periodically, it keeps everything running smooth. The time had come to reformat, so I popped in my XP Pro install disc and let it whirr. I did the usual deal, deleted my old partition, and recreated a new one using a Quick NTFS Format. The install went smoothly.

Now however, I'm looking at some registry values, and I have all kinds of entries from old programs that were installed before I formatted. There are a few games on the list (FEAR, Oblivion, etc), the only problem is, I haven't installed those programs yet. It seems as if the format I've done didn't actually clean everything off.

I have two harddrives, but I use one for all the downloads/files/pictures/documents/other OS's/etc, and I use the other one just for installing XP and my programs. Is it possible that the quick format didn't do its job? Maybe it didn't get to delete the partition tables correctly or something, I dunno.

Anyone else ever have this problem before?

A:Leftover registry values after reformat

Read other 6 answers

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "RunInvalidSignatures" = "1"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyOverride" = "
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyServer" = "http="
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations "LowRiskFileTypes" = ".exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments "SaveZoneInformation" = "1"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "<random>"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "<random>"
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "CheckExeSignatures" = "no"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyEnable" = "1"
The above are the registry values that I obtained from a guide (http://www.bleepingcomputer.com/virus-removal/remove-antivirus-suite), Malware Byte... Read more

A:Question about removing registry values that are associated with antivirus suite

Hi there, nugetsnfries. to Bleeping Computer.I have looked at that tutorial and checked these registry keys myself.First, backup your registry. How to back up and restore the registry in Windows XPBack up the registry in Vista and Windows 7 (use Method One: System Restore)Now, you can delete all of those keys you listed except this one: HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "CheckExeSignatures" = "no"Change the no to yes.All the others can be deleted. They are related to the proxy settings set by the malware or settings that it implemented (incorrect settings).Be careful when deleting them. If you delete the wrong key(s), you will do damage to the registry. If this happens, you can restore the registry from the backup you made earlier (but let's hope we don't have to).Next, visit this: How did I get infected?

Read other 5 answers

NoVirusThanks Registry Guard is a powerful utility which uses a kernel-mode driver to prevent any process or only specific processes from writing\reading\deleting custom registry keys\values. You can prevent, for example, any process from writing to registry autostart locations, or prevent processes from hijacking your Internet Explorer registry settings, and much more. With NoVirusThanks Registry Guard you can protect custom Windows registry keys and values from unauthorized modifications, a swiss army knife against nasty malware. Recommended for experienced Windows users only.
Key features and characteristics

Prevent the modification of specific registry keys and values
Useful to protect all registry autostart locations
Write your own rules to block custom registry keys and values
Specify to monitor any process or only specific processes
Easy-to-write rules thanks to wildcarding and aliases
Monitor the creation of registry keys
Monitor the writing\modification of registry values
Monitor the deletion of registry keys and values
Monitor the reading of registry values
Show useful information when an action is blocked
Powerful protection thanks to the kernel-mode driver
Supports all Microsoft Windows Vista+ OSs
Very lightweight in memory and CPU usage

By default, NoVirusThanks Registry Guard prevents any process from writing to common registry startup locations. To edit the default rules or to create your custom rules, click the button ?Rules? (it may ask you Admin cred... Read more

A:NVT Registry Guard - Protect registry keys and values

Does it provide the same protection of the Registry as WinPatrol free?

It doesn't have GUI. So if I install a prog is it enough just to stop the NVT Registry Guard and then start again?


Read other 11 answers

As I using Windows long time and have uninstall and install many apps and the uninstalled apps left some registry entries, most of the entries is under HKEY_Current_User\Software and HKEY_Local_Machine and many keys name is same as the uninstalled apps, does it is safe to delete the entries?

A:Should I delete leftover registry entries

I sometimes encountered problems re-installing applications after normal uninstall and manual registry key deletions of same applications.

Could be because these keys can be associated with files which are still present in program files folder and other locations, so deleting these folders is what I would do. but still re-installation could be incomplete some times.

Read other 17 answers

I uninstalled AOL 9.0 off of all of my computers (because it sucks). I scanned all of them with a few Registry Cleaners (Ace Utilities, System Suite, and RegScrubXP). Then I opened regedit and searched for all entries with AOL in it an got a ton of left over entries.

I was wondering why these Registry Cleaners didn't get them.

But I do have AIM and I am thinking some entries belong to that so I don't know what to delete.

Any Help?
~ Thanks, 2madre

A:AOL leftover registry entries after uninstall

Read other 6 answers

Hi, I think I have something leftover from an uninstall and I'd prefer to get rid of whatever is left if possible please.

