Windows Registry : Something you must know

Intro
Whats this all about ? Registry is the place where most windows programs store some data associated with that program. Moreover, registry is used by windows to store much of the configuration information, file associations, start up programs, etc ...

The registry is mainly divided into 5 sections

HKEY_CLASSES_ROOT
HKEY_CURRENT_USER : Current User Preferences.
HKEY_LOCAL_MACHINE (HKLM): Global Preferences.
HKEY_USERS
HKEY_CURRENT_CONFIG : Current System Configuration.

Important Registry Locations

Start Up
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
: This location consists of all the programs that are executed by the computer after windows has loaded. Check this location periodically, most virus makes an entry here to startup when windows runs.

Shell Folders
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders

Stores all shell folder locations like My Documents, Music, Pictures etc,.

System Settings
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System

: Certain critical applications such as the task manager and registry editor can be disabled by entries in this folder.
If DisableRegistryTools, DisableTaskMgr
has a value 1, then regedit.exe and taskmgr.exe (registry editor and task manager cannot be run !!) Some viruses make use of this to disable the end tasking of virus applications.