What is the Registry file, and how can I work with it in Windows XP?
I have to say it, what a great question! Us Windows folks talk about editing the registry time and again, but rarely step back and answer the basic question of what the registry actually is. Since Windows is the flagship product of Microsoft, let’s start by viewing their definition:
The Microsoft Computer Dictionary, Fifth Edition, defines the registry as:
A central hierarchical database used in Microsoft Windows 9x, Windows CE, Windows NT, and Windows 2000 used to store information necessary to configure the system for one or more users, applications and hardware devices.
The Registry contains information that Windows continually references during operation, such as profiles for each user, the applications installed on the computer and the types of documents that each can create, property sheet settings for folders and application icons, what hardware exists on the system, and the ports that are being used.
The Registry replaces most of the text-based .ini files used in Windows 3.x and MS-DOS configuration files, such as the Autoexec.bat and Config.sys. Although the Registry is common to several Windows operating systems, there are some differences among them.
Registry data is stored in binary files.
Okay. That’s not particularly clear, though, and it skips the fact that Windows XP has a registry file too. Here’s a better explanation from Jerry Honeycutt:
The Windows XP registry is the database in which the operating system stores most of its settings. It’s where programs store their settings. It contains information about what hardware is installed on the system. Importantly, the registry defines relationships between different parts of the operating system’s user interface. For example, the registry defines what you see on the desktop; how the Start menu and taskbar work; and how the operating system starts.
Make sense?
In terms of editing the registry, here are some articles worth reading:
- Windows NT Magazine: Inside the Registry
- Customizing your PC with the Windows XP Registry
- How to back up, edit, and restore the registry in Windows XP
- Don’t Fear the Registry: Windows XP Hacks
Hope that clears everything up for you. Good luck editing the registry, and please be careful and make sure you have good backups!
Thanks for the post. Actually I am looking for a software for Registry BackUp
i cannot understand about registry files please give me knowledge about registry files
I think Registry is the most important part of Window OS. Any way thank for this information:)
i believe registry is the most important part of the windows machine. so the backup and security of it is more important. can you please suggest any of good registry backup software…?
Holy cow, Doc. Help with what? Looks like you just posted a dictionary. 🙂
Posted to computerhope.com January 3, 2011, 9:03 PM
100+ Registry Data KEYS that have been disabled by the “ -k “ switch BUG – Read the list and the descriptions – Maybe this has affected your computer too!
Remember: The purpose of a registry file is to CONTROL the SETTINGS AND BEHAVIOUR of your computer’s operating system and programs. These settings are essentially the brain of your computer. To make customizations or apply tweaks to an application, you may need to create a registry file. However, modifying or changing these settings can inadvertently cause serious damage to your system if you are not educated on what you are doing.
The main culprit with the extender “ -k ” attached to it is “netsvcs” but they are all associated with the DATA String with the “svchost.exe”
Here are more names that show up with the “ -k “ switch attached to it that are disabling some of the other Reg KEYS.
-k NetworkService
-k dot3svc
-k eapsvcs
-k HTTPFilter
-k LocalService
-k nosGetPlusHelper
-k imgsvc
-k WudfServiceGroup
==================
What is svchost.exe?
————————–
General Info:
File Name = Svchost.exe
Process Name = Microsoft Service Host Process
File Location = C:|Windows|System32
Svchost.exe is a system process which is included with Windows. The official process name is Microsoft Service Host Process. File sizes will differ from computer to computer but documented file sizes are 14,336 bytes (86% of all occurrence), 12,800 bytes and 22,016 bytes. Svchost.exe should NOT be disabled or REMOVED because it’s an essential file required by your computer’s Windows Operating system. But Svchost.exe may be damaged and corrupt causing errors, high CPU usage and slow computer performance.
A couple of the main problems I am having with the computer is that I can not install updates properly and that my Cryptographic Services have been disabled although I know that it IS enabled and that it is set to automatic at boot up time.
I don’t know where the “-k netsvcs” came from but I’m going to go through the entire Registry again and take them all out. They don’t belong there as far as I can tell. I mean, you can clearly see the Reg KEYS that this BUG is disabling.
