Unable to Delete Registry Key

  • Thread starter To Old To . . .
  • Start date
T

To Old To . . .

I have 3 registry keys that I cannot delete. "Error opening Key"
I cannot take ownership because there is no permissions.
I have tried reg and tried to make a .reg file. no elp
The keys are
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell
Extensions\Approved\{46D9700D-6DAC-7507-46E7-457874290BE0}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell
Extensions\Approved\{4B3E4A36-23CD-FC8D-0BB7-F8E8437CBAE0}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell
Extensions\Approved\{C34915D6-DC50-AEBD-57B2-6CCDBFF763AC}

Any suggestions?
Sysinternals regnull shows as a security mismatch.

Is there a natice api program that I can run to put the valuse in that I
would like to delete? Or is there some other way to delete these keys?

Thank you in advance
 
D

David H. Lipman

From: "To Old To . . ." <[email protected]>

| I have 3 registry keys that I cannot delete. "Error opening Key"
| I cannot take ownership because there is no permissions.
| I have tried reg and tried to make a .reg file. no elp
| The keys are
| HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell
| Extensions\Approved\{46D9700D-6DAC-7507-46E7-457874290BE0}
| HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell
| Extensions\Approved\{4B3E4A36-23CD-FC8D-0BB7-F8E8437CBAE0}
| HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell
| Extensions\Approved\{C34915D6-DC50-AEBD-57B2-6CCDBFF763AC}

| Any suggestions?
| Sysinternals regnull shows as a security mismatch.

| Is there a natice api program that I can run to put the valuse in that I
| would like to delete? Or is there some other way to delete these keys?

| Thank you in advance


You have to find the DLL that is being used and kill it. The keys are protected.
 
T

To Old To . . .

I have booted with an external WinPE disk and remote regedit. The keys are
not being protected at that point. A virus has wriiten to the keys and the
security users have been removed. I have ran into this before about two years
ago, but I cannot find the tool that I used to remove it then. All I remember
was that it was a regedit tool that was written in native API and not Windows
API. I found a couple of partial tools on Code project but they are not
complete enough to use, missing files.
Thanks for your reply.
 
T

To Old To . . .

Well I found the answer.


RegDelNull v1.10 - Delete Registry keys with embedded null
Copyright (C) 2005-2006 Mark Russinovich
Sysinternals - www.sysinternals.com


regdelnull hku -S

Thank you Mark
 
Top