Windows – does Windows keep regenerating unneeded .regtrans-ms files in the user folder

windows 7windows-explorerwindows-registry

This is a follow-on question from this one. As concluded in that answer, these files are supposedly registry transaction files – files that should have been merged into the registry at some point and can therefore be safely deleted:

Once Windows has determined that it's "safe" to write the change to registry, it does so, and following that, it will then verify that the change has been made, at which time it will delete the file and move onto other OS tasks. When something in this process fails, you end up amassing these files.

Once you're done analyzing them, any of these .blf or .regtrans-ms files that were created prior to the last system boot can be safely deleted. There's no way they will (or should) be written to the registry, so they're junk.

However, after proceeding to remove these files from my system using Unlocker and then rebooting the PC, I've found that even though Unlocker successfully deleted the files, they were simply regenerated in their original sizes when the PC had booted up (note the updated timestamps):

enter image description here

If, as the answer to the original question claims, these files are indeed simply registry changes that were already pushed to the registry prior to the last reboot, then why is Windows 7 regenerating them as soon as it finds that they're not there?

Is it possible that the changes represented by these "registry transaction" files failed to be written to the Registry, leaving them in a limbo state where they can neither be merged nor deleted, or could it be that something else entirely else is at play here?

Best Answer

Those are transaction log files. The transaction processor stores a series of log records which allow it to guarantee the entire operation can be completely finished or completely rolled back if it can't be finished, i.e., no half-completed changes. Log record storage (the log file) needs to be preallocated so the log can be efficiently written. The log file doesn't go away when transactions are committed; the space inside it is managed.

The actual logging is controlled by the Common Log File System, described here:

I imagine the registry subsystem creates the log file as soon as it loads the hive files, though it could be delayed until the first transactional operation on the registry.

Related Question