ProductName = Windows 7 Ultimate InstallDate = Thu Sep 16 15:38:19 2010 ---------------------------------------- Microsoft\Windows\CurrentVersion LastWrite Time Fri Sep 17 15:33:07 2010 (UTC) SM_GamesName : Games ProgramFilesPath : %ProgramFiles% DevicePath : %SystemRoot%\inf ProgramFilesDir : C:\Program Files MediaPathUnexpanded : %SystemRoot%\Media CommonFilesDir : C:\Program Files\Common Files SM_ConfigureProgramsName : Set Program Access and Defaults ---------------------------------------- WinNT_CV Microsoft\Windows NT\CurrentVersion LastWrite Time Fri Sep 17 10:41:09 2010 (UTC) RegisteredOrganization : CSDBuildNumber : 1 CurrentVersion : 6.1 CurrentBuild : 7600 CurrentBuildNumber : 7600 RegisteredOwner : Wolfe SoftwareType : System InstallationType : Client EditionID : Ultimate SystemRoot : C:\Windows PathName : C:\Windows ProductName : Windows 7 Ultimate CurrentType : Multiprocessor Free ProductId : 00426-293-0040901-85774 BuildLab : 7600.win7_gdr.100618-1621 InstallDate : Thu Sep 16 15:38:19 2010 (UTC) BuildGUID : 132524b9-3806-495e-bfc6-9d12a8f6e4ca BuildLabEx : 7600.16617.x86fre.win7_gdr.100618-1621 DigitalProductId : a4 00 00 00 03 00 00 00 30 30 34 32 36 2d 32 39 33 2d 30 30 34 30 39 30 31 2d 38 35 37 37 34 00 aa 00 00 00 58 31 35 2d 33 39 36 34 34 00 00 00 00 00 00 00 3c 6a 50 80 d8 30 b9 1d e4 92 91 cc 7a 98 05 00 00 00 00 00 7a 01 92 4c 46 bf 7d 8a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 64 38 7b f4 DigitalProductId4 : f8 04 00 00 04 00 00 00 30 00 30 00 34 00 32 00 36 00 2d 00 30 00 30 00 31 00 37 00 30 00 2d 00 32 00 39 00 33 00 2d 00 30 00 30 00 34 00 30 00 39 00 30 00 2d 00 30 00 30 00 2d 00 31 00 30 00 33 00 33 00 2d 00 37 00 36 00 30 00 30 00 2e 00 30 00 30 00 30 00 30 00 2d 00 32 00 35 00 39 00 32 00 30 00 31 00 30 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 61 00 63 00 39 00 36 00 65 00 31 00 61 00 38 00 2d 00 36 00 63 00 63 00 34 00 2d 00 34 00 33 00 31 00 30 00 2d 00 61 00 34 00 66 00 66 00 2d 00 33 00 33 00 32 00 63 00 65 00 37 00 37 00 66 00 62 00 35 00 62 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 00 6c 00 74 00 69 00 6d 00 61 00 74 00 65 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 3c 6a 50 80 d8 30 b9 1d e4 92 91 cc 7a 98 05 00 c1 59 d0 9c 56 37 7d a2 dc b1 ee 4b 6b 5e 2a 63 62 94 f8 12 89 09 d6 b6 b5 7f ea 07 46 29 6a 1d 76 9d 9c 59 ab e1 c0 dd b7 c2 96 b7 27 fe 04 09 c8 a3 c1 cc 6d 04 2e 1f 7d 35 81 32 60 67 7b cd 58 00 31 00 35 00 2d 00 33 00 39 00 36 00 34 00 34 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 52 00 65 00 74 00 61 00 69 00 6c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 52 00 65 00 74 00 61 00 69 00 6c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ---------------------------------------- Default Browser Check #1 Clients\StartMenuInternet LastWrite Time Fri Sep 17 15:39:03 2010 (UTC) Default Browser : IEXPLORE.EXE Default Browser Check #2 Classes\HTTP\shell\open\command LastWrite Time Thu Sep 16 18:05:02 2010 (UTC) Default Browser = "C:\Program Files\Internet Explorer\iexplore.exe" -nohome ---------------------------------------- Microsoft\Internet Explorer LastWrite Time Fri Sep 17 16:44:32 2010 (UTC) IE Build = 87600 IE Version = 8.0.7600.16385 ---------------------------------------- Logon Banner Information Microsoft\Windows\CurrentVersion\policies\system LastWrite Time Tue Jul 14 04:46:50 2009 (UTC) Legalnoticecaption value = Legalnoticetext value = Microsoft\Windows NT\CurrentVersion\Winlogon LastWrite Time Fri Oct 1 13:58:13 2010 (UTC) Legalnoticecaption value = Legalnoticetext value = ---------------------------------------- Microsoft\Windows\CurrentVersion\Explorer\BitBucket not found. ---------------------------------------- Microsoft\Windows Genuine Advantage not found. ---------------------------------------- cmd_shell Classes\exefile\shell\open\command LastWrite Time Tue Jul 14 04:41:24 2009 (UTC) Cmd: "%1" %* cmd_shell Classes\cmdfile\shell\open\command LastWrite Time Tue Jul 14 04:41:24 2009 (UTC) Cmd: "%1" %* cmd_shell Classes\batfile\shell\open\command LastWrite Time Tue Jul 14 04:41:24 2009 (UTC) Cmd: "%1" %* Classes\csfile\shell\open\command not found. cmd_shell Classes\htafile\shell\open\command LastWrite Time Thu Sep 16 18:05:02 2010 (UTC) Cmd: C:\Windows\System32\mshta.exe "%1" %* cmd_shell Classes\piffile\shell\open\command LastWrite Time Tue Jul 14 04:41:25 2009 (UTC) Cmd: "%1" %* ---------------------------------------- Microsoft\Windows\CurrentVersion\Run LastWrite Time Thu Sep 30 17:17:26 2010 (UTC) avast5 -> "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui Adobe ARM -> "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" SunJavaUpdateSched -> "C:\Program Files\Common Files\Java\Java Update\jusched.exe" Adobe Reader Speed Launcher -> "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" Microsoft\Windows\CurrentVersion\Run\OptionalComponents LastWrite Time Thu Sep 30 17:17:26 2010 (UTC) ---------------------------------------- NetworkCards Microsoft\Windows NT\CurrentVersion\NetworkCards Marvell Yukon 88E8052 PCI-E ASF Gigabit Ethernet Controller [Thu Sep 16 17:08:39 2010] Marvell Yukon 88E8001/8003/8010 PCI Gigabit Ethernet Controller [Thu Sep 16 17:08:34 2010] ---------------------------------------- Microsoft\WZCSVC\Parameters\Interfaces not found. Microsoft\EAPOL\Parameters\Interfaces not found. ---------------------------------------- AppInit_DLLs Microsoft\Windows NT\CurrentVersion\Windows LastWrite Time Tue Jul 14 04:41:12 2009 (UTC) AppInit_DLLs -> {blank} ---------------------------------------- Browser Helper Objects Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects LastWrite Time Thu Sep 30 17:17:26 2010 (UTC) {18DF081C-E8AD-4283-A596-FA578C2EBDC3} Class => Adobe PDF Link Helper Module => C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll LastWrite => Thu Sep 30 17:17:26 2010 {AA58ED58-01DD-4d91-8333-CF10577473F7} Class => Google Toolbar Helper Module => C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll LastWrite => Fri Sep 17 15:33:55 2010 {18DF081C-E8AD-4283-A596-FA578C2EBDC3} Class => Adobe PDF Link Helper Module => C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll LastWrite => Thu Sep 30 17:17:26 2010 {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} Class => Google Toolbar Notifier BHO Module => C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll LastWrite => Fri Sep 17 15:33:57 2010 {AA58ED58-01DD-4d91-8333-CF10577473F7} Class => Google Toolbar Helper Module => C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll LastWrite => Fri Sep 17 15:33:55 2010 {18DF081C-E8AD-4283-A596-FA578C2EBDC3} Class => Adobe PDF Link Helper Module => C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll LastWrite => Thu Sep 30 17:17:26 2010 {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} Class => Google Toolbar Notifier BHO Module => C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll LastWrite => Fri Sep 17 15:33:57 2010 {AA58ED58-01DD-4d91-8333-CF10577473F7} Class => Google Toolbar Helper Module => C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll LastWrite => Fri Sep 17 15:33:55 2010 {18DF081C-E8AD-4283-A596-FA578C2EBDC3} Class => Adobe PDF Link Helper Module => C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll LastWrite => Thu Sep 30 17:17:26 2010 {DBC80044-A445-435b-BC74-9C25C1C588A9} Class => Java(tm) Plug-In 2 SSV Helper Module => C:\Program Files\Java\jre6\bin\jp2ssv.dll LastWrite => Fri Sep 17 17:55:23 2010 ---------------------------------------- Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks LastWrite Time Tue Jul 14 04:41:12 2009 (UTC) Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks has no values. No ShellExecuteHooks installed. ---------------------------------------- Image File Execution Options Microsoft\Windows NT\CurrentVersion\Image File Execution Options LastWrite Time Thu Sep 30 17:17:26 2010 (UTC) No Debugger/CWDIllegalInDllSearch values found. ---------------------------------------- RemovDev Microsoft\Windows Portable Devices\Devices LastWrite Time Fri Oct 1 13:59:14 2010 (UTC) Device : DISK&VEN_GENERIC&PROD_USB_CF_READER&REV_1.01 LastWrite : Mon Sep 20 18:27:31 2010 (UTC) SN : 058F00016378&0 Drive : H:\ Device : DISK&VEN_GENERIC&PROD_USB_MS_READER&REV_1.03 LastWrite : Mon Sep 20 18:27:32 2010 (UTC) SN : 058F00016378&1 Drive : I:\ Device : DISK&VEN_GENERIC&PROD_USB_SD_READER&REV_1.00 LastWrite : Mon Sep 20 18:27:32 2010 (UTC) SN : 058F00016378&2 Drive : J:\ Device : DISK&VEN_GENERIC&PROD_USB_XD LastWrite : Mon Sep 20 18:27:32 2010 (UTC) SN : SM_READER&REV_1.02 Drive : K:\ Device : DISK&VEN_KINGSTON&PROD_DATATRAVELER_2.0&REV_1.00 LastWrite : Thu Sep 30 18:15:20 2010 (UTC) SN : 0000000025&0 Drive : E:\ Device : DISK&VEN_MEMOREX&PROD_TD_CLASSIC_003B&REV_PMAP LastWrite : Fri Oct 1 14:07:43 2010 (UTC) SN : 0778102C0441&0 Drive : TD Classic ---------------------------------------- Microsoft\Windows NT\CurrentVersion\Winlogon LastWrite Time Fri Oct 1 13:58:13 2010 (UTC) Userinit -> C:\Windows\system32\userinit.exe, Per references, content should be %SystemDrive%\system32\userinit.exe, ---------------------------------------- Microsoft\Windows