I recently needed to take a hard drive out of a family member's computer in order to clean up and virus infection. If you ever have to do something like this, one of the things that you will need to do is remove any of the virus related entries from the registry of the infected machine. This sample command script will load the two most likely registry hives, start regedit, and then unload the hives when regedit is closed.

[More:]

::=========================================================
::== Load Remote Registry Hives Command File Sample
::==
::== Copyright © 2009, Dave Moats
::==
::== This sample is provided 'AS-IS', without any
::== express or implied warranty. In no event will the
::== authors be held liable for any damages arising from
::== the use of this sample code.
::==
::== Permission is granted to anyone to use this sample
::== code for any purpose, including commercial applications,
::== subject to the following restrictions:
::==
::== The origin of this code must not be misrepresented;
::== you must not claim that you wrote the original code.
::==
::== If you use this code, an acknowledgment in the
::== documentation is requested - shown below:
::==
::== Portions Copyright © 2009,
::== Dave Moats (http://www.davemoats.com/).
::==
::=========================================================

@echo off

::=========================================================
::== set these variables to whatever you need
::== outDir - the path to the slaved hard drive's windows
::== directory
::== regName - the name you want these hives displayed as
::== in regedit
::=========================================================
SET outDir=F:\WINDOWS
SET regName=Broken

::=========================================================
::== make sure that the hives can be found
::=========================================================
if exist %outDir%\System32\Config\Software (
if exist %outDir%\System32\Config\Default goto FOUND
)

:ARGNOTFOUND
echo =========================================================
echo ==
echo == One of the paths provided were invalid:
echo ==
echo == [ %outDir%\System32\Config\Software ]
echo == [ %outDir%\System32\Config\Default ]
echo ==
echo == Please check these paths before trying again.
echo ==
echo =========================================================
goto JOBDONE

::=========================================================
::== able to find the hives now try to load them
::=========================================================
:FOUND
REG LOAD HKLM\%regName%_HKLM %outDir%\System32\Config\Software
REG LOAD HKLM\%regName%_HKCU %outDir%\System32\Config\Default

::=========================================================
::== fire up regedit and wait for it to be closed
::=========================================================
start /wait regedit.exe

::=========================================================
::== we are done, so unload the hives that were loaded
::=========================================================
REG UNLOAD HKLM\%regName%_HKLM
REG UNLOAD HKLM\%regName%_HKCU

:JOBDONE

Pay close attention to the lines wrapping in this sample, the command script does not have any multi-line statements.

I hope this post helped out. If it didn't, I am always looking for new scripts to add so submit a request for your question or need and I will see if I can answer it.

Dave