Reclaim Control Over Your Windows-based Pc Part 1

[travstatesmen 0]

Important This tutorial contains steps that tell you how to modify the registry. However, serious problems might occur if you modify the registry incorrectly. Therefore, make sure that you follow these steps carefully. For added protection, back up the registry before you modify it. Then, you can restore the registry if a problem occurs. For more information about how to back up and restore the registry, click the following article number to view the article in the Microsoft Knowledge Base:

322756 How to back up and restore the registry in Windows

1. Introduction
Many of the tips and tricks listed in this tutorial will work on a variety of Windows-based operating systems. However, the examples are taken from Windows XP as that is the OS that I am running at the moment.

I have started this tutorial off with the standard Microsoft warning about editing the Windows registry, as found in many Microsoft Knowledgebase articles that include instructions for making tweaks to the Windows Registry. Despite the warnings, I surf the registry like most people surf the Internet. Since I first learned how to access the registry under Windows 95, I have considered it my personal playground. This tutorial draws on some of that experience. It also comes from my experience in cleaning up customers computers, particularly when they bring a system in saying that it is "running slow and needs more memory". Most of the time I have found that the extra memory was not necessary at all, but a good clean out was all that was required to get the customer's computer running a lot faster.

2. Acknowledgements
The tips and tricks outlined in this tutorial are the techniques that I employ for all of my own computers, and the knowledge has been gained from a variety of sources over the years, including too many sources to quote accurately, and too many people to acknowledge properly. The words of this tutorial are my own, but the knowledge behind it I cannot claim as my unique work.

3. Disclaimer
While I personally employ the techniques described in this tutorial on all of my own computers, I accept no responsibility if the same tips and tricks do not work for you, or if they cause unexpected or unwanted results. You are best advised to experiment for yourself on a non-essential or test computer first. I have been using these same techniques for many years now and have never experienced any negative results.

4. Summary
This tutorial will show you how to reclaim control over your Windows-based PC, using a variety of techniques to fight back against default software that may have been installed on your computer by the manufacturer, to fight back against software that tries to install itself without your express permission, to fight back against remote or automated changes being made to your software or settings, and finally to put protection in place to ensure that such changes cannot and do not occur again. These techniques will mostly involve manual editing of system settings, including manual editing of the Windows registry, or in certain circumstances making use of freeware/shareware software. I tend to promote the concept of making changes manually however, as my experience has led me to believe that many automated system management tools bring with them more problems than they fix. For instance, see this example of a program called Registry Cleaner 2.5, and how it is a malware program itself. There are plenty more examples of this type of thing. The only way that I have found to protect from such threats is to not use these type of programs, and to edit the Windows registry yourself manually.

5. Preparation
Before you begin to reclaim control over your Windows-based PC, there are some things that you need to check first...

• 
  
• To complete the tasks outlined below, you will need to ensure that you are logged onto your computer with full administrative privileges.
  
• You need to backup your Windows registry as per the information provided above. (See the Microsoft KB article

322756, How to back up and restore the registry in Windows)
If you are using Windows XP, you should create a System Restore Point. (See the Microsoft KB article 948247, How to set a system restore point in Windows XP).
Finally, it is a good idea to back up all your personal data, (See the Microsoft KB article 308422, How to use the Backup utility that is included in Windows XP to back up files and folders).
You also need to have a basic understanding of how Windows works. For the purposes of this tutorial I will explain only specific concepts that I think are important to know in order to complete the tasks involved in reclaiming control of your Windows-based PC. One main concept to grasp is the difference between the Computer settings and the User settings. This applies to both the Windows registry and the Start Menu and Desktop. Certain settings load when the computer is started up, whereas other settings load only when the user logs in. In the Windows registry, the main hive that loads when Windows starts up is called HKEY Local Machine (HKLM). When a user logs in to Windows, the hive that loads at that time is called HKEY Current User (HKCU). With the Start Menu and Desktop settings, when Windows starts, the items located in C:\Documents and Settings\All Users\ are loaded irrespective of which user is logged on. When a user logs in, the settings for C:\Documents and Settings\username are then loaded as well, for that particular user.

The next thing that I recommend is preparing the Start Menu for the changes that will be made. Reclaiming control over your Windows-based PC involves not only preventing programs from running that you didn't ask for, but also being able to run those programs when you want them to. You are in control, not the computer! I tend to make these changes on the .\All Users\ part of the Start Menu, so that the new shortcuts we create as part of the following tasks will be accessible by anybody who uses the computer.

