A command line option for this tool would be great-could then schedule Regshot to run at Windows startup to capture 1st shot registry and/or directory view. Analysis of changes made by any software, malware, etc. could then be done when an issue occurs to see what changes were actualy made.
Command line options should include producing 1st or 2nd shot or both, define a filename for either output and path, directory string values. If some event occurs, I would probably then run the 2nd shot and do a reg and file comparison manually. Just the ability to call the 1st shot from a Reg Run key, or from Startup folder via CMD file would be great.
Consider even running as a Windows Service that could be scheduled on a regular basis.
With some of the spyware issues I have dealt with, the most difficult are those where registry and file changes are unknown at first and tracing those changes would be much easier with a baseline first snapshot to compare to.