No idea if it works for registry, but part of filesystem that are untouchable since win8 can be edited easily using Win7 (or XP, or Linux...), so worth to test loading it offline from a parallel Win7 (or from W7's PE for people who don't understand the value of having more than one OS installed at time)
The service is disabled and stays disabled (so far). I'm talking about the Scheduled Task. The task hasn't enabled the service yet, maybe because I always catch it soon enough (after reboot). And I have other anti-windows update measures in place. As a curiosity, I disabled all scheduled tasks (don't recommend) and this task still gets enabled.So it isn't one of the other 6 or 7 scheduled tasks related to Windows Update that enable it, which is a classic virus behavior - two or more processes watching each other and reenabling them the moment it's disabled.It hasn't gotten that far yet, but Windows sure is moving in that direction.
Go to C:\Windows\System32\Tasks\Microsoft and then to the subdirectory the task file is stored in. Copy the name of the task file (should have no extension). Delete the task from the normal Task Scheduler interface. The task file should be also deleted. Now, create a subdirectory inside the directory the task file was in. Give that directory the name of the task file. The task should not be able to be restored now, as the task file cannot be created anymore (in filesystems, two objects with the exact same name cannot co-exist in the same place, and you blocked that name with the subdirectory).
Haha, I do that with files/directories all the time. I didn't think about it because I don't see the Task Scheduler structure as a tree - I mostly use Nirsoft's Task Scheduler View utility. Edit: But the question still remains how to edit those registry keys with that Capability SID in them; I have growing suspicion I (we) will encounter more of them in the future. I don't care that M$ recommends not to touch it, I am worried that I can not add the SID back if it turns out it's needed after all - at that time, the only solution would be an OS reinstall. (that is, if it's possible to remove the SID at all).