PDA

View Full Version : Command Service


brispie
2007-05-15, 13:36
Hi

I'm getting 3 command service entries coming up when I run spybot. One can be removed, but the other two cannot as they apparently are linked files. When I run spybot again the other one comes back as well.

I've run spybot in safe mode with no joy, but am a little hazy what else I need to do. Can you please help?

Cheers.
Shaba
2007-05-16, 16:34
Hi brispie

Use this (http://downloads.malwareremoval.com/hijackthis_sfx.exe) link to get HijackThis.
Save it to your desktop and then double-click to run it.
It will install the program in c:\program files\HijackThis.
Browse to that location with windows explorer, and double click on the HijackThis.exe program to run. Choose the 'Do a system scan and save a logfile'
That will allow you to save the log to the desktop (or some other place) and leave open a notepad file with the HijackThis log in it.

Now post your HijackThis log into this topic.
brispie
2007-05-16, 22:48
Is this any good?

Thanks for the swift response by the way Shaba.

Logfile of HijackThis v1.99.1
Scan saved at 21:47:54, on 16/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\ASUS\Probe\AsusProb.exe
C:\Program Files\Winamp\winampa.exe
C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Boots F2CD\Picture Suite\InsDetect.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\PROGRA~1\Symantec\NORTON~1\GHOSTS~2.EXE
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by blueyonder
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [WinPatrol] C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [Boots Insert Detect] C:\Program Files\Boots F2CD\Picture Suite\InsDetect.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\googletoolbar.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\googletoolbar.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\googletoolbar.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\googletoolbar.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\googletoolbar.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.blueyonder.co.uk/dial
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1110302565593
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\PROGRA~1\Symantec\NORTON~1\GHOSTS~2.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
Shaba
2007-05-17, 05:22
Hi

Please download delcmdservice (by Marckie), and save it to your Desktop.
http://users.telenet.be/marcvn/tools/delcmdservice.zip

Unzip the content to your Desktop (a folder named delcmdservice)
Double-click on the delcmdservice folder
Double-click on delreg.bat to launch the tool
When the tool has finished, please reboot your computer.

Scan again with Spybot and let me know if that has resolved the problem?
brispie
2007-05-17, 22:06
A bit strange.

I save the file to my desktop and then open it up, but when I double click on delreg.bat something briefly flickers on screen, but that's it.

I did re-boot and run spybot, but no change.
Shaba
2007-05-18, 09:20
Hi

Post then spybot report here, please :)
brispie
2007-05-18, 21:52
Spybot Report? Sorry I'm not sure how to do that.
Shaba
2007-05-19, 11:12
Hi

You can get a Spybot report, if you switch Spybot into advanced mode (Mode -> Advanced mode), then click on "Tools", and then "View Report". There confirm that the checkboxes are checked and click on the green button with the arrow labeled "View report" . Export the report to a text file and copy/paste it to your next post.
brispie
2007-05-19, 13:56
It's a big one!


--- Search result list ---


--- System information ---
Windows XP (Build: 2600) Service Pack 2
/ MSXML4SP2: FIX: ASP stops responding when calling Response.Redirect to another server using msxml4 sp2
/ Windows Media Player 10: Security Update for Windows Media Player 10 (KB911565)
/ Windows Media Player 10: Security Update for Windows Media Player 10 (KB917734)
/ Windows Media Player 6.4: Security Update for Windows Media Player 6.4 (KB925398)
/ Windows XP: Security Update for Windows XP (KB923689)
/ Windows XP / SP3: Windows XP Hotfix - KB867282
/ Windows XP / SP3: Windows XP Hotfix - KB873333
/ Windows XP / SP3: Windows XP Hotfix - KB873339
/ Windows XP / SP3: Security Update for Windows XP (KB883939)
/ Windows XP / SP3: Windows XP Hotfix - KB885250
/ Windows XP / SP3: Windows XP Hotfix - KB885835
/ Windows XP / SP3: Windows XP Hotfix - KB885836
/ Windows XP / SP3: Windows XP Hotfix - KB885884
/ Windows XP / SP3: Windows XP Hotfix - KB886185
/ Windows XP / SP3: Windows XP Hotfix - KB887472
/ Windows XP / SP3: Windows XP Hotfix - KB887742
/ Windows XP / SP3: Windows XP Hotfix - KB888113
/ Windows XP / SP3: Windows XP Hotfix - KB888302
/ Windows XP / SP3: Security Update for Windows XP (KB890046)
/ Windows XP / SP3: Windows XP Hotfix - KB890047
/ Windows XP / SP3: Windows XP Hotfix - KB890175
/ Windows XP / SP3: Windows XP Hotfix - KB890859
/ Windows XP / SP3: Windows XP Hotfix - KB890923
/ Windows XP / SP3: Windows XP Hotfix - KB891781
/ Windows XP / SP3: Security Update for Windows XP (KB893066)
/ Windows XP / SP3: Windows XP Hotfix - KB893086
/ Windows XP / SP3: Security Update for Windows XP (KB893756)
/ Windows XP / SP3: Windows Installer 3.1 (KB893803)
/ Windows XP / SP3: Windows Installer 3.1 (KB893803)
/ Windows XP / SP3: Update for Windows XP (KB894391)
/ Windows XP / SP3: Security Update for Windows XP (KB896358)
/ Windows XP / SP3: Security Update for Windows XP (KB896422)
/ Windows XP / SP3: Security Update for Windows XP (KB896423)
/ Windows XP / SP3: Security Update for Windows XP (KB896424)
/ Windows XP / SP3: Security Update for Windows XP (KB896428)
/ Windows XP / SP3: Security Update for Windows XP (KB896688)
/ Windows XP / SP3: Update for Windows XP (KB896727)
/ Windows XP / SP3: Update for Windows XP (KB898461)
/ Windows XP / SP3: Security Update for Windows XP (KB899587)
/ Windows XP / SP3: Security Update for Windows XP (KB899588)
/ Windows XP / SP3: Security Update for Windows XP (KB899589)
/ Windows XP / SP3: Security Update for Windows XP (KB899591)
/ Windows XP / SP3: Update for Windows XP (KB900485)
/ Windows XP / SP3: Security Update for Windows XP (KB900725)
/ Windows XP / SP3: Security Update for Windows XP (KB901017)
/ Windows XP / SP3: Security Update for Windows XP (KB901214)
/ Windows XP / SP3: Security Update for Windows XP (KB902400)
/ Windows XP / SP3: Security Update for Windows XP (KB903235)
/ Windows XP / SP3: Security Update for Windows XP (KB904706)
/ Windows XP / SP3: Security Update for Windows XP (KB905414)
/ Windows XP / SP3: Security Update for Windows XP (KB905749)
/ Windows XP / SP3: Security Update for Windows XP (KB905915)
/ Windows XP / SP3: Security Update for Windows XP (KB908519)
/ Windows XP / SP3: Security Update for Windows XP (KB908531)
/ Windows XP / SP3: Update for Windows XP (KB910437)
/ Windows XP / SP3: Update for Windows XP (KB911280)
/ Windows XP / SP3: Security Update for Windows XP (KB911562)
/ Windows XP / SP3: Security Update for Windows XP (KB911567)
/ Windows XP / SP3: Security Update for Windows XP (KB911927)
/ Windows XP / SP3: Security Update for Windows XP (KB912812)
/ Windows XP / SP3: Security Update for Windows XP (KB912919)
/ Windows XP / SP3: Security Update for Windows XP (KB913446)
/ Windows XP / SP3: Security Update for Windows XP (KB913580)
/ Windows XP / SP3: Security Update for Windows XP (KB914388)
/ Windows XP / SP3: Security Update for Windows XP (KB914389)
/ Windows XP / SP3: Security Update for Windows XP (KB916281)
/ Windows XP / SP3: Update for Windows XP (KB916595)
/ Windows XP / SP3: Security Update for Windows XP (KB917159)
/ Windows XP / SP3: Security Update for Windows XP (KB917344)
/ Windows XP / SP3: Security Update for Windows XP (KB917422)
/ Windows XP / SP3: Security Update for Windows XP (KB917953)
/ Windows XP / SP3: Security Update for Windows XP (KB918118)
/ Windows XP / SP3: Security Update for Windows XP (KB918439)
/ Windows XP / SP3: Security Update for Windows XP (KB918899)
/ Windows XP / SP3: Security Update for Windows XP (KB919007)
/ Windows XP / SP3: Security Update for Windows XP (KB920213)
/ Windows XP / SP3: Security Update for Windows XP (KB920214)
/ Windows XP / SP3: Security Update for Windows XP (KB920670)
/ Windows XP / SP3: Security Update for Windows XP (KB920683)
/ Windows XP / SP3: Security Update for Windows XP (KB920685)
/ Windows XP / SP3: Update for Windows XP (KB920872)
/ Windows XP / SP3: Security Update for Windows XP (KB921398)
/ Windows XP / SP3: Security Update for Windows XP (KB921883)
/ Windows XP / SP3: Update for Windows XP (KB922582)
/ Windows XP / SP3: Security Update for Windows XP (KB922616)
/ Windows XP / SP3: Security Update for Windows XP (KB922760)
/ Windows XP / SP3: Security Update for Windows XP (KB922819)
/ Windows XP / SP3: Security Update for Windows XP (KB923191)
/ Windows XP / SP3: Security Update for Windows XP (KB923414)
/ Windows XP / SP3: Security Update for Windows XP (KB923694)
/ Windows XP / SP3: Security Update for Windows XP (KB923980)
/ Windows XP / SP3: Security Update for Windows XP (KB924191)
/ Windows XP / SP3: Security Update for Windows XP (KB924270)
/ Windows XP / SP3: Security Update for Windows XP (KB924496)
/ Windows XP / SP3: Security Update for Windows XP (KB924667)
/ Windows XP / SP3: Security Update for Windows XP (KB925454)
/ Windows XP / SP3: Security Update for Windows XP (KB925486)
/ Windows XP / SP3: Security Update for Windows XP (KB925902)
/ Windows XP / SP3: Security Update for Windows XP (KB926255)
/ Windows XP / SP3: Security Update for Windows XP (KB926436)
/ Windows XP / SP3: Security Update for Windows XP (KB927779)
/ Windows XP / SP3: Security Update for Windows XP (KB927802)
/ Windows XP / SP3: Security Update for Windows XP (KB928090)
/ Windows XP / SP3: Security Update for Windows XP (KB928255)
/ Windows XP / SP3: Security Update for Windows XP (KB928843)
/ Windows XP / SP3: Update for Windows XP (KB929338)
/ Windows XP / SP3: Security Update for Windows XP (KB929969)
/ Windows XP / SP3: Security Update for Windows XP (KB930178)
/ Windows XP / SP3: Update for Windows XP (KB930916)
/ Windows XP / SP3: Security Update for Windows XP (KB931261)
/ Windows XP / SP3: Security Update for Windows XP (KB931768)
/ Windows XP / SP3: Security Update for Windows XP (KB931784)
/ Windows XP / SP3: Update for Windows XP (KB931836)
/ Windows XP / SP3: Security Update for Windows XP (KB932168)


