Slashdot Mirror
Tracking Changes to a Windows System?
The Watcher asks: "I was at my parents house over the weekend trying to remove various adware/spyware/annoying software, things like Kazaa, Bonzi Buddy, etc.. During this I thought it would be helpful to know things like exactly what files/folders were created/modified and what registry entries were created/modified by an installer program so that I would not have to rely on the supplied uninstaller that only removes a selected subset of what was installed. So what are some preferred utilities out there that work well for this purpose?"
Free sotftware, and does a nice job.
installwatch pro
It will even make an install program for you with the changes!
(stolen from DaBum) I am dyslexia of borg - your ass will be laminated.
Both these utilities from SysInternals allow you to log realtime entries to a file. turn them on when you install something and you have a log of everything the installation program touched.
RegMon
This monitoring tool lets you see all Registry activity in real-time. It works on all versions of WinNT/2K, Windows 9x/Me and Windows 64-bit.
FileMon:
This monitoring tool lets you see all file system activity in real-time. It works on all versions of WinNT/2K/XP, Windows 9x/Me, Windows XP 64-bit Edition, and Linux.
I hate to reply to myself, but i felt i should clarify my previous post. (WHEN will slashdot allow you to edit oyur own posts? PLEASE?)
What you do is this:
1) get the computer in the state you want it, then put InstallRite (not install watch) on the box, and tell InstallRite to take a snapshot.
2) configure InstallRite to start with windows so it will intercept all setup programs, and take before and after snapshots automatically.
3) leave the system knowing that you will have a good idea later of what has been installed since your last visit, and how to fix problems these installs may have made.
(stolen from DaBum) I am dyslexia of borg - your ass will be laminated.
I use WinInstall LE for this purpose. It is included on the Windows 2000 Server CD and can also be downloaded from here... It is used primarily to repackage an application install as a MSI file, but it produces a text file that shows all file system and registry changes between the before and after snapshots.
Doesn't 'track' anything per say, however, on each reboot, the machine goes back to the state it was before hand.
I use it at work, and give the employees limited access to specific folders, and have trained them to save their files in those few spots.
This way, only when they have approached me, and requested a particular application, i.e. winamp, excel, word, what have you they can have it installed and leave it permanently.
It's cut the spyware / adware / whatever to near zero. Webshots being the largest of the problem.
Anyways you can check out deep freeze at http://www.deepfreezeusa.com/index.htm
While PCMag has made their old utilities available by online subscription only, theere are a few folks on the net who have copies up of some of them. One utility that's FANTASTIC for tracking file/registry/ini-file changes/creations/removals is called In Control 5, or InCtrl5. Super simple to use, with multiple report formats (TXT, HTML, CSV, etc.) and I love it. Works on all Windows versions because it's totally non-invasive. If you can't find it, email me and I'll make a copy available. They're all free, and were freely available, they just restrict the downloads now to squeeze more money from the now discontinues Utility section (one of the last really useful parts of the magazine).
jX [ Make everything as simple as possible, but no simpler. - Einstein ]