The address line in the “C:\Windows\System32\ Directory” looks like this:
C:\WINDOWS\system32\svchost.exe
NOT like this:
C:\WINDOWS\system32\svchost.exe -k netsvcs
There is NO listing of the svchost.exe file in the
C:\Windows\System\
Directory at all.
The only other place on the computer that “svchost.exe” exists is:
C:\WINDOWS\$NtServicePackUninstall$\svchost.exe
C:\WINDOWS\ServicePackFiles\i386\svchost.exe
C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe.config
No where in any of these files does it have the extender of “ -k ”
So, if no one has any objection, I’m going to delete the extension “ -k netsvcs” (and all of it’s “ -k ” buddies) in all the Registry files where found.
If anyone knows of a reason why I should not delete these file extensions, Please let me know and why I should not delete them.
I’m going to list all the locations of the infraction that I found in MY “Registry Data File” so that if someone else is having a similar problem of the same area, they will know Where to look for it and why that particular function is NOT functioning properly and can then know how to fix it.
I WOULD STRONGLY ADVISE ALL NOT TO FOLLOW IN MY FOORSTEPS AT THIS TIME.
I’ll first Back-up my system and the Registry files before effecting repairs and report back here as to the outcome.
———————————————————————————————————————————————-
THE LIST (Partial)
———————————————————————————————————————————————-
Key Name = HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Alerter
Value Name = ImagePath
Value Data = %SystemRoot%\System32\svchost.exe -k LocalService
Description = Notifies selected users and computers of administrative alerts. If the service is stopped, programs that use administrative alerts will not receive them. If this service is disabled, any services that explicitly depend on it will fail to start.
———————————————————————————————————————————————-
Key Name = HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AppMgmt
Value Name = ImagePath
Value Data = %SystemRoot%\system32\svchost.exe -k netsvcs
Description = Provides software installation services such as Assign, Publish, and Remove.
———————————————————————————————————————————————-
Key Name = HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AudioSrv
Value Name = ImagePath
Value Data = %SystemRoot%\System32\svchost.exe -k netsvcs
Description = Manages audio devices for Windows-based programs. If this service is stopped, audio devices and effects will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
———————————————————————————————————————————————-
Key Name = HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BITS
Value Name = ImagePath
Value Data = %SystemRoot%\System32\svchost.exe -k netsvcs
Description = Transfers files in the background using idle network bandwidth. If the service is stopped, features such as Windows Update, and MSN Explorer will be unable to automatically download programs and other information. If this service is disabled, any services that explicitly depend on it may fail to transfer files if they do not have a fail safe mechanism to transfer files directly through IE in case BITS has been disabled.
———————————————————————————————————————————————-
Key Name = HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Browser
Value Name = ImagePath
Value Data = %SystemRoot%\System32\svchost.exe -k netsvcs
Description = Maintains an updated list of computers on the network and supplies this list to computers designated as browsers. If this service is stopped, this list will not be updated or maintained. If this service is disabled, any services that explicitly depend on it will fail to start.
———————————————————————————————————————————————-
Key Name = HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\CryptSvc
Value Name = ImagePath
Value Data = %SystemRoot%\system32\svchost.exe -k netsvcs
Description = Provides three management services: Catalog Database Service, which confirms the signatures of Windows files; Protected Root Service, which adds and removes Trusted Root Certification Authority certificates from this computer; and Key Service, which helps enroll this computer for certificates. If this service is stopped, these management services will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
———————————————————————————————————————————————-
Key Name = HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dhcp
Value Name = ImagePath
Value Data = %SystemRoot%\System32\svchost.exe -k netsvcs
Description = Manages network configuration by registering and updating IP addresses and DNS names.
———————————————————————————————————————————————-
Key Name = HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\dmserver
Value Name = ImagePath
Value Data = %SystemRoot%\System32\svchost.exe -k netsvcs
Description = Detects and monitors new hard disk drives and sends disk volume information to Logical Disk Manager Administrative Service for configuration. If this service is stopped, dynamic disk status and configuration information may become out of date. If this service is disabled, any services that explicitly depend on it will fail to start.