--- Startup entries list ---
Located: HK_LM:Run, ASUS Probe
command: C:\Program Files\ASUS\Probe\AsusProb.exe
file: C:\Program Files\ASUS\Probe\AsusProb.exe
size: 617984
MD5: b7e260f00988380f72ff06d2fe181d70

Located: HK_LM:Run, ATIPTA
command: C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
file: C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
size: 339968
MD5: 88e9fb3ffa53f65477dceaebc37a4189

Located: HK_LM:Run, AVG7_CC
command: C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
file: C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
size: 416256
MD5: 2200c98c049de1a7638ea0edba1c8882

Located: HK_LM:Run, QuickTime Task
command: "C:\Program Files\QuickTime\qttask.exe" -atboottime
file: C:\Program Files\QuickTime\qttask.exe
size: 98304
MD5: 9b4c1812595c389ab9ccf1ff3b315248

Located: HK_LM:Run, SunJavaUpdateSched
command: "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
file: C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
size: 83608
MD5: 9c1c80bbf8e6044980890e2d2d91091c

Located: HK_LM:Run, WinampAgent
command: C:\Program Files\Winamp\winampa.exe
file: C:\Program Files\Winamp\winampa.exe
size: 33792
MD5: 11aa6662a1be30375afd1a8407811e7e

Located: HK_LM:Run, WinPatrol
command: C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
file: C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
size: 230592
MD5: e17fb7c097b651ae7b918da4151624f2

Located: HK_CU:Run, Boots Insert Detect
command: C:\Program Files\Boots F2CD\Picture Suite\InsDetect.exe
file: C:\Program Files\Boots F2CD\Picture Suite\InsDetect.exe
size: 262144
MD5: b846143895f23bf8d434cf5000c0eda8

