Re: Windows application list by Bob
Bob
Thu Mar 17 13:03:02 CST 2005
Hi Steve:
Thanks for your help and info. This morning, for the first time, the
problem occured in Windows explorer as well as excel. I will take your
suggestions, and play around a bit, and I will let you know of the results.
Thanks for all your help.
Bob
"Steve Yandl" wrote:
> Bob,
>
> If this only happens when you're running Word, I'd open Word and select
> 'Tools > Templates and Add-Ins' to see just what might be making available
> code that appears to be running. You can also delete the global template,
> "Normal.dot", and Word will recreate a new one without any macros but you
> will of course lose macros and other settings you might have stored there.
>
> If you really want to monitor what is running over time on your PC, I think
> you want to look at all processes running, not just applications. If you
> copy what I have between the dotted lines below, paste into a new text
> document and rename the text document to give it a vbs extension, you can
> run that new script to track when processes are launched and when they are
> terminated. The script assumes you have a folder named "temp" in your
> windows folder and it places the information in that temp folder as a text
> file named "Process.log". The script checks for launched and stopped
> processes every 6 seconds (using some CPU capacity) so I would not run it at
> times when you really don't need to monitor what is going on.
>
> ____________________________________
> Set objShell = CreateObject("Shell.Application")
> Set objFolderWnd = objShell.Namespace(&H24&)
> strWnd = objFolderWnd.Self.Path
> Set objFSO = CreateObject("Scripting.FileSystemObject")
> Set objFile = objFSO.OpenTextFile(strWnd & "\temp\Process.log",8,True)
> Set refWMI = GetObject("winMgmts:")
> strQuery = "SELECT * FROM __InstanceOperationEvent " & _
> "WITHIN 6 WHERE TargetInstance ISA 'Win32_Process'"
> Set refEventSource = refWMI.ExecNotificationQuery(strQuery)
> While True
> Set refEvent = refEventSource.NextEvent()
> If refEvent.Path_.Class = "__InstanceCreationEvent" Then
> objFile.WriteLine refEvent.TargetInstance.Name & " launched at " & Now
> Else
> If refEvent.Path_.Class = "__InstanceDeletionEvent" Then
> objFile.WriteLine refEvent.TargetInstance.Name & " terminated at " & Now
> End If
> End If
> Wend
> objFile.Close
> Set objFile = Nothing
> Set objFSO = Nothing
> Set objFolderWnd = Nothing
> Set objShell = Nothing
> Set refWMI = Nothing
> Set refEventSource = Nothing
> Set refEvent = Nothing
> -----------------------------------------------
>
> Steve
>
>
> "Bob B." <Bob B.@discussions.microsoft.com> wrote in message
> news:7E4EA65F-F28D-4C84-A2BA-9D8B3D5AD7C8@microsoft.com...
> > Hi Everyone:
> >
> > I am not even sure if this is the correct place to post my question. If
> > not
> > , sorry about this. I am running a windows 2000 machine, and the last
> > time I
> > was updating it, somehow, I ended up with some sort of harmless (but
> > annoying) virus from the MS web site. Basically, every time I run MS Word
> > and I am on the web, my computer runs a program that shifts my Word window
> > around, and clicks on some of the menus, and even clicks on the start
> > button,
> > and opens explorer and a bunc of other software. However, if I never
> > start
> > word, I do not think this program runs.
> >
> > Now I was wondering if in windows 2000, there is a way of knowing what
> > allpication has been run since you turned on the computer. I have looked
> > at
> > event logs, but it does not show the list of run applications. When the
> > virus program runs, I can see the time on my computer, and if I can see a
> > list of the run applications along with the time, then I can delete the
> > virus.
> >
> > I appreciate your help, and if you can give me where is the best place to
> > post this. Thanks;
> >
> > Bob
>
>
>