11-15-2011, 04:15 PM
Here's the changes from Registry Monitor filtered by
it should arrange nicer in text editor/spreadsheet
Switched ON
10:11:48.7490785 AM netplwiz.exe 6856 RegOpenKey HKLM\Software\Microsoft\Windows NT\CurrentVersion\WinLogon SUCCESS Desired Access: Write
10:11:48.7491513 AM netplwiz.exe 6856 RegSetValue HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\AutoAdminLogon SUCCESS Type: REG_SZ, Length: 4, Data: 0
10:11:48.7492375 AM netplwiz.exe 6856 RegDeleteValue HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\DefaultPassword NAME NOT FOUND
10:11:48.7493153 AM netplwiz.exe 6856 RegCloseKey HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon SUCCESS
10:11:48.7557515 AM netplwiz.exe 6856 RegOpenKey HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon SUCCESS Desired Access: Read
10:11:48.7557872 AM netplwiz.exe 6856 RegQueryValue HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\DisableCAD SUCCESS Type: REG_DWORD, Length: 4, Data: 1
10:11:48.7558142 AM netplwiz.exe 6856 RegCloseKey HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon SUCCESS
10:11:48.7559729 AM netplwiz.exe 6856 RegCreateKey HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon SUCCESS Desired Access: Write
10:11:48.7560263 AM netplwiz.exe 6856 RegSetValue HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\DisableCAD SUCCESS Type: REG_DWORD, Length: 4, Data: 0
10:11:48.7561959 AM netplwiz.exe 6856 RegCloseKey HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon SUCCESS
Switched Off
10:12:51.6120123 AM netplwiz.exe 6856 RegOpenKey HKLM\Software\Microsoft\Windows NT\CurrentVersion\WinLogon SUCCESS Desired Access: Write
10:12:51.6120927 AM netplwiz.exe 6856 RegSetValue HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\AutoAdminLogon SUCCESS Type: REG_SZ, Length: 4, Data: 0
10:12:51.6121819 AM netplwiz.exe 6856 RegDeleteValue HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\DefaultPassword NAME NOT FOUND
10:12:51.6122570 AM netplwiz.exe 6856 RegCloseKey HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon SUCCESS
10:12:51.6212319 AM netplwiz.exe 6856 RegOpenKey HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon SUCCESS Desired Access: Read
10:12:51.6212692 AM netplwiz.exe 6856 RegQueryValue HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\DisableCAD SUCCESS Type: REG_DWORD, Length: 4, Data: 0
10:12:51.6212970 AM netplwiz.exe 6856 RegCloseKey HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon SUCCESS
10:12:51.6214559 AM netplwiz.exe 6856 RegCreateKey HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon SUCCESS Desired Access: Write
10:12:51.6215093 AM netplwiz.exe 6856 RegSetValue HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\DisableCAD SUCCESS Type: REG_DWORD, Length: 4, Data: 1
10:12:51.6216733 AM netplwiz.exe 6856 RegCloseKey HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon SUCCESS
it should arrange nicer in text editor/spreadsheet
Switched ON
10:11:48.7490785 AM netplwiz.exe 6856 RegOpenKey HKLM\Software\Microsoft\Windows NT\CurrentVersion\WinLogon SUCCESS Desired Access: Write
10:11:48.7491513 AM netplwiz.exe 6856 RegSetValue HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\AutoAdminLogon SUCCESS Type: REG_SZ, Length: 4, Data: 0
10:11:48.7492375 AM netplwiz.exe 6856 RegDeleteValue HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\DefaultPassword NAME NOT FOUND
10:11:48.7493153 AM netplwiz.exe 6856 RegCloseKey HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon SUCCESS
10:11:48.7557515 AM netplwiz.exe 6856 RegOpenKey HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon SUCCESS Desired Access: Read
10:11:48.7557872 AM netplwiz.exe 6856 RegQueryValue HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\DisableCAD SUCCESS Type: REG_DWORD, Length: 4, Data: 1
10:11:48.7558142 AM netplwiz.exe 6856 RegCloseKey HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon SUCCESS
10:11:48.7559729 AM netplwiz.exe 6856 RegCreateKey HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon SUCCESS Desired Access: Write
10:11:48.7560263 AM netplwiz.exe 6856 RegSetValue HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\DisableCAD SUCCESS Type: REG_DWORD, Length: 4, Data: 0
10:11:48.7561959 AM netplwiz.exe 6856 RegCloseKey HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon SUCCESS
Switched Off
10:12:51.6120123 AM netplwiz.exe 6856 RegOpenKey HKLM\Software\Microsoft\Windows NT\CurrentVersion\WinLogon SUCCESS Desired Access: Write
10:12:51.6120927 AM netplwiz.exe 6856 RegSetValue HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\AutoAdminLogon SUCCESS Type: REG_SZ, Length: 4, Data: 0
10:12:51.6121819 AM netplwiz.exe 6856 RegDeleteValue HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\DefaultPassword NAME NOT FOUND
10:12:51.6122570 AM netplwiz.exe 6856 RegCloseKey HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon SUCCESS
10:12:51.6212319 AM netplwiz.exe 6856 RegOpenKey HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon SUCCESS Desired Access: Read
10:12:51.6212692 AM netplwiz.exe 6856 RegQueryValue HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\DisableCAD SUCCESS Type: REG_DWORD, Length: 4, Data: 0
10:12:51.6212970 AM netplwiz.exe 6856 RegCloseKey HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon SUCCESS
10:12:51.6214559 AM netplwiz.exe 6856 RegCreateKey HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon SUCCESS Desired Access: Write
10:12:51.6215093 AM netplwiz.exe 6856 RegSetValue HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\DisableCAD SUCCESS Type: REG_DWORD, Length: 4, Data: 1
10:12:51.6216733 AM netplwiz.exe 6856 RegCloseKey HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon SUCCESS