SystemSherlock Lite v1.00

User Manual


SystemSherlock Lite is a free command line utility designed to analyse changes made to the registry and file system on your Windows workstation. SystemSherlock Lite saves an image of the registry and all your files and folders. Later on - for example after installing some software - you can analyse in detail what changes have been made to your system. You will find out exactly which registry entries and files that have been created, deleted or modified.
Very useful to monitor program installations or to keep track of which files and registry keys are tampered with over time. Uninstalling trojans, spyware, viruses and keyloggers is an easy task when you know what modifications the software made to your computer.

You can easily specify which parts of the file system and registry you want to monitor using the command line options and the powerful regular expressions feature.

SystemSherlock Lite is Windows 95/98/ME/NT/2000/XP compatible.

Please visit the web site for the latest information about SystemSherlock Lite.


Unzip the files in a directory of your choice. If you do not have a zip utility installed on your computer, downloaded WinZip for free from


Delete the files that were unzipped during the installation.

   Running SystemSherlock Lite

SystemSherlock is a command line program. Please run it from a DOS prompt.


Display help and version information.
systemsherlock.exe -help

Create a recursive snapshot of "c:\Windows\" and save the data in "dump.dat".
systemsherlock.exe -dump dump.dat -dirs c:\Windows\

Print the data in "dump.dat".
systemsherlock.exe -print dump.dat

Compare "dump1.dat" and "dump2.dat".
systemsherlock.exe -compare dump1.dat dump2.dat

Create a recursive snapshot of "c:\Windows\" and "e:\".
systemsherlock.exe -dump dump.dat -dirs c:\Windows\ e:\

Create a recursive dump of the registry starting at HKEY_LOCAL_MACHINE\SOFTWARE.
systemsherlock.exe -dump d.dat -regdirs HKEY_LOCAL_MACHINE\SOFTWARE

Create a complete dump of the registry.
systemsherlock.exe -dump d.dat -regdirs HKEY_ROOT

Create a dump of "c:\" and ignore all files and directories containing "Temp".
systemsherlock.exe -dump d.dat -dirs c:\ -ignore ignore.txt
Note, "ignore.txt" contains the following regular expression:

Create a dump of "c:\" and ignore all files ending with jpg, gif and html.
systemsherlock.exe -dump d.dat -dirs c:\ -ignore ignore.txt
Note, "ignore.txt" contains the following regular expressions:


Regular expression syntax - The syntax of the SystemSherlock regular expressions.


Bazooka Spyware Scanner - Scan your computer for spyware and adware.
Stop-the-Pop-Up - Learn how to stop pop-up windows.
Bluescreen Screensaver - Download a cool screensaver that simulate the Blue Screen of Death.


You can also find some information in the FAQ.

   Final Words

Thank you for using me free software! Click here to learn how to support me.