----------------------------------
Keys added:4
----------------------------------
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Reporting\RebootWatch
HKU\S-1-5-21-1229272821-1682526488-839522115-1003\Software\Microsoft\Windows\ShellNoRoam\BagMRU\1\1\3
HKU\S-1-5-21-1229272821-1682526488-839522115-1003\Software\Microsoft\Windows\ShellNoRoam\Bags\15
HKU\S-1-5-21-1229272821-1682526488-839522115-1003\Software\Microsoft\Windows\ShellNoRoam\Bags\15\Shell

----------------------------------
Values added:59
----------------------------------
HKU\S-1-5-21-1229272821-1682526488-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count\HRZR_PGYPHNPbhag:pgbe: 01 00 00 00 02 00 00 00 00 00 00 00 00 00 00 00
HKU\S-1-5-21-1229272821-1682526488-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count\HRZR_HVGBBYONE: 01 00 00 00 07 00 00 00 20 14 6B 02 14 28 CB 01
HKU\S-1-5-21-1229272821-1682526488-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count\HRZR_HVGBBYONE:0k1,130: 01 00 00 00 07 00 00 00 20 14 6B 02 14 28 CB 01
HKU\S-1-5-21-1229272821-1682526488-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:M:\QnzaIvqCbegnoyr\QnzaIvqCbegnoyr.rkr: 01 00 00 00 06 00 00 00 90 B4 8E E7 13 28 CB 01
HKU\S-1-5-21-1229272821-1682526488-839522115-1003\Software\Microsoft\Windows\ShellNoRoam\BagMRU\1\1\3: 54 00 31 00 00 00 00 00 F4 3C 49 51 10 00 44 61 6D 6E 56 69 64 50 6F 72 74 61 62 6C 65 00 36 00 03 00 04 00 EF BE F4 3C 47 51 F4 3C 7C 6E 14 00 00 00 44 00 61 00 6D 00 6E 00 56 00 69 00 64 00 50 00 6F 00 72 00 74 00 61 00 62 00 6C 00 65 00 00 00 1E 00 00 00
HKU\S-1-5-21-1229272821-1682526488-839522115-1003\Software\Microsoft\Windows\ShellNoRoam\BagMRU\1\1\3\NodeSlot: 0x0000000F
HKU\S-1-5-21-1229272821-1682526488-839522115-1003\Software\Microsoft\Windows\ShellNoRoam\BagMRU\1\1\3\MRUListEx: FF FF FF FF
HKU\S-1-5-21-1229272821-1682526488-839522115-1003\Software\Microsoft\Windows\ShellNoRoam\Bags\14\Shell\MinPos1280x926(1).x: 0xFFFFFFFF
HKU\S-1-5-21-1229272821-1682526488-839522115-1003\Software\Microsoft\Windows\ShellNoRoam\Bags\14\Shell\MinPos1280x926(1).y: 0xFFFFFFFF
HKU\S-1-5-21-1229272821-1682526488-839522115-1003\Software\Microsoft\Windows\ShellNoRoam\Bags\14\Shell\MaxPos1280x926(1).x: 0xFFFFFFFF
HKU\S-1-5-21-1229272821-1682526488-839522115-1003\Software\Microsoft\Windows\ShellNoRoam\Bags\14\Shell\MaxPos1280x926(1).y: 0xFFFFFFFF
HKU\S-1-5-21-1229272821-1682526488-839522115-1003\Software\Microsoft\Windows\ShellNoRoam\Bags\14\Shell\WinPos1280x926(1).left: 0x000000B7
HKU\S-1-5-21-1229272821-1682526488-839522115-1003\Software\Microsoft\Windows\ShellNoRoam\Bags\14\Shell\WinPos1280x926(1).top: 0x000000E8
HKU\S-1-5-21-1229272821-1682526488-839522115-1003\Software\Microsoft\Windows\ShellNoRoam\Bags\14\Shell\WinPos1280x926(1).right: 0x000003D7
HKU\S-1-5-21-1229272821-1682526488-839522115-1003\Software\Microsoft\Windows\ShellNoRoam\Bags\14\Shell\WinPos1280x926(1).bottom: 0x00000340
HKU\S-1-5-21-1229272821-1682526488-839522115-1003\Software\Microsoft\Windows\ShellNoRoam\Bags\14\Shell\Rev: 0x00000000