NT\CurrentVersion\Winlogon LastWrite Time Fri Oct 1 13:58:13 2010 (UTC) LegalNoticeCaption = LegalNoticeText = ReportBootOk = 1 AutoRestartShell = 1 ForceUnlockLogon = 0 PasswordExpiryWarning = 5 PowerdownAfterShutdown = 0 ShutdownWithoutLogon = 0 WinStationsDisabled = 0 DisableCAD = 1 scremoveoption = 0 AutoAdminLogon = 0 CachedLogonsCount = 10 DebugServerCommand = no ShutdownFlags = 43 Background = 0 0 0 DefaultUserName = Wolfe Shell = explorer.exe Userinit = C:\Windows\system32\userinit.exe, PreCreateKnownFolders = {A520A1A4-1780-4FF6-BD18-167343C5AF16} VMApplet = SystemPropertiesPerformance.exe /pagefile Analysis Tips: The UserInit and Shell values are executed when a user logs on. ---------------------------------------- Microsoft\Windows NT\CurrentVersion\ProfileList LastWrite Time Thu Sep 30 18:05:03 2010 (UTC) Path : %systemroot%\system32\config\systemprofile SID : S-1-5-18 LastWrite : Tue Jul 14 04:41:12 2009 (UTC) Path : C:\Windows\ServiceProfiles\LocalService SID : S-1-5-19 LastWrite : Thu Sep 16 18:05:04 2010 (UTC) Path : C:\Windows\ServiceProfiles\NetworkService SID : S-1-5-20 LastWrite : Thu Sep 16 18:05:04 2010 (UTC) Path : C:\Users\Wolfe SID : S-1-5-21-2454118320-1537452945-2807297798-1000 LastWrite : Fri Oct 1 14:34:56 2010 (UTC) LoadTime : Thu Jan 1 00:00:00 1970 (UTC) Path : C:\Users\Master of Disaster SID : S-1-5-21-2454118320-1537452945-2807297798-1003 LastWrite : Fri Oct 1 11:00:59 2010 (UTC) LoadTime : Thu Jan 1 00:00:00 1970 (UTC) Domain Accounts ---------------------------------------- Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList not found. ---------------------------------------- Key Path: Microsoft\RemovalTools\MRT LastWrite Time Fri Sep 17 10:32:07 2010 (UTC) Version: 0916C369-02A8-4C3D-9AD0-E72AF7C46025 Analysis Tip: Go to http://support.microsoft.com/kb/891716/ to see when MRT was last run. According to the KB article, each time MRT is run, a new GUID is written to the Version value. ---------------------------------------- svchost Microsoft\Windows NT\CurrentVersion\SvcHost LastWrite Time Fri Oct 1 11:02:33 2010 (UTC) RPCSS RpcEptMapper,RpcSs defragsvc defragsvc LocalSystemNetworkRestricted UxSms,WdiSystemHost,Netman,trkwks,AudioEndpointBuilder,WUDFSvc,IPBusEnum,dot3svc,hidserv,irmon,sysmain,WPDBusEnum,homegrouplistener,TabletInputService,PcaSvc,wlansvc,CscService,UmRdpService LocalService nsi,WdiServiceHost,w32time,EventSystem,RemoteRegistry,WinHttpAutoProxySvc,sppuinotify,THREADORDER,netprofm,lltdsvc,fdphost,SstpSvc,WebClient netsvcs AeLookupSvc,CertPropSvc,SCPolicySvc,lanmanserver,gpsvc,IKEEXT,AudioSrv,FastUserSwitchingCompatibility,Ias,Irmon,Nla,Ntmssvc,NWCWorkstation,Nwsapagent,Rasauto,Rasman,Remoteaccess,SENS,Sharedaccess,SRService,Tapisrv,Wmi,WmdmPmSp,TermService,wuauserv,BITS,ShellHWDetection,LogonHours,PCAudit,helpsvc,uploadmgr,iphlpsvc,seclogon,AppInfo,msiscsi,MMCSS,wercplsupport,EapHost,ProfSvc,schedule,hkmsvc,SessionEnv,winmgmt,browser,Themes,BDESVC,AppMgmt WerSvcGroup wersvc LocalServiceNoNetwork DPS,PLA,BFE,mpssvc,WwanSvc termsvcs TermService swprv swprv LocalServiceNetworkRestricted DHCP,eventlog,AudioSrv,BthHFSrv,LmHosts,wscsvc,homegroupprovider,WPCSvc LocalServicePeerNet PNRPSvc,p2pimsvc,p2psvc,PnrpAutoReg NetworkServiceAndNoImpersonation KtmRm regsvc RemoteRegistry LocalServiceAndNoImpersonation SSDPSRV,upnphost,SCardSvr,TBS,FontCache,fdrespub,AppIDSvc,QWAVE,wcncsvc,Mcx2Svc,SensrSvc DcomLaunch Power,PlugPlay,DcomLaunch NetworkServiceNetworkRestricted PolicyAgent NetworkService CryptSvc,DHCP,TermService,DNSCache,lanmanworkstation,NapAgent,nlasvc,WinRM,WECSVC,Tapisrv sdrsvc sdrsvc WbioSvcGroup WbioSrvc imgsvc StiSvc wcssvc WcsPlugInService AxInstSVGroup AxInstSV secsvcs WinDefend bthsvcs bthserv PeerDist PeerDistSvc ---------------------------------------- ActiveX Snapshot Vuln Microsoft\Internet Explorer IE Version = 8.0.7600.16385 GUID: {F0E42D50-368C-11D0-AD81-00A0C90DC8D9} Compatibility Flags 0x400 GUID: {F0E42D60-368C-11D0-AD81-00A0C90DC8D9} Compatibility Flags 0x400 GUID: {F2175210-368C-11D0-AD81-00A0C90DC8D9} Compatibility Flags 0x400 ---------------------------------------- sfc v.20100305 Microsoft\Windows NT\CurrentVersion\Winlogon LastWrite Time Fri Oct 1 13:58:13 2010 (UTC) Policies\Microsoft\Windows NT\Windows File Protection LastWrite Time Tue Jul 14 04:37:24 2009 (UTC) ---------------------------------------- Uninstall Microsoft\Windows\CurrentVersion\Uninstall Thu Sep 30 17:17:36 2010 (UTC) Adobe Reader 9.3.4 v.9.3.4 Thu Sep 30 17:15:11 2010 (UTC) Times Reader v.2.054 Times Reader v.2.054 Thu Sep 30 17:14:02 2010 (UTC) Adobe AIR v.2.0.3.13070 Adobe AIR v.2.0.3.13070 Thu Sep 30 17:12:40 2010 (UTC) McAfee Security Scan Plus v.2.0.181.2 Thu Sep 30 16:41:33 2010 (UTC) Google Chrome v.6.0.472.63 Thu Sep 30 16:12:03 2010 (UTC) TrueCrypt v.7.0a Fri Sep 17 17:56:06 2010 (UTC) Java Auto Updater v.2.0.2.4 Fri Sep 17 17:55:23 2010 (UTC) Java(TM) 6 Update 21 v.6.0.210 Fri Sep 17 17:55:01 2010 (UTC) {26A24AE4-039D-4CA4-87B4-2F83216021FB} Fri Sep 17 16:45:11 2010 (UTC) OpenOffice.org 3.2 v.3.2.9502 Fri Sep 17 16:39:57 2010 (UTC) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 v.9.0.21022 Fri Sep 17 15:36:45 2010 (UTC) Google Update Helper v.1.2.183.23 Fri Sep 17 15:36:38 2010 (UTC) avast! Free Antivirus v.5.0.677.0 Fri Sep 17 15:36:13 2010 (UTC) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 v.9.0.30729.4148 Fri Sep 17 15:34:00 2010 (UTC) Adobe Flash Player 10 ActiveX v.10.1.82.76 Fri Sep 17 15:33:56 2010 (UTC) Google Toolbar for Internet Explorer v.1.0.0 Fri Sep 17 15:33:55 2010 (UTC) Google Toolbar for Internet Explorer Fri Sep 17 10:29:57 2010 (UTC) Microsoft Silverlight v.4.0.50826.0 Thu Sep 16 17:06:54 2010 (UTC) DXM_Runtime MPlayer2 Tue Jul 14 04:41:12 2009 (UTC) AddressBook Connection Manager DirectDrawEx Fontcore IE40 IE4Data IE5BAKEX IEData MobileOptionPack SchedulingAgent WIC ---------------------------------------- Microsoft\Active Setup\Installed Components LastWrite Time Fri Sep 17 17:55:23 2010 (UTC) Fri Sep 17 17:55:23 2010 (UTC) JAVAVM