An invaluable utility, free from Microsoft
Process Monitor is an advanced Windows tool from Microsoft which replaces the legacy Sysinternals utilities Filemon and Regmon. It’s not for the fainthearted, but if you have a reasonable understanding of Windows it can be a powerful troubleshooting and malware hunting toolkit. You can get it right here.
If you suspect that you have something nasty in your PC which Task Manager doesn’t reveal and that your AV and antispyware programs have missed, Process Monitor is your friend. It’s Task Manager on steroids.
If you run the program with applications open you’ll be overwhelmed very quickly by millions of eventsas indicated in the screenshot above. Process Monitor displays a continually increasing logfile. So close all running programs before using it in earnest. Then you can use the excellent filtering tool to exclude those processes which you know are safe or to show only specific processes.
If you find anything suspicious, search for information about it using your search engine.
Like Autoruns which we look at here, this program is standalone. It doesn’t have to be installed on your PC using the Windows Installer. Just download the zipped program folder from the link above, unzip it, move the whole unzipped folder to wherever you wish on your computer (or leave it in your Downloads location) and run it by double clicking on the procmon.exe file contained in the folder. There’s an excellent Help Menu. Unless you’re an über-expert you’ll need to read it if you wish to gain the full benefit of this powerful tool.
Still in the 20th Century?
If you’re using Windows Me or 98 or older you need FileMon and RegMon instead of Process Monitor.
raving on 