HKU\S-1-5-21-1229272821-1682526488-839522115-1003\Software\Microsoft\Windows\ShellNoRoam\Bags\14\Shell\WFlags: 0x00000000
HKU\S-1-5-21-1229272821-1682526488-839522115-1003\Software\Microsoft\Windows\ShellNoRoam\Bags\14\Shell\ShowCmd: 0x00000001
HKU\S-1-5-21-1229272821-1682526488-839522115-1003\Software\Microsoft\Windows\ShellNoRoam\Bags\14\Shell\FFlags: 0x00000001
HKU\S-1-5-21-1229272821-1682526488-839522115-1003\Software\Microsoft\Windows\ShellNoRoam\Bags\14\Shell\HotKey: 0x00000000
HKU\S-1-5-21-1229272821-1682526488-839522115-1003\Software\Microsoft\Windows\ShellNoRoam\Bags\14\Shell\Buttons: 0xFFFFFFFF
HKU\S-1-5-21-1229272821-1682526488-839522115-1003\Software\Microsoft\Windows\ShellNoRoam\Bags\14\Shell\Links: 0x00000000
HKU\S-1-5-21-1229272821-1682526488-839522115-1003\Software\Microsoft\Windows\ShellNoRoam\Bags\14\Shell\Address: 0xFFFFFFFF
HKU\S-1-5-21-1229272821-1682526488-839522115-1003\Software\Microsoft\Windows\ShellNoRoam\Bags\14\Shell\Vid: "{65F125E5-7BE1-4810-BA9D-D271C8432CE3}"
HKU\S-1-5-21-1229272821-1682526488-839522115-1003\Software\Microsoft\Windows\ShellNoRoam\Bags\14\Shell\Mode: 0x00000006
HKU\S-1-5-21-1229272821-1682526488-839522115-1003\Software\Microsoft\Windows\ShellNoRoam\Bags\14\Shell\ScrollPos1280x926(1).x: 0x00000000
HKU\S-1-5-21-1229272821-1682526488-839522115-1003\Software\Microsoft\Windows\ShellNoRoam\Bags\14\Shell\ScrollPos1280x926(1).y: 0x00000000
HKU\S-1-5-21-1229272821-1682526488-839522115-1003\Software\Microsoft\Windows\ShellNoRoam\Bags\14\Shell\Sort: 0x00000000
HKU\S-1-5-21-1229272821-1682526488-839522115-1003\Software\Microsoft\Windows\ShellNoRoam\Bags\14\Shell\SortDir: 0x00000001
HKU\S-1-5-21-1229272821-1682526488-839522115-1003\Software\Microsoft\Windows\ShellNoRoam\Bags\14\Shell\Col: 0xFFFFFFFF
HKU\S-1-5-21-1229272821-1682526488-839522115-1003\Software\Microsoft\Windows\ShellNoRoam\Bags\14\Shell\ColInfo: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 FD DF DF FD 0F 00 06 00 28 00 10 00 34 00 48 00 00 00 00 00 01 00 00 00 02 00 00 00 03 00 00 00 04 00 00 00 05 00 00 00 B4 00 60 00 78 00 78 00 B4 00 B4 00 00 00 00 00 01 00 00 00 02 00 00 00 03 00 00 00 FF FF FF FF 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
HKU\S-1-5-21-1229272821-1682526488-839522115-1003\Software\Microsoft\Windows\ShellNoRoam\Bags\15\Shell\FolderType: "Documents"
HKU\S-1-5-21-1229272821-1682526488-839522115-1003\Software\Microsoft\Windows\ShellNoRoam\Bags\15\Shell\MinPos1280x926(1).x: 0xFFFFFFFF
HKU\S-1-5-21-1229272821-1682526488-839522115-1003\Software\Microsoft\Windows\ShellNoRoam\Bags\15\Shell\MinPos1280x926(1).y: 0xFFFFFFFF
HKU\S-1-5-21-1229272821-1682526488-839522115-1003\Software\Microsoft\Windows\ShellNoRoam\Bags\15\Shell\MaxPos1280x926(1).x: 0xFFFFFFFF
HKU\S-1-5-21-1229272821-1682526488-839522115-1003\Software\Microsoft\Windows\ShellNoRoam\Bags\15\Shell\MaxPos1280x926(1).y: 0xFFFFFFFF
HKU\S-1-5-21-1229272821-1682526488-839522115-1003\Software\Microsoft\Windows\ShellNoRoam\Bags\15\Shell\WinPos1280x926(1).left: 0x000000B7
HKU\S-1-5-21-1229272821-1682526488-839522115-1003\Software\Microsoft\Windows\ShellNoRoam\Bags\15\Shell\WinPos1280x926(1).top: 0x000000E8