Located: System.ini, AtiExtEvent
command: Ati2evxx.dll
file: Ati2evxx.dll

Located: System.ini, crypt32chain
command: crypt32.dll
file: crypt32.dll

Located: System.ini, cryptnet
command: cryptnet.dll
file: cryptnet.dll

Located: System.ini, cscdll
command: cscdll.dll
file: cscdll.dll

Located: System.ini, ScCertProp
command: wlnotify.dll
file: wlnotify.dll

Located: System.ini, Schedule
command: wlnotify.dll
file: wlnotify.dll

Located: System.ini, sclgntfy
command: sclgntfy.dll
file: sclgntfy.dll

Located: System.ini, SensLogn
command: WlNotify.dll
file: WlNotify.dll

Located: System.ini, termsrv
command: wlnotify.dll
file: wlnotify.dll

Located: System.ini, WgaLogon
command: WgaLogon.dll
file: WgaLogon.dll

Located: System.ini, wlballoon
command: wlnotify.dll
file: wlnotify.dll



--- Browser helper object list ---
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
BHO name:
CLSID name: AcroIEHlprObj Class
description: Adobe Acrobat reader
classification: Legitimate
known filename: AcroIEhelper.ocx<br>AcroIEhelper.dll
info link: http://www.adobe.com/products/acrobat/readstep2.html
info source: TonyKlein
Path: C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\
Long name: AcroIEHelper.dll
Short name: ACROIE~1.DLL
Date (created): 03/11/2003 15:17:44
Date (last access): 19/05/2007 12:30:10
Date (last write): 03/11/2003 15:17:44
Filesize: 54248
Attributes: archive
MD5: FC7850324464E4D19A24A03D882B5CC4
CRC32: 452E8571
Version: 6.0.1.1091

{53707962-6F74-2D53-2644-206D7942484F} ()
BHO name:
CLSID name:
description: Spybot-S&D IE Browser plugin
classification: Legitimate
known filename: SDhelper.dll
info link: http://spybot.eon.net.au/
info source: Patrick M. Kolla
Path: C:\PROGRA~1\SPYBOT~1\
Long name: SDHelper.dll
Short name:
Date (created): 12/05/2004 02:03:00
Date (last access): 19/05/2007 12:30:10
Date (last write): 31/05/2005 01:04:00
Filesize: 853672
Attributes: archive
MD5: 250D787A5712D7768DDC133B3E477759
CRC32: D4589A41
Version: 1.4.0.0

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
BHO name:
CLSID name: SSVHelper Class
Path: C:\Program Files\Java\jre1.6.0_01\bin\
Long name: ssv.dll
Short name:
Date (created): 23/04/2007 13:53:42
Date (last access): 19/05/2007 12:30:10
Date (last write): 14/03/2007 03:43:40
Filesize: 501400
Attributes: archive
MD5: 70FD57D6EDBED8D80C1995257C99D27E
CRC32: 3CE654AC
Version: 6.0.10.6



--- ActiveX list ---
Microsoft XML Parser for Java (Microsoft XML Parser for Java)
DPF name: Microsoft XML Parser for Java
CLSID name:
Installer:
Codebase: file://C:\WINDOWS\Java\classes\xmldso.cab
description:
classification: Legitimate
known filename: %WINDIR%\Java\classes\xmldso.cab
info link:
info source: Patrick M. Kolla

{0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object)
DPF name:
CLSID name: CKAVWebScan Object
Installer: C:\WINDOWS\Downloaded Program Files\kavwebscan.inf
Codebase: http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
description:
classification: Legitimate
known filename:
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\system32\Kaspersky Lab\Kaspersky On-line Scanner\
Long name: kavwebscan.dll
Short name: KAVWEB~1.DLL
Date (created): 13/10/2005 12:00:56
Date (last access): 19/05/2007 09:03:20
Date (last write): 13/10/2005 12:00:56
Filesize: 790528
Attributes: archive
MD5: 46CE15B59AB422CAF3765DDC909A64F0
CRC32: 606D97CC
Version: 5.0.78.0

{6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class)
DPF name:
CLSID name: WUWebControl Class
Installer: C:\WINDOWS\Downloaded Program Files\wuweb.inf
Codebase: http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1110302565593
description:
classification: Legitimate
known filename: wuweb.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\system32\
Long name: wuweb.dll
Short name:
Date (created): 08/03/2005 15:34:40
Date (last access): 19/05/2007 09:01:32
Date (last write): 26/05/2005 04:16:30
Filesize: 173536
Attributes: archive
MD5: C459F2D5E64C942F3F66E1CD7F1C4C00
CRC32: EEF66B50
Version: 5.8.0.2469