TASK 5.1 Preparing the Start Menu

• 
  
• Right-click on the Start button and select Explore All Users from the context menu.
  
• In the right-hand pane, on the same level as the

.\Programs\ folder, create a new folder called "Defaults".
Double-click the new .\Defaults\ folder, and create three new folders under it, named "Desktop", "Registry", and "Start Menu"
You should end up with something resembling the example below...


6. The System Tray
Look at the bottom right-hand corner of your screen, where the clock is. This area, if you didn't know already, is called the System Tray. It contains icons for some of the software and services that are currently running on your computer. I trust that those reading this tutorial already know the difference between "installed" and "running". Many of my customers in the past didn't even understand that concept, so I cannot assume too much prior knowledge on the part of the reader, so please forgive me if this seems a little elementary for some people. There may be a small left-facing arrow within a circle. If so, press it. This reveals any other hidden System Tray icons. How many do you have there? Do you know what all of them are for? Do you know where they all came from? Some will be for devices, such as the volume control for your speakers, some will be monitoring services, such as Windows Live Update, which keeps your computer updated with the latest patches. Some will be protection programs, such as your antivirus or firewall software. All these things are running in the background on your computer before you even start any other application, such as playing a game, opening your Internet browser, or creating a document in Microsoft Word. All those icons in the System Tray represent memory being used up. Do you really need them all? As an example, one thing that is commonly in System Trays is the Quicktime Tray Icon, which allows for quick viewing of Apple QuickTime movies on webpages. Now, tell me, how often do you actually view Apple Quicktime movies on webpages? Is there a particular reason that it needs to be running in the background all the time on your computer? No? Then why leave it there? It is just consuming system memory. If you want to use it then you should be able to still make use of it, but it doesn't need to load up every time you switch the computer on, surely! So, let us reclaim control over the System Tray!

The question to ask ourselves at this point is, if these System Tray icons are running in the background, what is it that starts them running, and how does Windows know to start them? There are several places that Windows looks to find programs that need to be auto-started. The common places are the Startup folder on the Start Menu (both for the current user and for All Users), the Windows Registry (again for both the Computer and the User), and the Services applet. To find out what is being run from where, we need to check each location. There are some built-in Windows tools that are useful for this, such as MSCONFIG.EXE, but as I stated before, I like to do things manually. The object of this tutorial is to give you more control, after all!

7. Hidden Processes
The System Tray is a useful visual reminder of what is currently running in the background of your computer, but it doesn't show everything. Not all background processes have a Tray icon, and it is useful to know what is actually running on your computer before you start reclaiming control. For this step I make a concession and use a powerful, free, third-party utility program called Process Explorer, which is made by SysInternals. It is such good software that Microsoft bought the company, as they do. Have a look at this Microsoft TechNet page for more information. You can download a free copy of Process Explorer (do it quick before Micro$oft starts charging for it) from here. This program can be configured to replace the Windows Task Manager that comes up when you press CTRL-ALT-DEL on your keyboard, and gives a lot more information about currently running processes, including file handles, than Task Manager did. It also provides a link to a Google search for each process that is listed, so that you can get the low-down about each process.

8. The Windows Registry
The first place that I go to, to seek out auto-starting programs is generally the Windows registry. As previously explained, there are two parts to consider in this: the Computer and the User. Most auto-starting programs and services like to be run from the Computer side, so that they will load irrespective of which user is logged in. So we will start there first. To start the Registry Editor, use Start > Run... and then type regedit and click OK. This brings up with Registry editor, normally displaying the last registry key that you viewed. You can scroll back up to the top of the list, or just use the CTRL+Home keyboard shortcut to return to the top of the list. Now, navigate through the following folders to get to the place where programs are commonly auto-started from: HKEY Local Machine \ Software \ Microsoft \ Windows \ CurrentVersion \ Run and this will bring up a list like the example below...

TASK 8.1 Carefully identify your target
Just like with deer hunting, you don't want to fire off a round without carefully identifying your target first! All of the previous warnings about the dangers of editing your registry come into play at this point. Make sure you have backed up the registry before proceeding any further. We can't just rip everything out of the registry's Run key. What about your antivirus program? What about your firewall? You will no doubt want those to keep running automatically, won't you?

• 
  
• Google each entry in the Run key list to make sure that you know what it is, what it does, and why it is there.
  
