Have you used either Regmon or Filemon before? These are a couple of great products at the Sysinternals site that allow you to see and save in real time what is going on on a PC.
The job of Regmon is to help you see exactly what registry keys are being accessed by applications. As you can imagine some files will access very many registry keys and when you allow the application to run it will spit out thousands of lines of data very quickly. There is no other way that I know of in Windows to get this kind of information.
After you unzip and run regmon you will get the following window.
When you launch Regmon it quickly starts scrolling down with all of the registry keys being accessed. On the toolbar for the program there are some buttons that will definitely help you make sense of this.
The magnifying glass will allow you to toggle the capturing or not capturing of the registry keys accessed, the scrolling will allow the info to scroll by and the next button over will clear what is in the results. The best way that I have found to use Regmon is to start it and let it run and then stop the capturing and right click on keys that you do not care about, maybe antivirus or other ones that are clogging your display and then clear the results and start the capture again until you get to the point that here is not much running through. After the program is going well for you you can launch the application that you are having trouble with and see what is a problem if anything. It does not take long to find a problem that you are looking for once you get used to the application and do not worry about all of those file not found lines, usually I mostly try to narrow problems down to access denied where the “user” running the application odes not have rights to that registry key
Filemon is very similar to Regmon in the way that it works. You will get a similar, very fast running of all of the files being accessed and this infomration is sometimes very hard to sift through.
After you have executed Filemon you can use its toolbar to stop, scroll or clear the items on the screen.
Just as you do with Regmon it is important to pause, start right clicking on those unneccesary processes that you do not want to follow and selecting exclude, and to clear and then resume the display again.
The nice thing about Filemon and Regmon is that they are very small programs that can fit on your troubleshooting CD and are standalone, they have no dependencies on other applications. One other very great thing is that both of these programs are free.
One tip that may help you as well with both of these applications is that if you are running them and having trouble sifting through the infromation you can stop the capture, save the file as a .log file and then open the log file in Excel as a comma or tab delimited file and use the autofilter to find what you are looking for.
One drawback to using Filemon and Regmon is that the first few times that you use either program it will seem daunting because of the huge amounts of information that you are presented with, but, after you understand the interface and after you have a little experience using both Filemon and Regmon you will have a much better way of troubleshooting previously unresearchable problems. I have used both of these programs extensively in the past to find where programs have failed and have had great success in eventually diagnosing a problem and then implementing a fix.
