Registry question

[Dude111]

Hello dues

I am always trying to clean up my reg to make things as easy as possible for me computer

I found about 100 or more keys under ACTIVE X COMPATIBILITY and they are all empty!! (No value set) I have 89 valid keys in here (The ones with "Compatibility flags" are valid)

HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\ActiveX Compatibility

Can i delete all those invalid keys?? (I assumed i can but im not sure)

Also under CHECKBADAPPS there are many filenames,can i just remove all those also??

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SessionManager\checkbadapps

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SessionManager\checkbadapps400

Just the removal of all those will probably make things smaller and less congested

[CharlotteTheHarlot]

Hello dues

I am always trying to clean up my reg to make things as easy as possible for me computer

I found about 100 or more keys under ACTIVE X COMPATIBILITY and they are all empty!! (No value set) I have 89 valid keys in here (The ones with "Compatibility flags" are valid)

HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\ActiveX Compatibility

Can i delete all those invalid keys?? (I assumed i can but im not sure)

Also under CHECKBADAPPS there are many filenames,can i just remove all those also??

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SessionManager\checkbadapps

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SessionManager\checkbadapps400

Just the removal of all those will probably make things smaller and less congested

If you save a complete registry export prior to your registry cleanup you will have the ability to easily restore any keys should it become necessary.

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SessionManager\checkbadapps

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SessionManager\checkbadapps400

Affirmative on these two. I removed them myself long ago. I believe they might return with Direct-X setups (or I might be wrong).

HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\ActiveX Compatibility

That one I am unsure about, so I would like to hear what others have to say. I also see empty keys underneath this key and although an empty key is almost always safe to remove, MSIE clearly uses this key in its lame security scheme. The registry API allows for testing for the existance of a key so it is not necessary for a value to be present for a key to be useful to some function. Hey, maybe Microsoft can answer the question.

If you get no answers you could just delete the empty subkeys and test it out. Use that registry export to copy the original structure back to a .reg file to easily restore it.

[Dude111]

I assume an empty key can be removed (Its not doing anything to begin with)

Does anyone know for sure what produces the "checkbadapps" and "checkbadapps400" subkey and its contents?? (I reckon its something to do with IE)

Thanx for your reply

Edited October 2, 2008 by Dude111

[CharlotteTheHarlot]

Googled around and saw your many posts on other sites. Very helpful those folks at DslReports. Not! Typical response: 'You're wasting your time cleaning the registry!' Definitely avoid those helpful people.

I checked my years of logs expecting to see the keys added by a Direct-X install and cannot find it (I originally thought one of the early Direct-X releases was the culprit, it appears that is not the case although I am sure they blacklisted some DirectInput devices in one of the releases).

So I just looked at the contents of the keys I removed and see things like STACKER, BJC600, NLIB200, SIERRA, Speedisk and Ndd32. Some are Win3x era and some post Win95. These clues point to an official Microsoft install as the source of these registry keys (this comes from my memory as I remember these issues coming to light during the Win95 gold release). I believe they were building a database of bad apps to effectively firewall from the Explorer shell, particularly SETUP/INSTALL programs.

So I figured that it was inserted during a proper Win9x setup by one of the INF files but it does not turn up in any of the ones I have handy. Google mentioned APPS.INF but it is not in any of mine. It is possible that it lies within .INF files buried in the .CAB files but I don't have time right now to do that search (but maybe later). I even scanned all the (non-CAB) INF files for Win95gold, Win95RK, Win95Plus!, Win95osr, Win98gold, Win98oem, Win98se, WinMe, Win2ksp4, WinXp. No joy. If someone really wants to do this you will need to extract all of the CABs and all SFX EXE files into a folder and do a brute-force FIND for contents: 'CheckBadApp'.

