Windows XP Help-- Process Tracking?

[Ben]

Does anyone have any suggestions for (preferably free) software that can track process history to some kind of output file (or a way to make windoze do it)? I think this is what I need, but if not maybe someone can enlighten me:

I just noticed last night that on my XP machine, every five or so minutes (I haven't actually timed it) I get one of those "minimized" boxes popping up in the toolbar. The icon on it is just the little white and blue generic windows icon for a running exe. it lasts for a few seconds, then goes away. I can't be sure when this started, so can't trace it to any specific software install, and I don't want to have to uninstall a bunch of stuff to see what's causing it. I figure if  I can track my process history, I can track the mystery down by proccess/program name.

It worries me in that its behavior is indicative of what I might expect spyware to do. I've already done full spyware, etc. checks using multiple programs and have come up clean.

[Sergeant Bob]

You could try hitting "Control-Alt-Delete" and bring up the Task Manager.
Click on "Applications" to see what is running at the moment.
Check "Processes" to see what is using the CPU at any given moment.
You can see when it is happening and whether it is accessing the internet using "Performance" and "Networking" tabs.
Have you updated your spyware definitions and antivirus lately?

[Sindawe]

Not process tracking, but the utility Process Explorer ( http://www.sysinternals.com/Utilities/ProcessExplorer.html ) will show you ALL the running processes on a machine, along with their originationg file name and path, vender and a host of other usefull tidbits of information.  It also can be used to kill most of them at will.  The only thing I've not been able to kill with it was an errant zombie from a hosed remote desktop session on a server.

On Edit: Oh, and its free.

[Ben]

Yeah, I've tried watching the process window, but the little sucker is too fast for me. I'm thinking if I can find something that does a log file of some kind, I can watch the clock a few times when it pops up try and match up process / program name to times it appeared in the history.

Maybe Sysinternals has an easier to read window for catching stuff on the fly. I'll give that a try.

[Sergeant Bob]

Looks like a pretty handy prog Sindawe, thanks.

[client32]

I think you can do this without any extra programs.

You will have to go to your local security settings. (Control Panel -> Administrative Tools -> Local Security Settings)
In there, expand Local Policies.  Single left click Audit Policy.  In the right hand pane, there will be a list of stuff.  
Double click "Audit process tracking" and check the boxes on the new screen.  Click OK.

What you have accomplished is that all processes (starting, stopping and other things) will now be placed in the event viewer.  You can go there to see what the process was after it pops up again.  (control panel -> admin tools -> event viewer)

Hope that works.

[Ben]

Cool -- I'll try that when I get back to the house tonight.

[Ben]

Well, running the process audit did the trick (thanks client32!). Checking after a few runs, I found the .exe to be a core component of the stupid software for my HP multifunction. Harmless, just annoying to see the minimized window show up in the taskbar.

[client32]

glad I could help