I came across a reference to the possibility of recovering a deleted registry key.

Never had heard of it, thought regediting was irreversible, deleted entries were just gone, period.

Got curious, found a tool called YARU (Yet Another Registry Utility) which finds registry keys that have been deleted.

It doesn't seem to be a competitor w/ CCleaner, as it just allows viewing the registry and maybe editing (haven't tried that).

It works, on this computer it found some old registry keys associated with Realplayer which I had deleted some time ago. No other software I've tried can find them.

So I wonder, are they like a regular file, marked as gone but not really gone?

When we delete them "normally" what happens, are they kept, if so where & for how long?

And a larger question, what else does windows squirrel away and pretend it's gone.

Be careful. Editing the registry is dangerous. YARU is not very intuitive, little available in the way of help documentation. Usually editing the registry is harmless or fatal, not much in between.

Still, if you want to check it out, some information about YARU and a link to a free version can be found here:

http://www.downloadcrew.com/article/24338-yaru_32-bit
or

Very interesting subject login, thanks for posting.

Forgot the link to the 64 bit version. The newer versions are apparently not free.

http://www.downloadcrew.com/article/24339-yaru_64-bit

Thanks for the kind words, Hazelnut.

This may be another momentous dicovery that everybody already knew about.

But I sure didn't. Going to learn what I can now, though.

Some registry values aren't easy to delete, for instance I've seen many jumbled together into a seemingly un-editable area (sorry can't remember it off the top of my head - but it isn't like anyone should play with it either). I've seen where folder locations are referenced, etc., and I've never seen any registry cleaner find them as invalids and tools like RegEdit won't find them in a search.

Andavari I have seen that same area, don't remember where either. For sure didn't want to tinker around with it.

Not much information out there about deleted registry entries, even after these many years. Google, DuckDuckGo and I are still looking.

There is a forensic software called Encase that apparently can find lots of stuff you thought was gone, including deleted registry entries, but it is very expensive.

Makes you wonder, what else is secretly kept somewhere?

Why is windows so obsessively retentive?

Who knew there was unallocated space in the registry?

Who knows any of this stuff?

I remember now, those keys are called "String Value" like when you right click and create New->String Value in the registry, and when you right click them and select "Modify Binary Data" that's when you'll see all the stuff they can contain - I once saw one that had allot of stored data for a removed antivirus software.

Those can have all sorts of paths stored in them that registry cleaners, etc., ignore if invalid. And if you try to modify them it usually ends up messing them up.

See screenshot:

I remember now, those keys are called "String Value" like when you right click and create New->String Value in the registry, and when you right click them and select "Modify Binary Data" that's when you'll see all the stuff they can contain - I once saw one that had allot of stored data for a removed antivirus software.

Those can have all sorts of paths stored in them that registry cleaners, etc., ignore if invalid. And if you try to modify them it usually ends up messing them up.

See screenshot:

HiddenStuffInTheWindowsRegistry.png

Mother - "Stop picking at it!"

There is some information about this issue, some of it quite old actually, mostly in forensic circles.

Haven't found much in the way of apps that work, mostly theoretical papers.

Still reading.

It all reinforces what has been said here all along, if the hard drive might have sensitive data destroy it.

As far as the "unallocated/fragmented space" in the registry there's those registry compacter/defragger tools which are suppose to "defrag" it as they say, I personally use one of them two to three times per year on this old XP system and it has never caused a problem. Note that I've noticed Windows will sometimes do that "defrag" itself.

On 15/11/2014 at 07:21, Andavari said:

<div class="ipsQuote_contents ipsClearfix" data-gramm="false">
	<div>
		<div>
			<p>
				. . . , I personally use one of them two to three times per year on this old XP system and it has never caused a problem. Note that I've noticed Windows will sometimes do that "defrag" itself.
			</p>
		</div>
	</div>
</div>

Thanks.

Just tried FRD, it worked fast and would have compacted the registry somewhat, except that it requires a restart.

Not sure what FRD was going to do but it went beyond just deleting the unallocated space I think.

...

As far as I could tell there was no way to avoid the restart, or do it later. I closed the window and off it went.

Soooo, Powershadow discarded the changes.

Some of the stuff i have recently read suggests that NTREGOPT by Lars Herder will also do this.

I haven't tried it. Have you?

Might try FRD later, since you said it caused no harm, but probably will stay w/ CCleaner, since I am a big registry scaredy-cat.

Thanks again

You can also try Tweaking.com's Registry Compressor.

This program does NOT remove or add anything to the registry. What it

does is it rebuilds the registry to new files, when this happens all the

overhead is gone and the registry is smaller and faster.

I've tried NTREGOPT, all those registry compactor's/defragger's do the same thing - the difference in them is mostly where they create the backup files usually with the .bak extension should they ever goof up, I always create an ERUNT registry backup before compacting the registry.

All of them I've tried require a reboot so that the new compacted registry can be used.

Thanks nodles. Sounds like it might remove that registry slack space.

Sounds like it might remove that registry slack space.

"Slack/Unallocated/Empty" space they'll all do fine to remove, that is until you immediately start your computer it will begin to create empty space all over again. Empty space can quickly grow the registry size after installing and uninstalling software, and after a large amount of several Microsoft Updates.

Tried the portable nodles. Showed about 1.05 mb to remove.

Thanks to all for the feedback.

I suspected (and hoped) that you guys were way ahead of me on this issue.

From here on I'll just assume that windows remembers pretty much everything.

Looks like the only way to be sure a HDD is cleaned is Thermite.

Looks like the only way to be sure a HDD is cleaned is Thermite.

Windows creates and keeps so much rubbish, that's why wiping free space isn't enough if selling off a computer since a format and reinstall of the OS will create a brand new registry.

I should elaborate on the Thermite comment, lest the good folks here take it as a slight.

For my purposes, CCleaner does just fine, it removes the "stuff" that might slow up this computer, and much of the residual stuff also. That's all I need.

For professional folks such as doctors, lawyers, accountants, etc., the only safe course is to replace the hard drive, it seems.

I wonder if it is safe to trust even the dedicated wiper softwares like DBAN?

I wonder if it is safe to trust even the dedicated wiper softwares like DBAN?

I personally wouldn't worry, however I've never had financial or private information stored on my computer for anyone to revive and steal.