{8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_01
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
description: Sun Java
classification: Legitimate
known filename: %PROGRAM FILES%\JabaSoft\JRE\*\Bin\npjava131.dll
info link:
info source: Patrick M. Kolla
Path: C:\Program Files\Java\jre1.6.0_01\bin\
Long name: npjpi160_01.dll
Short name: NPJPI1~1.DLL
Date (created): 14/03/2007 02:04:46
Date (last access): 19/05/2007 08:49:24
Date (last write): 14/03/2007 03:43:42
Filesize: 132760
Attributes: archive
MD5: F112FB2FD2EF66D439799E3F834DF000
CRC32: D2B09219
Version: 6.0.0.6

{A8658086-E6AC-4957-BC8E-8D54A7E8A790} (GDIChk Object)
DPF name:
CLSID name: GDIChk Object
Installer: C:\WINDOWS\Downloaded Program Files\gdichk.inf
Codebase: http://www.microsoft.com/security/controls/GDI/0/GDIChk.CAB
description:
classification: Legitimate
known filename: GDIChk.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\Downloaded Program Files\
Long name: GDIChk.dll
Short name:
Date (created): 09/09/2004 16:17:40
Date (last access): 19/05/2007 08:57:50
Date (last write): 09/09/2004 16:17:40
Filesize: 65272
Attributes: archive
MD5: 56AF5FF66A5F8F927411B59B66107C84
CRC32: 61E0CF2E
Version: 1.0.0.0

{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} (Java Runtime Environment 1.5.0)
DPF name: Java Runtime Environment 1.5.0
CLSID name: Java Plug-in 1.5.0_06
Installer:
Codebase: http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
description:
classification: Legitimate
known filename: npjpi150_06.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Program Files\Java\jre1.5.0_06\bin\
Long name: NPJPI150_06.dll
Short name: NPJPI1~1.DLL
Date (created): 02/03/2006 13:52:58
Date (last access): 19/05/2007 08:46:44
Date (last write): 10/11/2005 13:22:12
Filesize: 69746
Attributes: archive
MD5: D2CF6BB5E9020E6707B62575F8083954
CRC32: 7F39DC54
Version: 5.0.60.5

{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} (Java Runtime Environment 1.5.0)
DPF name: Java Runtime Environment 1.5.0
CLSID name: Java Plug-in 1.5.0_09
Installer:
Codebase: http://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
description:
classification: Legitimate
known filename: NPJPI150_09.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Program Files\Java\jre1.5.0_09\bin\
Long name: NPJPI150_09.dll
Short name: NPJPI1~1.DLL
Date (created): 12/10/2006 04:10:58
Date (last access): 19/05/2007 08:47:24
Date (last write): 12/10/2006 04:25:44
Filesize: 69746
Attributes: archive
MD5: A3CDEB59B6B8C2EA81B9ED2D3EF4C95E
CRC32: 2A32A9A2
Version: 5.0.90.3

{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} (Java Runtime Environment 1.5.0)
DPF name: Java Runtime Environment 1.5.0
CLSID name: Java Plug-in 1.5.0_10
Installer:
Codebase: http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
Path: C:\Program Files\Java\jre1.5.0_10\bin\
Long name: NPJPI150_10.dll
Short name: NPJPI1~1.DLL
Date (created): 09/11/2006 16:07:34
Date (last access): 19/05/2007 08:48:04
Date (last write): 09/11/2006 16:21:54
Filesize: 75528
Attributes: archive
MD5: 635F4B3A0F1C661B5CEDE628BA85E46B
CRC32: 0C9B7145
Version: 5.0.100.3
brispie
2007-05-19, 13:57
{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} (Java Runtime Environment 1.5.0)
DPF name: Java Runtime Environment 1.5.0
CLSID name: Java Plug-in 1.5.0_11
Installer:
Codebase: http://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
Path: C:\Program Files\Java\jre1.5.0_11\bin\
Long name: NPJPI150_11.dll
Short name: NPJPI1~1.DLL
Date (created): 15/12/2006 04:09:16
Date (last access): 19/05/2007 08:48:44
Date (last write): 15/12/2006 04:23:26
Filesize: 75528
Attributes: archive
MD5: 3B3F6984DBF972DAFF1B7E9C44E2FE75
CRC32: 4BDE2041
Version: 5.0.110.3

{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_01
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
Path: C:\Program Files\Java\jre1.6.0_01\bin\
Long name: npjpi160_01.dll
Short name: NPJPI1~1.DLL
Date (created): 14/03/2007 02:04:46
Date (last access): 19/05/2007 12:50:26
Date (last write): 14/03/2007 03:43:42
Filesize: 132760
Attributes: archive
MD5: F112FB2FD2EF66D439799E3F834DF000
CRC32: D2B09219
Version: 6.0.0.6

