regsvc.exe - Remote Registry Service
Microsoft Windows provides administrators of larger installations the ability to manipulate remote machines in various ways. This functionality is provided so managers don't need to walk from one machine to another in order to change system values or other settings. This is very handy when you're managing thousands of remote PCs in a half dozen locations, but it's not generally required by home users.One critical component of the Windows OS is the system Registry. It contains thousands of settings that control every aspect of the OS, from application behaviors to file extension mappings. Locally this is controlled by the Registry Editor utility. In the case of remote management, the regsvc.exe process allows sufficiently privileged administrators to connect to and manipulate Registry values on other PCs.
In general, home users do not need this capability and can successfully disable the regsvc.exe process using the services.msc control panel. It is listed as the Remote Registry service and can simply be shut down. It will not affect other running services, and terminating it will save a small amount of memory. The process should use no CPU time unless it's actively in use by a remote administrator.
The regsvc.exe file is known to have been hijacked by malware authors. The legitimate copy of this file is found in c:\windows\system32; other copies of the file on your system should be treated with suspicion, as they could represent malware. Users should also be aware of another regsvc.exe that belongs to the Ace Spy advertising program by Retina-X Studios. This process monitors user browsing habits and transmits the results back to Retina-X. it may also generate advertising popups. This process is a security risk and should be removed from your system.
As always, if you suspect a malware infestation you should download and run a current copy of an antivirus/malware scanner in order to isolate and remove the offending application. Be sure to obtain the most recent definition files, since these are critical to the removal of current malware variants.
windowshelp.net