GrofLuigi Posted July 14, 2012 Posted July 14, 2012 I've mentioned this before, but now it really gets on my nerves and I want to know something more about it. It isn't system restore, it's happening every time Windows Modules Installer is started (for example, upon visiting Windows update and/or installing updates). Many registry keys that I've deleted previously, and (I suspect) some that should be gone forever through the way of removing components with WinToolkit, are restored, often with only empty keys and no values inside.This is a very small sample of what gets restored (these are useless registry keys that I don't want to ever see in my registry): (+)(REG KEY) HKEY_CLASSES_ROOT\.386 (+)(REG KEY) HKEY_CLASSES_ROOT\.ai (+)(REG KEY) HKEY_CLASSES_ROOT\.aspx (+)(REG KEY) HKEY_CLASSES_ROOT\.bin (+)(REG KEY) HKEY_CLASSES_ROOT\.c (+)(REG KEY) HKEY_CLASSES_ROOT\.chk (+)(REG KEY) HKEY_CLASSES_ROOT\.cpp (+)(REG KEY) HKEY_CLASSES_ROOT\.csv (+)(REG KEY) HKEY_CLASSES_ROOT\.cur (+)(REG KEY) HKEY_CLASSES_ROOT\.cxx (+)(REG KEY) HKEY_CLASSES_ROOT\.dat (+)(REG KEY) HKEY_CLASSES_ROOT\.db (+)(REG KEY) HKEY_CLASSES_ROOT\.def (+)(REG KEY) HKEY_CLASSES_ROOT\.diz (+)(REG KEY) HKEY_CLASSES_ROOT\.dos (+)(REG KEY) HKEY_CLASSES_ROOT\.drv (+)(REG KEY) HKEY_CLASSES_ROOT\.eps (+)(REG KEY) HKEY_CLASSES_ROOT\.fif (+)(REG KEY) HKEY_CLASSES_ROOT\.grp (+)(REG KEY) HKEY_CLASSES_ROOT\.hxx (+)(REG KEY) HKEY_CLASSES_ROOT\.icl (+)(REG KEY) HKEY_CLASSES_ROOT\.inc (+)(REG KEY) HKEY_CLASSES_ROOT\.IVF (+)(REG KEY) HKEY_CLASSES_ROOT\.java (+)(REG KEY) HKEY_CLASSES_ROOT\.latex (+)(REG KEY) HKEY_CLASSES_ROOT\.local (+)(REG KEY) HKEY_CLASSES_ROOT\.man (+)(REG KEY) HKEY_CLASSES_ROOT\.manifest (+)(REG KEY) HKEY_CLASSES_ROOT\.nls (+)(REG KEY) HKEY_CLASSES_ROOT\.nvr (+)(REG KEY) HKEY_CLASSES_ROOT\.php3 (+)(REG KEY) HKEY_CLASSES_ROOT\.pl (+)(REG KEY) HKEY_CLASSES_ROOT\.plg (+)(REG KEY) HKEY_CLASSES_ROOT\.rll (+)(REG KEY) HKEY_CLASSES_ROOT\.sed (+)(REG KEY) HKEY_CLASSES_ROOT\.shtml (+)(REG KEY) HKEY_CLASSES_ROOT\.sit (+)(REG KEY) HKEY_CLASSES_ROOT\.sql (+)(REG KEY) HKEY_CLASSES_ROOT\.sys (+)(REG KEY) HKEY_CLASSES_ROOT\.tar (+)(REG KEY) HKEY_CLASSES_ROOT\.text (+)(REG KEY) HKEY_CLASSES_ROOT\.tgz (+)(REG KEY) HKEY_CLASSES_ROOT\.tsv (+)(REG KEY) HKEY_CLASSES_ROOT\.vxd (+)(REG KEY) HKEY_CLASSES_ROOT\.wsz (+)(REG KEY) HKEY_CLASSES_ROOT\.x (+)(REG KEY) HKEY_CLASSES_ROOT\.z (+)(REG KEY) HKEY_CLASSES_ROOT\Applications (+)(REG KEY) HKEY_CLASSES_ROOT\Applications\WScript.exe (+)(REG KEY) HKEY_CLASSES_ROOT\Applications\wpnpinst.exe (+)(REG KEY) HKEY_CLASSES_ROOT\Applications\wltmime.exe (+)(REG KEY) HKEY_CLASSES_ROOT\Applications\WINWORD.EXE (+)(REG KEY) HKEY_CLASSES_ROOT\Applications\WINWORD.EXE\TaskbarExceptionsIcons (+)(REG KEY) HKEY_CLASSES_ROOT\Applications\WINWORD.EXE\TaskbarExceptionsIcons\WordMail (+)(REG KEY) HKEY_CLASSES_ROOT\Applications\winhlp32.exe (+)(REG