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_01
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
description:
classification: Legitimate
known filename: npjpi150_06.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Program Files\Java\jre1.6.0_01\bin\
Long name: npjpi160_01.dll
Short name: NPJPI1~1.DLL
Date (created): 14/03/2007 02:04:46
Date (last access): 19/05/2007 12:50:26
Date (last write): 14/03/2007 03:43:42
Filesize: 132760
Attributes: archive
MD5: F112FB2FD2EF66D439799E3F834DF000
CRC32: D2B09219
Version: 6.0.0.6

{D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object)
DPF name:
CLSID name: Shockwave Flash Object
Installer: C:\WINDOWS\Downloaded Program Files\swflash.inf
Codebase: http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
description: Macromedia Shockwave Flash Player
classification: Legitimate
known filename:
info link:
info source: Patrick M. Kolla
Path: C:\WINDOWS\system32\Macromed\Flash\
Long name: Flash8b.ocx
Short name:
Date (created): 31/03/2006 11:45:12
Date (last access): 19/05/2007 12:28:08
Date (last write): 31/03/2006 11:45:12
Filesize: 1443464
Attributes: readonly archive
MD5: 12719EDDAAB9CAEEF28C6E58192F594B
CRC32: 680E085C
Version: 8.0.24.0



--- Process list ---
PID: 0 ( 0) [System]
PID: 444 ( 4) \SystemRoot\System32\smss.exe
PID: 500 ( 444) \??\C:\WINDOWS\system32\csrss.exe
PID: 524 ( 444) \??\C:\WINDOWS\system32\winlogon.exe
PID: 568 ( 524) C:\WINDOWS\system32\services.exe
size: 108032
MD5: C6CE6EEC82F187615D1002BB3BB50ED4
PID: 580 ( 524) C:\WINDOWS\system32\lsass.exe
size: 13312
MD5: 84885F9B82F4D55C6146EBF6065D75D2
PID: 740 ( 568) C:\WINDOWS\system32\Ati2evxx.exe
size: 389120
MD5: DF7CE16CFF3217E71742E3D700844C07
PID: 756 ( 568) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 812 ( 568) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 880 ( 568) C:\WINDOWS\System32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 944 ( 568) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1084 ( 568) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1212 ( 524) C:\WINDOWS\system32\Ati2evxx.exe
size: 389120
MD5: DF7CE16CFF3217E71742E3D700844C07
PID: 1288 (1248) C:\WINDOWS\Explorer.EXE
size: 1032192
MD5: A0732187050030AE399B241436565E64
PID: 1388 ( 568) C:\WINDOWS\system32\spoolsv.exe
size: 57856
MD5: DA81EC57ACD4CDC3D4C51CF3D409AF9F
PID: 1500 (1288) C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
size: 339968
MD5: 88E9FB3FFA53F65477DCEAEBC37A4189
PID: 1512 (1288) C:\Program Files\ASUS\Probe\AsusProb.exe
size: 617984
MD5: B7E260F00988380F72FF06D2FE181D70
PID: 1520 (1288) C:\Program Files\Winamp\winampa.exe
size: 33792
MD5: 11AA6662A1BE30375AFD1A8407811E7E
PID: 1532 (1288) C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
size: 230592
MD5: E17FB7C097B651AE7B918DA4151624F2
PID: 1552 (1288) C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
size: 83608
MD5: 9C1C80BBF8E6044980890E2D2D91091C
PID: 1568 (1288) C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
size: 416256
MD5: 2200C98C049DE1A7638EA0EDBA1C8882
PID: 1584 (1288) C:\Program Files\Boots F2CD\Picture Suite\InsDetect.exe
size: 262144
MD5: B846143895F23BF8D434CF5000C0EDA8
PID: 1764 ( 568) C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
size: 100032
MD5: B825F25B8FC988F18C2EAA6737E83512
PID: 1796 ( 568) C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
size: 353280
MD5: 5F4ED1DBA7E1EAECBA443A53DA176485
PID: 1812 ( 568) C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
size: 49664
MD5: 30A14F65DB477DC00A64A5A24E96919C
PID: 1840 ( 568) C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
size: 351744
MD5: C6A162BEDAA82DBE9EBF8C7EEBD2929B
PID: 1900 ( 568) C:\PROGRA~1\Symantec\NORTON~1\GHOSTS~2.EXE
size: 200704
MD5: BC9C77FAC763D84BFDF09B55D4B41AFA
PID: 2000 ( 568) C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
size: 1174152
MD5: C1C706751F0499747DA9442C2679A0B7
PID: 1236 ( 568) C:\WINDOWS\System32\alg.exe
size: 44544
MD5: F1958FBF86D5C004CF19A5951A9514B7
PID: 1976 ( 524) C:\WINDOWS\system32\WgaTray.exe
size: 336768
MD5: 047CD344AC7B76BA3C224FAE1A4627C9
PID: 1104 (1288) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
size: 4393096
MD5: 09CA174A605B480318731E691DC98539
PID: 2168 (1288) C:\Program Files\Internet Explorer\IEXPLORE.EXE
size: 93184
MD5: E7484514C0464642BE7B4DC2689354C8
PID: 4 ( 0) System


