| Next: Dad at the mall |
| Author |
Message |
stunner
Joined: May 13, 2008
Posts: 3
|
 Posted: Fri May 16, 2008 8:03 am Post subject: Original registry values required |
|
|
Can anyone provide me the original values of the below stated. My laptop is infected with Trojan,Astry and I m unable to see my hidden folders, I have figured out a way to resolve this but need to know the original values of the below:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\"Shell" = "explorer.exe, scvhost.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\"Userinit" = "%System%\Userinit.exe,scvhost.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\"Text" = "Gue pikir2x lo itu"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\ClassicViewState\"Text" = "Adik lo banyak"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\ControlPanelInMyComputer\"Text" = "Pacar lo Banyak"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\DesktopProcess\"Text" = "Kurang taat ibadah"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\DisableThumbCache\"Text" = "Sok tau"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\FolderSizeTip\"Text" = "Babe lo galak"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\FriendlyTree\"Text" = "Gue kangen berat"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\"Text" = "Semua tentang lo"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\"NOHIDDEN\Text" = "Akan gue lupakan semua"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\"Text" = "Akan gue ingat semua"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\HideFileExt\"Type" = ""
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\HideFileExt\"Text" = "Lo dugem terus"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\NetCrawler\"Text" = "Terlalu banyak nuntut"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\PersistBrowsers\"Text" = "Lo gak romantis"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\ShowCompColor\"Text" = "Otak lo mesum"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\ShowFullPath\"Text" = "Lo bego"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\ShowFullPathAddress\"Text" = "Gue pandang2x lo jelek"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\ShowInfoTip\"Text" = "Jarang jajan"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SimpleSharing\"Text" = "Gak punya mobil"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden\"Text" = "gue ada pacar baru"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Thickets\"Text" = "Hidup bersama lo"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Thickets\"Bitmap" = "%System%\SHELL32.DLL,29"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Thickets\AUTO\"Text" = "Bakalan susah"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Thickets\NOHIDE\"Text" = "Biasa aza"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Thickets\NONE\"Text" = "Bakalan senang"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\WebViewBarricade\"Text" = "Gue masih cinta lo"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Tips\"[0-50]" = "Iloveu astry and never forget you"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\"Bitmap" = "%System%\SHELL32.DLL,11"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\FriendlyTree\"CheckedValue" = "0"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\"Bitmap" = "%System%\SHELL32.DLL,22"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN\"HKeyRoot" = "1010"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\"CheckedValue" = "1"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\"DefaultValue" = "1"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\"HKeyRoot" = "1018"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\HideFileExt\"CheckedValue" = "1"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\HideFileExt\"DefaultValue" = "1"
I ll appreciate the help. |
|
| Back to top |
|
 |
drwho07
Joined: Nov 29, 2007
Posts: 2238
Location: Central FL, USA
|
| Posted: Sun May 18, 2008 11:58 am Post subject: Re: Original registry values required [Login to view extended thread Info.] |
|
|
Are you paying by the job, by the line or by the hour?
Just curious!
If something has installed and jammed up your settings, use the recovery tool provided to you by Microsoft, called "System Restore".
It's in your "Program Files\Accessories\System Tools\" folder
Restore your PC to a time before the 'accident' or 'corruption' occurred.
The Doctor  |
|
| Back to top |
|
|
mommabear
Joined: Feb 20, 2003
Posts: 6325
|
|
| Back to top |
|
|
Baby_Tux
Joined: Mar 06, 2007
Posts: 1242
|
| Posted: Sun May 18, 2008 1:53 pm Post subject: [Login to view extended thread Info.] |
|
|
OK, all you other "GURUS" correct me if I'm wrong but wouldn't these keys be unique to this machine (or at least it's configuration)? If so, there would be no way for us to know what they are supposed to be. (unless we saw them before) The only way to restore them would be a backup of some sort. Or the installation disk as mentioned.
Am I right or wrong on this????   (somewhat embarrassed that I don't know) |
|
| Back to top |
|
|
zlim
Joined: Mar 11, 2005
Posts: 2747
|
| Posted: Sun May 18, 2008 7:26 pm Post subject: [Login to view extended thread Info.] |
|
|
| Baby_Tux, I agree with your thinking. After all it says Local Machine Since everyone's setup is different, my values would not match someone else's. |
|
| Back to top |
|
|
pc7wizard
Joined: Nov 15, 2006
Posts: 154
Location: Off-Shore Drilling Rig, just North of Hell...
|
| Posted: Mon May 19, 2008 6:25 pm Post subject: Re: Original registry values required [Login to view extended thread Info.] |
|
|
Yep, Baby_Tux, right again, however, sometimes you can use another's settings to figure out what your screwed up entries should be...Sometimes...
Cheers! |
|
| Back to top |
|
|
drwho07
Joined: Nov 29, 2007
Posts: 2238
Location: Central FL, USA
|
| Posted: Tue May 20, 2008 5:03 pm Post subject: Re: Original registry values required [Login to view extended thread Info.] |
|
|
There are undoubtedly many copies of the old registry in the System Restore folder.
SO what's wrong with doing a System Restore (reloading an old copy of the registry) like I said?
I even gave you the path to the program! 
Doc |
|
| Back to top |
|
|
Baby_Tux
Joined: Mar 06, 2007
Posts: 1242
|
| Posted: Tue May 20, 2008 10:48 pm Post subject: [Login to view extended thread Info.] |
|
|
| Are there copies in the folder even if there is NO restore points to get to? - curious as to why they would hang around if that was the case, as I've seen times on my machines where there wasn't any restore points at all. - please fill me in as at the moment I'm on a Linux Box & can't check. |
|
| Back to top |
|
|
|
General