———————————————————————————————————————————————-
Key Name = HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache
Value Name = ImagePath
Value Data = %SystemRoot%\System32\svchost.exe -k NetworkService
Description = Resolves and caches Domain Name System (DNS) names for this computer. If this service is stopped, this computer will not be able to resolve DNS names and locate Active Directory domain controllers. If this service is disabled, any services that explicitly depend on it will fail to start.
———————————————————————————————————————————————-
Key Name = HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dot3svc
Value Name = ImagePath
Value Data = %SystemRoot%\System32\svchost.exe -k dot3svc
Description = This service performs IEEE 802.1X authentication on Ethernet interfaces
———————————————————————————————————————————————-
Key Name = HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EapHost
Value Name = ImagePath
Value Data = %SystemRoot%\System32\svchost.exe -k eapsvcs
Description = Provides windows clients Extensible Authentication Protocol Service
———————————————————————————————————————————————-
Key Name = HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ERSvc
Value Name = ImagePath
Value Data = %SystemRoot%\System32\svchost.exe -k netsvcs
Description = Allows error reporting for services and applictions running in non-standard environments.
———————————————————————————————————————————————-
Key Name = HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventSystem
Value Name = ImagePath
Value Data = C:\WINDOWS\System32\svchost.exe -k netsvcs
Description = Supports System Event Notification Service (SENS), which provides automatic distribution of events to subscribing Component Object Model (COM) components. If the service is stopped, SENS will close and will not be able to provide logon and logoff notifications. If this service is disabled, any services that explicitly depend on it will fail to start.
———————————————————————————————————————————————-
Key Name = HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\FastUserSwitchingCompatibility
Value Name = ImagePath
Value Data = %SystemRoot%\System32\svchost.exe -k netsvcs
Description = Provides management for applications that require assistance in a multiple user environment.
———————————————————————————————————————————————-
Key Name = HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\helpsvc
Value Name = ImagePath
Value Data = %SystemRoot%\System32\svchost.exe -k netsvcs
Description = Enables Help and Support Center to run on this computer. If this service is stopped, Help and Support Center will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
———————————————————————————————————————————————-
Key Name = HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\HidServ
Value Name = ImagePath
Value Data = %SystemRoot%\System32\svchost.exe -k netsvcs
Description = Enables generic input access to Human Interface Devices (HID), which activates and maintains the use of predefined hot buttons on keyboards, remote controls, and other multimedia devices. If this service is stopped, hot buttons controlled by this service will no longer function. If this service is disabled, any services that explicitly depend on it will fail to start.
———————————————————————————————————————————————-
Key Name = HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\hkmsvc
Value Name = ImagePath
Value Data = %SystemRoot%\System32\svchost.exe -k netsvcs
Description = Manages health certificates and keys (used by NAP)
———————————————————————————————————————————————-
Key Name = HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\HTTPFilter
Value Name = ImagePath
Value Data = %SystemRoot%\System32\svchost.exe -k HTTPFilter
Description = This service implements the secure hypertext transfer protocol (HTTPS) for the HTTP service, using the Secure Socket Layer (SSL). If this service is disabled, any services that explicitly depend on it will fail to start.
———————————————————————————————————————————————-
Key Name = HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\lanmanworkstation
Value Name = ImagePath
Value Data = %SystemRoot%\System32\svchost.exe -k netsvcs
Description = “Creates and maintains client network connections to remote servers. If this service is stopped, these connections will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.”
———————————————————————————————————————————————-
Key Name = HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\LmHosts
Value Name = ImagePath
Value Data = %SystemRoot%\System32\svchost.exe -k LocalService
Description = Enables support for NetBIOS over TCP/IP (NetBT) service and NetBIOS name resolution.
———————————————————————————————————————————————-
Key Name = HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Messenger
Value Name = ImagePath
Value Data = %SystemRoot%\System32\svchost.exe -k netsvcs
Description = “Transmits net send and Alerter service messages between clients and servers. This service is not related to Windows Messenger. If this service is stopped, Alerter messages will not be transmitted. If this service is disabled, any services that explicitly depend on it will fail to start.”
