Home | Spyware | Links | Downloads | Causes of a Slow PC  


  
    RTG Home
  Causes of a slow PC
  Editing the Registry
  Removing Spyware
  Computer Viruses
  Browser Hijacks
  About Spyware
  Booting Into Safe Mode
  Freeing up Memory
  Installing Memory
  Damaged OS
   
  Top Ten Tips
  Bandwith Speed Tests
  Site Directory
  Preferred Web Browsers
  Fraudulent Emails
  
  Software Downloads
  Cool Stuff
Useful Links
  

 

 

 

 

Editing the Registry

WARNING: Editing the can lead to serious problems if not done correctly.  Always backup your registry before editing.  See: How to backup your registry

What is the Registry?
The Registry is a database of nearly all the settings for Windows operating system and most of your installed applications.

Where is the Registry?
In Windows 95, 98, and Me, the Registry is contained within two hidden files in your Windows directory.  The files are USER.DAT and SYSTEM.DAT.

In Windows 2000 and Windows XP, the Registry is stored in several places called Hives, located in the \windows\system32\config directory and in the \Documents and Settings\{username} folders.

Why edit the Registry?
Simple... to manage the programs that run at Windows startup.  There are several location in the registry where programs start up automatically when Windows starts.  On almost every computer, there are un-necessary programs loading at start up.  These programs may be anything from multimedia plugins and reminders to spyware, malware and popup generating junk programs.  In some cases the places where programs load at start up are legitimate, such as your antivirus program.  In most cases, the programs loading are un-necessary and even harmful.  All programs loading consume your computers resources.

 

Check your new PC's registry!

Below is a snapshot of the registry of a brand new Dell computer.  There were in excess of 50 programs loading from within several startup locations on this brand new computer.  The resulting memory consumption and annoyances, not to mention data collection from the user's activities was a real problem until they were removed.
  


The Run folder of a Brand new Dell PC.

Do I have to manually navigate and edit the Registry myself?
No, you don't have to do this yourself.  There are many programs on the market that are designed to help you.  Many antivirus and anti-spyware programs also remove registry entries. If you are not comfortable editing the registry yourself, use one of the many programs designed to edit the registry for you.  Here are some suggestions. 

How to Edit the Registry manually.

First a little information about the registry.

Structure of the Registry
The Registry has a hierarchal structure, like the directories on your hard disk. Each branch (denoted by a folder icon in the Registry Editor, see below) is called a Key. Each key can contain other keys, as well as Values. Each value contains the actual information stored in the Registry. There are three types of values; String, Binary, and DWORD - the use of these depends upon the context.

Are you in SAFE MODE?

By default, Run keys are ignored in Safe mode.  If your PC is overrun with problems to the point where you can hardly work with it, Boot into SAFE MODE.  How do I do that?

Where are we going go in the Registry?
There are seven Run keys in the registry that cause programs to be run automatically.  A word of caution... Do NOT edit anything beyond these specific Keys.  This page will not cover anything else in the registry.

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run
  
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ RunServices
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ RunServicesOnce
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ RunOnce\Setup
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

How to Edit the Registry Manually
Editing the computer's registry begins with a program on the computer called "regedit".  This program is started by clicking the Start button then "Run".  Type regedit into the text field, then click OK.

You will see this:

What am I looking at?

There are six main branches (five in Windows 2000 and Windows XP), each containing a specific portion of the information stored in the Registry. They are as follows:

HKEY_CLASSES_ROOT - Ignore this
HKEY_CURRENT_USER - We will look in here
HKEY_LOCAL_MACHINE - We will look in here
HKEY_USERS - Ignore this
HKEY_CURRENT_CONFIG - Ignore this
HKEY_DYN_DATA (Windows 95/98/Me only)  - Ignore this

How to navigate the registry:
Take your time here.  You don't want to make any mistakes.  The best way to navigate the registry is to expand a Key by clicking the plus to the left of the branch you want to go into.

We will start with HKEY_CURRENT_USER.

Again, these are the primary locations below.  Those that are grouped together will be right next to each other or very close together in the registry.  We will look at the top group first.  You may not have all of these but you will have some:

  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce

  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run

  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run
      

  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run

  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce

  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ RunServices

  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ RunServicesOnce

  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ RunOnce\Setup

  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

NOTE: There is a HKEY_CURRENT_USER for each profile on Windows 2000 and Windows XP.  You will want to examine each one.  In order to do that, you will need to log into each profile and examine this key.

Click the to the left of HKEY_CURRENT_USER.

