API tools faq
paste
Advertisement
Guest User

DamnVidPortableRegshotWinXPTester20100720

a guest
Jul 20th, 2010
80
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 12.58 KB | None | 0 0
raw download clone embed print report
  1. ----------------------------------
  2. Keys added:4
  3. ----------------------------------
  4. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Reporting\RebootWatch
  5. HKU\S-1-5-21-1229272821-1682526488-839522115-1003\Software\Microsoft\Windows\ShellNoRoam\BagMRU\1\1\3
  6. HKU\S-1-5-21-1229272821-1682526488-839522115-1003\Software\Microsoft\Windows\ShellNoRoam\Bags\15
  7. HKU\S-1-5-21-1229272821-1682526488-839522115-1003\Software\Microsoft\Windows\ShellNoRoam\Bags\15\Shell
  8.  
  9. ----------------------------------
  10. Values added:59
  11. ----------------------------------
  12. HKU\S-1-5-21-1229272821-1682526488-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count\HRZR_PGYPHNPbhag:pgbe: 01 00 00 00 02 00 00 00 00 00 00 00 00 00 00 00
  13. HKU\S-1-5-21-1229272821-1682526488-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count\HRZR_HVGBBYONE: 01 00 00 00 07 00 00 00 20 14 6B 02 14 28 CB 01
  14. HKU\S-1-5-21-1229272821-1682526488-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count\HRZR_HVGBBYONE:0k1,130: 01 00 00 00 07 00 00 00 20 14 6B 02 14 28 CB 01
  15. HKU\S-1-5-21-1229272821-1682526488-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:M:\QnzaIvqCbegnoyr\QnzaIvqCbegnoyr.rkr: 01 00 00 00 06 00 00 00 90 B4 8E E7 13 28 CB 01
  16. HKU\S-1-5-21-1229272821-1682526488-839522115-1003\Software\Microsoft\Windows\ShellNoRoam\BagMRU\1\1\3: 54 00 31 00 00 00 00 00 F4 3C 49 51 10 00 44 61 6D 6E 56 69 64 50 6F 72 74 61 62 6C 65 00 36 00 03 00 04 00 EF BE F4 3C 47 51 F4 3C 7C 6E 14 00 00 00 44 00 61 00 6D 00 6E 00 56 00 69 00 64 00 50 00 6F 00 72 00 74 00 61 00 62 00 6C 00 65 00 00 00 1E 00 00 00
  17. HKU\S-1-5-21-1229272821-1682526488-839522115-1003\Software\Microsoft\Windows\ShellNoRoam\BagMRU\1\1\3\NodeSlot: 0x0000000F
  18. HKU\S-1-5-21-1229272821-1682526488-839522115-1003\Software\Microsoft\Windows\ShellNoRoam\BagMRU\1\1\3\MRUListEx: FF FF FF FF
  19. HKU\S-1-5-21-1229272821-1682526488-839522115-1003\Software\Microsoft\Windows\ShellNoRoam\Bags\14\Shell\MinPos1280x926(1).x: 0xFFFFFFFF
  20. HKU\S-1-5-21-1229272821-1682526488-839522115-1003\Software\Microsoft\Windows\ShellNoRoam\Bags\14\Shell\MinPos1280x926(1).y: 0xFFFFFFFF
  21. HKU\S-1-5-21-1229272821-1682526488-839522115-1003\Software\Microsoft\Windows\ShellNoRoam\Bags\14\Shell\MaxPos1280x926(1).x: 0xFFFFFFFF
  22. HKU\S-1-5-21-1229272821-1682526488-839522115-1003\Software\Microsoft\Windows\ShellNoRoam\Bags\14\Shell\MaxPos1280x926(1).y: 0xFFFFFFFF
  23. HKU\S-1-5-21-1229272821-1682526488-839522115-1003\Software\Microsoft\Windows\ShellNoRoam\Bags\14\Shell\WinPos1280x926(1).left: 0x000000B7
  24. HKU\S-1-5-21-1229272821-1682526488-839522115-1003\Software\Microsoft\Windows\ShellNoRoam\Bags\14\Shell\WinPos1280x926(1).top: 0x000000E8
  25. HKU\S-1-5-21-1229272821-1682526488-839522115-1003\Software\Microsoft\Windows\ShellNoRoam\Bags\14\Shell\WinPos1280x926(1).right: 0x000003D7
  26. HKU\S-1-5-21-1229272821-1682526488-839522115-1003\Software\Microsoft\Windows\ShellNoRoam\Bags\14\Shell\WinPos1280x926(1).bottom: 0x00000340
