Editing the Registry
 |
WARNING: Editing the can lead to serious
problems if not done correctly. Always backup your registry before
editing.
See: How to backup your registry |
What
is the Registry?
 The Registry is a database of nearly all the settings for Windows
operating system and most of your installed applications.
Where is the Registry?
In Windows 95, 98, and Me, the Registry is contained within two hidden
files in your Windows directory. The files are USER.DAT and
SYSTEM.DAT.
In Windows 2000 and Windows XP, the
Registry is stored in several places called Hives, located in the
\windows\system32\config directory and in the \Documents and
Settings\{username} folders.
Why edit the Registry?
Simple... to manage the programs that run at Windows startup.
There are several location in the registry where programs start up
automatically when Windows starts. On almost every
computer, there are un-necessary programs loading at start up. These
programs may be anything from multimedia plugins and reminders to spyware,
malware and popup generating junk programs. In some cases the places
where programs load at start up are legitimate, such as your antivirus
program. In most cases, the programs loading are un-necessary and
even harmful. All programs loading consume your computers resources.
|
 Check your new PC's registry!
Below is a snapshot of the registry of a
brand new Dell computer. There were in excess of 50 programs loading
from within several startup locations on this brand new computer.
The resulting memory consumption and annoyances,
not to mention data collection from the user's activities was a real
problem until they were removed.
|
|
The Run folder of a Brand new Dell PC. |
|
 Do
I have to manually navigate and edit the Registry myself?
No, you don't have to do this yourself.
There are many programs on the market that are designed to help you.
Many antivirus and anti-spyware programs also remove registry entries. If
you are not comfortable editing the registry yourself, use one of the many
programs designed to edit the registry for you. Here are some
suggestions.
How to Edit the Registry
manually.
First a little information about the
registry.
Structure of the
Registry
The Registry has a hierarchal structure, like the directories on your hard
disk. Each branch (denoted by a folder icon in the Registry Editor, see
below) is called a Key. Each key can contain other keys, as well as
Values. Each value contains the actual information stored in the Registry.
There are three types of values; String, Binary, and DWORD - the use of
these depends upon the context.
Are you in SAFE MODE?
 |
By default, Run keys are ignored in Safe mode. If your
PC is overrun with problems to the point where you can hardly work
with it, Boot into SAFE MODE.
How do I do that? |
Where are we going go in
the Registry?
There are seven Run keys in the registry
that cause programs to be run automatically. A word of caution... Do
NOT edit anything beyond these specific Keys. This page will not
cover anything else in the registry.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\
RunServices
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\
RunServicesOnce
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\
RunOnce\Setup
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run
How to Edit the Registry
Manually
Editing the computer's registry begins with a program on the
computer called "regedit". This program is started by
clicking the Start button then "Run". Type regedit
into the text field, then click OK.
You will see this:
What am I looking at?
There are six main branches (five in
Windows 2000 and Windows XP), each containing a specific portion of the
information stored in the Registry. They are as follows:
HKEY_CLASSES_ROOT - Ignore this
HKEY_CURRENT_USER - We will look in here
HKEY_LOCAL_MACHINE - We will look in here
HKEY_USERS - Ignore this
HKEY_CURRENT_CONFIG - Ignore this
HKEY_DYN_DATA (Windows 95/98/Me only) - Ignore this
How to navigate the
registry:
Take your time here. You don't want to make any mistakes.
The best way to navigate the registry is to expand a Key by clicking the
plus to the left of the branch you want to go into.
We will start with
HKEY_CURRENT_USER.
Again, these are the
primary locations below. Those that are grouped together will be right next to
each other or very close together in the registry. We will look at
the top group first. You may not have all of these but you
will have some:
-
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce
-
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
-
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run
-
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
-
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce
-
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\
RunServices
-
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\
RunServicesOnce
-
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\
RunOnce\Setup
-
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run
 |
NOTE: There is a
HKEY_CURRENT_USER for each profile on Windows 2000 and
Windows XP. You will want to examine each one. In order
to do that, you will need to log into each profile and examine this
key. |
Click the
 to the
left of HKEY_CURRENT_USER.
Click the
to the
left of Software
Click the
to the
left of Microsoft
Click the
to the
left of Windows
Click the
to the
left of CurrentVersion
Click on the Run folder so that
it highlights in blue.