My CPU was consistently running at 50% when using audio programs (iTunes, VLC etc) and the culprit was the System Process. I later found out it was "stdriverx64.sys" specifically, and that it is associated with NCH software. As such I've attempted to remove those programs (via Control Panel). This has solved the CPU problem and all but two of the programs seem to have been removed successfully.

The remaining programs are "Prism Video File Converter" and "Express Zip". If I log in as Admin, these are NOT present in the Control Panel uninstall screen, however they are present when logged in as my usual user account (no admin rights). Clicking uninstall does not work: for Prism nothing happens, and for Express Zip I get the message "Access denied while deleted registry contents" followed by a reboot request which does not help. The same thing happens via CCleaner. I also tried a different third party uninstaller but it was also unable to help ("Best Uninstall Tool").

Is there a way I can get rid of these?

Thanks for any help!
OS: Windows 7 Home Premium 64bit + Service Pack 1

A:Removing leftover bits of NCH software

Let's see if AdwCleaner finds and removes some of the 'left-overs'.

Download AdWareCleaner AdwCleaner Download to your desktop
1.Right-click on adwcleaner.exe and select Run As Administrator to launch the application.
2.Click on Delete button.
3.Confirm each time with OK.
4.Your computer will be rebooted automatically. A text file will open after the restart. Please post the content of that logfile in your reply.
Note: You can find the logfile at C:\AdwCleaner[Sn].txt as well - n is the order number.

Read other 9 answers

Hi, i'm trying to understand what these folders are for, they are on my non system drive, i'm guessing they are left over from a previous windows installation. when I try to remove them it says I have no permission to modify them. How would I go about deleting them?


A:Removing leftover system files

To help us help you,please use the TSG System Info tool to let Tech's know the specs of your computer: http://static.techguy.org/download/SysInfo.exe Copy and paste the results here in your thread. You can use the TSG Info to fill in your computer information in your user profile as well.

Also, if its a brand name system like an Acer,Dell or HP, please post the exact model of the system.

Read other 1 answers

Hi ExpertsI had installed TheGreenBow IPSec VPN Client on my laptop, then I uninstalled by using a utility called Revo Uninstaller.Then I used a utility from TheGeenBow website to clean completely leftover as belowhttp://www.thegreenbow.com/vpn_faq.htmlI cannot uninstall IPSec VPN Client softwareProblem: I cannot uninstall IPSec VPN Client software, it always asks to first uninstall the previous version.Solution: You can use our tool to clean the remaining components of IPSec VPN Client software.But whenever I installed a fresh copy a message pops up :you have a previous version ,,,,etcIs there any other utility helps me to clean a leftover registry for an uninstalled program ??Thanks

A:Remove leftover registry for uninstalled program

If you had a paid version then you need to contact their supporthttp://www.thegreenbow.com/support.htmlIf you are trying to reinstall the 30 day evaluation version then you need to buy the program.

Read other 1 answers

Hi Experts

I had installed TheGreenBow IPSec VPN Client on my laptop, then I uninstalled by using a utility called Revo Uninstaller.

Then I used a utility from TheGeenBow website to clean completely leftover as below
I cannot uninstall IPSec VPN Client software
Problem: I cannot uninstall IPSec VPN Client software, it always asks to first uninstall the previous version.
Solution: You can use our tool to clean the remaining components of IPSec VPN Client software.Click to expand...

But whenever I installed a fresh copy a message pops up :

you have a previous version ,,,,etc

Is there any other utility helps me to clean a leftover registry for an uninstalled program ??


A:Remove leftover registry for uninstalled program

Read other 11 answers

Looking through the C:drive on my Widows 10 desktop PC, I have discovered a folder named ComboFix. I ran a ComboFix scan and repair a couple of years back under directions from BleepingComputer.com when i had a different username (chipparus) and adifferent OS (Windows 7 I think).
Out of curiosity I looked at the properties of this folder which states
Type: Folder
Location:   C:/
Size:   60.3 MB
Files    337
Folders    3
However, when I click on the folder it seems to contain a replication of "My PC" including six system folders and Drives: C:/, D:/, E:/, F:/ & G:/ including all content amounting to over 500GB. I am wondering if this is a duplication or some sort of false library folder and whether or not I can get rid of it?
Any advice would be much appreciated.
Many thanks

A:Removing leftover ComboFix folders Windows 10

Please download DelFix by Xplode and save to your Desktop.Double-click on delfix.exe to run the tool.Vista/Windows 7/8/10 users right-click and select Run As Administrator.Put a check mark next to these items:- Remove disinfection tools- Create registry backup.Click the "Run" button.When the tool has finished, it will create and open a log report (DelFix.txt)-- Doing this should remove ComboFix and all of its related files/folders as well as any other specialized tools downloaded and used for malware removal. Any leftover logs, files, folders or tools remaining on your Desktop which were not removed can be deleted manually (right-click on it and choose delete).

