This section contains info regarding logging and backdoors for NT.
These are located in %root%\SYSTEM32\CONFIG. They are:
As a hacker do not worry about the AppEvent.Evt file much -- you are mainly concerned with items in the regular event log (the SysEvent.Evt file) and the security log (the SecEvent.Evt). By default regular users should be able to read the regular event log, and you may wish to look that over if you can to see if your "visit" left a trace. If it did and the entries look out of place, consider adding entries from other users that are similiar by accessing the system as these other users.
You have to have Administrative Group rights to view the security event log. And you'll certainly want to check that to see what is in it.
Well this can be a little tricky as these files are locked in place during NT's operation. You have a couple of choices at this time -- wipe the logs or try to add stuff to them to add camoflage obfuscation. Not elegant, but better than nothing.