KEY) HKEY_CLASSES_ROOT\Applications\WB32.EXE (+)(REG KEY) HKEY_CLASSES_ROOT\Applications\wab.exe (+)(REG KEY) HKEY_CLASSES_ROOT\Applications\url.dll (+)(REG KEY) HKEY_CLASSES_ROOT\Applications\Ttxmpc97.exe (+)(REG KEY) HKEY_CLASSES_ROOT\Applications\themes.exe (+)(REG KEY) HKEY_CLASSES_ROOT\Applications\snapview.exe (+)(REG KEY) HKEY_CLASSES_ROOT\Applications\shscrap.dll (+)(REG KEY) HKEY_CLASSES_ROOT\Applications\shell32.dll (+)(REG KEY) HKEY_CLASSES_ROOT\Applications\shdocvw.dll (+)(REG KEY) HKEY_CLASSES_ROOT\Applications\sdclt.exe (+)(REG KEY) HKEY_CLASSES_ROOT\Applications\regedit.exe (+)(REG KEY) HKEY_CLASSES_ROOT\Applications\rasphone.exe (+)(REG KEY) HKEY_CLASSES_ROOT\Applications\perfmon.exe (+)(REG KEY) HKEY_CLASSES_ROOT\Applications\Outlook.EXE (+)(REG KEY) HKEY_CLASSES_ROOT\Applications\OSA.EXE (+)(REG KEY) HKEY_CLASSES_ROOT\Applications\ORGCHART.EXE (+)(REG KEY) HKEY_CLASSES_ROOT\Applications\oledb32.dll (+)(REG KEY) HKEY_CLASSES_ROOT\Applications\NTVDM.exe (+)(REG KEY) HKEY_CLASSES_ROOT\Applications\msrating.dll (+)(REG KEY) HKEY_CLASSES_ROOT\Applications\MSInfo32.exe (+)(REG KEY) HKEY_CLASSES_ROOT\Applications\msimn.exe (+)(REG KEY) HKEY_CLASSES_ROOT\Applications\msiexec.exe (+)(REG KEY) HKEY_CLASSES_ROOT\Applications\mshta.exe (+)(REG KEY) HKEY_CLASSES_ROOT\Applications\msconf.dll (+)(REG KEY) HKEY_CLASSES_ROOT\Applications\mplayer.exe (+)(REG KEY) HKEY_CLASSES_ROOT\Applications\mnyimprt.exe (+)(REG KEY) HKEY_CLASSES_ROOT\Applications\MMC.exe (+)(REG KEY) HKEY_CLASSES_ROOT\Applications\kodakprv.EXE (+)(REG KEY) HKEY_CLASSES_ROOT\Applications\ISIGNUP.EXE (+)(REG KEY) HKEY_CLASSES_ROOT\Applications\inetcpl.cpl (+)(REG KEY) HKEY_CLASSES_ROOT\Applications\HYPERTRM.EXE (+)(REG KEY) HKEY_CLASSES_ROOT\Applications\hh.exe (+)(REG KEY) HKEY_CLASSES_ROOT\Applications\helpctr.exe (+)(REG KEY) HKEY_CLASSES_ROOT\Applications\grpconv.exe (+)(REG KEY) HKEY_CLASSES_ROOT\Applications\graflink.exe (+)(REG KEY) HKEY_CLASSES_ROOT\Applications\fpidcwiz.exe (+)(REG KEY) HKEY_CLASSES_ROOT\Applications\fontview.exe (+)(REG KEY) HKEY_CLASSES_ROOT\Applications\finder.exe (+)(REG KEY) HKEY_CLASSES_ROOT\Applications\faxcover.exe (+)(REG KEY) HKEY_CLASSES_ROOT\Applications\explorer.exe (+)(REG KEY) HKEY_CLASSES_ROOT\Applications\drwatson.exe (+)(REG KEY) HKEY_CLASSES_ROOT\Applications\depends.exe (+)(REG KEY) HKEY_CLASSES_ROOT\Applications\datainst.exe (+)(REG KEY) HKEY_CLASSES_ROOT\Applications\cryptext.dll (+)(REG KEY) HKEY_CLASSES_ROOT\Applications\CMMGR32.EXE (+)(REG KEY) HKEY_CLASSES_ROOT\Applications\cmd.exe (+)(REG KEY) HKEY_CLASSES_ROOT\Applications\cdfview.dll (+)(REG KEY) HKEY_CLASSES_ROOT\Applications\CChat.exe (+)(REG KEY) HKEY_CLASSES_ROOT\Applications\cag.exe (+)(REG KEY) HKEY_CLASSES_ROOT\Applications\awdvstub.exe (+)(REG KEY) HKEY_CLASSES_ROOT\Applications\ARTGALRY.EXE (+)(REG KEY) HKEY_CLASSES_ROOT\Applications\accwiz.exe (+)(REG KEY) HKEY_CLASSES_ROOT\cdafile (+)(REG KEY) HKEY_CLASSES_ROOT\chkfile (+)(REG KEY) HKEY_CLASSES_ROOT\CSSfile (+)(REG KEY) HKEY_CLASSES_ROOT\CSSfile\DefaultIcon (+)(REG KEY) HKEY_CLASSES_ROOT\curfile (+)(REG KEY) HKEY_CLASSES_ROOT\curfile\DefaultIcon (+)(REG KEY) HKEY_CLASSES_ROOT\dbfile (+)(REG KEY) HKEY_CLASSES_ROOT\dbfile\DefaultIcon (+)(REG KEY) HKEY_CLASSES_ROOT\drvfile (+)(REG KEY) HKEY_CLASSES_ROOT\IconLibraryFile (+)(REG KEY) HKEY_CLASSES_ROOT\MSProgramGroup (+)(REG KEY) HKEY_CLASSES_ROOT\PublishedApp (+)(REG KEY) HKEY_CLASSES_ROOT\Scriptlet.Behavior (+)(REG KEY) HKEY_CLASSES_ROOT\Scriptlet.HiFiTimer (+)(REG KEY) HKEY_CLASSES_ROOT\Scriptlet.SvrOm (+)(REG KEY) HKEY_CLASSES_ROOT\sysfile (+)(REG KEY) HKEY_CLASSES_ROOT\vxdfile (+)(REG KEY) HKEY_CLASSES_ROOT\x-internet-signup (+)(REG KEY) HKEY_CLASSES_ROOT\.URL\PersistentHandler (+)(REG KEY) HKEY_CLASSES_ROOT\CLSID\{21EC2020-3AEA-1069-A2DD-08002B30309D}\Shell (+)(REG KEY) HKEY_CLASSES_ROOT\CLSID\{8E6E6079-0CB7-11d2-8F10-0000F87ABD16}\DefaultIcon (+)(REG KEY) HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers (+)(REG KEY) HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\FileSystem (+)(REG KEY) HKEY_CLASSES_ROOT\Directory\shellex\ContextMenuHandlers\EncryptionMenu (+)(REG KEY) HKEY_CLASSES_ROOT\Folder\ShellEx\ContextMenuHandlers\Library Location (+)(REG KEY) HKEY_CLASSES_ROOT\MIME\Database\Content Type\application/fractals (+)(REG KEY) HKEY_CLASSES_ROOT\MIME\Database\Content Type\application/mac-binhex40 (+)(REG KEY) HKEY_CLASSES_ROOT\MIME\Database\Content Type\application/postscript (+)(REG KEY) HKEY_CLASSES_ROOT\MIME\Database\Content Type\application/x-compress (+)(REG KEY) HKEY_CLASSES_ROOT\MIME\Database\Content Type\application/x-compressed (+)(REG KEY) HKEY_CLASSES_ROOT\MIME\Database\Content Type\application/x-latex (+)(REG KEY) HKEY_CLASSES_ROOT\MIME\Database\Content Type\application/x-mix-transfer (+)(REG KEY) HKEY_CLASSES_ROOT\MIME\Database\Content Type\application/x-stuffit (+)(REG KEY) HKEY_CLASSES_ROOT\MIME\Database\Content Type\application/x-tar (+)(REG KEY) HKEY_CLASSES_ROOT\MIME\Database\Content Type\application/x-troff-man (+)(REG KEY) HKEY_CLASSES_ROOT\TypeLib\{00000200-0000-0010-8000-00AA006D2EA4}\2.0\HELPDIR (+)(REG KEY) HKEY_CLASSES_ROOT\TypeLib\{00000201-0000-0010-8000-00AA006D2EA4}\2.1\HELPDIR (+)(REG KEY) HKEY_CLASSES_ROOT\TypeLib\{00000205-0000-0010-8000-00AA006D2EA4}\2.5\HELPDIR (+)(REG KEY) HKEY_CLASSES_ROOT\TypeLib\{00000206-0000-0010-8000-00AA006D2EA4}\2.6\HELPDIR (+)(REG KEY) HKEY_CLASSES_ROOT\TypeLib\{00000300-0000-0010-8000-00AA006D2EA4}\2.8\HELPDIR (+)(REG KEY) HKEY_CLASSES_ROOT\TypeLib\{00000300-0000-0010-8000-00AA006D2EA4}\6.0\HELPDIR (+)(REG KEY) HKEY_CLASSES_ROOT\TypeLib\{00000600-0000-0010-8000-00AA006D2EA4}\2.8\HELPDIR (+)(REG KEY) HKEY_CLASSES_ROOT\TypeLib\{00000600-0000-0010-8000-00AA006D2EA4}\6.0\HELPDIR (+)(REG KEY) HKEY_CLASSES_ROOT\TypeLib\{22813728-8BD3-11D0-B4EF-00A0C9138CA4}\2.8\HELPDIR (+)(REG KEY) HKEY_CLASSES_ROOT\TypeLib\{22813728-8BD3-11D0-B4EF-00A0C9138CA4}\6.0\HELPDIR (+)(REG KEY) HKEY_CLASSES_ROOT\TypeLib\{2A75196C-D9EB-4129-B803-931327F72D5C}\2.8\HELPDIR (+)(REG KEY) HKEY_CLASSES_ROOT\TypeLib\{AC3B8B4C-B6CA-11D1-9F31-00C04FC29D52}\2.6\HELPDIR (+)(REG KEY) HKEY_CLASSES_ROOT\TypeLib\{B691E011-1797-432E-907A-4D8C69339129}\6.0\HELPDIR (+)(REG KEY) HKEY_CLASSES_ROOT\TypeLib\{B691E011-1797-432E-907A-4D8C69339129}\6.1\HELPDIR (+)(REG KEY) HKEY_CLASSES_ROOT\TypeLib\{BD96C556-65A3-11D0-983A-00C04FC29E30}\1.5\HELPDIR (+)(REG KEY) HKEY_CLASSES_ROOT\TypeLib\{CD000000-8B95-11D1-82DB-00C04FB1625D}\1.0\HELPDIR (+)(REG KEY) HKEY_CLASSES_ROOT\TypeLib\{EAB22AC0-30C1-11CF-A7EB-0000C05BAE0B}\1.1\HELPDIR (+)(REG KEY) HKEY_CLASSES_ROOT\TypeLib\{EF53050B-882E-4776-B643-EDA472E8E3F2}\2.7\HELPDIR (+)(REG KEY) HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{21EC2020-3AEA-1069-A2DD-08002B30309D}\Shell (+)(REG KEY) HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{8E6E6079-0CB7-11d2-8F10-0000F87ABD16}\DefaultIcon (+)(REG KEY) HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{00000200-0000-0010-8000-00AA006D2EA4}\2.0\HELPDIR (+)(REG KEY) HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{00000201-0000-0010-8000-00AA006D2EA4}\2.1\HELPDIR (+)(REG KEY) HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{00000205-0000-0010-8000-00AA006D2EA4}\2.5\HELPDIR (+)(REG KEY) HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{00000206-0000-0010-8000-00AA006D2EA4}\2.6\HELPDIR (+)(REG KEY) HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{00000300-0000-0010-8000-00AA006D2EA4}\2.8\HELPDIR (+)(REG KEY) HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{00000300-0000-0010-8000-00AA006D2EA4}\6.0\HELPDIR (+)(REG KEY) HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{00000600-0000-0010-8000-00AA006D2EA4}\2.8\HELPDIR (+)(REG KEY) HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{00000600-0000-0010-8000-00AA006D2EA4}\6.0\HELPDIR (+)(REG KEY) HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{22813728-8BD3-11D0-B4EF-00A0C9138CA4}\2.8\HELPDIR (+)(REG KEY) HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{22813728-8BD3-11D0-B4EF-00A0C9138CA4}\6.0\HELPDIR (+)(REG KEY) HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{2A75196C-D9EB-4129-B803-931327F72D5C}\2.8\HELPDIR (+)(REG KEY) HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{AC3B8B4C-B6CA-11D1-9F31-00C04FC29D52}\2.6\HELPDIR (+)(REG KEY) HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{B691E011-1797-432E-907A-4D8C69339129}\6.0\HELPDIR (+)(REG KEY) HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{B691E011-1797-432E-907A-4D8C69339129}\6.1\HELPDIR (+)(REG KEY) HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{BD96C556-65A3-11D0-983A-00C04FC29E30}\1.5\HELPDIR (+)(REG