Read other 3 answers

I couldn't put my computer into a standby mode two days ago. I had to hold the on/off button until it shut off. When I turned it back on, I received what I believe was a fake 'Security Center Alert' stating that my computer was at risk and the following virus had been found by Windows' Firewall: win32.netsky.q I say fake because I don't have my Windows firewall activated, I use the Norton Internet firewall. But when I went to my Windows firewall application, it was turned on. Not by me, though.
The alert mentioned worms/viruses can perform key-logging. There was a button to "Enable Protection" which opened up a web page to purchase some protection. I could close the 'Alert' by clicking on the 'X' button, which I did.
The alert would show up every 10 minutes. I went online to determine how to remove malware win32.netsky.q, which I did.
I haven't had any more of those notices, but now whenever I boot up or restart, Windows Data Execution Prevention pops up with "To help protect your computer...windows has closed this program: svchost with a button to 'make changes' or ' close message.' When I click on 'make changes' it goes to the Control Panel-->System-->Advanced-->Performance window where I've had it set, for years, for DEP to do whatever it does except for iexplorer.exe. But now there is svchost, so I checked it. The I tried unchecking it, but the same DEP notice kee... Read more

A:Leftover problem after removing win32.netsky.q worm

Is there another site I could try to get some help? Thanks.

Read other 1 answers

Hello, Windows XP user.

A few days ago, my AV picked up malware that was deleted successfully and am certain that there is no malware lurking about on my system, however. After researching the malware, I read that it may toy with the registry.

My registry reads as following:

# HKEY_LOCAL_MACHINE\system\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\DomainPr ofile\"DisableNotifications" = "0"
# HKEY_LOCAL_MACHINE\system\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\DomainPr ofile\"EnableFirewall" = "1"
# HKEY_LOCAL_MACHINE\system\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\DomainPr ofile\"DoNotAllowExceptions" = "1"

* HKEY_LOCAL_MACHINE\software\Microsoft\Security Center\"FirewallDisableNotify" = "1"
* HKEY_LOCAL_MACHINE\software\Microsoft\Security Center\"UpdatesDisableNotify" = "1"
* HKEY_LOCAL_MACHINE\software\Microsoft\Security Center\"AntiVirusOverride" = "0"
* HKEY_LOCAL_MACHINE\software\Microsoft\Security Center\"AntiVirusDisableNotify" = "1"
* HKEY_LOCAL_MACHINE\software\Microsoft\Security Center\"FirewallOverride" = "0"

Please ... Read more

A:Registry values

are you using windows firewall or a third party firewall?

Read other 7 answers

I recently un-installed several Dell crapware applications from my computer. Also I installed Acrobat Reader 8, then un-installed Acrobat Reader 7. I decided to un-install Acrobat Reader 8 and re-install AR 7. I used CCleaner, RegCleaner and EasyClean Reg Cleaner to remove leftover traces after each un-install. Things seem to have gone smoothly enough, but then I did a HJT scan.The HJT scan included: R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =; and R3 - Default URLSearchHook is missing. I check those boxs, clicked FIX and rebooted.I did another HJT scan an discovered that the RO and R3 were still present. Actually I repeated the process several times. In the registry, I located the KEY with the R3 ... - Default URLSearchHook is missing, but received the error message ... Cannot open URLSearchHooks: Error while opening key. Do I have problems? I don't know. The RO and R3 are troubling to me.Please advise.SYSTEM DESCRIPTIONDell Dimension E310OS Name Microsoft Windows XP Professional XP Media Center Edition 2005 with Rollup 2Version 5.1.2600 Service Pack 2 Build 2600OS Manufacture MicrosoftSystem Manufacture Dell Inc.System Model Dell DV051System Type X86-based PCProcessor X86 Family Model 4 Stepping 9 GenuineIntell~3059 MhzProcessor X86 Family Model 4 Stepping 9 GenuineIntell~3059 MhzBIOS Version/Date Dell Inc. A04, 4/4/2006SMBIOS Version 2.3Total Physical Memory 1,024,00 MBAvailable Physica... Read more

A:Registry Values

Hi pogo666,

We're studying your log and will be back to you a.s.a.p.

Thanks for your patience.

Read other 32 answers

I got infected by qksee adware/malware a while back. I have looked at few websites and it says that it infects typical image files like jpeg, png and gif. I have deleted thise values and i was fine with jpeg and png but now i need non-infected gif values!!!

