[SOLVED] How to remove seemingly "non-removable" Registry Entries ?

[SyCoREAPER]

I'm exhausted, I have a headache and should have went to bed hours ago. If something doesn't make sense ask me and I'll follow up after sleep.

In Windows, Send to Bluetooth, has a bunch of old devices.

BT drivers uninstalled for every device. Looked for the remnants in a registry container that was indicated online, not there. Of course not. Next I spend about 45 mins hitting F3 looking for any reference to just ONE of said devices as to be careful not to copy a key locaction or key that's completely unrelated.

I end up with 50 items I need to remove.

Elevated regedit, nope.
Safemode, nope.
Safemode with CMD using a batch script, nope.

"Access Denied". EVERY. GD. TIME.

Shift back to Windows. Try some program from Nirsoft that looks promising from a few reviews, can't figure the Sh out.
Next I try PSExec with regedit. Noppppee. Access Denied.
Try running terminal and cmd with PSExec. FML. Access Denied.

I know these entries are safe to remove because they don't do anything. The device doesn't exist and never will again (a S24 Ultra if you were curious).

As I was getting tired I for once got smart and before trying anything made a sys restore and backup of the registry but that's neither here nor there. So despite rebooting multiple times if tomorrow is the second coming of christ and it doesn't boot I have at least some fallback.


Edit; Brain is getting fuzzy. First thing in tried after removing the drivers were a few damn what are they called sfc commands all came back normal no issues. Ran a rebuild anyway. Nothing.

 

[Aeacus]

I only have 1 idea what to try, but it may not work. Still, won't hurt to try.

Download and install Ccleaner,
link: https://www.ccleaner.com/ccleaner/download

Note: Be very careful when installing it, since by default, it wants to install bloatware as well (some AV program), but you can uncheck the box during installation.
Other than that, it's a good utility. Nice GUI and easy to understand. Among other features, it also has registry clean up, which locates and deletes old entries. Before registry edit, you can save current registry as a backup, which i suggest you do, just in case something goes sideways.

 

[Ralston18]

My recommendation is to simply ignore those entries and leave the registry alone.

Registry editing is a last resort and only should be done when there is a problem that is well known and has a well documented solution that requires a registry edit.

Very good that backups were made.

= = = =

That all said if you still wish to remove those entries then use Powershell (Microsoft, free) via an Admin account.

FYI:

https://woshub.com/how-to-access-and-manage-windows-registry-with-powershell/

https://www.itprotoday.com/powershell/how-to-use-powershell-to-edit-the-windows-registry

You can easily find other similar links, tutorials, and videos.

xxx-Item being the primary cmdlet along with xxx-ItemProperty.

Where xxx = Get, New, Remove....

Powershell should be already be installed on your system. You may need to download an additional module or two for more functionality. And, of course, have the applicable user rights.

You can work item by item or create a Powershell script to remove multiple items as a group.

By using Powershell you will have much more control of the removal process and can easily experiment as necessary to work out what needs to be done. No need for third party tools.

Test, for example, targeting that S24 Ultra device.

Be sure to keep careful track of all that is done so you can go back and undo a change that broke things.

 

[SyCoREAPER]

@Aeacus
Unfortunately tried the good old registry cleaner to no avail. It found a bunch of orphaned keys and removed them but none related.

@Ralston18
Usually I'd agree with you and wouldn't care but have been using BT to transfer out of convenience lately. I guess I can just find another app to transfer but it's really bugging me that some borked the system so much it's still showing my S21 U, S22 U, 2x S23 U (I can't keep straight which is the correct one despite being the same physical device) and a S24 U I returned.

I also don't understand what is blocking these so strongly. PSTools are basically rootkit tools if used improperly and should do the job. That Nirsoft tool can and does run itself sandboxed so it can elevate itself to admin or even system and some did delete but most still were denied.

Sorry that's a long response. Actually question now. Do you think Powershell, in didn't fully look at the steps, will be less tedious or slightly modifying the delete script to run in a WindowsPE environment?

 

[Ralston18]

First:

https://learn.microsoft.com/en-us/w...ershell-support-to-windows-pe?view=windows-11

Have not (full disclosure) worked with Powershell in a Windows PE environment.

Second:

The objective, just to be sure, is to remove unneeded/unnecessary BT (Bluetooth) related entries in the Registry - correct?

Those devices being primarily old earplugs.....

Third:

Yes, I believe that Powershell would be less tedious and with a bit of trial and error would work fairly smoothly. Especially if you are interested in such things and have had some experience or exposure to coding.

You could use a Get to find target entries, then copy and paste the result into a Remove.

Fourth:

The key issue is the "blocking" that you mention. That is probably a matter of your user rights on the computer. Only someone with full admin rights can grant you the necessary rights to install software, edit registry, etc.. No way around that.

If you are Admin then you need to delve deeper into Windows to establish access rights for specific registry key objects. There are about a dozen different ones.

FYI:

https://www.thepcinsider.com/take-full-control-ownership-permission-windows-registry-keys/

Read and look carefully before doing anything if you so compelled to do so.

Fifth:

I would be remiss if I did not mention again that the Registry should be left alone. Just because, for example, the S24 U is physically not present does not mean that there is no purpose for that Registry entry.

New code may simply reuse an existing key even though the original device or reason for that registry entry is gone.

Removing such an entry may have unexpected results that generally do not end well. That is why the Registry is best left alone.

 

[Aeacus]

May or may not help in your current situation, but useful tool regardless; LockHunter,
link: https://lockhunter.com/

It is handy tool to delete otherwise locked folders/files, since it shows what is locking it. And it can remove the locks, giving you ability to delete the file for good.

I've used LockHunter for years, to get rid of some stubborn files that i don't want in my system anymore. While also learning more what processes lock which files.
Note: you can brick your system with this, by unlocking key system file and deleting it. Then again, dabbling in registry can result in same outcome.

 

[SyCoREAPER]

After some sleep I'm not obsessing anymore. I already accidentally 'Clean All'd' the wrong disk rushing to figure something out earlier this year. I'll take everyone's advice andd leave it be. Don't need a second wiped drive.

 

[Ralston18]

👍