KEY) HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{CD000000-8B95-11D1-82DB-00C04FB1625D}\1.0\HELPDIR (+)(REG KEY) HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{EAB22AC0-30C1-11CF-A7EB-0000C05BAE0B}\1.1\HELPDIR (+)(REG KEY) HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{EF53050B-882E-4776-B643-EDA472E8E3F2}\2.7\HELPDIRThe question is: where are the values stored? And the most important, is there a way to edit this list? Disabling fully the Windows Resource Protection (i guess this is a part of it) is out of question for me, because many things will stop to work (Windows Update, installing updates, possibly other things). And besides, I want to deal with the registry part only.Thank you for any information on this.GL
dencorso Posted July 15, 2012 Posted July 15, 2012 I doubt this may be useful, but, just in case... KB815011
GrofLuigi Posted July 15, 2012 Author Posted July 15, 2012 I doubt this may be useful, but, just in case... KB815011 Yeah, that's not it. It's about physical corruption, and this feature "repairs" when it sees something it doesn't like. GL
GrofLuigi Posted July 16, 2012 Author Posted July 16, 2012 I'm screwed. The information is inside manifests in WinSxS. (Most of) the listed values above belong to IE, so with every cumulative update they will get restored. Also other updates reinstall whatever they like.Windows 7 really really really doesn't want you to walk astray from defaults. :realmad: GL
Tripredacus Posted July 16, 2012 Posted July 16, 2012 Something you could test on a VM or other system... just an idea (probably not a good one). Is to delete the data in those keys, then change the permissions on them so that they cannot be written to. So as an example, you would still have an ".ai" class but with no data. But a situation may occur that locking those keys would cause an update to fail if it couldn't write the registry key.
GrofLuigi Posted July 16, 2012 Author Posted July 16, 2012 Something you could test on a VM or other system... just an idea (probably not a good one). Is to delete the data in those keys, then change the permissions on them so that they cannot be written to. So as an example, you would still have an ".ai" class but with no data. But a situation may occur that locking those keys would cause an update to fail if it couldn't write the registry key.That would be no different than current situation - they exist and they are empty. I made a .reg file to undo changes, but as far as I can see, all of the updates are different. For example, some restore tablet (ink) CLSIDs with empty keys. The bloat is unbelievable.GL
jaclaz Posted July 16, 2012 Posted July 16, 2012 The bloat is unbelievable.NO .Rest assured I can believe it . The amount of bloat is:http://thesaurus.com/browse/immeasurable jaclaz
Recommended Posts
Please sign in to comment
You will be able to leave a comment after signing in
Sign In Now