———————————————————————————————————————————————-
Key Name = HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\napagent
Value Name = ImagePath
Value Data = %SystemRoot%\System32\svchost.exe -k netsvcs
Description = Allows windows clients to participate in Network Access Protection
———————————————————————————————————————————————-
Key Name = HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Netman
Value Name = ImagePath
Value Data = %SystemRoot%\System32\svchost.exe -k netsvcs
Description = Manages objects in the Network and Dial-Up Connections folder, in which you can view both local area network and remote connections.
———————————————————————————————————————————————-
Key Name = HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Nla
Value Name = ImagePath
Value Data = %SystemRoot%\System32\svchost.exe -k netsvcs
Description = Collects and stores network configuration and location information, and notifies applications when this information changes.
———————————————————————————————————————————————-
Key Name = HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\nosGetPlusHelper
Value Name = ImagePath
Value Data = %SystemRoot%\System32\svchost.exe -k nosGetPlusHelper
Description = N/A
———————————————————————————————————————————————-
Key Name = HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NtmsSvc
Value Name = ImagePath
Value Data = %SystemRoot%\system32\svchost.exe -k netsvcs
Description = N/A
———————————————————————————————————————————————-
Key Name = HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RasAuto
Value Name = ImagePath
Value Data = %SystemRoot%\System32\svchost.exe -k netsvcs
Description = Creates a connection to a remote network whenever a program references a remote DNS or NetBIOS name or address.
———————————————————————————————————————————————-
Key Name = HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RasMan
Value Name = ImagePath
Value Data = %SystemRoot%\System32\svchost.exe -k netsvcs
Description = Creates a network connection.
———————————————————————————————————————————————-
Key Name = HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RemoteAccess
Value Name = ImagePath
Value Data = %SystemRoot%\System32\svchost.exe -k netsvcs
Description = Offers routing services to businesses in local area and wide area network environments.
———————————————————————————————————————————————-
Key Name = HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Schedule
Value Name = ImagePath
Value Data = %SystemRoot%\System32\svchost.exe -k netsvcs
Description = Enables a user to configure and schedule automated tasks on this computer. If this service is stopped, these tasks will not be run at their scheduled times. If this service is disabled, any services that explicitly depend on it will fail to start.
———————————————————————————————————————————————-
Key Name = HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\seclogon
Value Name = ImagePath
Value Data = %SystemRoot%\System32\svchost.exe -k netsvcs
Description = Enables starting processes under alternate credentials. If this service is stopped, this type of logon access will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
———————————————————————————————————————————————-
Key Name = HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SENS
Value Name = ImagePath
Value Data = %SystemRoot%\system32\svchost.exe -k netsvcs
Description = Tracks system events such as Windows logon, network, and power events. Notifies COM+ Event System subscribers of these events.
———————————————————————————————————————————————-
Key Name = HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess
Value Name = ImagePath
Value Data = %SystemRoot%\System32\svchost.exe -k netsvcs
Description = Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network.
———————————————————————————————————————————————-
Key Name = HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ShellHWDetection
Value Name = ImagePath
Value Data = %SystemRoot%\System32\svchost.exe -k netsvcs
Description = N/A
———————————————————————————————————————————————-
Key Name = HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\srservice
Value Name = ImagePath
Value Data = %SystemRoot%\System32\svchost.exe -k netsvcs
Description = Performs system restore functions. To stop service, turn off System Restore from the System Restore tab in My Computer->Properties
———————————————————————————————————————————————-
Key Name = HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SSDPSRV
Value Name = ImagePath
Value Data = %SystemRoot%\System32\svchost.exe -k LocalService
Description = Enables discovery of UPnP devices on your home network.
———————————————————————————————————————————————-
Key Name = HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\stisvc
Value Name = ImagePath
Value Data = %SystemRoot%\System32\svchost.exe -k imgsvc
Description = Provides image acquisition services for scanners and cameras.
———————————————————————————————————————————————-
Key Name = HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\TapiSrv
Value Name = ImagePath
Value Data = %SystemRoot%\System32\svchost.exe -k netsvcs
Description = Provides Telephony API (TAPI) support for programs that control telephony devices and IP based voice connections on the local computer and, through the LAN, on servers that are also running the service.
———————————————————————————————————————————————-
Key Name = HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Themes
Value Name = ImagePath
Value Data = %SystemRoot%\System32\svchost.exe -k netsvcs
Description = Provides user experience theme management.
