You can then turn that off and view just registry activity. Remember that you can selectively "turn off" the view so that you only see, for example, file activity. Then you need to examine the last 3 or 4 screens of output. Once you have it set up, stop the capture IMMEDIATELY after the error message appears. Otherwise, the output window is too cluttered. Set the filter to exclude the processes you're not interested in, particularly any a/v, stuff like svchost.exe, explorer.exe and so on. I have relentlessly tried using procmon and other tools for taking snapshots but to no avail it sounds like you need to fine-tune ProcMon and learn how to use it properly. Check with filemon/regmonIt always pays to read the entire thread before responding :)
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |