Re: Recently Installed Application Log/history/auditing
Todd, I have read your question again. Here is what I suggest.
- You need to have a baseline of your systems when delivered to the users. What I mean by the baseline is …you need to know the state of the registry and the installed apps when the system is built and delivered to the user.
- If the problem is related to spyware…which it sounds like it is. This is what I recommend ..short of a commercial software. You can install Spybot -Search and Destroy and turn on Tea timer feature. This acts like a nuisance if nothing else …prompting users to allow the change to the registry (when an application tries to modify the registry).
- Here is an excellent article on auditing resitry keys… http://support.microsoft.com/default.aspx?kbid=324739. This will however, require you to specify the keys you want audited. I am not sure if this will help you but its a step in the right direction.
If you have a baseline of your registry. You can take a snapshot of the infected system’s registry and compare it with your standard load and remove/delete the offending software.