System Restore

[--------------------]

When you use system restore, is there any log files which shows the original
files/registry changes and what it changes it made.

The reason I ask is there is an executable which when I run, it makes a
registry change. I would like to know what registry change this executable
makes. I can remove the registry change through system restore, but really
need to know what is the change that is made.

Thank you

 

[Rock]

When you use system restore, is there any log files which shows the original
files/registry changes and what it changes it made.

The reason I ask is there is an executable which when I run, it makes a
registry change. I would like to know what registry change this executable
makes. I can remove the registry change through system restore, but really
need to know what is the change that is made.

Thank you

No system restore doesn't have anything that's usable for your purposes.

ONe way to do this is first make sure as little as possible is running.
Open regedit and export a copy of the HKCU and HKLM branches to
separate files. Close regedit. Run the executable. Open regedit and
export those branches again to different files.

Use fc.exe (file compare utility) to compare the two exported files for
each branch and direct the output of fc.exe to a text file.

Something like this from start | run | cmd | Ok
use cd to change to the directory where the files are, then
fc.exe /u file1 file2 > file.txt