This comment https://superuser.com/a/1069328/1664175 explains some crucial facts about the font value of Windows Registry but not completely.
I would like to know more about the font value. Especially about the third row. What does this value mean?
How does the font value in Windows Registry is organized
windows 10windows 7windows 8windows 8.1windows-registry
Related Solutions
What you're seeing is apparently a symptom of the Win32/FakeRean. Briefly,
Win32/FakeRean is a family of programs that claim to scan for malware and display fake warnings of malicious files. They then inform the user that they need to pay money to register the software in order to remove these non-existent threats.
When Windows is trying to determine what to do with files of any given type, it generally consults the HKLM branch in the registry for a entry for the desired type. However, if you've ever installed software that asked if you wanted it to be available for you alone, or for all users of the machine, you've seen a feature that's built in to Windows. When you say "Everyone," its registry entries are generally written to the HKLM hive. If you said you alone, those entries generally go to the HKCU hive. What Win32/FakeRean is doing is putting entries in the HKCU hive which take precedence over those in the HKLM. For executable files, that can be bad.
Unfortunately, I can't find any documentation for the IsolatedCommand key (I've consulted both TechNet and MSDN) but from its name, I'd guess that it controls how a process is created. I can tell you that it is normal and required in the HKLM hive.
I have answered your post about LegacyDisable and have some knowledge of the subject. As this post does not have answers, I'll try, although my answer may not be satisfactory.
The problem with these registry items is that they are undocumented. Each new version of Windows may add some more or invalidate others. Since they are undocumented, Microsoft keeps the freedom of freely modifying whatever it likes, so the burden of verifying whether they still work or not falls on the users.
Information about these items comes from Microsoft in all sort of unofficial channels. Sometimes they are found in SDK samples or on the MSDN, sometimes in forum answers by Microsoft engineers, and sometimes from clients of Microsoft that had privileged access to Microsoft engineers.
I have found one person who has compiled a list of all known such items in the article File Type Registration, each with explanation and a link to documentation. Not too surprising, most of the items don't have documentation links.
As regarding ProgrammaticAccessOnly, this article only says
"Removes verb from IContextMenu enumeration?", but has no documentation link.
Searching via google, i have found a Winaero article that says:
ProgrammaticAccessOnly does the main trick. It is a special parameter which tells the Windows Explorer shell that the context menu item can only be accessed by software programmatically. The user interface gets locked down, so the command disappears from the context menu!
Together, it seems that these special registry items are recognized by the IContextMenu interface, which:
Exposes methods that either create or merge a shortcut menu associated with a Shell object.
The IContextMenu interface is exported by Shell extension handlers, chiefly used by Windows Explorer.
In summary, the presence of ProgrammaticAccessOnly causes the shell
enumeration to ignore the shell item, but programs can still refer to and update
it via the IContextMenu interface or directly by modifying the registry.
Best Answer
The font value is a binary stream of bytes derived from the C structure of the LOGFONT structure.
The declaration of this C structure is:
The third row starts with the 17th byte. You may find this by counting: the LONG type is 4 bytes, while BYTE is 1 byte. The CHAR type is a Unicode string.
More information about the values of the fields may be found in the linked article.