|
Audio Asylum Thread Printer Get a view of an entire thread on one page |
For Sale Ads |
128.70.83.205
In Reply to: RE: Can't and MY cMP is RESTORING THE REGISTRY!! posted by riboge on December 10, 2011 at 12:41:02
Hello! Yes, Windows IS restoring part of the registry. There is a dissertation on this and similar subjects by a woman, who is one of the spokesman for Macrohard Qs&As site. She wrote, that registry entries are different in a switched-off computer than in a working one. This feature is used to extricate data for criminal investigations, for example. Control set 2 is used in case current and set 1 is broken or changed as they are The Working sets, so the secret Hydra (search and you Will find it in the registry) is relying on set 02 data for restoration of itself. It is written in a highly and scientifical style but the essence is primitive enough. This pdf can be found on the net. I have asked several times What SQ change such reduction brings. No reply as yet from anyone. Removing unnecessary files and entries that are relevant to the services that we delete anyway, is one thing, but to delete a selfrestoring part of the registry just for the sake of champion's size is another. Thw WHOLE registry is read on start into the non paged memory and only when you say good night, this memory will be released and the data stored back after you can do nothing else to it.
Serge.
Edits: 12/10/11Follow Ups:
since it all gets put back, or are you saying one can slay the Hydra? I now see that huge amount of deletions to HKLM/software have been restored. These are mainly for programs no longer installed or not used. Why would these be restored? And the restoration in the system hive seems to happen for deleted or blocked services, too.
Hello, again. No the Hydra is possibly immortal, the name speaks for itself, but, though Internet explorer, some basic system and network services or even program entries are restored, the things audio and secondary services are not restored. Read, please carefully my suggestions on registry tweaks. Those things don't get restored, as well as most things that you delete about hardware interrupts, the hardware resources and so on, I may be not exactly true to the end, but mostly true.
Read Jolida's txt for his registry tweaks batches, there he says which of my tweaks is accompanied by registry changes. Read and print out these tweaks and do everything exactly. It won't get restored. Also, You will note that I recommend to make deletions in registry in all sets.
Serge.
I have done all your steps and used Jolida's registry batches, too. I will check to see if any of these items has come back. But in my case anyway, many clearly non-essential elements in control, enum, software, etc, that I recently removed also came back, so I don't have the impression Hydra can be given all the responsibility for what is happening.
BTW, search of registry shows hydra only once in security\policies\secrets. It is a key that starts L$hydraenckey_[and a bunch of numbers and letters]. Its subkeys have very little in them none of which reveal anything to go on. Searching windows 7, on the other hand, shows no hydra at all.
Can you identify the article you refer to better for finding purposes, please.
First thing. Are you editing your registry or you are editing a cmp registry loading hives?
If the second is the case, are you sure you are editing ONLY within the loaded hive? Aren't you. by chance, editing the registry of another - nonCMP machine? such thing can happen in "heat".
Second About the dissertation. Well, no I cannot point exactly, I was disinterested after first 5-6 pages of real text, page 16-17 and onward. The woman can be found on microsoft technical service questions page.
Just google smth like awe in windows 2003 and see what page directs to microsoft site. Answers will be answered by some guy, mostly, but time after time that woman appears. Then google her name, probably... Sorry... I know it's vague. The hydra is the one I was referring to, but, also. I am not sure that this is the real service that is answerable for our troubles. I make a blind asuumption, I should say, but the name is not just "fishy", it's "snaky" if you see what I mean.
Serge.
No, the heat came after it all was undone.:) I have already said I did the editing directly in my cMP install having restored regedit. I made some other registry changes booting to a cd with PCRegedit that works from outside. Its changes were undone as well.
I tried editing an exported hive on a different computer but when I went to reload the hive it was refused with a message about having signs of a different product. I think I have a golum rather than a hydra.
I was loading and reloading my cmp hive to another (2 different - russian and english untweaked) windows' regedit several times and have done it through esata and usb and under different hive names. Never a single problem. I, for example have only today removed my own nonpagedpoolsize setting and it holds after reboots and even shutdowns. So go, check your golem. It has, probably, eaten smth.
Serge.
As for dissertation, really, I never kept any path for it in favorites, sorry.
Edits: 12/10/11
Post a Followup:
FAQ |
Post a Message! |
Forgot Password? |
|
||||||||||||||
|
This post is made possible by the generous support of people like you and our sponsors: