Registry Problem

G

Guest

Hello,

(Posted in the wrong forum originally)

I have created a .reg file to remove some entries from the registry of
certain machines however when i merge the registries the entries i am trying
to remove are still there? I dont understand why as when i search the
registry before hand it shows me the location and the details of the
key/value i wish to remove but when i re-create it and put a hyphen it is
still there after the merge.

Please can someone help me out....

Thanks

I have put the script below (It should move some keys and some values)

Windows Registry Editor Version 5.00
Blank line
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Print\Monitors\ZepMon]
[-HKEY_CURRENT_USER\Software\Classes\CLSID\{0962DA67-DB64-465C-8CD7-CBB357CAF825}]
[-HKEY_CURRENT_USER\Software\Classes\CLSID\{302A3240-4805-4a34-97D7-1645A0B08410}]
[-HKEY_CURRENT_USER\Software\Classes\CLSID\{356B2BD0-D206-4E21-8C85-C6F49409C6A9}]
[-HKEY_CURRENT_USER\Software\Classes\CLSID\{52ADD86D-9561-4C40-B561-4204DBC139D1}]
[-HKEY_CURRENT_USER\Software\Classes\CLSID\{999A06FF-10EF-4A29-8640-69E99882C26B}]
[-HKEY_CURRENT_USER\Software\Classes\CLSID\{4AA870AC-8427-42a4-B92E-ECD956197489}]
[-HKEY_CURRENT_USER\Software\microsoft\windows\currentversion\explorer\browser helper objects\{4AA870AC-8427-42a4-B92E-E]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Print\Monitors\ZepMon]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Print\Monitors\ZepMon]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Monitors\ZepMon]
[-HKEY_CLASSES_ROOT\Interface\{018C5406-AEE6-4A68-980F-2CEB1E9416FB}]
[-HKEY_CLASSES_ROOT\Interface\{0A7FC040-F84A-4AD7-9439-798B6C0F861E}]
[-HKEY_CLASSES_ROOT\Interface\{32A9D21F-F510-44DC-9EA6-0456EDA04668}]
[-HKEY_CLASSES_ROOT\Interface\{4562B6F3-DAF8-464E-87B7-5464575F0D6A}]
[-HKEY_CLASSES_ROOT\Interface\{BB0D5ADC-028D-4185-9288-722DDCE2C757}]
[-HKEY_CLASSES_ROOT\Interface\{C93CC79D-02D5-45B0-BE39-7F5B0E5DDA31}]
[-HKEY_CLASSES_ROOT\Interface\{DA4B919F-B757-4E32-8D79-DEC5C2704C4B}]
[-HKEY_LOCAL_MACHINE\Software\_rtneg3]
[-HKEY_LOCAL_MACHINE\Software\aurora]
[-HKEY_LOCAL_MACHINE\Software\Bolger]
[-HKEY_CURRENT_USER\Software\Classes\CLSID\{302A3240-4805-4a34-97D7-1645A0B08410}]
[-HKEY_CURRENT_USER\Software\microsoft\windows\currentversion\explorer\browser helper objects\{302A3240-4805-4a34-97D7-1]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SvcProc]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SvcProc]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SvcProc]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SvcProc]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_SvcProc]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SvcProc]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Enum\Root\LEGACY_SvcProc]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\SvcProc]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Enum\Root\LEGACY_SvcProc]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\SvcProc]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SvcProc]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SvcProc]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Monitors\ZepMon]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Print\Monitors\ZepMon]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Print\Monitors\ZepMon]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Print\Monitors\ZepMon]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Control\Print\Monitors\ZepMon]
[-HKEY_LOCAL_MACHINE\Software\pynix]
[-HKEY_LOCAL_MACHINE\Software\classes\TYPELIB\{09049E4F-8D9E-4C8A-A952-5BAF1A115C59}]
[-HKEY_LOCAL_MACHINE\Software\classes\CLSID\{00000000-DD60-0064-6EC2-6E0100000000}]
[-HKEY_LOCAL_MACHINE\software\classes\PynixDll.PynixDllObj]
[-HKEY_LOCAL_MACHINE\software\classes\PynixDll.PynixDllObj.1]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\media-motor]
[-HKEY_LOCAL_MACHINE\Software\classes\TYPELIB\{09049E4F-8D9E-4C8A-A952-5BAF1A115C59}]
[-HKEY_LOCAL_MACHINE\Software\classes\CLSID\{00000000-DD60-0064-6EC2-6E0100000000}]
[-HKEY_LOCAL_MACHINE\Software\classes\CLSID\{E0CE16CB-741C-4B24-8D04-A817856E07F4}]
[-HKEY_CLASSES_ROOT\Interface\{3E4BCF50-865B-4EF4-A0BC-BF57229EA525}]
[-HKEY_CLASSES_ROOT\Interface\{64A5BD22-8D8A-4193-9CF8-7DB5212ABB17}]
[-HKEY_CLASSES_ROOT\Interface\{674A6BD5-317A-49CF-9647-1E085E660CE0}]
Blank line
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Shell"=-"Explorer.exe C:\Windows\Nail.exe"
Blank line
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared
Tools\MSConfig\startupreg\Microsoft Map PC]
Blank line
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"Microsoft Map PC"=-"mappc.exe"
Blank line
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run
"Microsoft Map PC"=-"mappc.exe"
Blank line
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run
"Microsoft Map PC"=-"mappc.exe"
Blank line
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared
Tools\MSConfig\startupreg\seeve]
Blank line
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache
"C:\\WINDOWS\\Nail.exe"=-"Nail Application"
Blank line
[-HKEY_USERS\S-1-5-21-3052906198-2140229045-3129365556-500\Software\Microsoft\Windows\ShellNoRoam\MUICache
"C:\\WINDOWS\\Nail.exe"=-"Nail Application"
Blank line
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache
"C:\\WINDOWS\\seeve.exe"=-"seeve"
Blank line
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache
"C:\\WINDOWS\\Nail.exe"=-"Nail Application"
Blank line
[-HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run
"C:\\WINDOWS\\seeve.exe"=-"seeve"
Blank line
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Winlogon]
"Shell"="C:\WINDOWS\explorer.exe"
Blank line
[-HKEY_LOCAL_MACHINE\Software\aurora]
 