———————————————————————————————————————————————-
Key Name = HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\TrkWks
Value Name = ImagePath
Value Data = %SystemRoot%\system32\svchost.exe -k netsvcs
Description = Maintains links between NTFS files within a computer or across computers in a network domain.
———————————————————————————————————————————————-
Key Name = HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\upnphost
Value Name = ImagePath
Value Data = %SystemRoot%\System32\svchost.exe -k LocalService
Description = Provides support to host Universal Plug and Play devices.
———————————————————————————————————————————————-
Key Name = HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\W32Time
Value Name = ImagePath
Value Data = %SystemRoot%\System32\svchost.exe -k netsvcs
Description = Maintains date and time synchronization on all clients and servers in the network. If this service is stopped, date and time synchronization will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
———————————————————————————————————————————————-
Key Name = HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WebClient
Value Name = ImagePath
Value Data = %SystemRoot%\System32\svchost.exe -k LocalService
Description = Enables Windows-based programs to create, access, and modify Internet-based files. If this service is stopped, these functions will not be available. If this service is disabled, any services that explicitly depend on it will fail to start.
———————————————————————————————————————————————-
Key Name = HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\winmgmt
Value Name = ImagePath
Value Data = %systemroot%\system32\svchost.exe -k netsvcs
Description = Provides a common interface and object model to access management information about operating system, devices, applications and services. If this service is stopped, most Windows-based software will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
———————————————————————————————————————————————-
Key Name = HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WmdmPmSN
Value Name = ImagePath
Value Data = %SystemRoot%\System32\svchost.exe -k netsvcs
Description = Retrieves the serial number of any portable media player connected to this computer. If this service is stopped, protected content might not be down loaded to the device.
———————————————————————————————————————————————-
Key Name = HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\wscsvc
Value Name = ImagePath
Value Data = %SystemRoot%\System32\svchost.exe -k netsvcs
Description = Monitors system security settings and configurations.
———————————————————————————————————————————————-
Key Name = HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\wuauserv
Value Name = ImagePath
Value Data = %systemroot%\system32\svchost.exe -k netsvcs
Description = Enables the download and installation of critical Windows updates. If the service is disabled, the operating system can be manually updated at the Windows Update Web site.
———————————————————————————————————————————————-
Key Name = HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WudfSvc
Value Name = ImagePath
Value Data = %SystemRoot%\system32\svchost.exe -k WudfServiceGroup
Description = Manages user-mode driver host processes
———————————————————————————————————————————————-
Key Name = HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WZCSVC
Value Name = ImagePath
Value Data = %SystemRoot%\System32\svchost.exe -k netsvcs
Description = Provides automatic configuration for the 802.11 adapters
———————————————————————————————————————————————-
Key Name = HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\xmlprov
Value Name = ImagePath
Value Data = %SystemRoot%\System32\svchost.exe -k netsvcs
Description = Manages XML configuration files on a domain basis for automatic network provisioning.
———————————————————————————————————————————————-
Key Name = HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Alerter
Value Name = ImagePath
Value Data = %SystemRoot%\System32\svchost.exe -k netsvcs
Description = %SystemRoot%\System32\svchost.exe -k LocalService
———————————————————————————————————————————————-
Key Name = HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\AppMgmt
Value Name = ImagePath
Value Data = %SystemRoot%\system32\svchost.exe -k netsvcs
Description = Provides software installation services such as Assign, Publish, and Remove.
———————————————————————————————————————————————-
Key Name = HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\AudioSrv
Value Name = ImagePath
Value Data = %SystemRoot%\System32\svchost.exe -k netsvcs
Description = Manages audio devices for Windows-based programs. If this service is stopped, audio devices and effects will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
———————————————————————————————————————————————-
Key Name = HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\BITS
Value Name = ImagePath
Value Data = %SystemRoot%\System32\svchost.exe -k netsvcs
Description = Transfers files in the background using idle network bandwidth. If the service is stopped, features such as Windows Update, and MSN Explorer will be unable to automatically download programs and other information. If this service is disabled, any services that explicitly depend on it may fail to transfer files if they do not have a fail safe mechanism to transfer files directly through IE in case BITS has been disabled.