Read other answers

I want to edit registry & want to know Necessory Values( which are realy Importent for day to day Use).


Shahid Khan

A:Want to know Registry Values

The regsitry is not meant to be read by humans; it is enormous. The sensible way to use it is to look up specific settings that you want to change via google or help sites and leave the rest well alone.



Read other 2 answers

for one of our products, we have a system that sometimes needs to be audited to make sure that it has not been tampered with. To do so, we export relevant sections of the registry into files and create a checksum over the exported files.
That works well, but on one of our systems, we have a mismatch, because the value for the registry key ShutdownFlags in the hive HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon is different. It is dword:80000027 on all machines,
but on this one specific system, it is dword:80000427. Obviously, this results in a different hash value and therefore, the audit fails.
I tried to find documentation about this key, but wasn't able to find any. Does anybody know the different flags and values for this key?

Read other answers

What does it mean to "purge" registry values? I am getting help from Microsoft and I was told to purge certain registry values.

A:'Purge' registry values? What does it mean?

I'm 99% sure it means delete

Read other 4 answers

I'm still trying to piece together this mystery laptop of mine and am in the registry looking around. (I haven't changed anything yet, don't worry)..

I'm wondering what these registry keys/values mean and what their settings SHOULD be? I'm the ONLY user ...

And here's what it contains:
AudioEnumeratorDLL: rdpendp.dll
Baud Rate:
ConnectType: 1
fAutoClientDrives: 1
fDisableAudioCapture: 0
fDisableCam: 0
FDisableCcm: 0
fDisableCdm: 0
fDisableClip: 0
fDisableCPM: 0
fDisableEncryption: 1
fDisableLPT: 0
fEnableBreakDisconnect: 1
fEnableDsrSensitivity: 0
fEnableDTR: 1
fFlowSoftwareRx: 1
fFlowSoftwareTx: 1
fForeceClientLpt: 1
fInheritAutoClient: 1
FlowHardwareRx: 1
FlowHardwareTx: 1

Those are a few but the list goes one....by looking at this, am I secure? Have these entries been added by someone else, or are they normal?

Thanks to all...

A:Registry Values fEnableRTS and DTR, what do they do?

Just disable TerminalServices and you do not need to worry about its settings.


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd]


Read other 2 answers

It has been a full week and still no response. Any help would be appreciated. I am worried about the security of my computer.

A:Are the following registry values legitimate?

Please download Malwarebytes Anti-Malware (v1.36) and save it to your desktop.alternate download link 1alternate download link 2If you have a previous version of MBAM, remove it via Add/Remove Programs and download a fresh copy.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself.Press the OK button to close that box and continue.If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install. Alternatively, you can update through MBAM's interface from a clean computer, copy the definitions (rules.ref) located in C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware from that system to a usb stick or CD and then copy it to the infected machine.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will s... Read more

Read other 4 answers

Hi all,
I am having trouble getting a GPO to create a new registry key that has 3 values on a Windows 7 x64 client. In the GPMC it's under Computer Configuration>Preferences>Windows Settings>Registry. I've tried using registry items and the registry wizard. Both end up creating only the first value and not the other two values.

What I want to do is under HKLM\SOFTWARE\Microsoft\Rpc, create a key named ?Internet?, and then give the Internet key 3 values, for example: ?One? REG_MULTI_SZ 100-200, ?Two? REG_SZ Y, ?Three? REG_SZ Y.

Whether I use Create or Update, or I?ve even tried using the registry wizard to import the existing good key and value structure on a computer, when I try it on a test computer and do a gpupdate /force to get the new policy, it only creates the ?Internet? key and the first value ?One? REG_MULTI_SZ 100-200; but not the other two values of ?Two? and ?Three?.

How can I get a GPO to create a registry key with multiple values?

Attached are screenshots of the GPO and the result of what the client gets. Notice it created only "One" but did not create "Two" or "Three".

Read other answers

Ok so I thought I was doing my computer some good by cleaning the registry. I found out today that there are parts of my registry missing because when I go to the power options menu, some of the tabs aren't there and there are no standby and hibernation settings. My computer will not go into standby.

Under the advanced tab in power options when the option "When I close the lid of my computer" the only option in the drop down menu is "Do nothing".

My Computer is an IBM Thinkpad and my OS is Windows XP

A:Some values on the registry are missing

Registry cleaners are frowned upon in the general PC community. Your best bet would be to reverse what action you took, with whatever program you used to clean it, or to use system restore to restore it to a point before the cleaning proccess.