G

Guest

Update...

I have tried adding and removing an individual key and that adds and remove
fine but when i add a value (right column) the value appears but does not
delete.

To delete a value i thought it was ... (note the hyphen symbol)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache
"C:\\WINDOWS\\Nail.exe"=-"Nail Application"
 
D

Dave Patrick

If you want to remove a key and all it's underlying values then you'll need
to construct your .reg file with a - minus sign in front of the key you want
to remove.

An example file to remove a file association .zzz from HKCR
-----------------Begin File-----------
Windows Registry Editor Version 5.00

[-HKEY_CLASSES_ROOT\.zzz]
----------------End File-------------

(note the minus sign in front of HKEY)


If you need to delete only certain values, for example the string value
"InfoTip"="Contains zzz files"

Then put a minus sign after the equals sign without "quotes", something like
"InfoTip"=-

So your .reg file would look like
----------------Begin File------------
Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\.zzz]
"InfoTip"=-
----------------End File-------------


--
Regards,

Dave Patrick ....Please no email replies - reply in newsgroup.
Microsoft Certified Professional
Microsoft MVP [Windows]
http://www.microsoft.com/protect

:
| Update...
|
| I have tried adding and removing an individual key and that adds and
remove
| fine but when i add a value (right column) the value appears but does not
| delete.
|
| To delete a value i thought it was ... (note the hyphen symbol)
|
| [HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache
| "C:\\WINDOWS\\Nail.exe"=-"Nail Application"
|
|
 
M

Mark V

In microsoft.public.win2000.registry =?Utf-8?B?RGFuaWVsIEdvc3M=?=
wrote:
Update...