———————————————————————————————————————————————-
Key Name = HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Browser
Value Name = ImagePath
Value Data = %SystemRoot%\System32\svchost.exe -k netsvcs
Description = Maintains an updated list of computers on the network and supplies this list to computers designated as browsers. If this service is stopped, this list will not be updated or maintained. If this service is disabled, any services that explicitly depend on it will fail to start.
———————————————————————————————————————————————-
Key Name = HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\CryptSvc
Value Name = ImagePath
Value Data = %SystemRoot%\system32\svchost.exe -k netsvcs
Description = Provides three management services: Catalog Database Service, which confirms the signatures of Windows files; Protected Root Service, which adds and removes Trusted Root Certification Authority certificates from this computer; and Key Service, which helps enroll this computer for certificates. If this service is stopped, these management services will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
———————————————————————————————————————————————-
Key Name = HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Dhcp
Value Name = ImagePath
Value Data = %SystemRoot%\System32\svchost.exe -k netsvcs
Description = Manages network configuration by registering and updating IP addresses and DNS names.
———————————————————————————————————————————————-
Key Name = HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\dmserver
Value Name = ImagePath
Value Data = %SystemRoot%\System32\svchost.exe -k netsvcs
Description = Detects and monitors new hard disk drives and sends disk volume information to Logical Disk Manager Administrative Service for configuration. If this service is stopped, dynamic disk status and configuration information may become out of date. If this service is disabled, any services that explicitly depend on it will fail to start.
———————————————————————————————————————————————-
Key Name = HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Dnscache
Value Name = ImagePath
Value Data = %SystemRoot%\System32\svchost.exe -k NetworkService
Description = Resolves and caches Domain Name System (DNS) names for this computer. If this service is stopped, this computer will not be able to resolve DNS names and locate Active Directory domain controllers. If this service is disabled, any services that explicitly depend on it will fail to start.
———————————————————————————————————————————————-
Key Name = HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Dnscache
Value Name = ImagePath
Value Data = %SystemRoot%\System32\svchost.exe -k dot3svc
Description = This service performs IEEE 802.1X authentication on Ethernet interfaces
———————————————————————————————————————————————-
Key Name = HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\EapHost
Value Name = ImagePath
Value Data = %SystemRoot%\System32\svchost.exe -k eapsvcs
Description = Provides windows clients Extensible Authentication Protocol Service
———————————————————————————————————————————————-
Key Name = HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\ERSvc
Value Name = ImagePath
Value Data = %SystemRoot%\System32\svchost.exe -k netsvcs
Description = Allows error reporting for services and applictions running in non-standard environments.
———————————————————————————————————————————————-
Key Name = HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\EventSystem
Value Name = ImagePath
Value Data = C:\WINDOWS\System32\svchost.exe -k netsvcs
Description = Supports System Event Notification Service (SENS), which provides automatic distribution of events to subscribing Component Object Model (COM) components. If the service is stopped, SENS will close and will not be able to provide logon and logoff notifications. If this service is disabled, any services that explicitly depend on it will fail to start.
———————————————————————————————————————————————-
Key Name = HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\FastUserSwitchingCompatibility
Value Name = ImagePath
Value Data = %SystemRoot%\System32\svchost.exe -k netsvcs
Description = Provides management for applications that require assistance in a multiple user environment.
———————————————————————————————————————————————-
Key Name = HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\helpsvc
Value Name = ImagePath
Value Data = %SystemRoot%\System32\svchost.exe -k netsvcs
Description = Enables Help and Support Center to run on this computer. If this service is stopped, Help and Support Center will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
———————————————————————————————————————————————-
Key Name = HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\HidServ
Value Name = ImagePath
Value Data = %SystemRoot%\System32\svchost.exe -k netsvcs
Description = Enables generic input access to Human Interface Devices (HID), which activates and maintains the use of predefined hot buttons on keyboards, remote controls, and other multimedia devices. If this service is stopped, hot buttons controlled by this service will no longer function. If this service is disabled, any services that explicitly depend on it will fail to start.