  27. HKU\S-1-5-21-1229272821-1682526488-839522115-1003\Software\Microsoft\Windows\ShellNoRoam\Bags\14\Shell\Rev: 0x00000000
  28. HKU\S-1-5-21-1229272821-1682526488-839522115-1003\Software\Microsoft\Windows\ShellNoRoam\Bags\14\Shell\WFlags: 0x00000000
  29. HKU\S-1-5-21-1229272821-1682526488-839522115-1003\Software\Microsoft\Windows\ShellNoRoam\Bags\14\Shell\ShowCmd: 0x00000001
  30. HKU\S-1-5-21-1229272821-1682526488-839522115-1003\Software\Microsoft\Windows\ShellNoRoam\Bags\14\Shell\FFlags: 0x00000001
  31. HKU\S-1-5-21-1229272821-1682526488-839522115-1003\Software\Microsoft\Windows\ShellNoRoam\Bags\14\Shell\HotKey: 0x00000000
  32. HKU\S-1-5-21-1229272821-1682526488-839522115-1003\Software\Microsoft\Windows\ShellNoRoam\Bags\14\Shell\Buttons: 0xFFFFFFFF
  33. HKU\S-1-5-21-1229272821-1682526488-839522115-1003\Software\Microsoft\Windows\ShellNoRoam\Bags\14\Shell\Links: 0x00000000
  34. HKU\S-1-5-21-1229272821-1682526488-839522115-1003\Software\Microsoft\Windows\ShellNoRoam\Bags\14\Shell\Address: 0xFFFFFFFF
  35. HKU\S-1-5-21-1229272821-1682526488-839522115-1003\Software\Microsoft\Windows\ShellNoRoam\Bags\14\Shell\Vid: "{65F125E5-7BE1-4810-BA9D-D271C8432CE3}"
  36. HKU\S-1-5-21-1229272821-1682526488-839522115-1003\Software\Microsoft\Windows\ShellNoRoam\Bags\14\Shell\Mode: 0x00000006
  37. HKU\S-1-5-21-1229272821-1682526488-839522115-1003\Software\Microsoft\Windows\ShellNoRoam\Bags\14\Shell\ScrollPos1280x926(1).x: 0x00000000
  38. HKU\S-1-5-21-1229272821-1682526488-839522115-1003\Software\Microsoft\Windows\ShellNoRoam\Bags\14\Shell\ScrollPos1280x926(1).y: 0x00000000
  39. HKU\S-1-5-21-1229272821-1682526488-839522115-1003\Software\Microsoft\Windows\ShellNoRoam\Bags\14\Shell\Sort: 0x00000000
  40. HKU\S-1-5-21-1229272821-1682526488-839522115-1003\Software\Microsoft\Windows\ShellNoRoam\Bags\14\Shell\SortDir: 0x00000001
  41. HKU\S-1-5-21-1229272821-1682526488-839522115-1003\Software\Microsoft\Windows\ShellNoRoam\Bags\14\Shell\Col: 0xFFFFFFFF
  42. HKU\S-1-5-21-1229272821-1682526488-839522115-1003\Software\Microsoft\Windows\ShellNoRoam\Bags\14\Shell\ColInfo: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 FD DF DF FD 0F 00 06 00 28 00 10 00 34 00 48 00 00 00 00 00 01 00 00 00 02 00 00 00 03 00 00 00 04 00 00 00 05 00 00 00 B4 00 60 00 78 00 78 00 B4 00 B4 00 00 00 00 00 01 00 00 00 02 00 00 00 03 00 00 00 FF FF FF FF 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  43. HKU\S-1-5-21-1229272821-1682526488-839522115-1003\Software\Microsoft\Windows\ShellNoRoam\Bags\15\Shell\FolderType: "Documents"
  44. HKU\S-1-5-21-1229272821-1682526488-839522115-1003\Software\Microsoft\Windows\ShellNoRoam\Bags\15\Shell\MinPos1280x926(1).x: 0xFFFFFFFF
  45. HKU\S-1-5-21-1229272821-1682526488-839522115-1003\Software\Microsoft\Windows\ShellNoRoam\Bags\15\Shell\MinPos1280x926(1).y: 0xFFFFFFFF
  46. HKU\S-1-5-21-1229272821-1682526488-839522115-1003\Software\Microsoft\Windows\ShellNoRoam\Bags\15\Shell\MaxPos1280x926(1).x: 0xFFFFFFFF
  47. HKU\S-1-5-21-1229272821-1682526488-839522115-1003\Software\Microsoft\Windows\ShellNoRoam\Bags\15\Shell\MaxPos1280x926(1).y: 0xFFFFFFFF
  48. HKU\S-1-5-21-1229272821-1682526488-839522115-1003\Software\Microsoft\Windows\ShellNoRoam\Bags\15\Shell\WinPos1280x926(1).left: 0x000000B7
