well I hope I did this right:
203.12783813 explorer.exe:1300 OpenKey HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\SCRNSAVE.EXE NOT FOUND
203.12803650 explorer.exe:1300 OpenKey HKCU\Software\Classes\Applications\SCRNSAVE.EXE NOT FOUND
203.12806702 explorer.exe:1300 OpenKey HKCR\Applications\SCRNSAVE.EXE NOT
FOUND
203.12817383 explorer.exe:1300 QueryValue HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\Documents
and Settings\Grahm.HOME-E87075FD81\Desktop\SCRNSAVE.EXE NOT FOUND
203.12901306 explorer.exe:1300 SetValue HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\Documents
and Settings\Grahm.HOME-E87075FD81\Desktop\SCRNSAVE.EXE SUCCESS "SCRNSAVE"
203.12911987 explorer.exe:1300 OpenKey HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\SCRNSAVE.EXE NOT FOUND
203.12915039 explorer.exe:1300 OpenKey HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\SCRNSAVE.EXE NOT FOUND
203.12921143 explorer.exe:1300 OpenKey HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\SCRNSAVE.EXE NOT FOUND
204.59408569 Tmntsrv.exe:1740 SetValue HKLM\Software\TrendMicro\PC-cillin\15\ScanInfo\LastScanFile SUCCESS "C:\DOCUME~1\GRAHM~1.HOM\DESKTOP\SCRNSAVE.EXE"
212.21289063 explorer.exe:1300 OpenKey HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\SCRNSAVE.EXE NOT FOUND
212.21380615 explorer.exe:1300 OpenKey HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\SCRNSAVE.EXE NOT FOUND
214.92518616 explorer.exe:1300 OpenKey HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\SCRNSAVE.EXE NOT FOUND
217.88002014 rundll32.exe:2824 QueryValue HKCU\Software\Policies\Microsoft\Windows\Control Panel\Desktop\SCRNSAVE.EXE NOT FOUND
217.88015747 rundll32.exe:2824 QueryValue HKCU\Control
Panel\Desktop\SCRNSAVE.EXE SUCCESS """C:\WINDOWS\Nite Before Christmas.scr"""
226.65017700 rundll32.exe:2824 QueryValue HKCU\Control
Panel\Desktop\SCRNSAVE.EXE BUFFER OVERFLOW
226.65020752 rundll32.exe:2824 SetValue HKCU\Control
Panel\Desktop\SCRNSAVE.EXE SUCCESS """C:\WINDOWS\Nite Before Christmas.scr"""
227.61851501 rundll32.exe:2824 QueryValue HKCU\Control
Panel\Desktop\SCRNSAVE.EXE BUFFER OVERFLOW
227.61853027 rundll32.exe:2824 SetValue HKCU\Control
Panel\Desktop\SCRNSAVE.EXE SUCCESS """C:\WINDOWS\Nite Before Christmas.scr"""
Ramesh said:
Add "SCRNSAVE.EXE" in the filter (Include string) and have it running. If an application tries to modify SCRNSAVE.EXE registry value, RegMon will show that. However, this won't help much if an app tries to modify SCRNSAVE.EXE value during logon or shutdown.
--
Regards,
Ramesh Srinivasan, Microsoft MVP [Windows XP Shell/User]
Windows® XP Troubleshooting
http://www.winhelponline.com
Ok I got it and I'm going to install it, then what do I do with it, more info
please?
John
Ramesh said:
Google for "regmon" utility.
--
Regards,
Ramesh Srinivasan, Microsoft MVP [Windows XP Shell/User]
Windows® XP Troubleshooting
http://www.winhelponline.com
No I have home version so what do I do for that?
John