I have tried adding and removing an individual key and that adds
and remove fine but when i add a value (right column) the value
appears but does not delete.

To delete a value i thought it was ... (note the hyphen symbol)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICach
e "C:\\WINDOWS\\Nail.exe"=-"Nail Application"
Click to expand...

If nail.exe is the malware I am recollecting. you may be fighting
an active process that either prevents the change or re-writes it
almost immediatly. It may be something else of course and YMMV.

Plus see Dave's notes on regfile syntax of course.
 
G

Guest

Hi Dave/Mark,

Thanks for both of your help a appreciate you both helping out. From what i
see the syntax i have used is correct e.g.

[HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache
C:\\WINDOWS\\Nail.exe=-Nail Application

However im not sure this is what i want. I actually want to remove the..

C:\\WINDOWS\\Nail.exe=-Nail Application ... section of the registry (Delete
it from the right column)

Im not sure if this is possible thats why i thought i better check. I
realise i can remove the value/Data of the registry value by doing..

[HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache
C:\\WINDOWS\\Nail.exe=-

Which i believe would leave a blank value in the registry. Is there no way
to remove whole of the value? Otherwise i will be leaving dead values in the
registry.

Many Thanks
 
J

Jerold Schulman

Update...

I have tried adding and removing an individual key and that adds and remove
fine but when i add a value (right column) the value appears but does not
delete.

To delete a value i thought it was ... (note the hyphen symbol)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache
"C:\\WINDOWS\\Nail.exe"=-"Nail Application"
Click to expand...
This is incorrect. It should be:
[HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache"
"C:\\WINDOWS\\Nail.exe"=-

if you are trying to delete the C:\Windows\Nail.exe "Value Name" from the MUICache sub-key.
 
D

Dave Patrick

Try;

[HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache
"Nail Application"=-

--
Regards,

Dave Patrick ....Please no email replies - reply in newsgroup.
Microsoft Certified Professional
Microsoft MVP [Windows]
http://www.microsoft.com/protect

:
| Hi Dave/Mark,
|
| Thanks for both of your help a appreciate you both helping out. From what
i
| see the syntax i have used is correct e.g.
|
| [HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache
| C:\\WINDOWS\\Nail.exe=-Nail Application
|
| However im not sure this is what i want. I actually want to remove the..
|
| C:\\WINDOWS\\Nail.exe=-Nail Application ... section of the registry
(Delete
| it from the right column)
|
| Im not sure if this is possible thats why i thought i better check. I
| realise i can remove the value/Data of the registry value by doing..
|
| [HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache
| C:\\WINDOWS\\Nail.exe=-
|
| Which i believe would leave a blank value in the registry. Is there no way
| to remove whole of the value? Otherwise i will be leaving dead values in
the
| registry.
|
| Many Thanks
 
J

Jerold Schulman

Update...

I have tried adding and removing an individual key and that adds and remove
fine but when i add a value (right column) the value appears but does not
delete.

To delete a value i thought it was ... (note the hyphen symbol)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache
"C:\\WINDOWS\\Nail.exe"=-"Nail Application"
Click to expand...

Oops.

It should be:
[HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\\WINDOWS\\Nail.exe"=-

if you are trying to delete the C:\Windows\Nail.exe "Value Name" from the MUICache sub-key.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

"Upgrade Pack 98" and the "1 minute freeze". 3
Major problems!!! 3
registry entries 4
Need some registry editing help.. 8
Create own virtual ShellFolder (Namespace Extensions for WindowsExplorer) 2
Spywarte Found even after Microsoft AntiSpyware Said it was Clean 1
OpenSubKey return null though the key exist 1
spware C:\WINDOWS\isrvs\desktop.exe 3

Top