Read other 1 answers

XP Sp2
Was looking at Registry settings for Internet Explorer 6 Security HKLM\Software\Microsoft\Windows\CurrentVersion\InternetSettings\Zones\ and noticed that the same Keys and Values are in
HKCU|Software\Microsoft|Windows|CurrentVersion|InternetSettings\Zones\ but do not have same data in the Values.

Also see that Zones is in HKU hive with similar settings.

Appears that settings in HKLM are used, but I was curious if anyone knows this for sure and if anyone knows why the duplicate keys and Values but different data.

THis has to do with some odd happenings in browsing

thanks, Allan

A:Registry Keys and Values


The LOCAL_MACHINE hive is the main hive and affects all users. The CURRENT_USER hive is an integral part of this hive, and represents a key beginning S-1-21 etc, one for each User on the computer. For convenience of viewing and editing, the Registry Editor splits out the key for the currently logged-in User as the separate hive CURRENT_USER. If you log in as a different User - say Administrator, or Guest - you'll see the values that have been set by that particular user. The USERS hive, again split out of the LOCAL_MACHINE hive, shows all the Users registered on the computer.

Read other 2 answers

I was wondering if there are other ways of write registry values to the Windows Registry other than importing a .reg file, and running a .bat file containing a 'reg add/delete/etc ...' command.

As of now, the computers at my school contain value of hex 1 for DisableCMD under HKCU\Software\Policies\Microsoft\Windows\System. This means that the command prompt is disabled and batch files are allowed to run. My solution to this was to run a batch file containing the appropriate registry value, overwriting the value of hex 1 to hex 0, to allow full access to the command prompt. I have a feeling that this value might be change to hex 2, meaning no access to cmd and no running of batch files.

I was wondering if a script written in another programming language is able to manipulate the windows registry. And if there is a language capable of doing so, will I be able to run it with its native file extension? (ex: .py, .vbs, etc. as opposed to converting it to .exe)

A:Writing values to Registry

Sorry Frank,

You will need to talk to the school's system administrator about this. Discussing ways to hack or break their policies is not allowed in these forums.


Read other 1 answers

Hi i scanned using MBAM this result came up.. and I don't know what the problem is or how to fix it:
Malwarebytes' Anti-Malware 1.24
Database version: 1028
Windows 5.1.2600 Service Pack 2

10:14:45 PM 8/9/2008
mbam-log-8-9-2008 (22-14-30).txt

Scan type: Full Scan (C:\|)
Objects scanned: 73225
Time elapsed: 26 minute(s), 23 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 5
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{a26503fe-b3b8-4910-a9dc-9cbd25c6b8d6} (Trojan.BHO) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bf (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bk (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\iu (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Brow... Read more

A:Registry Values Infeted

Please update the scanner , run it again amd post another log,thanks.

Read other 1 answers

Hi their is four of us using this computer each with their own password my son done something to the computer it just freezes up. the only way I'm on the net now is through safe-mode.don't know exactly what his done but when i did a superantispyware scan and a mbam scan a lot of stuff came up that he should not have been on I've got the logs but to embarrassed to show them.after the scans it deleted what it found but still the computer is no good my os is windows xp home one Moore thing my avast gone down not secured any more? not sure what to do

Read other answers

I am NEW to this but savi enough to learn how to fix computer problems. My computer found a trojan while doing it's weekly check, after some research I found a few add-on's I did not recognize. I used HJT and erased all the 'bad' values. Here is the recent scan results, (I see that they are asked for in all forums)
This is the suspect:
"0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page ="

Here is the rest:
Logfile of HijackThis v1.99.1
Scan saved at 1048 PM, on 2/22/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Running processes:
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Intel\Intel Matrix... Read more

A:Suspect registry values


Read other 1 answers

Can anyone tell me what the Value name and value data is supposed to read in
the following; Name ( 002 ) Type ( Reg_sz ) Data ( Task bar and start menu )
Name ( 001 ) Type ( Reg_sz ) Data ( PDC_SDK.dll )`
Path; HKEY_USERS\S-1-5-21-1757981266-1844237615-725345543-1004\Software
\Microsoft\Search Assistant\ACMru\5603 ?? OS XP Home SP3; IE8.



