OK Fusion, you have listed 2 tools. RegShot is used to compare changes in the registry after some actions are taken or directory structure changes. This is a nice diagnostic tool but nothing more. The other tool, RegTickPro, is used to lockdown the registry through a nice GUI front-end.

From what I see, neither of the two can change password hashes. This leads me to believe that your buddy has done additional things to change your local admin account or he has used the auto admin feature in RegTickPro.

The other tool is called TweakUI. You can find it at www.download.com or through a google search. It is a very common windows tool.

As for remote registry, unless he has domain level admin rights or local admin rights on your box, he wont be able to change the ACLs on your registry keys. I would advise you to shut that service down because as others may be quick to point out, there are some ways around this. This explanation assumes that you play by M$ networking rules.

Hope this helps ya out.