msconfig startup programs

[leeroyMarv]

When i go into msconfig and look at the startup, the majority of programs are in the directory: "HKLM\Software\Microsoft\Windows\CurrentVersion\Run" How do i get into this folder and where would it actually be located on my computer, because the above isn't an actual directory. Thanks in advance for any help.

 

[SC7]

If you want to manage programs which load, go to MSconfig>Startup tab, and the Services tab for services. That reference is to a registry location, somewhere you really shouldn't need to edit, I think that's where MSconfig data is stored.

 

[leeroyMarv]

I tried doing that and as i said, the location is the aforementioned and does not seem to be a logical as it does not begin with C: or D:

 

[PC eye]

In the msconfig you would simply uncheck that item to disable it from starting up along with Windows. To find a specific value in the system registry you type in "regedit" at the Run prompt found right off of the Start menu and then press enter to open a new screen. But if you remove the value without knowing what it belongs to you may find one program failing to start. Editing the system registry is done with caution by those with experience with great care to avoid... disasterous goofups!

The "HKLM" seen at the beginning of the value there is the "HKEY_LOCAL_MACHINE" "hive" as it is called in the registry hidden on the "C"(host) drive. If you believe that to be an invalid registry value and want it removed try a registry cleaning program like RegCleaner to find "orphans" in the registry itself. You can find RegCleaner free to download at http://www.majorgeeks.com/RegCleaner_d460.html

 

[Trizoy]

Or hijackthis also does registry values.

Post the log and someone will let you know what to remove.

 

[leeroyMarv]

Thanks to all of you, all answers were helpfull and necessary. PC eye that's the exact answer i was looking for with regards to the directory and files. Oh and by the way i was not messing around with my comp its just that a few viruses and spyware inserted their programs into this folder and i wanted to get rid of them. I know exactly the folders and everything as i already unchecked the boxes to test it and it worked but i still wanted to remove them from my comp. Thanks again everyone.

 

[PC eye]

leeroyMary could post a HiJack This log to see if it is at the top and not deep into the registry itself. Knowing what it goes to if not an unattached orphan value would also help in case it was part of a program's normal installation. The value does seem out of place however. To download one of the latest free versions of HiJack This go to http://www.spychecker.com/program/hijackthis.html Simply follow the directions to save a log and then highlight, copy, and paste on a response to have it looked over here.
(Don't you love it when two posts just miss each other.)

 

[leeroyMarv]

I checked C drive and hidden files and found no file or folder called "hive" or "hklm" and could not access either thorugh the prompt. Besides the registry editor is there another way to get there. And if not how do the viruses keep putting themselves into it?

 

[Trizoy]

start, run, type "regedit"

be VERY cautious.

Think of the registry as GOD of your computer. Every program checks in with God to see how it works. When the program is installed it places a line into the registry. The registry can handle things from your homepage, to wheather or not you have a startmenu...

 

[leeroyMarv]

Yes, but what is the exact line of code that i could type into dos that would open up that folder, in other words the directory or location

 

[Trizoy]

WinXp user.dat and system.dat. They make up the registry.

Windows NT, 2000, 2003, & XP
The following Registry files are stored in %SystemRoot%\System32\Config\

Sam
Security
Software
System
Default
Userdiff
NTUSER.dat
The NTUSER.dat file is stored in the profile folder.

 

[leeroyMarv]

How come software is a text document and not a folder, when its in C:\windows\system32\config?

 

[Trizoy]

The registry files are stores as files... They are displayed as folder, with more folder in them IN the regeditor. It is a way of depicting a structure.

 

[leeroyMarv]

So if i wanted to add a program to my registry (not that i would) i would have to write the command into the software text document.

 

[PC eye]

The registry is a series of instructions telling Windows what to do with a driver, startup, software tool, etc. either when Windows is first loading or you start an app as well as making selections while running one. The "hives" is a description of a likeness to a directory with sub directories with more sub contained. Each what would be sub directory when looking in dos is actually then called a "branch". The appearance is similar while everything is contained in a few dat files as Trizoy has mentioned. A software installer is what actually writes entries in different forms like DWORD, String, Keys, etc. unless you are instructed by a guide like Winguide 2003 to either create, modify, or remove any registry value. http://www.winguides.com provides a free downloadable registry guide as well as displaying various methods for making changes in different versions of Windows.

 

[leeroyMarv]

I understand the basics of the registry but i still don't understand how these viruses that i get put themselves into the registry. If they can do it then there must be a command to get to the registry which doesn't require you to go there manually.

 

[Trizoy]

You can edit the registry with a registry file .reg Here is an example of one...

[HKEY_CLASSES_ROOT\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\ShellFolder]
"Attributes"=dword:20180000

It maps where and what to change/add

Hide MY Network Places in Windows Explorer folder panel

 

[PC eye]

I understand the basics of the registry but i still don't understand how these viruses that i get put themselves into the registry. If they can do it then there must be a command to get to the registry which doesn't require you to go there manually.

Either the virus will create new values or alter others already there causing issues as well as corrupting system as well as other files on the drive. There are also a good number of virus types. The I-WORM: Bagle A is not the same as the SassWorm or whatever next bug comes around. On some occasions you can download a special registry fix with a "reg" extension on it where you simply double click on it to have it make a registry change, add a new value, or even delete on. The Winguides 2003 has shown itself to be very informative tool. Once you review it enough you will get familiar with how fast it is to make changes along with how fast a virus can get in there and.... ?!?!?!