Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1086
  • Last Modified:

Low on Registry Space in XP SP3

Having searched the EE Knowledge Base, I have only found one other reference to someone else experiencing a 'Low on Registry Space' message in XP SP3.

I don't know if it's related, or just a coincidence, but my troubles started after contracting a rootkit trojan (and others).

I have tried all sorts of registry defrags and clean ups, including NTREGOPT, and CleanMyPC Registry Cleaner.
I have also run various trojan removal programmes, including Trojan Remover, Malwarebytes and TDSSKiller from Kaspersky.

If I Defrag my registry, I can get it down from approx 124Mb to 106Mb, but upon rebooting, it's back up. It sounds pretty massive for a registry, though, surely?
I have also run RegSeeker, which found a lot, but the registry only went from 106Mb to 104Mb.

I have also moved my paging file from C: to another drive, in the hope this would help (from what I read elsewhere), but to no avail.

Any ideas?

0
mikeelam
Asked:
mikeelam
  • 8
  • 6
  • 6
  • +1
2 Solutions
 
rockiroadsCommented:
there was this reg hack to increase space http://www.osnn.net/windows-desktop-systems/42411-windows-xp-error-windows-low-registry-space.html dont know if u want to give it a go

i used system mechanic (functional trial version available) as that backs up reg, as well as compacting
0
 
CluskittCommented:
Just one question: How long has it been since that XP was installed?
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 
mikeelamAuthor Commented:
ROCKIROADS:
I've already looked into the Registry Size Limit. It seems the maximum that XP allows is still 102Mb (less than what I have) " If you set it to 0xffffffff the maximum size allowable (or 80 percent of paged pool, up to 102 MB) is set. "

I'll work through the guide on the technet blog you've pointed me to. I ran UPHClean yesterday, already, but haven't done the sharing violation thing.


CLUSKITT: Not sure, at least a couple of years if I have done a re-install. Otherwise longer.
0
 
CluskittCommented:
With windows, it's always a good idea to re-install every now and then (usually a year). Else, the registry gets clustered up with installed/uninstalled software entries, event entries and many more junk. There is no registry cleaner that will fix this, because those cleaners have to fail on the safe side.
Not only that, but the same will happen with dll's, inf's, etc.
This has a huge impact on performance (and will eventually start to generate errors, system faults, etc, more and more often). Windows is the best known example of the enthropy principle :)

I've found that, in the long run, it's much more efficient to lose a few hours each year backing up data and program settings, then performing a clean install (I usually do this simply by deleting the partition and recreating it in windows setup), than to keep using windows for longer periods. That's just my opinion though. However, seeing as I usually employ this policy, I'm not familiar with this error, and as such, won't be able to assist you much more. :)
0
 
mikeelamAuthor Commented:
Following the Technet blog troubleshooting:
Under Performance Monitor, the Registry Quota In Use sits at a constant 7.7%
The Pool Paged Bytes is at 100%, at approx 73Mb.

 the 'SOFTWARE' hive under windows\system32\config is 73Mb, the 'SYSTEM' hive is 12Mb. The 'SECURITY' hive is only 60kb.

None the wiser, so far.
0
 
mikeelamAuthor Commented:
Hi Cluskitt,
Unless anyone else has any bright ideas, it sounds like that's what I may have to do. I've already spent about a day trying to get to the bottom of the "low on registry space" message.
0
 
rockiroadsCommented:
I couldn't find anything else. Not sure now if running system mechanic from iolo.com would help. I do like that tool as it does compact and repair and does it as part of boot up as well as backup. Maybe get more of a result when running in a mode before windows xp or safe mode.

Interesting what Cluskitt says. My company gives out laptops which are renewed every 3 years. We use them heavily espeically the developers with all their tools and never heard of a problem having to reinstall. But good points and reasons made.
0
 
CluskittCommented:
I never said that you HAVE to reinstall every year. I said it's a good policy. What happens is that, after 3 years, enthropy causes the computer to be slower. Slower startup, slower performance... Usually, as this happens very, very gradually, it goes unnoticed till you reinstall.
0
 
rockiroadsCommented:
No, I know what you said and I understand where your coming from. I have managed to keep mine in good shape by regularly running tools like CCleaner, defragging etc.
0
 
Sudeep SharmaTechnical DesignerCommented:
Hi,

You mentioned it starting happening after your system got infected by some rootkit trojan. There could be a possibility that some part of it is still on the system. I would suggest you to try HitmanPro and see if it found something:

32bit
http://dl.surfright.nl/HitmanPro35.exe

64bit
http://dl.surfright.nl/HitmanPro35_x64.exe

If this does not resolve your issue then try Combofix:

Download Combofix
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Tutorial on how to use combofix:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Post logs here for further analysis.

Sudeep
0
 
CluskittCommented:
BTW, it's a bit late for suggesting it, but you could also try HijackThis and posting the log on their forum.
0
 
CluskittCommented:
> No, I know what you said and I understand where your coming from. I have managed to keep mine in good shape by regularly running tools like CCleaner, defragging etc.

Yes, that is a crucial difference, having an IT department that actively takes care of the PCs regularly. Also, something that does make quite a difference is using a decent defrag program (basically, almost any hit in google is better than window's :D).
0
 
mikeelamAuthor Commented:
Hi guys,

I can't help feeling that there's still something affected somewhere by the rootkit nasty, but I think I've exhausted all options on that.
I've done ComboFix and HijackThis (you name it, basically).
I haven't done HitManPro, but from what you say, SSharma, ComboFix would sort out where HitManPro doesn't anyway.

Well... I might leave it over the weekend and see whether I get any more gems of advice, and think about a fresh install on Monday.

Thanks for the comments so far.
0
 
mikeelamAuthor Commented:
I have been doing regular registry clean and defrags, but it hasn't helped in this case.
0
 
rockiroadsCommented:
if it really is a rootkit issue and running something in safemode didnt help then guess your quickest option, instead of trying other tools, is to reinstall like Cluskitt says.
0
 
CluskittCommented:
Check DEP. Try to disable it, and see if it still complains about combofix. If it doesn't, then DEP was your problem. Just check it's settings and it should be fine.
Or, you could try a risky operation:
Restore to a previous time when you still had the problem, clean it again, but this time make sure to write the name of the infection. Then search around for removal tools, or for manual removal instructions. Even then, there's a chance that system restore won't restore the virus.

Without knowing the malware name, there's not really much you can do to make sure what it did. If you knew what it was, you could be alert to its behaviour. I once had a virus (the only time I ever caught a virus infection) that corrupted any exe it could find. However, it wasn't until about 2-3 months later that I found that out, as the ones that were corrupt weren't used as often.
0
 
CluskittCommented:
Disregard what I said. I was thinking about another question. :P

If it's malware, either malware bytes, combofix or spybot are likely to catch it (even if they can't clean it). For viruses, try nod32 online.
0
 
mikeelamAuthor Commented:
I assume nod32's not going to catch anything Kaspersky won't? (Might have helped if I'd had Kaspersky running at the time, but they all seem to slow one's system down so much, even a 2x dual core xeon beast).
0
 
rockiroadsCommented:
there is a difference between antivirus checks and spyware. I note you said you used TDDSKiller from Kaspersky but did you also run antivirus? I had assumed you had if you check for spyware.

one antivirus might not pick up things that another antivirus does.
0
 
CluskittCommented:
It's not too likely, though, if you still feel something is "out there", it's best to be safe.
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

  • 8
  • 6
  • 6
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now