• Some items may also have a component part in the User settings, which we will get to later.
  
• Some items, such as

C:\WINDOWS\system32\ctfmon.exe are benign and are quite okay to leave running in the background.
Be aware that some malware can masquerade as real filenames. For instance, why would NOTEPAD.EXE be in your Run key if Notepad doesn't auto-start?
Use Windows Explorer if necessary to display the executable file, and then check the properties of the file, including the last modified date and the Company details on the Version tab.
TASK 8.2 Create a Shortcut
Rather than just deleting the items from our Run key, we are going to create a shortcut to them in the Start Menu, so that you can run them manually when you want to. This is the essence of reclaiming control of your Windows-based PC. If you want it to run, then you will tell it to run! Remember, you're in charge now, not the computer! Before you start this task, you should still have Windows Explorer open, and showing the three new folders that we created earlier, under C:\Documents and Settings\All Users\Start Menu\Defaults\. You should also have the Run key list visible as above. Arrange the screen as you feel comfortable, either by tiling the windows side-by-side, or making use of the ALT+TAB keyboard shortcut to switch between the two windows.

• 
  
• In Registry Editor, double-click on the first Run list entry that you intend to take control of.
  
• Highlight and copy the Value Data information.
  
• In Windows Explorer, right-click in the

.\Registry\ folder and create a new Shortcut.
Paste the link from the Run key's Value Data into the new Shortcut's "location of the item" textbox.
Make sure that the full pathname is enclosed in quote marks, then click the "Next" button.
In Registry Editor, highlight and copy the Value Name information.
In Windows Explorer, paste the Run key's Value Name into the new Shortcut's "name for this shortcut" textbox, and click the "Finish" button.
You have now created a shortcut to run the Run key item manually from your Start Menu. You can now safely delete the item from your Windows Registry's Run list. Follow the same steps above for all of the Run key items that you intend to reclaim control of.

TASK 8.3 The User settings
Once the Computer settings have been cleaned up, it is time to move on to the User settings, and to do the same thing there. Navigate through the following folders in the Registry Editor to get to the next place where programs are commonly auto-started from: HKEY Current User \ Software \ Microsoft \ Windows \ CurrentVersion \ Run. Now proceed with the instructions for tasks 8.1 and 8.2 above, to carefully identify the keys, to create shortcuts in the Start Menu for them, and then to delete the Run key items.

9. Results so far
Having followed the steps of the above tasks, you probably won't notice too much difference just yet in the number of icons showing in your System Tray, or in the list of running processes found by Process Explorer. In order to see the effect of the changes that you have made, you will need to reboot your computer first. Remember, you are looking for less icons in the System Tray! If there is anything that you need to run, you can do so manually from your new list at the top of the Start Menu. If you find it necessary to have something starting automatically after all, you can recreate the registry key for the item from the information that you have saved in the shortcut for that item.

10. Next steps

This concludes Part 1 of this tutorial. The next part will cover reclaiming control of software and services that do not start from the Windows registry, and also of reclaiming control over the Start Menu and the Desktop items.

Edited September 21, 2008 by travstatesmen (see edit history)

[-Sky- 0]

Very nice post Trav! And was very useful. I regained all of my PC's rights and everything. :)Is it possible to get the Administrator username on the Welcome screen so I can also use that instead of running my Computer in safe mode?-Sky

[travstatesmen 0]

Thanks for the feedback -Sky-. The tutorial is not finished yet though. There are still other places where auto-starting programs like to hide in Windows, and I'll be digging them out in the next exciting episode!

 

As for your question, I assume that you are running Windows XP, right? You can make any user account have administrative privileges. I tend to only have two accounts on each Windows XP computer that have full Administrative privileges: the administrator account (renamed for security), and a back door account (in case I cannot access the main administrator account). Normally I use a "limited user" account for daily activities on the computer, such as surfing the Net. This helps to reduce the possibility of virus and trojan click-by attacks.

 

If you are using the Windows XP style interface (as opposed to the Windows Classic view, which looks more like Windows 2000) then you can access the User Accounts settings to change your user privileges just by clicking on your own user icon at the very top of the Start Menu. But with the Classic View enabled, you would need to use the Control Panel to access User Accounts settings instead. On the top menu bar of the User Accounts dialog box, click the "Home" button to get access to the full power of the User Accounts settings. I think that from there you should be able to find your way to answering your own question about getting the Administrator username onto the Welcome screen. Hope this helps!