v.5,0,5000,0 Fri Sep 17 10:39:57 2010 (UTC) WMPACCESS v.12,0,7600,16415; %SystemRoot%\system32\unregmp2.exe /ShowWMP BRANDING.CAB v.8,0,7100,0; "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP v.12,0,7600,16415 Microsoft Windows Media Player v.12,0,7600,16415; %SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI IE4_SHELLID v.6,1,7600,16644; regsvr32.exe /s /n /i:U shell32.dll Thu Sep 16 18:05:03 2010 (UTC) IEACCESS v.8,0,7600,17136; C:\Windows\System32\ie4uinit.exe -UserIconConfig BASEIE40_W2K v.8,0,7600,17136; C:\Windows\System32\ie4uinit.exe -BaseSettings DOTNETFRAMEWORKS; C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install Tue Jul 14 04:37:55 2009 (UTC) .NETFramework v.2,0,50727,0 Tue Jul 14 04:37:08 2009 (UTC) Theme Component v.1,1,1,9; %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll MobilePk v.8,0,7600,16385 MailNews v.6,1,7600,16385; "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE DirectDrawEx v.4,71,1113,0 HelpCont v.8,0,7600,16385 MSVBScript v.5,6,0,8833 GenSetup v.8,0,7600,16385 ExtraPack v.8,0,7600,16385 MSN_Auth v.4,9,9,2 v.6,1,7600,16385 Tridata v.8,0,7600,16385 Fontcore v.8,0,7600,17136 HTMLHelp v.6,1,7600,16385 ADSI v.5,0,00,0 ---------------------------------------- shelloverlay Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers LastWrite Time Tue Jul 14 07:50:56 2009 (UTC) Tue Jul 14 07:50:56 2009 Z Offline Files {4E77131D-3629-431c-9818-C5679DC83E81} Tue Jul 14 04:41:12 2009 Z EnhancedStorageShell {D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D} SharingPrivate {08244EE6-92F0-47f2-9FC9-929BAA2E7235} ---------------------------------------- Classes\Installer\Products LastWrite Time Thu Sep 30 17:17:36 2010 (UTC) Thu Sep 30 17:17:36 2010 (UTC) Adobe Reader 9.3.4;C:\Users\Wolfe\AppData\Local\Adobe\Reader 9.3\Setup Files\Reader9\AcroRead.msi Thu Sep 30 17:15:11 2010 (UTC) Times Reader;C:\Users\Wolfe\AppData\Local\Temp\fla7515.tmp\setup.msi Thu Sep 30 17:14:02 2010 (UTC) Adobe AIR;c:\users\wolfe\appdata\local\temp\air5570.tmp\setup.msi Fri Sep 17 17:56:06 2010 (UTC) Java Auto Updater;C:\Users\Wolfe\AppData\LocalLow\Sun\Java\AU\au.msi Fri Sep 17 17:55:23 2010 (UTC) Java(TM) 6 Update 21;C:\Users\Wolfe\AppData\LocalLow\Sun\Java\jre1.6.0_20\jre1.6.0_20.msi Fri Sep 17 16:45:11 2010 (UTC) OpenOffice.org 3.2;C:\Users\Wolfe\Desktop\OpenOffice.org 3.2 (en-US) Installation Files\openofficeorg32.msi Fri Sep 17 16:39:57 2010 (UTC) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022;d:\378e255602604f027ffd32cd8f0f064f\vc_red.msi Fri Sep 17 15:36:45 2010 (UTC) Google Update Helper;C:\Program Files\Google\Update\1.2.183.23\GoogleUpdateHelper.msi Fri Sep 17 15:36:13 2010 (UTC) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148;d:\069c4087d43a55f32223ea1a68c006\vc_red.msi Fri Sep 17 15:33:56 2010 (UTC) Google Toolbar for Internet Explorer;C:\Program Files\Google\Google Toolbar\GoogleToolbarHelper_signed.msi Fri Sep 17 10:29:57 2010 (UTC) Microsoft Silverlight;d:\16fbb987ec08b5732276206417811b\silverlight.msi ---------------------------------------- Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks LastWrite Time Tue Jul 14 04:41:12 2009 (UTC) Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks has no values. No ShellExecuteHooks installed. ---------------------------------------- App Paths Microsoft\Windows\CurrentVersion\App Paths Thu Sep 30 17:17:26 2010 (UTC) AcroRd32.exe [C:\Program Files\Adobe\Reader 9.0\Reader\AcroRd32.exe] Fri Sep 17 17:55:23 2010 (UTC) javaws.exe [C:\Program Files\Java\jre6\bin\javaws.exe] Fri Sep 17 16:45:10 2010 (UTC) sbase.exe [C:\Program Files\OpenOffice.org 3\program\sbase.exe] scalc.exe [C:\Program Files\OpenOffice.org 3\program\scalc.exe] sdraw.exe [C:\Program Files\OpenOffice.org 3\program\sdraw.exe] simpress.exe [C:\Program Files\OpenOffice.org 3\program\simpress.exe] smath.exe [C:\Program Files\OpenOffice.org 3\program\smath.exe] soffice.exe [C:\Program Files\OpenOffice.org 3\program\soffice.exe] swriter.exe [C:\Program Files\OpenOffice.org 3\program\swriter.exe] unopkg.exe [C:\Program Files\OpenOffice.org 3\program\unopkg.exe] Fri Sep 17 15:39:03 2010 (UTC) chrome.exe [C:\Program Files\Google\Chrome\Application\chrome.exe] Fri Sep 17 15:36:32 2010 (UTC) AvastUI.exe [C:\Program Files\Alwil Software\Avast5\AvastUI.exe] Thu Sep 16 18:05:03 2010 (UTC) cmmgr32.exe [] IEXPLORE.EXE [C:\Program Files\Internet Explorer\IEXPLORE.EXE] Tue Jul 14 07:51:40 2009 (UTC) dvdmaker.exe [%ProgramFiles%\DVD Maker\dvdmaker.exe] Journal.exe [%ProgramFiles%\Windows Journal\Journal.exe] mip.exe [%CommonProgramFiles%\Microsoft Shared\Ink\mip.exe] SnippingTool.exe [%SystemRoot%\system32\SnippingTool.exe] TabTip.exe [%CommonProgramFiles%\microsoft shared\ink\TabTip.exe] Tue Jul 14 04:41:12 2009 (UTC) install.exe [] migwiz.exe [] mplayer2.exe [%ProgramFiles%\Windows Media Player\wmplayer.exe] pbrush.exe [%SystemRoot%\System32\mspaint.exe] PowerShell.exe [%SystemRoot%\system32\WindowsPowerShell\v1.0\PowerShell.exe] setup.exe [] sidebar.exe ["%ProgramFiles%\Windows Sidebar\sidebar.exe"] table30.exe [] wab.exe [%ProgramFiles%\Windows Mail\wab.exe] wabmig.exe [%ProgramFiles%\Windows Mail\wabmig.exe] wmplayer.exe [%ProgramFiles%\Windows Media Player\wmplayer.exe] WORDPAD.EXE ["%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE"] WRITE.EXE ["%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE"] ---------------------------------------- Microsoft\Windows NT\CurrentVersion\AeDebug LastWrite Time Tue Jul 14 04:41:12 2009 (UTC) Debugging is Disabled Microsoft\DrWatson not found. Analysis Tips: For Dr. Watson settings information check: http://www.windowsnetworking.com/kbase/WindowsTips/Windows2000/RegistryTips/RegistryTools/DrWatson.html ---------------------------------------- Microsoft\SchedulingAgent LastWrite Time Tue Jul 14 04:53:47 2009 (UTC) OldName = 37L4247D28-05 LogPath = %SystemRoot%\Tasks\SCHEDLGU.TXT MaxLogSizeKB = 32 TasksFolder = %SystemRoot%\Tasks ---------------------------------------- Microsoft\Windows\CurrentVersion\Policies\Explorer not found. ----------------------------------------