Read other answers

Logfile of Trend Micro HijackThis v2.0.2Scan saved at 7:51:26 AM, on 9/12/2008Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16705)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\cisvc.exeC:\WINDOWS\system32\drivers\KodakCCS.exeC:\PROGRA~1\McAfee\MSC\mcmscsvc.exec:\program files\common files\mcafee\mna\mcnasvc.exeC:\Program Files\Microsoft Windows OneCare Live\OcHealthMon.exeC:\WINDOWS\System32\ScsiAccess.EXEC:\WINDOWS\System32\snmp.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exeC:\Program Files\Microsoft Windows OneCare Live\winss.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\cidaemon.exeC:\WINDOWS\system32\cidaemon.exeC:\Program Files\Microsoft Windows OneCare Live\winssnotify.exec:\PROGRA... Read more

A:Hijack This; Registry Values

Hi Hijackthis really only gives an idea as to what malware you may have, it is best to let other programs remove the malware completely, then use hijackthis to remove any orphans left over after removal...I see you have CCleaner set to run at startup, is it set to delete temp files ? because you have this running from a temp folder :-C:\DOCUME~1\GEORGE~1.COM\LOCALS~1\Temp\bwgo026f43aa.exeDo YOU know what it is ?Please Download Malwarebytes' Anti-Malware from Here :-http://www.majorgeeks.com/Malwarebytes_Ant...ware_d5756.htmlor here :-http://www.besttechie.net/tools/mbam-setup.exeDouble Click mbam-setup.exe to install the application.* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.* If an update is found, it will download and install the latest version.* Once the program has loaded, select "Perform Quick Scan", then click Scan.* The scan may take some time to finish,so please be patient.* When the scan is complete, click OK, then Show Results to view the results.* Make sure that everything is checked, and click Remove Selected.* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.* The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.* Copy and Paste the entire report in your next reply.THEN ...Please follow these directions to run Combofix & post a log.http://www.bleepingcompu... Read more

Read other 2 answers

My Remote Procedure Call (RPC) isn't able to be enabled.

I've found that maybe changing the values in the registry might fix my problem.
However i'm not able to change the value that is needed
When I try and change the value of the ConfigFlags DWORD from 20 to 0 it doesn't let me.

In dos it says: Access Denied
In GUI running a script it says: Some values could not be added because they are in use by the system
and in the GUI Registry it says: Can't change the current set values

please help

A:RPC to fix, but Can't change registry values

You have to have admin rights and some keys can't be altered. It varies based on the version of Windows being used (ie: Home or Professional).

Read other 3 answers

Hi team i looking script to update registry value (HKLM--Appv-Streaming--packagesource root--Data (needs to set server name) via powershell scripts for mutiple computers (more than 1K computers). same should capable to set registry values on remote computers

Read other answers

Have you experienced or heard of this:

I was Downloading Zipped files from a known source on WeTransfer, a fee paid file sharing service.

The moment the download finished my keyboard inputs went all squirrely. When I entered keyboard commands things either didn't happen correctly or they didn't happen at all.
I shut the system down and unplugged the internet.

On Reboot to Windows NO keyboard input was possible.
On Again reboot trying to get to safe mode no keyboard input was possible. I was unable to use the arrow buttons.
On reboot to the UFEI/BIOS ( using f2) The keyboard operated correctly.

SO I suspected the registry

I put the Installation disk in and got it to boot in safe mode and the keyboard was operating correctly.

I have since opened the Zip files I downloaded and experienced no ill effects.
My suspicion is that some one in the middle of the transfer ( possibly an angry employee at We Transfer) send me something in a packet that re-wrote a registry value for the keyboard locking it out of windows processes.

Does this make sense to you?

Read other answers


My Language bar (ctfmon.exe) has disappeared because of the worm Win32.VB.nk. I suspect that this worm deleted some system files, and also their string values in the Registry.

I have now deleted this worm, but can still not use any other keyboard than the English one because Language bar is missing.
This is an urgent problem for me as I study Chinese, and need to write assignments with Chinese characters.

Besides that the Language bar is missing, also I can't run these two commands from Start/Run...:

gpedit.msc (Group Policy Editor)

My laptop (HP Compaq nx7300) is very sluggish and slow now, both when using the internet and also when I run any application.

However, I have cleaned all viruses now (including the worms) with Rising Antivirus, so my laptop should really be clean.

This is what I've tried so far, without any positive result:

1. www.dougknox.com/xp/utils/xp_emerutils.htm (copies of regedit, msconfig, Task manager from a friend who owns a Windows XP Pro English version, which is the same windows version that I have).

2. Start/Run sfc.exe (I inserted my Windows XP Pro original CD-ROM, and the disc device was very busy all the time so I assume that the missing system files were being copied from my original CD-ROM to c:\windows\system32).

3. Control Panel: regional and language options/Languages/Text services and input languages: details/Preferences
(Language bar is grey scaled and it's not possible to cho... Read more

A:System files and registry values

'2. Start/Run sfc.exe (I inserted my Windows XP Pro original CD-ROM, and the disc device was very busy all the time so I assume that the missing system files were being copied from my original CD-ROM to c:\windows\system32).'

You need to enter sfc /scannow , not just sfc.exe .

Read other 14 answers

Where would a person go to find the valid entries for all sorts of registry keys. While most keys will turn up in a Google search, the entries many times do not.

For example, at location:


there is an entry called: LaunchPermission. It is a REG_BINARY type.

Because this entry exists, it prevents me from chaning settings on the (in this case) Microsoft's Automatic Update feature.

I'm afraid to remove it, I'm also concernd about just chaning it, as the entry is binary, and chaning a value can have far reaching effects.

Any ideas you can provide will be greatly appreciated.

(Why would it even exist in the first place? Especially if MS doesn't publish this type of data, and some nice(?) guru decides to install it?)

A:Find valid values for Registry key

Read other 10 answers

I let my computer install windows updates over the night as I shut it down, and after starting it up this morning, I can no longer run .exe files. Upon trying to run a .exe file, a window pops up stating "The filename, directory name, or volume label syntax is incorrect." It's never done this before, so I googled it and read it could be some sort of trojan that has changed registry values but I have no idea what it truly is.

A:Am I infected? Registry Values changed?

 Try booting to Safe Mode with networking.  If you can, try installing Malwarebytes and doing a scan.  If Malwarebytes doesn't fix it, you could try System Restore back to an earlier date.
Good luck.

Read other 1 answers

I'm attempting to install SQL 2005 on my mobile workstation and I ran into an error that I cannot resolve after hours of googling. The following registry key
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\009
has a REG_MULTI_SZ entry called "Counter" that should contain a list of readable lables and values, but my entry looks like this:
I cut the entry's value short, the hex data extends to about 3000 lines (I exported the entry and opened it with a text editor). The entry for "Help" looks the same.

Any expert here that can crack this code and help me know how the text was converted into a string of hex values?


Read other answers

I didn't quite know where to put this question, because it covers a few different ares, so I went with the general board.

Now... My Dvd and Cd drives refuse to read anything that I give them. I went into the cdrom registry set, and noticed that the Upper and Lower filters were missing completely. I figured that a simple system restore would solve the problem, but apparently system restore turned itself off at some point, and now there are no restore points for me to go back to. I don't know if the missing keys have anything to do with the problem, but I think that leads into my next one;

My Iomega external hard drive has worked perfectly fine for quite some time, but just today my computer stopped acknowledging it's existence. It gives me drive M, which only contains the IomegaEncryptionSetup.exe, but drive N (what usually shows up with all of the files) is nowhere to be seen. I plugged the hard drive into my laptop, and it works perfectly fine, meaning it's not corrupted.

So in summary;
1) Why is my hard drive not showing up?
2) How do I restore the Upper and Lower Filters?
3) What's wrong with my dvd/cd trays?

A:Missing Registry Values for Drivers

Upper and Lower filters are not necessary and are installed by other burning programs (Like iTunes) if your CD/DVD is not working and has a yellow flag in the Device Manager, it's suggested to remove these filters. Check this by going to Start/Run and type devmgmt.msc and press enter.
If your CD/DVD drive is not reading any discs, then the laser has probably failed and the drive needs to be replaced. You can try a laser cleaning kit, but I doubt that will help.
With your Iomega drive, make sure you have the correct power adapter attached (incorrect ones will cause this problem) be sure you are plugging the power adapter into the Wall Socket and not through a surge protector or Extension cord as this diminishes the power. Be sure you are plugging the USB cable into the Back USB port of the computer and not the front or through a Hub as these ports are weaker.
Once the drive is recognized, go to Start/Run and type diskmgmt.msc and press enter. In the Disk Management Window do you see your drive there?

Read other 6 answers

hey all

i think ive just made the biggest mistake. i downloaded this program from major geeks called 'RegScrub XP'. i assumed that it locates and deletes registry entries that are old and not in use.

so in the program, on one of the tabs, i think it was 'user defined...' (or rather), i located all the registry entries and then deleted all of them. i know, stupid mistake. so now all the files and programs on my computer cannot open. all of the icons in the start menu and everywhere have that unspecified icon image, and when i try to open it it says - use the web service to find the appropriate program
- select the program from a list

basically my whole computer is messed up and not only that, to add insult to injury, unknowingly, i deleted the backup files of the RegScrub XP program.

im all out, my system restore was turned off cos i needed free space some time ago and ive since forgotten to turn it on.

any help pleasee?

A:Solved: essential registry values all gone

Read other 16 answers

Yea I did something stupid and deleted some part of my registry, I just don't remember what it is. Now when I try to click on My Documents, My Computer, and Control Panel, the error message "This file does not have a program associated with it for performing this action...." Anybody know what I might have done? Thanks.

