Security
•  Greatis •  AppDatabase •  Utilities •  Delphi/CB •  Visual Basic • .NET •  just4fun
RegRun Security Suite
Not an antivirus. Detects and removes rootkits/malware/adware that your antivirus could not.
Features
Benefits

Warrior CD...

Examiner...

Shortcut Antivirus

Stuxnet Remover

Startup Monitor...

Bootlog Analyser...

Advanced MSConfig...

Know more?
TDL4 Removal Video

TDL3 Removal Video

Screenshots

FAQ

On-line manual

Print PDF

One-click purchase
RegRun Suite Platinum
Download trial
RegRun Suite Platinum
Blogs & Forum
Malware Analysis and Removal blog

Newest viruses and malware

System Software Research

Greatis Forum

Thank you!

International
Download Russian

Download Ukrainian

Join our localization team

Home Download Order Support   Newsletter Your shopping cart ?
Registry Tracer

Benefits

  1. Auto Setup.
    RegRun automatically adds important security traces.
  2. Fully Customizable.
    You can easily add any number of new traces.
  3. Low CPU consumption.
    Tracer monitors in the background with user specified interval.
Registry Tracer monitors selected registry keys, and advises of changes. It allows you to reverse any modifications, additions, or deletions.
You will see the "Registry Compare Results" window when the changes found.
  • If a new key was added - it will show a '+'
  • If a new key was deleted - it will show a '-"
  • If an existing key was modified it will show a '?'
    All you do is click the key and you will see the added, deleted or modified values in the right panel.
Click on the "What's this" button to get information about monitored registry key or send a request to support team.

How to set traces?

Open RegRun Control Center, choose Registry page.
Click on the "Registry Tracer" button.

You can browse the registry using registry viewer in the bottom of the window.
Click on the "Add to Trace List" button.

How to check traces?

  1. You can click on the "Check All" button in the Registry Tracer window.
  2. Or right lick on the WatchDog icon and choose "Check System Now!".
  3. Or launch RegRun Start Control.

List of the registry keys monitored by default.

  1. HKEY_CURRENT_USER\Control Panel\Desktop
    Value: SCRNSAVE.EXE
    Type: REG_SZ
    Description: Screen saver program. If the screen saver is not specified, the value may not exist.
  2. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units
    Description: Internet software distribution units are packages consisting of a cabinet file (.cab) that contains an INF file and/or an Open Software Description (OSD) file, with or without a software component. One or more distribution units may be needed to distribute a single software component.
    The software provider or Web master, can create distribution units that, when placed on your Web server, enable the Microsoft Internet Explorer Internet Component Download services to pull down and install software on users' computers.
  3. HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
    Value: Start Page
    Type: REG_SZ
    Description: Internet Explorer start page.
  4. HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Styles
    Description: A user can set his/her own style sheet file for Internet Explorer.
    Value: User Stylesheet
    Type: REG_SZ
    Default: Empty. It contains the full path to user style file.
    Value: Use My Stylesheet
    Type: REG_DWORD
    Default: 1 - use. 0 - do not use user stylesheet.
  5. HKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini
    Description: System.ini is not used in Windows NT4/2000/XP.
    This key is used to map file sections to the registry keys.
  6. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\win.ini
    Description: Win.ini is not used in Windows NT4/2000/XP.
    This key is used to map file sections to the registry keys.
  7. HKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost
    Description: Svchost.exe is a generic host process name for services that are run from dynamic-link libraries (DLLs). The Svchost.exe file is located in the %SystemRoot%\System32 folder. At startup, Svchost.exe checks the services portion of the registry to construct a list of services that it needs to load. There can be multiple instances of Svchost.exe running at the same time. Each Svchost.exe session can contain a grouping of services, so that separate services can be run depending on how and where Svchost.exe is started. This allows for better control and debugging.
  8. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
    Value: AppInit_DLLs
    Type: REG_SZ
    Description: All of the DLLs specified in the AppInit_DLLs value are loaded by each Windows-based application running within the current logon session. Only the first 32 characters of the AppInit_DLLs value are picked up by the system.
    Default:empty.
  9. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
    Value: System
    Type: REG_SZ
    Description: The programs listed in this value launch in the protected system context.
    Looks like this value is not used by Winlogon at this moment.
  10. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
    Value: TaskMan
    Type: REG_SZ
    Description: Specifies the task manager that the system uses during logon. It does not exist by default.
  11. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
    Value: UserInit
    Type: REG_SZ
  12. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
    Value: VMApplet
    Type: REG_SZ
    Description: Specifies programs that Winlogon runs for the user so that the user can adjust the configuration of virtual memory when there is no paging file on the system volume. These programs run only when the system volume does not include a paging file.
  13. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
    Description: Winlogon loads any notification packages listed in this key. Each package uses own subkey under Notify key. The DllName value(REG_EXPAND_SZ) contains the DLL file name.
  14. HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects
    Description: Browser Helper Objects are the COM components-that Internet Explorer will load each time it starts up. For example, a BHO could spy all browser events, access the browser's menu and toolbar and make changes, create windows to display additional information, etc. There are no default objects.
  15. HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
    Description: The key contains the list of the GUIDs automatically loaded by Explorer
    Type of values: REG_SZ
    Value Name: GUID of COM object.
    Value: description.
    Default for Windows XP:
    {438755C2-A8BA-11D1-B96B-00A0C90312E1} (Browseui)
    {8C7461EF-2B13-11d2-BE35-3078302C2030} (Cache daemon).
  16. HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
    Value: Startup
    Type: REG_SZ
    Location of the user startup folder.
  17. HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\explorer\ShellExecuteHooks
    Description: The ShellExecuteHooks registry key contains the list of COM objects that trap execute commands.
    Each object has the GUID.
    By default you must have the "shell32.dll".
    If you don't see sheel32.dll GUID "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" it is not fatal. Your computer will work.
  18. HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
    Description: Location of the user folders.
    It has priority to "Shell Folders" keys.
  19. HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System
    Description: The System subkey stores the entries created when you configure a Group Policy that affects a basic component of Windows. Group Policy creates and maintains the entries in this subkey, and the component program reads and interprets them.
  20. HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System
    Description: The System subkey stores the entries created when you configure a Group Policy that affects a basic component of Windows. Group Policy creates and maintains the entries in this subkey, and the component program reads and interprets them.
    This subkey stores policy-related entries that are configured separately for each user. There is also a Software\Microsoft\Windows\CurrentVersion\Policies\System subkey in HKEY_LOCAL_MACHINE that stores entries applying to all users of this computer.
  21. HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
    Description: The ShellServiceObject DelayLoad key is used to automatically load DLL, required for Explorer.
    This key is used by the new generation of viruses.
    Usually, this key contains: CDBurn, PostBootReminder, SysTray, WebCheck items. But these items are not required for normal processing.
  22. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager
    Value: BootExecute
    Type: REG_MULTI_SZ
    Description: BootExecute is configured to execute programs on the Kernel phase boot. Usually it is used to check disks. Default: autocheck autochk *.
  23. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2
    Description: WinSock2 LSP stack.