Click the to the left of Software

Click the to the left of Microsoft

Click the to the left of Windows

Click the to the left of CurrentVersion

 

Click on the Run folder so that it highlights in blue.  The window to the right in the registry is the contents of the Run folder.  This is what we want to examine.  You may find only a few things in here.  Or you may find so much that you have to scroll down to see it all.  Now is the time to analyze what is in here.  Proceed to the next step.

too much in run.

 

There are a few good ways to understand what things are in here.  There are also a few good tips to recognize the bad stuff right away and blow it out of there.  What you find in here will fit into a few categories:

Acceptable Programs
Programs you want to allow to run at startup.  An example program might be your Antivirus program.  You will have to decide what you want to startup and what you do not want to startup when the PC boots.  Keep in mind that removing an item here in the Run folder does not delete the program, it simply does not cause that program to start automatically when the PC boots up.  You can still start your program manually.  The idea here is you want to keep the run folders to a minimal and free up memory.
Questionable Programs
Programs that you may or may not recognize and are not sure if you need them to start at startup. 
Bad Stuff
In many cases you might find programs starting that are not good. 

How to identify what to what things are:

Look at the "Name" of the entry.  If that does not look familiar, look at the location where it is starting under the "Data" column.  At the end of that line is an executable or a DLL.  If the location is not familiar and neither is the executable, do a Google search for it.  In most cases you will find some reference to the program and can identify it as friend, foe or simply un-necessary.

Deleting a value

To delete a value, right-click on the name of the item you want to delete.  Choose Delete.  There is no confirmation.  It is gone.

NOTE: There is a HKEY_CURRENT_USER for each profile on Windows 2000 and Windows XP.  You will want to examine each one.  In order to do that, you will need to log into each profile and examine this key.

 

NOTE: After editing the registry, you must reboot your PC to unload any of the programs that were starting up in your registry.

 


Now we will look at HKEY_LOCAL_MACHINE.

These are the locations we will look at below.  These are grouped together and will be right next to each other or very close together in the registry.  You may not have all of these but you will have some:

  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run

  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce

  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ RunServices

  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ RunServicesOnce

  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ RunOnce\Setup

  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

 

The Next area to examine is HKEY_LOCAL_MACHINE.  Click the to the left of HKEY_LOCAL_MACHINE to expand it.

Click the to the left of SOFTWARE

Click the to the left of Microsoft

Click the to the left of CurrentVersion

Click on the Run folder so that it highlights in blue.  The window to the right in the registry is the contents of the Run folder.  This is what we want to examine.  You may find only a few things in here.  Or you may find so much that you have to scroll down to see it all.  Now is the time to analyze what is in here.  See above on how to examine the contents of the Run folder.

too much in run.

 

There are a few good ways to understand what things are in here.  There are also a few good tips to recognize the bad stuff right away and blow it out of there.  What you find in here will fit into a few categories:

Acceptable Programs
Programs you want to allow to run at startup.  An example program might be your Antivirus program.  You will have to decide what you want to startup and what you do not want to startup when the PC boots.  Keep in mind that removing an item here in the Run folder does not delete the program, it simply does not cause that program to start automatically when the PC boots up.  You can still start your program manually.  The idea here is you want to keep the run folders to a minimal and free up memory.
Questionable Programs
Programs that you may or may not recognize and are not sure if you need them to start at startup. 
Bad Stuff
In many cases you might find programs starting that are not good. 

 

How to identify what to what things are:

Look at the "Name" of the entry.  If that does not look familiar, look at the location where it is starting under the "Data" column.  At the end of that line is an executable or a DLL.  If the location is not familiar and neither is the executable, do a Google search for it.  In most cases you will find some reference to the program and can identify it as friend, foe or simply un-necessary.

Deleting a value

To delete a value, right-click on the name of the item you want to delete.  Choose Delete.  There is no confirmation.  It is gone. 

At this point, refresh the Run folder by clicking View/Refresh.  Some spyware and virus programs monitor the registry and will put their run command line back into the run folder.  In these cases, a manual removal of the files and processes may be necessary.

 

NOTE: After editing the registry, you must reboot your PC to unload any of the programs that were starting up in your registry.

 

See also:

SYSTEM.INI
A Windows configuration file that describes the current state of the computer system environment.

WIN.INI
The Win.ini file is used in part to start programs under the older Windows 3.x systems and could still do the same under later operating systems.

AUTOEXEC.BAT
Autoexec.bat is a file that can automatically execute programs when a computer boots up.

The Registry
The Registry is a database of nearly all the settings for Windows operating system and most of your installed applications.

BOOT.INI
Here is a compiled list of the options that BOOT.INI currently supports.