Usually when you install or run a software, it will write settings and information to the registry and to files. The location of where it writes in registry and files are unknown because it is done invisibly in background. Most of the time I troubleshoot software problems by manually checking the registry and files that are associated with the software.
So how I know which file and registry location is associated with the software? You can run the installer or program with Sandboxie to investigate the contents or you can also do it with registry and drive snapshot program. Other than snapshot program, you can also use registry and file system monitoring software.
This is also a method used by crackers to extend software trial period. For example, they’ve used until the trial period has expired and then they find and remove the entry that records the day they had been using the software. Once removed correctly, the trial period will reset and allow them to use the software for another 30 days.
Regshot is a registry compare utility that allows you to quickly take a snapshot of your registry and then compare it with a second one – done after doing system changes or installing a new software product.
The changes report can be produced in text or HTML format and contains a list of all modifications that have taken place between snapshot1 and snapshot2. In addition, you can also specify folders (with sub folders) to be scanned for changes as well. What I really like about Regshot is FAST. It took only 6 seconds to take the first snapshot of my registry, then another 6 seconds for the second snapshot. Regshot is only 72KB in size. Small, free and open source.
[ Download Regshot ]
There is another similar program that does the same thing called InCtrl5. It is very old and slow compared to Regshot.
If you want to download InCtrl5, you can get it here.
A very useful tool that works with RegShot and InCtrl5 is UNDOReg. UNDOReg analyzes the report generated by RegShot, InCtrl and System Mechanic, and deletes referenced registry keys.
Just click on the Open Report button and load the TEXT REPORT FILE generated by either RegShot, InCtrl or System Mechanic.
[ Download UNDOReg ]
Finally, there’s also Process Monitor which is an advanced monitoring tool for Windows that shows real-time file system, Registry and process/thread activity. It combines the features of two legacy Sysinternals utilities, Filemon and Regmon.
This can be a bit tough to use because once you start monitoring, the screen will be flooded with events. You might want to use Filter (Ctrl+L) to filter out unwanted captured events.
[ Download Sysinternals Process Monitor ]
There you have it. 3 types of free program to help you monitor for registry and files changes in Windows.
Related posts:
Hi, something has changed my registry on my thinkpad x60 (running XP Professional version 2002) and now my wireless is inoperative and I cannot connect to the internet to download a registry fix. How can I see what registry changes were made in the last 10 days?
Al
I’ve discovered your blog today and read all the posts till now (will keep reading till I reach page 216 :)
Just saw this post here and decided to add something that I find useful.. another program for monitoring changes is WinPatrol. The non-plus version is free and covers my needs. What do you think of it?
Keep up the great posts.. subscribed to your RSS and will track this thread for your response.
Thanks!
hello,
another solution is systracer – records also files changes
Hi! Master raymond,
Wat a nice person you are? i like your details. really you are giving such a nice details. Please can you help me to block the NOD32 Anti virus software without using administrater account.please, if you help to this ill really happy. it want to do my project work. it will help to make a anti software to me. im a computer science student. but still don know so many things like you. is there any body to help me?
pls if you are off mail to me to: rafiitfac@gmail.com
a very usefull program is Evans Tracker
Nice one ray.
I missed norton cleansweep because things can be done pretty much automated. Everything is a click away. Since they stooped cleansweep, never bump into similar software. Any ideas guys?