Solved

Low on Registry Space in XP SP3

Posted on 2010-08-27
21
986 Views
Last Modified: 2013-11-30
Having searched the EE Knowledge Base, I have only found one other reference to someone else experiencing a 'Low on Registry Space' message in XP SP3.

I don't know if it's related, or just a coincidence, but my troubles started after contracting a rootkit trojan (and others).

I have tried all sorts of registry defrags and clean ups, including NTREGOPT, and CleanMyPC Registry Cleaner.
I have also run various trojan removal programmes, including Trojan Remover, Malwarebytes and TDSSKiller from Kaspersky.

If I Defrag my registry, I can get it down from approx 124Mb to 106Mb, but upon rebooting, it's back up. It sounds pretty massive for a registry, though, surely?
I have also run RegSeeker, which found a lot, but the registry only went from 106Mb to 104Mb.

I have also moved my paging file from C: to another drive, in the hope this would help (from what I read elsewhere), but to no avail.

Any ideas?

0
Comment
Question by:mikeelam
  • 8
  • 6
  • 6
  • +1
21 Comments
 
LVL 65

Expert Comment

by:rockiroads
ID: 33542639
there was this reg hack to increase space http://www.osnn.net/windows-desktop-systems/42411-windows-xp-error-windows-low-registry-space.html dont know if u want to give it a go

i used system mechanic (functional trial version available) as that backs up reg, as well as compacting
0
 
LVL 18

Expert Comment

by:Cluskitt
ID: 33542644
Just one question: How long has it been since that XP was installed?
0
 
LVL 65

Assisted Solution

by:rockiroads
rockiroads earned 200 total points
ID: 33542717
0
 

Author Comment

by:mikeelam
ID: 33542884
ROCKIROADS:
I've already looked into the Registry Size Limit. It seems the maximum that XP allows is still 102Mb (less than what I have) " If you set it to 0xffffffff the maximum size allowable (or 80 percent of paged pool, up to 102 MB) is set. "

I'll work through the guide on the technet blog you've pointed me to. I ran UPHClean yesterday, already, but haven't done the sharing violation thing.


CLUSKITT: Not sure, at least a couple of years if I have done a re-install. Otherwise longer.
0
 
LVL 18

Accepted Solution

by:
Cluskitt earned 300 total points
ID: 33542977
With windows, it's always a good idea to re-install every now and then (usually a year). Else, the registry gets clustered up with installed/uninstalled software entries, event entries and many more junk. There is no registry cleaner that will fix this, because those cleaners have to fail on the safe side.
Not only that, but the same will happen with dll's, inf's, etc.
This has a huge impact on performance (and will eventually start to generate errors, system faults, etc, more and more often). Windows is the best known example of the enthropy principle :)

I've found that, in the long run, it's much more efficient to lose a few hours each year backing up data and program settings, then performing a clean install (I usually do this simply by deleting the partition and recreating it in windows setup), than to keep using windows for longer periods. That's just my opinion though. However, seeing as I usually employ this policy, I'm not familiar with this error, and as such, won't be able to assist you much more. :)
0
 

Author Comment

by:mikeelam
ID: 33543071
Following the Technet blog troubleshooting:
Under Performance Monitor, the Registry Quota In Use sits at a constant 7.7%
The Pool Paged Bytes is at 100%, at approx 73Mb.

 the 'SOFTWARE' hive under windows\system32\config is 73Mb, the 'SYSTEM' hive is 12Mb. The 'SECURITY' hive is only 60kb.

None the wiser, so far.
0
 

Author Comment

by:mikeelam
ID: 33543111
Hi Cluskitt,
Unless anyone else has any bright ideas, it sounds like that's what I may have to do. I've already spent about a day trying to get to the bottom of the "low on registry space" message.
0
 
LVL 65

Expert Comment

by:rockiroads
ID: 33543433
I couldn't find anything else. Not sure now if running system mechanic from iolo.com would help. I do like that tool as it does compact and repair and does it as part of boot up as well as backup. Maybe get more of a result when running in a mode before windows xp or safe mode.

Interesting what Cluskitt says. My company gives out laptops which are renewed every 3 years. We use them heavily espeically the developers with all their tools and never heard of a problem having to reinstall. But good points and reasons made.
0
 
LVL 18

Expert Comment

by:Cluskitt
ID: 33543491
I never said that you HAVE to reinstall every year. I said it's a good policy. What happens is that, after 3 years, enthropy causes the computer to be slower. Slower startup, slower performance... Usually, as this happens very, very gradually, it goes unnoticed till you reinstall.
0
 
LVL 65

Expert Comment

by:rockiroads
ID: 33543626
No, I know what you said and I understand where your coming from. I have managed to keep mine in good shape by regularly running tools like CCleaner, defragging etc.
0
Highfive Gives IT Their Time Back

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 
LVL 29

Expert Comment

by:Sudeep Sharma
ID: 33543658
Hi,

You mentioned it starting happening after your system got infected by some rootkit trojan. There could be a possibility that some part of it is still on the system. I would suggest you to try HitmanPro and see if it found something:

32bit
http://dl.surfright.nl/HitmanPro35.exe

64bit
http://dl.surfright.nl/HitmanPro35_x64.exe

If this does not resolve your issue then try Combofix:

Download Combofix
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Tutorial on how to use combofix:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Post logs here for further analysis.

Sudeep
0
 
LVL 18

Expert Comment

by:Cluskitt
ID: 33543662
BTW, it's a bit late for suggesting it, but you could also try HijackThis and posting the log on their forum.
0
 
LVL 18

Expert Comment

by:Cluskitt
ID: 33543692
> No, I know what you said and I understand where your coming from. I have managed to keep mine in good shape by regularly running tools like CCleaner, defragging etc.

Yes, that is a crucial difference, having an IT department that actively takes care of the PCs regularly. Also, something that does make quite a difference is using a decent defrag program (basically, almost any hit in google is better than window's :D).
0
 

Author Comment

by:mikeelam
ID: 33543853
Hi guys,

I can't help feeling that there's still something affected somewhere by the rootkit nasty, but I think I've exhausted all options on that.
I've done ComboFix and HijackThis (you name it, basically).
I haven't done HitManPro, but from what you say, SSharma, ComboFix would sort out where HitManPro doesn't anyway.

Well... I might leave it over the weekend and see whether I get any more gems of advice, and think about a fresh install on Monday.

Thanks for the comments so far.
0
 

Author Comment

by:mikeelam
ID: 33543873
I have been doing regular registry clean and defrags, but it hasn't helped in this case.
0
 
LVL 65

Expert Comment

by:rockiroads
ID: 33543938
if it really is a rootkit issue and running something in safemode didnt help then guess your quickest option, instead of trying other tools, is to reinstall like Cluskitt says.
0
 
LVL 18

Expert Comment

by:Cluskitt
ID: 33543974
Check DEP. Try to disable it, and see if it still complains about combofix. If it doesn't, then DEP was your problem. Just check it's settings and it should be fine.
Or, you could try a risky operation:
Restore to a previous time when you still had the problem, clean it again, but this time make sure to write the name of the infection. Then search around for removal tools, or for manual removal instructions. Even then, there's a chance that system restore won't restore the virus.

Without knowing the malware name, there's not really much you can do to make sure what it did. If you knew what it was, you could be alert to its behaviour. I once had a virus (the only time I ever caught a virus infection) that corrupted any exe it could find. However, it wasn't until about 2-3 months later that I found that out, as the ones that were corrupt weren't used as often.
0
 
LVL 18

Expert Comment

by:Cluskitt
ID: 33543997
Disregard what I said. I was thinking about another question. :P

If it's malware, either malware bytes, combofix or spybot are likely to catch it (even if they can't clean it). For viruses, try nod32 online.
0
 

Author Comment

by:mikeelam
ID: 33544110
I assume nod32's not going to catch anything Kaspersky won't? (Might have helped if I'd had Kaspersky running at the time, but they all seem to slow one's system down so much, even a 2x dual core xeon beast).
0
 
LVL 65

Expert Comment

by:rockiroads
ID: 33544268
there is a difference between antivirus checks and spyware. I note you said you used TDDSKiller from Kaspersky but did you also run antivirus? I had assumed you had if you check for spyware.

one antivirus might not pick up things that another antivirus does.
0
 
LVL 18

Expert Comment

by:Cluskitt
ID: 33545118
It's not too likely, though, if you still feel something is "out there", it's best to be safe.
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

It is only natural that we all want our PCs to be in good working order, improved system performance, so that is exactly how programs are advertised to entice. They say things like:            •      PC crashes? Get registry cleaner to repair it!    …
I. Introduction There's an interesting discussion going on now in an Experts Exchange Group — Attachments with no extension (http://www.experts-exchange.com/discussions/210281/Attachments-with-no-extension.html). This reminded me of questions tha…
Excel styles will make formatting consistent and let you apply and change formatting faster. In this tutorial, you'll learn how to use Excel's built-in styles, how to modify styles, and how to create your own. You'll also learn how to use your custo…
In this seventh video of the Xpdf series, we discuss and demonstrate the PDFfonts utility, which lists all the fonts used in a PDF file. It does this via a command line interface, making it suitable for use in programs, scripts, batch files — any pl…

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now