Your software is very promising lakrispipe, because the solution is not integrated with the operating system or changes can be made without notice : a overlay and a transparent control of the registry ! The new keys introduced by the updates must be discriminated or marked: they will be easier to examine in view of their activation/deactivation/deletion with maintain of deletion if necessary. And a event/key/function reference manual will surely be useful. The existing solutions are not hyper-specialised like yours or are part of a heavy security suite (solarwinds registry-monitoring) or very simple (StartupEye Registry Monitor = which only monitors the startup line of the registry).