Something created thousands of weird entries in my registry (Windows 10) in HKEY_CURRENT_USER
. Virtually all of them consist of 4 characters and have no sub-keys and there are more than 20.000 of them. (I wrote a PowerShell script to analyze this, but Get-ChildItem
seems to cap out at 20.000.)
I noticed it when I searched my registry for something and the search process nearly froze my computer. So all the normal entries seem to be there, but there are lots of weird ones?
They look like this:
I'm new to PowerShell script, but I managed to write one that filters the weird ones. So the upper ones are the first 20 entries not matching ^[A-Za-z0-9 _]+$
, the lower entries are the (only) 19 entries matching ^[A-Za-z0-9 _]+$
.
=== Apply filter: NOT ^[A-Za-z0-9 _]+$
Count: 19981
HKEY_CURRENT_USER\☺ --- False
HKEY_CURRENT_USER\☺►♦¶ --- False
HKEY_CURRENT_USER\☺►♦' --- False
HKEY_CURRENT_USER\☺►♦2 --- False
HKEY_CURRENT_USER\☺►♦9 --- False
HKEY_CURRENT_USER\☺►♦@ --- False
HKEY_CURRENT_USER\☺►♦O --- False
HKEY_CURRENT_USER\☺►♦p --- False
HKEY_CURRENT_USER\☺►♦V --- False
HKEY_CURRENT_USER\☺►♦w --- False
HKEY_CURRENT_USER\☺►♦] --- False
HKEY_CURRENT_USER\☺►♦~ --- False
HKEY_CURRENT_USER\☺►♦¥ --- False
HKEY_CURRENT_USER\☺►♦¬ --- False
HKEY_CURRENT_USER\☺►♦³ --- False
HKEY_CURRENT_USER\☺►♦º --- False
HKEY_CURRENT_USER\☺►♦ç --- False
HKEY_CURRENT_USER\☺►♦Ñ --- False
HKEY_CURRENT_USER\☺►♦Ø --- False
HKEY_CURRENT_USER\☺►♦Œ --- False
=== Apply filter: ^[A-Za-z0-9 _]+$ False
Count: 19
HKEY_CURRENT_USER\ --- True
HKEY_CURRENT_USER\6 --- True
HKEY_CURRENT_USER\AppEvents --- True
HKEY_CURRENT_USER\CLSID --- True
HKEY_CURRENT_USER\Console --- True
HKEY_CURRENT_USER\Control Panel --- True
HKEY_CURRENT_USER\Environment --- True
HKEY_CURRENT_USER\EUDC --- True
HKEY_CURRENT_USER\hQ --- True
HKEY_CURRENT_USER\Keyboard Layout --- True
HKEY_CURRENT_USER\Microsoft --- True
HKEY_CURRENT_USER\Network --- True
HKEY_CURRENT_USER\Printers --- True
HKEY_CURRENT_USER\SOFTWARE --- True
HKEY_CURRENT_USER\System --- True
HKEY_CURRENT_USER\Uninstall --- True
HKEY_CURRENT_USER\WXP --- True
HKEY_CURRENT_USER\x --- True
HKEY_CURRENT_USER\Volatile Environment --- True
I want to get rid of the weird entries and I guess with some small changes my PowerShell script can do this. I can post this script here, but at the moment I don't think it is relevant.
So my main question is: Should I do this and how? (What precautions should I take?)
Bonus question: What could've caused this? How can I prevent this? (Similar question)