Ok, this is from the password log:
[25-Oct-2013 07:53:06 +0000]: Response:HTTP/1.1 200 OK
Server: cpsrvd/11.38.2.11
Connection: close
Date: Fri, 25 Oct 2013 07:53:06 GMT
Last-Modified: Fri, 28 Jun 2013 19:25:59 GMT
Content-type: text/html; charset="utf-8"
Content-length: 2280
Connection: close
<cpanel setvar="headerimg=../images/mailmenu.gif">
<cpanel setvar="dprefix=../">
<cpanel Branding="include(stdheader.html)">
<style type="text/css">
<?cp Branding::spritelist(.spriteicon_img_mini {float:left;margin-right:5px;background: url\{leftparenthesis}"%"\{rightparenthesis};} %,@spriteurl,images::#icon-${img}_mini {background-position\{colon}0 -${cssposition}px;width\{colon}${width}px;height\{colon}${height}px; }:) imgtype=icon,subtype=img,method=scale_60percent,format=png,img=manageaccounts ?>
</style>
<div class="body-content">
<div class="h1Title"><div class="spriteicon_img_mini" id="icon-manageaccounts_mini"></div> <cpanel langprint="MENUMailChange"></div>
<cpanelif !$appname==webmail || $FORM{'email'}@$FORM{'domain'}==$authuser>
<cpanel setvar="auth_ok=1">
</cpanelif>
<cpanelif $appname==webmail && !$FORM{'email'}@$FORM{'domain'}==$authuser>
<div class="error_details"><cptext 'You are not allowed to change the password for the user “[output,class,_1,status]”.',"$FORM{'email'}@$FORM{'domain'}"></div></p>
</cpanelif>
<cpanelif $CPVAR{'auth_ok'}>
<!--<cpanel Email="passwdpop($RAW_FORM{'email'},$RAW_FORM{'password'},$RAW_FORM{'quota'},$RAW_FORM{'domain'})">-->
</cpanelif>
<cpanelif !$CPERROR{'email'} && $CPVAR{'auth_ok'}>
<p>
<cptext 'The email account “[output,class,_1,status]” was successfully [boolean,_2,created,modified,removed].',"$FORM{'email'}@$FORM{'domain'}",0>
</p>
</cpanelif>
<cpanelif $CPERROR{'email'} && $CPVAR{'auth_ok'}>
<p class="errors"><cpanel langprint="CPError"> <cpanel langprint="PassError">
<a href="#" onclick="document.getElementById('details').style.display='block'; return false;"><cpanel langprint="AODShowDetails"></a> </p>
<div class="details" id="details">
<cpanel print="$CPERROR{'email'}">
</div>
<noscript>
<div class="details-noscript" id="details">
<cpanel print="$CPERROR{'email'}">
</div>
</noscript>
</cpanelif>
<cpanelif $appname==webmail>
<div class="return-link"><a href="../index.html">← <cptext "Go Back"></a></div>
</cpanelif>
<cpanelif !$appname==webmail>
<div class="return-link"><a href="pops_noscript.html">← <cptext "Go Back"></a></div>
</cpanelif>
</div>
<cpanel Branding="include(stdfooter.html)">
[25-Oct-2013 07:53:06 +0000]: Password changed for user info@paloaltopsychologygroup.com (ID: 1) from 67.188.33.56