ERD Commander will let you edit the registry directly as well. However, their licensing scheme now makes use of their more recent versions prohibitive.
John T eServices For You "Life is a succession of lessons which must be lived to be understood." Ralph Waldo Emerson (1802-1882) -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Colbeck, Andrew Sent: Tuesday, December 19, 2006 12:09 AM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] WAY OT: Registry Repair Hmm, I've no faith that regedit will report a permissions problem as such and not as a generic error. I noted that you said in your first post that you also tried to rename/delete the parent tree but you get an error when it gets to the Run key. Did you use the Advanced button at the level: In order to take Ownership, and apply to the children, so that you certainly have privileges? Have you tried to remove the key this way: reg delete HKLM\Software\Microsoft\Windows\CurrentVersion\Run /f Have you tried it as SYSTEM by closing all copies of regedit and doing this from the console session (in case you're using RDP): at 9:00AM /interactive c:\windows\regedit.exe to get a copy of regedit.exe running as the SYSTEM account? Beyond that, um, no, I've never heard of a 3rd party tool that can edit the registry file directly. If you boot from an install CD, you can choose the first Repair option to repair the various hives, but whether that does a check and correct to really fix a corrupt file, I don't know. Andrew 8) _____ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Andy Schmidt Sent: Monday, December 18, 2006 9:48 PM To: declude.junkmail@declude.com Subject: Re: [Declude.JunkMail] WAY OT: Registry Repair Yes, if it was that easy. Initially I had also figured it was "just" a permission problem. Eventually, I looked closer and realized that I never do get any message that seems to imply permission problems - the message is always that the key cannot be opened. Even trying to acess the Permissions gives me the open error - NO chance to perform any permission functions. When I access the permissions of the parent key and try to reset the child permissions (or just Child ownership) - I get an error when indicating that it can't do so for "Run". ----- Original Message ----- From: Colbeck, Andrew <mailto:[EMAIL PROTECTED]> To: declude.junkmail@declude.com Sent: Monday, December 18, 2006 06:33 PM Subject: RE: [Declude.JunkMail] WAY OT: Registry Repair Andy, five will get you ten that it is the permissions that are mangled, not the key itself. Run RegEdit.exe and right-click on the Run key, then choose "Permissions". Go into the "Advanced" button and choose to "Inherit from parent..." and the permissions should get fixed up. You should see: Allow Users (local machine name) Read Allow Power Users (local machine name) Special Allow Administrators (local machine name) Full Control Allow SYSTEM Full Control Allow CREATOR OWNER Full Control Aside from administrative error, the only times I've seen the permissions modified on this part of the registry is if the bad guys are trying to retain control of a 'bot. Andrew 8) _____ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Andy Schmidt Sent: Monday, December 18, 2006 3:01 PM To: declude.junkmail@declude.com Subject: [Declude.JunkMail] WAY OT: Registry Repair Hi, noticed today that HKLM\Software\Microsoft\Windows\CurrentVersion\Run no longer opens (while logged on as the workstation's admin). I can export the parent key - which will contain everything EXCEPT the "run" key. But, then I can neither delete or rename the "run" key. Renaming/deleting the parent will appear to work at first - until it reaches the Run "subkey" - then it will again report that it cannot access that key. So - I am suspecting that the Run key is corrupt. It can't be read, edited, deleted or renamed. I looked at some "registry repair" tools, but they all seem to be Registry Optimizing tools in disguise that fix logical "problems" in the registry (registries with too much or supposedly bad information). Does anyone know of a tool (for XP) that will allow me to eliminate this bad key from the registry "index" somehow so that I can just reimport the rest of the parent key? Best Regards Andy Schmidt Phone: +1 201 934-3414 x20 (Business) Fax: +1 201 934-9206 --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