Note!

RegRun WatchDog automatically checks changes in prefedined registry keys.

  1. HKLM\Software\Microsoft\Windows\CurrentVersion\RunEx
  2. HKLM\Software\Microsoft\Windows\CurrentVersion\Run
  3. HKCU\Software\Microsoft\Windows\CurrentVersion\Run
  4. HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
  5. HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
  6. HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
  7. HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
    Values: Shell, Run, Load
  8. HKLM\Software\Microsoft\Active Setup\Installed Components
There is no reason to trace these keys using Registry Tracer again.



What's new?
April 17 2017

Released RegRun Security Suite 8.80.0.580
Full version is available for download.
Update is free for registered users

Released RegRun Reanimator 8.80.0.580 - free software for detecting and removing rootkits & malware.

March 16 2017

Released RegRun Security Suite 8.70.0.570
Full version is available for download.
Update is free for registered users

Released RegRun Reanimator 8.70.0.570 - free software for detecting and removing rootkits & malware.

January 24 2017

Released RegRun Security Suite 8.60.0.560
Full version is available for download.
Update is free for registered users

Released RegRun Reanimator 8.60.0.560 - free software for detecting and removing rootkits & malware.

December 15 2016

Released RegRun Security Suite 8.50.0.550
Full version is available for download.
Update is free for registered users

Released RegRun Reanimator 8.50.0.550 - free software for detecting and removing rootkits & malware.

November 28 2016

Released RegRun Security Suite 8.41.0.541
Full version is available for download.
Update is free for registered users

Released RegRun Reanimator 8.41.0.541 - free software for detecting and removing rootkits & malware.

November 1 2016

Released RegRun Security Suite 8.40.0.540
Full version is available for download.
Update is free for registered users

Released RegRun Reanimator 8.40.0.540 - free software for detecting and removing rootkits & malware.

October 12 2016

Released RegRun Security Suite 8.30.0.530
Full version is available for download.
Update is free for registered users

Released RegRun Reanimator 8.30.0.530 - free software for detecting and removing rootkits & malware.

September 1 2016

Released RegRun Security Suite 8.20.0.520
Full version is available for download.
Update is free for registered users

Released RegRun Reanimator 8.20.0.520 - free software for detecting and removing rootkits & malware.

July 8 2016

Released RegRun Security Suite 8.12.0.512
Full version is available for download.
Update is free for registered users

Released RegRun Reanimator 8.12.0.512 - free software for detecting and removing rootkits & malware.

April 7 2016

Released RegRun Security Suite 8.0.0.500
Full version is available for download.
Update is free for registered users

Released RegRun Reanimator 8.0.0.500 - free software for detecting and removing rootkits & malware.