--- Browser start & search pages list ---
Spybot - Search & Destroy browser pages report, 19/05/2007 12:50:26

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
C:\WINDOWS\system32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Bar
http://www.google.com/ie
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.google.co.uk/
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
%SystemRoot%\system32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant
http://www.google.com/ie
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm


--- Winsock Layered Service Provider list ---
Protocol 0: MSAFD Tcpip [TCP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip

Protocol 1: MSAFD Tcpip [UDP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip

Protocol 2: MSAFD Tcpip [RAW/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip

Protocol 3: RSVP UDP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Protocol 4: RSVP TCP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Protocol 5: MSAFD NetBIOS [\Device\NetBT_Tcpip_{CE5FA0D0-384D-4387-9E47-D25184030D99}] SEQPACKET 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 6: MSAFD NetBIOS [\Device\NetBT_Tcpip_{CE5FA0D0-384D-4387-9E47-D25184030D99}] DATAGRAM 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 7: MSAFD NetBIOS [\Device\NetBT_Tcpip_{AEC81411-BE1E-4DE1-BB79-D79261782333}] SEQPACKET 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 8: MSAFD NetBIOS [\Device\NetBT_Tcpip_{AEC81411-BE1E-4DE1-BB79-D79261782333}] DATAGRAM 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 9: MSAFD NetBIOS [\Device\NetBT_Tcpip_{EFAA1A20-1136-4A13-A53C-B1E4E4C52CBE}] SEQPACKET 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 10: MSAFD NetBIOS [\Device\NetBT_Tcpip_{EFAA1A20-1136-4A13-A53C-B1E4E4C52CBE}] DATAGRAM 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 11: MSAFD NetBIOS [\Device\NetBT_Tcpip_{95BBC455-0CBA-4ED3-B9D8-2AFCE18C49E7}] SEQPACKET 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 12: MSAFD NetBIOS [\Device\NetBT_Tcpip_{95BBC455-0CBA-4ED3-B9D8-2AFCE18C49E7}] DATAGRAM 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Namespace Provider 0: Tcpip
GUID: {22059D40-7E9E-11CF-AE5A-00AA00A7112B}
Filename: %SystemRoot%\System32\mswsock.dll
Description: Microsoft Windows NT/2k/XP TCP/IP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: TCP/IP

Namespace Provider 1: NTDS
GUID: {3B2637EE-E580-11CF-A555-00C04FD8D4AC}
Filename: %SystemRoot%\System32\winrnr.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\winrnr.dll
DB protocol: NTDS

Namespace Provider 2: Network Location Awareness (NLA) Namespace
GUID: {6642243A-3BA8-4AA6-BAA5-2E0BD71FDD83}
Filename: %SystemRoot%\System32\mswsock.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: NLA-Namespace



--- Uninstall list ---
Ad-Aware SE Personal 1.06 (Ad-Aware SE Personal)
uninstall cmd: C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
publisher: Lavasoft
help link: http://www.lavasoft.com

(AddressBook)

ATI - Software Uninstall Utility 6.14.10.1010 (All ATI Software)
install location: C:\Program Files\ATI Technologies\UninstallAll
uninstall cmd: C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe

ASUS Probe V2.23.04 (ASUS Probe V2.23.04)
uninstall cmd: C:\WINDOWS\uninst.exe -f"C:\Program Files\ASUS\Probe\DeIsL1.isu" -c"C:\Program Files\ASUS\Probe\probunis.dll"

ATI Display Driver 8.05-040812a-017884C-Asus (ATI Display Driver)
uninstall cmd: rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean

AudibleManager 2089884432.-1.2089884374.2090320032 (AudibleManager)
uninstall cmd: C:\Program Files\Audible\Bin\Upgrade.exe /Uninstall
publisher: Audible, Inc.