A:Deleted some important registry values. I think...

i don't know what you did but try going to the windows download centre,they allow you to scan your computor and will give you any vital components that are found to be missing

Read other 7 answers

Ok, I have a question that I find hard to word, but I'll try to explain it best I can. (I also hope I have my registry definitions correct.)

I am trying to find out how to see, and how to change where a registry value gets its data.

For example, I am looking at the subkey HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\LogonUI\Backgrond

Within this subkey there is a value called OEMbackground. I am trying to find out where this value gets its data. The value tells Windows rather to use the default embedded Windows login background or rather to specify my own. The value says to use a backgrounddefault.jpg file located under %windir%\windows\system32\oobe\info\background. I am trying to find out how the value knows this - where it gets the information from, and how I can change it. My company wants to be able to create our own folder and store the background image there, not within this preset directory.

Does that make sense? Hope to get some help


Read other answers

I'm attempting to install SQL 2005 on my mobile workstation and I ran into an error that I cannot resolve after hours of googling. The following registry key

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\009
has a REG_MULTI_SZ entry called "Counter" that should contain a list of readable lables and values, but my entry looks like this:

I cut the entry's value short, the hex data extends to about 3000 lines (I exported the entry and opened it with a text editor). The entry for "Help" looks the same.
Any expert here that can crack this code and help me know how the text was converted into a string of hex values?

A:Perflib Registry Key Displays as Hex Values

Read other 6 answers

Hi all,

Quick Brief -

I have kaspersky anti virus installed on a windows 2000 server, it used to update from the administration kit. However problem with that server, means that the admin kit is no longer running.

I cannot update kaspersky manually as it says it is controlled by administrator, and there is no update section of the settings, for me to change where the server looks for its updates.

Think it maybe something that can be changed in the registry editor, however when i attempt to change the value, i get a 'Error writing the values new contents'

The correct permissions have been set, but still not working.

Any help would be greatly appreciated.


A:Cannot edit registry values - Kaspersky

You should not change the registry if you are not really knowing what are you doing. Anyway, do u windows' account have administrator privilages? If u have try to unistall completaly the antivirus and reinstall. I think that this way is easier than change the registry.

Read other 1 answers

I got a several popups suddenly yesterday ... I deleted a few suspicious files from \windows\system32\ (~.exe and comcatk.dll) ... the popups stopped but I still have a few registry keys that I cannot get rid of ....

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bf
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bk
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\iu
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\mu
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F0B5E3AA-B142-4DF8-94E4-5C811317E875}

any help would be appreciated
 Attach.txt   19.08KB

... dds.txt file ...........

DDS (Ver_09-01-19.01) - NTFSx86
Run by stephen fischer at 9:07:59.26 on Fri 01/30/2009
Internet Explorer: 6.0.2900.5512
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.767.505 [GMT -9:00]
============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\... Read more

A:locked registry keys/values

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results, click no to the Optional_ScanFollow the ... Read more

Read other 3 answers

How i can search and backup ALL VALUES of entire registry for and only specific program so i can restore it to another one?

I want that because i have issues with bsplayer and doen's play some audio of files before it play normally.

I already try complete uninstal including registry valies with programs uninstaller 7 and revo uninstaller and then re-install it the prg and the internal codecs with file "codecmanager.exe" there is inside the installing folder of the program and still doesn't play that audio at some files.

The only way to play sound of files like mkv that before played normally with bsplayer is to install another codecs package like lav filters.


A:Registry values of one specific program

Fits you need to first back up the registry - something I always do after a new install and make two copies
Registry - Backup and Restore

Then you should try a system restore to way back before the problem it might work System Restore (see pic)

If that deosn't work then you will need to go to HKEY (see pic) and open them out and go to Software and look for the entry for the program you are after. However after that you are on your own mate because I have no idea on what it is you should be changing.

Read other 5 answers

Hello ..

I have duel boot OSs both XP SP3.. in C: n D: drives.. although i have installed a software in C: i wanna run this software in D: drive without installing it.. so can anyone tel me how do i copy registry values of this software in C: to D:..
i wanna run this software from D: drive itself where as it resides in C: drive..

A:Copying software registry values of one OS to another OS?

Simple answer, if not accurate...you cannot.

You can only run a program from the operating system in which it is installed, AFAIK.

Maybe someone who is a coder may know a way, but I've not heard of such.


Read other 1 answers

I got a virus on going on vista and each time I load up and start I get a blue screen after a few seconds. I know theres a startup entry that is doing this but I can't get to it in time. But I dual booted with 64-bit Windows Xp Pro, is there any way I can change the values or delete the exe? By the way, it also happens when I boot in safe mode.

Read other answers