 The
window to the right in the registry is the contents of the Run folder. This is what
we want to examine. You may find only a few things in here. Or you may
find so much that you have to scroll down to see it all. Now is the
time to analyze what is in here. Proceed to the next step.
 |
|
too much in run. |
There are a few good ways to understand what things are
in here. There are also a few good tips to recognize the bad stuff
right away and blow it out of there. What you find in here will fit
into a few categories:
 |
Acceptable Programs
Programs you want to allow to run at startup. An example
program might be your Antivirus program. You will have to
decide what you want to startup and what you do not want to startup
when the PC boots. Keep in mind that removing an item here in
the Run folder does not delete the program, it simply does not cause
that program to start automatically when the PC boots up. You
can still start your program manually. The idea here is you
want to keep the run folders to a minimal and free up memory. |
 |
Questionable Programs
Programs that you may or may not recognize and are not sure if you
need them to start at startup. |
 |
Bad Stuff
In many cases you might find programs starting that are not good. |
How to identify what
to what things are: Look at the "Name" of
the entry. If that does not look familiar, look at the location
where it is starting under the "Data" column. At the end of that
line is an executable or a DLL. If the location is not familiar
and neither is the executable, do a Google search for it. In most
cases you will find some reference to the program and can identify it as
friend, foe or simply un-necessary.
Deleting a value
To delete a value, right-click on the name of the item
you want to delete. Choose Delete. There is no confirmation.
It is gone.
|
NOTE: There is a
HKEY_CURRENT_USER for each profile on Windows 2000 and
Windows XP. You will want to examine each one. In order
to do that, you will need to log into each profile and examine this
key. |
 |
NOTE: After editing the registry, you must
reboot your PC to unload any of the programs that were starting up
in your registry. |
Now we will look at
HKEY_LOCAL_MACHINE.
These are the
locations we will look at below. These are grouped together and will be right next to
each other or very close together in the registry. You may not have all of these but you
will have some:
-
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
-
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce
-
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\
RunServices
-
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\
RunServicesOnce
-
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\
RunOnce\Setup
-
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run
The Next area to examine is
HKEY_LOCAL_MACHINE. Click the
to the
left of HKEY_LOCAL_MACHINE
to expand it.
Click the
to the
left of SOFTWARE
Click the
to the
left of Microsoft
Click the
to the
left of CurrentVersion
Click on the Run folder so that
it highlights in blue.
The
window to the right in the registry is the contents of the Run folder. This is what
we want to examine. You may find only a few things in here. Or you may
find so much that you have to scroll down to see it all. Now is the
time to analyze what is in here. See above on how to examine the
contents of the Run folder.
|
|
|
too much in run. |
There are a few good ways to understand what things are
in here. There are also a few good tips to recognize the bad stuff
right away and blow it out of there. What you find in here will fit
into a few categories:
|
|
Acceptable Programs
Programs you want to allow to run at startup. An example
program might be your Antivirus program. You will have to
decide what you want to startup and what you do not want to startup
when the PC boots. Keep in mind that removing an item here in
the Run folder does not delete the program, it simply does not cause
that program to start automatically when the PC boots up. You
can still start your program manually. The idea here is you
want to keep the run folders to a minimal and free up memory. |
|
|
Questionable Programs
Programs that you may or may not recognize and are not sure if you
need them to start at startup. |
|
|
Bad Stuff
In many cases you might find programs starting that are not good. |
How to identify what
to what things are: Look at the "Name" of
the entry. If that does not look familiar, look at the location
where it is starting under the "Data" column. At the end of that
line is an executable or a DLL. If the location is not familiar
and neither is the executable, do a Google search for it. In most
cases you will find some reference to the program and can identify it as
friend, foe or simply un-necessary.
Deleting a value
To delete a value, right-click on the name of the item
you want to delete. Choose Delete. There is no confirmation.
It is gone.
At this point, refresh the Run folder by clicking
View/Refresh. Some spyware and virus programs monitor the registry
and will put their run command line back into the run folder. In
these cases, a manual removal of the files and processes may be necessary.
|
NOTE: After editing the registry, you must
reboot your PC to unload any of the programs that were starting up
in your registry. |
See also:
SYSTEM.INI
A
Windows configuration file that describes the current state of the
computer system environment.
WIN.INI
The Win.ini file is used in part to start programs under the older Windows 3.x
systems and could still do the same under later operating systems.
AUTOEXEC.BAT
Autoexec.bat is a file that can automatically execute programs when a
computer boots up.
The Registry
The Registry is a database of nearly all the settings for Windows
operating system and most of your installed applications.
BOOT.INI
Here is a compiled list of the options that BOOT.INI currently supports.
|