March 29 2016

New! Edge Reset Button
Edge Reset Button is a free tool for resetting Microsoft Edge Browser.

March 14 2016

Released RegRun Security Suite 7.97.0.197
Full version is available for download.
Update is free for registered users

Released RegRun Reanimator 7.97.0.197 - free software for detecting and removing rootkits & malware.

February 3 2016

Released RegRun Security Suite 7.95.0.195
Full version is available for download.
Update is free for registered users

Released RegRun Reanimator 7.95.0.195 - free software for detecting and removing rootkits & malware.

December 16 2015

Released RegRun Security Suite 7.90.0.190
Full version is available for download.
Update is free for registered users

Released RegRun Reanimator 7.90.0.190 - free software for detecting and removing rootkits & malware.

November 25 2015

Released RegRun Security Suite 7.85.0.185
Full version is available for download.
Update is free for registered users

Released RegRun Reanimator 7.85.0.185 - free software for detecting and removing rootkits & malware.

September 10 2012

BootRescue - free software for Master BootRecord (MBR)/Volume Boot Record (VBR) backup/recovery.


All News


RegRun is able to remove TDL 4 rootkit (MBR infector) on the Windows 32 and 64 bit!


Released Shortcut Antivirus is a free of charge software for protecting against Microsoft LNK vulnerability.


Released Stuxnet Remover is a free of charge tool for Stuxnet/Tmphider rootkit removal


Added detection and removal of Stuxnet Rootkit(mrxnet.sys, mrxcls.sys).


Resolve "Google search redirect problem". Remove TDL3+ rootkit now!


How to resolve the "msls52.dll not found" problem.
New attack against UXTHEME.DLL...

How to resolve the "themed32.dll not found" problem...


Use RegRun Warrior for rootkit removal
Rootkit detection and removal takes 10 minutes with one computer reboot!


Be careful! The QVOD player installer may be a Trojan...


New! Examiner reveals hidden rootkits and infected system drivers!


New Porno banner Troan Oficla removal instructions


TDSS/Alureon removal instructions


Resolving problem with Google redirect MAX++/TDSS rootkit (win32k.sys:1, win3k.sys:2).


Video Lesson how to remove WinLocker Trojan

Malware Removal Lesson


Windows Explorer Redirection DLLS is a new dangerous Windows startup hole...


RegRun has been reviewed by 3d2f.com Software Directory: RegRun Security Suite is an excellent tool that will reliably protect your computer from a plethora of existing and emerging threats and will keep malware at bay.



Removing Medichi Rootkit


Removal of Noskrnl.exe and Noskrnl.sys Rootkit (Spooldr clone)


Removal Baidu rootkit (cnprov.sys)


Removal Spooldr(ecard.exe) rootkit


Fixing BSOD
in Winlogon Process


Removal Areses Trojan


Virus Feebs rootkit removal story


What's this? Rthdcpl.exe - Illegal System DLL Relocation...


Warning! Rootkit Unhooker


Read our article about Unreal rootkit...


Released free Rustock Rootkit(lzx32.sys) removal tool


A#######.sys is a rootkit?


Rootkit Removal instructions: ntsystem.exe


What is BDGuard.sys?


Virus or not? SPTD####.sys


What is mc21.tmp, mc22.tmp, mc23.tmp?


ICQCHK.exe, MSX.DLL free remover...


Services
Ask Computer Guys

Windows startup programs

Articles
Using Registry Tracer...

RegRun against Trojans and Viruses

Specify an order for startup programs

RunGuard prevents a launch...

Using Bootlog Analyser...

They say
"RegRun Security Suite is one of those very rare tool kits that no one who is serious about protecting their PC should ever be without. This toolkit covers all the bases when it comes to eradicating the attempted security threats from malware that we all face - daily. The near real time tech support, direct from Greatis, is nothing sort of superb, something that can be rarely said these days! I have no hesitation in recommending this suite to anyone."

Miles Pearson

Wilders.ORG. Security advisors recommend...

Testimonials
You guys are awesome!!!!
Traci www.pentagonattack911.com

Bob Schmulian:
Absolutely love it and have recommended to many people!

Ian Robinson:
It is FANTASTIC! It has saved my life on more than one occasion since I purchased it less than 6 months ago. I now would not run my system without it... it's worth many times the cost! The service and support are terrific. Helpful - friendly - and accommodating; and generally a reply is received within 12 hours. Just great.

Theodore Soucie:
Since RegRun was installed my system is more stable. I use to experience freezeup daily. I have not had a crash.

Awards
Paul's Picks
Shareware Winner  

More...


Greatis Software Greatis | Security | AppDatabase | Utilities | Delphi/CB | Visual Basic | .NET | just4fun

Contacts | Add to Favorites | Recommend to a Friend | Privacy Policy | Copyright © 1998-2017 Greatis Software

hit counter for tumblr