  49. HKU\S-1-5-21-1229272821-1682526488-839522115-1003\Software\Microsoft\Windows\ShellNoRoam\Bags\15\Shell\WinPos1280x926(1).top: 0x000000E8
  50. HKU\S-1-5-21-1229272821-1682526488-839522115-1003\Software\Microsoft\Windows\ShellNoRoam\Bags\15\Shell\WinPos1280x926(1).right: 0x000003D7
  51. HKU\S-1-5-21-1229272821-1682526488-839522115-1003\Software\Microsoft\Windows\ShellNoRoam\Bags\15\Shell\WinPos1280x926(1).bottom: 0x00000340
  52. HKU\S-1-5-21-1229272821-1682526488-839522115-1003\Software\Microsoft\Windows\ShellNoRoam\Bags\15\Shell\Rev: 0x00000000
  53. HKU\S-1-5-21-1229272821-1682526488-839522115-1003\Software\Microsoft\Windows\ShellNoRoam\Bags\15\Shell\WFlags: 0x00000000
  54. HKU\S-1-5-21-1229272821-1682526488-839522115-1003\Software\Microsoft\Windows\ShellNoRoam\Bags\15\Shell\ShowCmd: 0x00000001
  55. HKU\S-1-5-21-1229272821-1682526488-839522115-1003\Software\Microsoft\Windows\ShellNoRoam\Bags\15\Shell\FFlags: 0x00000001
  56. HKU\S-1-5-21-1229272821-1682526488-839522115-1003\Software\Microsoft\Windows\ShellNoRoam\Bags\15\Shell\HotKey: 0x00000000
  57. HKU\S-1-5-21-1229272821-1682526488-839522115-1003\Software\Microsoft\Windows\ShellNoRoam\Bags\15\Shell\Buttons: 0xFFFFFFFF
  58. HKU\S-1-5-21-1229272821-1682526488-839522115-1003\Software\Microsoft\Windows\ShellNoRoam\Bags\15\Shell\Links: 0x00000000
  59. HKU\S-1-5-21-1229272821-1682526488-839522115-1003\Software\Microsoft\Windows\ShellNoRoam\Bags\15\Shell\Address: 0xFFFFFFFF
  60. HKU\S-1-5-21-1229272821-1682526488-839522115-1003\Software\Microsoft\Windows\ShellNoRoam\Bags\15\Shell\Vid: "{65F125E5-7BE1-4810-BA9D-D271C8432CE3}"
  61. HKU\S-1-5-21-1229272821-1682526488-839522115-1003\Software\Microsoft\Windows\ShellNoRoam\Bags\15\Shell\Mode: 0x00000006
  62. HKU\S-1-5-21-1229272821-1682526488-839522115-1003\Software\Microsoft\Windows\ShellNoRoam\Bags\15\Shell\ScrollPos1280x926(1).x: 0x00000000
  63. HKU\S-1-5-21-1229272821-1682526488-839522115-1003\Software\Microsoft\Windows\ShellNoRoam\Bags\15\Shell\ScrollPos1280x926(1).y: 0x00000000
  64. HKU\S-1-5-21-1229272821-1682526488-839522115-1003\Software\Microsoft\Windows\ShellNoRoam\Bags\15\Shell\Sort: 0x00000000
  65. HKU\S-1-5-21-1229272821-1682526488-839522115-1003\Software\Microsoft\Windows\ShellNoRoam\Bags\15\Shell\SortDir: 0x00000001
  66. HKU\S-1-5-21-1229272821-1682526488-839522115-1003\Software\Microsoft\Windows\ShellNoRoam\Bags\15\Shell\Col: 0xFFFFFFFF
  67. HKU\S-1-5-21-1229272821-1682526488-839522115-1003\Software\Microsoft\Windows\ShellNoRoam\Bags\15\Shell\ColInfo: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 FD DF DF FD 0F 00 06 00 28 00 10 00 34 00 48 00 00 00 00 00 01 00 00 00 02 00 00 00 03 00 00 00 04 00 00 00 05 00 00 00 B4 00 60 00 78 00 78 00 B4 00 B4 00 00 00 00 00 01 00 00 00 02 00 00 00 03 00 00 00 FF FF FF FF 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  68. HKU\S-1-5-21-1229272821-1682526488-839522115-1003\Software\Microsoft\Windows\ShellNoRoam\MUICache\Z:\DamnVidPortable\DamnVidPortable.exe: "DamnVid Portable"
  69. HKU\S-1-5-21-1229272821-1682526488-839522115-1003\Software\Microsoft\Windows\ShellNoRoam\MUICache\Z:\DamnVidPortable\App\DamnVid\DamnVid.exe: "DamnVid"
  70. HKU\S-1-5-21-1229272821-1682526488-839522115-1003\Software\Microsoft\Windows\ShellNoRoam\MUICache\@shell32.dll,-31234: "These tasks apply to the files and folders you select."
