At last, system change tracking for Windows.

29 March 2007

Windows XP, let me be clear. And they won't let you download it unless you're using IE on a known valid (by WGA) copy of Windows, but there are ways around that (thanks, cow-orker!).

Microsoft has released a utility for Windows XP that parses the System Restore data and shows you everything that's changed for a specified period of time to aid in debugging. It can show you what software has recently been installed, what hotfixes and Windows Components have been installed, what BHOs (browser helper objects - read 'call it spyware and be done with it') have infected IE, what drivers have been added or changed, ActiveX controls, and a code structure I've never heard of before called an Auto-Start Extensibility Point, which the KB article says lets a programme start without a user requesting it.

Is anyone laying money on ASEPs being used in next-gen malware?

Anyway, this seems like a useful tool to add to your troubleshooting toolbox.