Registry strange behavior in HKEY_CURRENT_USER\Software\Microsoft\...


  1. Posts : 55
    windows 10
       #1

    Registry strange behavior in HKEY_CURRENT_USER\Software\Microsoft\...


    I tried to clear all contents of
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts
    then set security permission to logger user name (Budi) to be clear from:

    • create key
    • set value

    and let it inherently apply to all keys under it

    But it responds with icons flickering / blinking very often
    so I undo the security setting.. but while keeping on registry browsing under this key I came across:

    1. The jpg filetype key and userchoice key were created
    2. On userchoice key the logging user (Budi) ACL was created, and
    3. It's set to DENY on SET VALUE !


    Registry strange behavior in HKEY_CURRENT_USER\Software\Microsoft\...-s.png

    Is it windows 10 behavior or an intruder's been screwing up ?
    Please help me.. many thanks in advance
    Last edited by budi; 30 Dec 2017 at 07:06.
      My Computer


  2. Posts : 35,475
    Win 10 Pro (21H2) (2nd PC is 21H2)
       #2

    I tried to clear all contents of
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts
    Why? that's your file associations and registered file types.

    I suggest if you have a system restore point you use that to reverse whatever you've done.
      My Computers


  3. Posts : 4,550
    Windows 11 Pro 64-bit
       #3

    I agree with @dalchina!


    Since Windows 7, Microsoft has added a new registry subkey, named “UserChoice”, to certain file extensions under HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts, and the contents of the UserChoice subkey dictate the default application for opening the file type. The contents of the UserChoice subkey are protected from modification by a Deny permission applied to the current user’s account.


    If you don't have system restore point to restore changes you have done then follow instructions below to replace registry hives with backup versions.


    Windows Vista/ 7/8/8.1/10 keep a regular backup of the registry handy in case you need to overwrite a corrupted registry. By default, the RegIdleBackup task runs every 10 days, so that’s as far back as you would lose if you replaced the current registry with the automatically backed-up files. You can find the backed-up registry files in \Windows\System32\config\RegBack folder.


    Please boot your computer with Windows Setup Media and from Windows Recovery Environment start the Command Prompt.

    Please type below command into Command Prompt and press Enter key.

    Code:
     Dir C:\Windows\System32\config\RegBack

    Above command will list files stored within RegBack folder and there file size, make sure files are not zero size if they are do not follow below instructions.



    Please replace partition letter C: with Windows installed partition letter. When computer boots into Windows Recovery Environment (WinRE) environment the drive letter assign to Windows partition may not be C: drive letter because Windows 7, 8 , 8.1 and 10 creates a separate system partition when it's installed from scratch. The system partition contains boot files WinRE assigns the system partition the C: drive letter and the Windows installed partition will be assign any other drive letter usually D: drive letter is assign to Windows installed partition. The Bcdedit /enum | find "osdevice" command can be use to find out the drive letter of the Windows installed partition the output of the Bcdedit command is similar to this osdevice partition=D:. The drive letter after partition= is the drive letter of the Windows partition.

    Please type below commands into Command Prompt and for each command you have typed press Enter key.



    Code:
    Ren  C:\windows\system32\config\SAM         SAM.BAK
    
    Ren  C:\windows\system32\config\SYSTEM      SYSTEM.BAK
    
    Ren  C:\windows\system32\config\SECURITY    SECURITY.BAK
    
    Ren  C:\windows\system32\config\DEFAULT     DEFAULT.BAK
    
    Ren  C:\windows\system32\config\SOFTWARE    SOFTWARE.BAK
    
     
    
    Copy  C:\Windows\System32\config\RegBack\SAM         C:\windows\system32\config
    
    Copy  C:\Windows\System32\config\RegBack\SYSTEM      C:\windows\system32\config
    
    Copy  C:\Windows\System32\config\RegBack\SECURITY    C:\windows\system32\config
    
    Copy  C:\Windows\System32\config\RegBack\DEFAULT     C:\windows\system32\config
    
    Copy  C:\Windows\System32\config\RegBack\SOFTWARE    C:\windows\system32\config

    This procedure assumes that Windows Vista/7/8/8.1/10 is installed to the C:\ partition. Make sure to replace C:\ drive letter to the appropriate Windows OS installed partition drive letter if it is a different location.


    Above commands renames the registry files at their existing location, and then copies the registry files from the RegBack folder to the C:\Windows\System32\Config folder.
      My Computer


 

  Related Discussions
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 02:28.
Find Us




Windows 10 Forums