HKU\S-1-5-21-1229272821-1682526488-839522115-1003\Software\Microsoft\Windows\ShellNoRoam\Bags\15\Shell\WinPos1280x926(1).right: 0x000003D7
HKU\S-1-5-21-1229272821-1682526488-839522115-1003\Software\Microsoft\Windows\ShellNoRoam\Bags\15\Shell\WinPos1280x926(1).bottom: 0x00000340
HKU\S-1-5-21-1229272821-1682526488-839522115-1003\Software\Microsoft\Windows\ShellNoRoam\Bags\15\Shell\Rev: 0x00000000
HKU\S-1-5-21-1229272821-1682526488-839522115-1003\Software\Microsoft\Windows\ShellNoRoam\Bags\15\Shell\WFlags: 0x00000000
HKU\S-1-5-21-1229272821-1682526488-839522115-1003\Software\Microsoft\Windows\ShellNoRoam\Bags\15\Shell\ShowCmd: 0x00000001
HKU\S-1-5-21-1229272821-1682526488-839522115-1003\Software\Microsoft\Windows\ShellNoRoam\Bags\15\Shell\FFlags: 0x00000001
HKU\S-1-5-21-1229272821-1682526488-839522115-1003\Software\Microsoft\Windows\ShellNoRoam\Bags\15\Shell\HotKey: 0x00000000
HKU\S-1-5-21-1229272821-1682526488-839522115-1003\Software\Microsoft\Windows\ShellNoRoam\Bags\15\Shell\Buttons: 0xFFFFFFFF
HKU\S-1-5-21-1229272821-1682526488-839522115-1003\Software\Microsoft\Windows\ShellNoRoam\Bags\15\Shell\Links: 0x00000000
HKU\S-1-5-21-1229272821-1682526488-839522115-1003\Software\Microsoft\Windows\ShellNoRoam\Bags\15\Shell\Address: 0xFFFFFFFF
HKU\S-1-5-21-1229272821-1682526488-839522115-1003\Software\Microsoft\Windows\ShellNoRoam\Bags\15\Shell\Vid: "{65F125E5-7BE1-4810-BA9D-D271C8432CE3}"
HKU\S-1-5-21-1229272821-1682526488-839522115-1003\Software\Microsoft\Windows\ShellNoRoam\Bags\15\Shell\Mode: 0x00000006
HKU\S-1-5-21-1229272821-1682526488-839522115-1003\Software\Microsoft\Windows\ShellNoRoam\Bags\15\Shell\ScrollPos1280x926(1).x: 0x00000000
HKU\S-1-5-21-1229272821-1682526488-839522115-1003\Software\Microsoft\Windows\ShellNoRoam\Bags\15\Shell\ScrollPos1280x926(1).y: 0x00000000
HKU\S-1-5-21-1229272821-1682526488-839522115-1003\Software\Microsoft\Windows\ShellNoRoam\Bags\15\Shell\Sort: 0x00000000
HKU\S-1-5-21-1229272821-1682526488-839522115-1003\Software\Microsoft\Windows\ShellNoRoam\Bags\15\Shell\SortDir: 0x00000001
HKU\S-1-5-21-1229272821-1682526488-839522115-1003\Software\Microsoft\Windows\ShellNoRoam\Bags\15\Shell\Col: 0xFFFFFFFF
HKU\S-1-5-21-1229272821-1682526488-839522115-1003\Software\Microsoft\Windows\ShellNoRoam\Bags\15\Shell\ColInfo: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 FD DF DF FD 0F 00 06 00 28 00 10 00 34 00 48 00 00 00 00 00 01 00 00 00 02 00 00 00 03 00 00 00 04 00 00 00 05 00 00 00 B4 00 60 00 78 00 78 00 B4 00 B4 00 00 00 00 00 01 00 00 00 02 00 00 00 03 00 00 00 FF FF FF FF 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
HKU\S-1-5-21-1229272821-1682526488-839522115-1003\Software\Microsoft\Windows\ShellNoRoam\MUICache\Z:\DamnVidPortable\DamnVidPortable.exe: "DamnVid Portable"
HKU\S-1-5-21-1229272821-1682526488-839522115-1003\Software\Microsoft\Windows\ShellNoRoam\MUICache\Z:\DamnVidPortable\App\DamnVid\DamnVid.exe: "DamnVid"
HKU\S-1-5-21-1229272821-1682526488-839522115-1003\Software\Microsoft\Windows\ShellNoRoam\MUICache\@shell32.dll,-31234: "These tasks apply to the files and folders you select."