———————————————————————————————————————————————-
Key Name = HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\hkmsvc
Value Name = ImagePath
Value Data = %SystemRoot%\System32\svchost.exe -k netsvcs
Description = Manages health certificates and keys (used by NAP)
———————————————————————————————————————————————-
Key Name = HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\HTTPFilter
Value Name = ImagePath
Value Data = %SystemRoot%\System32\svchost.exe -k HTTPFilter
Description = This service implements the secure hypertext transfer protocol (HTTPS) for the HTTP service, using the Secure Socket Layer (SSL). If this service is disabled, any services that explicitly depend on it will fail to start.
———————————————————————————————————————————————-
Key Name = HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\lanmanworkstation
Value Name = ImagePath
Value Data = %SystemRoot%\System32\svchost.exe -k netsvcs
Description = Creates and maintains client network connections to remote servers. If this service is stopped, these connections will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
———————————————————————————————————————————————-
Key Name = HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\LmHosts
Value Name = ImagePath
Value Data = %SystemRoot%\System32\svchost.exe -k LocalService
Description = Enables support for NetBIOS over TCP/IP (NetBT) service and NetBIOS name resolution.
———————————————————————————————————————————————-
Key Name = HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Messenger
Value Name = ImagePath
Value Data = %SystemRoot%\System32\svchost.exe -k netsvcs
Description = Transmits net send and Alerter service messages between clients and servers. This service is not related to Windows Messenger. If this service is stopped, Alerter messages will not be transmitted. If this service is disabled, any services that explicitly depend on it will fail to start.
———————————————————————————————————————————————-
If you can help in any way I would really appreciate it.
E-mail me
Doc
How can I prevent changes to HKLM, HKCU, HKU Run keys and the HKLM startupreg (msconfig startup programs). A reader_s and sdra64 virus keeps adding itself to the RUN registry key each time I delete it after ending their process in Taskmanager. Google search showed a ‘Regdefend’ software. Please adv
How can I prevent changes to HKLM, HKCU, HKU Run keys and the HKLM startupreg (msconfig startup programs). A reader_s and sdra64 virus keeps adding itself to the RUN registry key each time I delete it after ending their process in Taskmanager. Google search showed a ‘Regdefend’ software. Please advise.
What are the three main parts to the Windows Registry?
I was wondering if I wrote a program that monitored the size of the registry and if it changed immediately report that its changed and had a backup of the registry to replace the changed registry with.
I got the theoritical knowledge of Registry files, but could you please give me details like how exactly it works in practical scenario. Since it is a system file what are the things that can be edited in that? Please give me a clear cut view. what are the commaands available in windows run command editor?
hi friends , i have one problem. my is very slow but it have anti virus (quick heal 2008 key ver).what can i do now , is am i delete any registry keys or task messenger , please tell me.i am very bodaring.
Dave,
Great article on registry files.One question,if i want to write a wsh script which will call HKEY_CURRENT_USER to get the current user profile,how i can do that?
I was wondering if I wrote a program that monitored the size of the registry and if it changed immediately report that its changed and had a backup of the registry to replace the changed registry with. Would this stop spyware? Obviously you would have to have a prompt in case the change was warranted but I was just wondering if something like this is possible.
Hi Dave,
I got the theoritical knowledge of Registry files, but please give me details like how exactly it works in practical scenario. Since it is a system file what are the things that can be edited in that? Please give me a clear cut view.
Thank you,
Thejas
PLS! How can I get rid of Dr. Watson announcing that ‘windows 2000 returned an error code of 87’ with an annoying bell & ‘The parameter is incorrect’.
the best question yet-where is the registry-after extensive searching my computer and the internet for info-no-one seeems to know
Dave, great article, but the last link (Don’t Fear the Registry) has an extraneous “Z” on the end, which didn’t take me to the article. I found it, though, by going to the main site and searching on “fear” and “registry.” 😉
Dave, great article, but the last link (Don’t Fear the Registry) has an extraneous “Z” on the end, which didn’t take me to the article. I found it, though, by going to the main site and searching on “fear” and “registry.” 😉
I’m not positive, but I’m pretty darn sure that it’s in C:\WINDOWS\ but really, your best bet is start with the REGEDIT program, which can be found as C:\WINDOWS\REGEDIT
Sounds good. Just one question: exactly where on my C drive can the registry be found?