It would be extremely helpful in removing malware if TeaTimer would simply show the name of the executable or dll (started with rundll) that tried to change the registry.
Printable View
It would be extremely helpful in removing malware if TeaTimer would simply show the name of the executable or dll (started with rundll) that tried to change the registry.
inhahe:
TeaTimer does not capture information about what process made the registry change because TeaTimer actually detects that a registry change has occurred after the fact by comparing the current content of the registry with snapshot files of the registry taken earlier.