Please follow these step by step instructions to enable registry auditing and to provide me your security log.
Step#1 - Enable Registry Auditing
1. Right-click on the Start
button and select Command Prompt (Admin)
2. When command prompt opens, Copy (Ctrl+C) and Paste (Right-click > Paste) the following command into it, then press Enter
auditpol /set /subcategory:"Registry" /success:enable
3. You should get a message within the command-prompt that states "The command was successfully executed."
Step#2 - Designate Registry Key to Monitor
1. Type
regedit in the command-prompt window and hit enter.
2. The Registry Editor will open.
3. Scroll all the way to the top of the screen using the vertical scroll bar. You will see several root keys named HKEY_CLASSES_ROOT, HKEY_CURRENT_USER, HKEY_LOCAL_MACHINE, etc.
4. Click the arrow next to
HKEY_LOCAL_MACHINE so it expands and shows the info beneath this key. Then find
SOFTWARE and expand this one. Continue doing this until you get to the Auto Update key (Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update)
5.
Right-click on the
Auto Update key and choose
Permissions...
6. Click the
Advanced button.
7. Click the
Auditing tab.
8. Click the
Add button and then click the "
Select a principal" link at the top of that form.
9. Type
Everyone in the text box and click
OK.
10. Click the
Show advanced permissions link.
11.
Check the box that says "
Set Value".
Uncheck all other options.
12. Click
OK on this screen and the click
OK again and then
OK again to get out of all the screens.
13. You may
close the registry editor and the command-prompt now.
Step#3 - Change Windows Update Options
1. Go ahead and change your Windows Update options again so that they are they way you want them.
Step#4 - Retrieve Security Event Log
1.
Right-click on the
Start button and select
Event Viewer
2. Click the arrow next to
Windows Logs and then click on the
Security log.
3.
Right-click on the
Security Log and choose
Save All Events As...
4. Select your
desktop as the location to save and type
Security for the
File name and click
Save.
5. If you are using a language on your machine other than English then on the next screen please ensure to select Display information for English and click OK. Otherwise you can simply click OK.
6. There will be a file on your desktop named
Security.evtx. Right-click on this file and choose
Send To..Compressed (zipped folder) which will create a file named
Security.zip.
7. Please upload this file to
SendSpace and provide the link in your next post.