Anyway, on a hunch I used FIND on the in-use core Win9x system files and out pops Shell32.dll. Easily located within that beast are these two keys (along with countless others):

System\CurrentControlSet\Control\SessionManager\CheckBadApps400

System\CurrentControlSet\Control\SessionManager\CheckBadApps

The registry keys are referenced by Shell32.dll but the data itself (STACKER, etc) is not contained within. It is likely that Shell32.dll reads and processes the contents of these keys but does not actually insert the strings that flag 'BadApps'. Shell32.dll looks like the firewall mechanism but the blacklist is generated/updated and loaded into the registry from elsewhere. It will be interesting to determine this little quirk of Win9x history.

I do know this: unless you plan on testing all kinds of old app installers under Win9x you can wipe out these three keys (I did this long ago). Export a copy of the registry first!:

[-HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SessionManager\AppPatches]
[-HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SessionManager\CheckBadApps]
[-HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SessionManager\CheckBadApps400]

[herbalist]

If you like trying different things with the 98 registry but are worried about causing problems, consider using TestRun, a group of batch files that protects your registry by creating and loading an exact duplicate of it. You can tweak on the duplicate to the point that you kill your system, then restore right back to where you started. TestRun is available here. It takes the risk out of registry work.

Rick

[Dude111]

Googled around and saw your many posts on other sites. Very helpful those folks at DslReports. Not! Typical response: 'You're wasting your time cleaning the registry!' Definitely avoid those helpful people.

Heh,yes i dont understand why people thinks its a waste of time cleaning up.... (It doesnt hurt anything)

I deleted the entries last night.....

Thanx guys

Edited October 3, 2008 by Dude111

[CharlotteTheHarlot]

Ok, mystery solved. CheckBadApps enters the registry from the proper setup of Win98se. Versions of Windows prior and later may also do the same but other folks will need to dig through the loads of CAB files to prove it. I examined all the files from the Win98se v4.10.2222 distribution CDROM and located 6 files that clearly reference these registry keys. They are buried inside CAB files as I expected. Note, it is entirely possible that there are even more if a given file was compressed/encrypted with something like pklite/exepack. Those would be very difficult to detect.

APCOMPAT.INF ... \Win98\Precopy2.cab

This is where it happens. A section in this INF called [apcompat.addreg] actually seeds the firewall so to speak. It loads the blacklist into the registry. There are really three keys in total:

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SessionManager\AppPatches

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SessionManager\CheckBadApps

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SessionManager\CheckBadApps400

PREDRV.INF ..... \Win98\Precopy2.cab

This INF file simply adds and removes some data from the blacklist related to MKEUDF.VXD.

SHELL32.DLL .... \Win98\Win98_41.cab

As mentioned in a previous post, those registry keys are referenced by Shell32.dll but the data itself (STACKER, etc) is not contained within. It is likely that Shell32.dll reads and processes the contents of these keys but does not actually insert the strings that flag 'BadApps'. Shell32.dll looks to me like the 'firewall' mechanism which enforces the BadApps blacklist.

CVT1.EXE ....... \Win98\Win98_45.cab

This executable is the FAT 32 Converter Wizard and is used for converting existing FAT16 volumes to FAT32. Like Shell32.dll it only contains references to those registry keys and I'll leave it to others to theorize the purpose.

MSMAIL.INF ..... \Tools\Oldwin95\Message\Intl\Wms.exe

MSMAIL.INF ..... \Tools\Oldwin95\Message\Us\Wms.exe

These two files may be disregarded since in both of them, Microsoft disabled (commented out) the actual code. Apparently they changed their mind. This was the authors comment: Put msmail3.x into the bad apps list because Exchange disables it.

The consequence of yanking these three keys can be debated. I removed them long ago myself on the theory that it would save microseconds each time an executable was launched by short-circuiting the filename lookup. I also would rather decide for myself whether to allow a given file to launch. An argument could also be made that such a blacklist might impact perfectly legitimate programs that coincidentally have identical or similar names and versions.

So, if you're the Type-A personality you'll probably delete these keys. Or you might not. File this under trivia.

Edited October 4, 2008 by CharlotteTheHarlot

[Dude111]

I usually try to DL stand alone EXE files instead of stuff with installers anyway.....

