Free utility shows what your computer has been doing

Free utility shows what your computer has been doing

Some suspicious computer users believe that, while they are away, others are accessing their computer, running unauthorized software or malware. Other wary users may find it interesting seeing what other people have done on a particular computer, what programs they may have run, what documents were viewed, and when the computer was booted and shut down. If a computer was infected by malware, it may often be of great interest to see what was being run on the computer at the time of infestation, and even identify the malware and its payload. This and more can be readily displayed by a tiny, free utility, LastActivityView.

LastActivityView is one of dozens of small free utilities published by a feisty software engineer, Nir Sofer, on his website at www.nirsoft.net. Sofer personally writes all of his own software in his spare time, and makes it available to all for free. Many of his utilities are given the highest ratings by a variety of Web services and computer publications; all of his software is free of advertising and other pesky irritants, making it popular among his huge and loyal user base. In his spare time, Nir personally maintains his website and updates his software, as well as creates new utilities. One of his newest titles, LastActivityView, has caught the attention of computer technicians, forensic experts, hobbyists, and others who really want to know what has really been running on a computer, and when the computer was accessed.

Windows users may be passively aware that their computers save extensive but often invisible files about what they have run; LastActivityView has the capability to read these historical files and display additional information about many of the computer’s activities. On my primary computer, this record starts on the day it was manufactured, and documents everything that I have done since I first powered it on after removing it from its box. Every piece of software that I ever installed or uninstalled is listed, including date, time, description, filenames, path on the hard drive, and other information. Every boot, shutdown, crash, and other event was also duly recorded. In addition to simply displaying a huge file with all of my computing activities, LastActivityView also has the power to provide additional information for many of the items listed. LastActivityView also can display detailed information about program interactions, and conflicts that caused software and hardware crashes.

LastActivityView can also provide additional and valuable information. I was able to prove this to myself when I examined some recent logs, looking for software crashes and conflicts. One of several reasons why I do not use Internet Explorer as my primary browser is that for some reason, it sometimes crashes when open. According to the report, my most recent software crash occurred on May 17 at 9:11:07 p.m. when Internet Explorer version 10.0.9200 crashed. By right-clicking on the line in the log showing the crash, an options menu displayed what additional information could be shown. I first selected “Properties,” which displayed the Action Time, Description (Software Crash), File Name, Full Path (location on hard drive), and what was most important to me, More Information. Similar information can be displayed as a Web page in HTML by selecting “HTML Report - Selected Item.” The More Information line showed precisely the software conflict that caused the crash; in this particular case, according to the display, there was a memory conflict between IEXPLORE.EXE 10.0.9200.16576 and TmBpIe32.dll, which is a module or component of my TrendMicro security suite. Now that I have recorded this conflict, it would be easy to determine whether this is a one-time anomaly or a continuing problem that requires attention and remediation. Doing a quick online search for TmBpIe32.dll, I found that this file is a Trend Micro Browser Plug-In for Internet Explorer that is designed to protect the browser from exploitation. According to Wikipedia, “A browser exploit is a form of malicious code that takes advantage of a flaw or vulnerability in an operating system or piece of software with the intent to breach browser security to alter a user’s browser settings without their knowledge. Malicious code may exploit ActiveX, HTML, images, Java, JavaScript, and other Web technologies and cause the browser to run arbitrary code.” I would not have been able to easily and quickly determine the cause of that particular crash without LastActivityView. This is but one of countless purposes that can be accomplished with LastActivityView.

LastActivityView runs on any version of Windows since Windows 2000, and includes XP, Vista, Windows 7 and Windows 8; both 32-bit and 64-bit systems are supported.

 

Listen to Ira Wilsker’s weekly radio show on Mondays from 6-7 p.m. on KLVI 560AM.

shadow