----------------------------------
Values modified:6
----------------------------------
HKLM\SOFTWARE\Microsoft\Cryptography\RNG\Seed: 77 77 DC 81 C3 3F 31 11 D6 E9 2D A6 9B 24 DE 10 CA 86 20 29 1C A6 7E 4A 7A 54 ED 29 7E 9E 0B 89 C0 3E 6A 42 41 2F 59 9D A4 8C 15 9E 6B 91 8C B9 E9 5C 42 92 D8 47 76 25 FA 2E 3B EC C3 49 D4 45 C0 BD B9 63 35 9D 6E E1 0B 23 B9 6D 69 72 99 B0
HKLM\SOFTWARE\Microsoft\Cryptography\RNG\Seed: 1F 02 0F BC 66 CA 90 CC B9 01 8A 12 F4 5B AD E9 8D 76 03 AF D3 A7 21 6C 22 C4 30 ED D8 E7 85 58 C3 72 DB C8 18 37 27 C8 19 59 10 D7 26 C1 EE BB 51 42 98 83 3E AB 47 4F 19 66 2A 11 C1 D0 D6 51 E9 CA 9F 0C 18 4E D0 12 C8 28 50 9E EE 70 55 41
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\NextSqmReportTime: "2010-07-20 13:44:02"
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\NextSqmReportTime: "2010-07-20 14:00:21"
HKU\S-1-5-21-1229272821-1682526488-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU: 01 00 00 00 07 00 00 00 10 CF D0 DD 13 28 CB 01
HKU\S-1-5-21-1229272821-1682526488-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU: 01 00 00 00 08 00 00 00 90 B4 8E E7 13 28 CB 01
HKU\S-1-5-21-1229272821-1682526488-839522115-1003\Software\Microsoft\Windows\ShellNoRoam\BagMRU\NodeSlots: 02 02 02 02 02 02 02 02 02 02 02 02 02 02
HKU\S-1-5-21-1229272821-1682526488-839522115-1003\Software\Microsoft\Windows\ShellNoRoam\BagMRU\NodeSlots: 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02
HKU\S-1-5-21-1229272821-1682526488-839522115-1003\Software\Microsoft\Windows\ShellNoRoam\BagMRU\1\1\MRUListEx: 02 00 00 00 01 00 00 00 00 00 00 00 FF FF FF FF
HKU\S-1-5-21-1229272821-1682526488-839522115-1003\Software\Microsoft\Windows\ShellNoRoam\BagMRU\1\1\MRUListEx: 03 00 00 00 02 00 00 00 01 00 00 00 00 00 00 00 FF FF FF FF
HKU\S-1-5-21-1229272821-1682526488-839522115-1003\SessionInformation\ProgramCount: 0x00000003
HKU\S-1-5-21-1229272821-1682526488-839522115-1003\SessionInformation\ProgramCount: 0x00000002

----------------------------------
Files added:6
----------------------------------
C:\WINDOWS\Prefetch\CMD.EXE-087B4001.pf
C:\WINDOWS\Prefetch\DAMNVID.EXE-1D29E574.pf
C:\WINDOWS\Prefetch\DAMNVIDPORTABLE.EXE-055B3093.pf
C:\WINDOWS\Prefetch\NTOSBOOT-B00DFAAD.pf
C:\WINDOWS\Prefetch\REGSHOT.EXE-30CFD0C8.pf
C:\WINDOWS\Prefetch\REGSHOTPORTABLE.EXE-1E631206.pf

----------------------------------
Files [attributes?] modified:10
----------------------------------
C:\Documents and Settings\Tester\NTUSER.DAT.LOG
C:\WINDOWS\SchedLgU.Txt
C:\WINDOWS\system32\config\software.LOG
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP
C:\WINDOWS\WindowsUpdate.log

----------------------------------
Total changes:85
----------------------------------