I dont see any changes w/o those keys (Except a bit more memory of course)

EDIT:

I dont have any of those files (-Shell32.dll of course) you listed 'LIVE' on C (Must be all like you said in cabs)

If you get no answers you could just delete the empty subkeys and test it out. Use that registry export to copy the original structure back to a .reg file to easily restore it.

Im wondering if they are just a CACHE of all active X you have ever used and deleting them wouldnt do anything... (New ones would just be put back there) Edited October 3, 2008 by Dude111

[BenoitRen]

In my Win95's registry, the keys do have values associated with them. I think they are there to enable hacks for old, badly-written programs so they would work.

[Dude111]

All of them have a value?? (Compatibility flags)

89 do on mine,the rest are empty.......

I dont wanna just delete them w/o knowing if my Active X access might be cut off.. (I have Active X pretty much locked down so NO NEW ACTIVE X can be installed...You cant disable Active X totally because WMP and flash/shockwave have controls)

[whatever420]

To add to this...

If you open WIN.INI in notepad, you'll notice that under

[ModuleCompatibility]

you'll find the same list of apps that are also listed under

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SessionManager\AppPatches

Has anyone tried removing those in WIN.INI... to streamline it a bit?

[Dude111]

I just opened WIN.INI and i dont have anything under [ModuleCompatibility] so i would say you can delete them...... (I dont even have that section ([ModuleCompatibility]))

File last modified in march....

Edited October 4, 2008 by Dude111

[CharlotteTheHarlot]

To add to this...

If you open WIN.INI in notepad, you'll notice that under

[ModuleCompatibility]

you'll find the same list of apps that are also listed under

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SessionManager\AppPatches

Has anyone tried removing those in WIN.INI... to streamline it a bit?

Confirmed here. Good catch. How on Earth did you find it?

Dang, maybe that blacklist was still in effect on my system. Oh well, I just commented them out, we'll see if there is any effect on the next bootup. Here is what it looks like now ...

[ModuleCompatibility]
;;; 2008-10-04 see HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SessionManager\AppPatches
;ACEROOBE=0x0004
;AIRNFM=0x0002
;ALDNCD=0x0002
;AMRES=0x0002
;ARCHANGEL=0x0002
;ATM=0x0002
;CSNOV=0x0002
;DEFDEMO=0x0002
;DIB=0x0002
;DIBWND=0x0002
;DS=0x0001
;EMLIB=0x0002
;EMSAVE=0x0002
;FH4=0x0002
;GEDIT=0x0002
;GEORGE=0x0002
;GVBSETUP=0x0002
;HRWCD=0x0002
;ISLFAXPR=0x0002
;KIDDESK=0x0002
;KIDSTYPE=0x0000
;KNPS=0x0002
;LIONKING=0x0002
;MAUI_DRV=0x0002
;MEMMAP=0x0002
;MGXWMF=0x0002
;MSARTIST=0x0002
;MSCRWRTR=0x0002
;MSCUISTF=0x0001
;MVIEWER2=0x0002
;MWAVSCAN=0x0002
;MYINV=0x0002
;OLESVR=0x0002
;PDOXWIN=0x0002
;PLANIT=0x0002
;PP3=0x0002
;PP4=0x0002
;PPPP=0x0002
;PXDSRV2=0x0002
;REVIEWRT=0x0002
;ROULETTE=0x0002
;RR1=0x0002
;RR2CD=0x0002
;RRIRJ=0x0002
;STL_DLG=0x0002
;TECO=0x0001
;TER=0x0002
;TLW0LOC=0x0002
;TMSWIN=0x0002
;USA=0x0002
;VOICE=0x0002
;WFXVIEW=0x0004
;WINFORM=0x0002
;WPWIN61=0x0002

Thought I was done with this.

[BenoitRen]

I don't have IE on this system. I'm saying that the CheckBadApps keys have sub-keys with entries.

[whatever420]

Confirmed here. Good catch. How on Earth did you find it?

heh

I'm not sure...

I must have stumbled across the connection a few years ago... as the back-ups of WIN.INI and APPPATCHES.reg I keep in my "REG PATCHES" folder were last modified in late 2004.