The following lines were added (+) and removed (-):
=== Manually Restore Registry Hives ===This is verified to have worked on a system where the automatic backup of the registry was still intact. #Boot from Hiren's boot or a live linux distro via USB or optical media#Mount the Windows partition#Navigate to %SYSTEMROOT%\system32\config #copy the registry hives (these are the damaged ones) to another location or media#Navigate to %SYSTEMROOT%\system32\config\RegBack #copy all the backup registry hives in this folder and paste to the config folder overwriting the damaged registry hives#Reboot You may find that there are no backup registry hives in %SYSTEMROOT%\system32\config\RegBack because the intruder removed them. However, it has been my experience that they are still present.* [https://answers.microsoft.com/en-us/windows/forum/windows_7-security/windows-7-locked-after-scam-call-syskey/5933abb9-4f1b-46cf-bc6a-f81ed33c0a85?auth=1 Windows 7 Locked after scam call - SYSKEY]