  71.  
  72. ----------------------------------
  73. Values modified:6
  74. ----------------------------------
  75. HKLM\SOFTWARE\Microsoft\Cryptography\RNG\Seed: 77 77 DC 81 C3 3F 31 11 D6 E9 2D A6 9B 24 DE 10 CA 86 20 29 1C A6 7E 4A 7A 54 ED 29 7E 9E 0B 89 C0 3E 6A 42 41 2F 59 9D A4 8C 15 9E 6B 91 8C B9 E9 5C 42 92 D8 47 76 25 FA 2E 3B EC C3 49 D4 45 C0 BD B9 63 35 9D 6E E1 0B 23 B9 6D 69 72 99 B0
  76. HKLM\SOFTWARE\Microsoft\Cryptography\RNG\Seed: 1F 02 0F BC 66 CA 90 CC B9 01 8A 12 F4 5B AD E9 8D 76 03 AF D3 A7 21 6C 22 C4 30 ED D8 E7 85 58 C3 72 DB C8 18 37 27 C8 19 59 10 D7 26 C1 EE BB 51 42 98 83 3E AB 47 4F 19 66 2A 11 C1 D0 D6 51 E9 CA 9F 0C 18 4E D0 12 C8 28 50 9E EE 70 55 41
  77. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\NextSqmReportTime: "2010-07-20 13:44:02"
  78. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\NextSqmReportTime: "2010-07-20 14:00:21"
  79. HKU\S-1-5-21-1229272821-1682526488-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU: 01 00 00 00 07 00 00 00 10 CF D0 DD 13 28 CB 01
  80. HKU\S-1-5-21-1229272821-1682526488-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU: 01 00 00 00 08 00 00 00 90 B4 8E E7 13 28 CB 01
  81. HKU\S-1-5-21-1229272821-1682526488-839522115-1003\Software\Microsoft\Windows\ShellNoRoam\BagMRU\NodeSlots: 02 02 02 02 02 02 02 02 02 02 02 02 02 02
  82. HKU\S-1-5-21-1229272821-1682526488-839522115-1003\Software\Microsoft\Windows\ShellNoRoam\BagMRU\NodeSlots: 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02
  83. HKU\S-1-5-21-1229272821-1682526488-839522115-1003\Software\Microsoft\Windows\ShellNoRoam\BagMRU\1\1\MRUListEx: 02 00 00 00 01 00 00 00 00 00 00 00 FF FF FF FF
  84. HKU\S-1-5-21-1229272821-1682526488-839522115-1003\Software\Microsoft\Windows\ShellNoRoam\BagMRU\1\1\MRUListEx: 03 00 00 00 02 00 00 00 01 00 00 00 00 00 00 00 FF FF FF FF
  85. HKU\S-1-5-21-1229272821-1682526488-839522115-1003\SessionInformation\ProgramCount: 0x00000003
  86. HKU\S-1-5-21-1229272821-1682526488-839522115-1003\SessionInformation\ProgramCount: 0x00000002
  87.  
  88. ----------------------------------
  89. Files added:6
  90. ----------------------------------
  91. C:\WINDOWS\Prefetch\CMD.EXE-087B4001.pf
  92. C:\WINDOWS\Prefetch\DAMNVID.EXE-1D29E574.pf
  93. C:\WINDOWS\Prefetch\DAMNVIDPORTABLE.EXE-055B3093.pf
  94. C:\WINDOWS\Prefetch\NTOSBOOT-B00DFAAD.pf
  95. C:\WINDOWS\Prefetch\REGSHOT.EXE-30CFD0C8.pf
  96. C:\WINDOWS\Prefetch\REGSHOTPORTABLE.EXE-1E631206.pf
  97.  
  98. ----------------------------------
  99. Files [attributes?] modified:10
  100. ----------------------------------
  101. C:\Documents and Settings\Tester\NTUSER.DAT.LOG
  102. C:\WINDOWS\SchedLgU.Txt
  103. C:\WINDOWS\system32\config\software.LOG
  104. C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR
  105. C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP
  106. C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER
  107. C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP
  108. C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA
  109. C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP
  110. C:\WINDOWS\WindowsUpdate.log
  111.  
  112. ----------------------------------
  113. Total changes:85
  114. ----------------------------------
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!