AVG 7.5 (AVG7Uninstall)
uninstall cmd: C:\Program Files\Grisoft\AVG7\setup.exe /UNINSTALL

5.0.2.4.asst_classic.asst_install (blueyonder Instant Support Tool)
uninstall cmd: D:\BLUEYO~1\Uninstall.exe blueyonder
publisher: Motive Communications, Inc.

blueyonder Instant Support Tool (blueyonder.MCCInstall)
uninstall cmd: C:\WINDOWS\Motive\blueyonder\MCCUninst.exe

Boots F2CD Picture Suite 1.0.0.13 (Boots F2CD Picture Suite)
uninstall cmd: "C:\Program Files\Boots F2CD\Picture Suite\Uninstal.exe" C:\PROGRA~1\BOOTSF~1\PICTUR~1\INSTALL.LOG
contact: Boots@Pixology.com

(Branding)

(CADI)
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9 /remove

Championship Manager 00-01 (Championship Manager 00-01)
uninstall cmd: C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Championship Manager 00-01\Uninst.isu"

(Connection Manager)

(Creative Audio CD Ripper)
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A0B5225-B59B-4D72-B3FE-71AAA693A8E2}\setup.exe" -l0x9 /remove

(Creative MediaSource 5)

(Creative MediaSource CD-ROM Burner Plugin Unicode)
uninstall cmd: "C:\Program Files\Creative Installation Information\E-CENTER_PLUGIN_CDBURNER_U\Setup.exe" /remove /l0x0009

(Creative MediaSource Music Player (Mass Storage Series) Plugin Unicode)
uninstall cmd: "C:\Program Files\Creative Installation Information\E-CENTER_PLUGIN_MUSICPLAYER_MSS_U\Setup.exe" /remove /l0x0009

(Creative MediaSource Net Content Plugin Unicode)
uninstall cmd: "C:\Program Files\Creative Installation Information\E-CENTER_NET_CONTENT_U\Setup.exe" /remove /l0x0009

(Creative MediaSource NOMAD Jukebox 2/3/ZEN Plugin Unicode)
uninstall cmd: "C:\Program Files\Creative Installation Information\E-CENTER_PLUGIN_NOMADJUKEBOXTYPE2_U\Setup.exe" /remove /l0x0009

(Creative MediaSource Player Skin Pack Unicode)
uninstall cmd: "C:\Program Files\Creative Installation Information\MEDIASOURCE_PLAYER_SKINPACK_U\Setup.exe" /remove /l0x0009

(Creative MediaSource Plugin for PlaysForSure Unicode)
uninstall cmd: "C:\Program Files\Creative Installation Information\E-CENTER_PLUGIN_MTP_U\Setup.exe" /remove /l0x0009

(Creative MediaSource Unicode)
uninstall cmd: "C:\Program Files\Creative Installation Information\CREATIVE_MEDIASOURCE_U\Setup.exe" /remove /l0x0009

(Creative SmartFill)
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{19822917-61F6-4221-B1D0-1C3B8A06BE60}\setup.exe" -l0x9 /remove

(Creative ZEN Nano Plus)

(Creative Zen Nano Plus Media Explorer)
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9B7A778E-AF38-4341-9EA0-1FC981106ADA}\setup.exe" -l0x9 /remove

(DirectAnimation)

(DirectDrawEx)

(DXM_Runtime)

ewido anti-malware (ewidoantimalware)
install location: C:\Program Files\ewido anti-malware
uninstall cmd: C:\Program Files\ewido anti-malware\Uninstall.exe
publisher: ewido networks
help link: http://www.ewido.net

(expinst)

(Fontcore)

GameSpy Arcade (GameSpy Arcade)
uninstall cmd: C:\PROGRA~1\GAMESP~1\UNWISE.EXE C:\PROGRA~1\GAMESP~1\INSTALL.LOG
brispie
2007-05-19, 13:58
Google Desktop Search - (Google Desktop)
uninstall cmd: C:\Program Files\Google\Google Desktop Search\GoogleDesktopSearchSetup.exe -uninstall
publisher: Google
help link: http://desktop.google.com/help.html?hl=en

HijackThis 1.99.1 1.99.1 (HijackThis)
uninstall cmd: C:\Program Files\Hijackthis\HijackThis.exe /uninstall
publisher: Soeperman Enterprises Ltd.

Hijackthis 1.99.1 (Hijackthis_is1)
install location: C:\Program Files\Hijackthis\
uninstall cmd: "C:\Program Files\Hijackthis\unins000.exe"
publisher: Soeperman Enterprises Ltd
help link: http://www.merijn.org

(ICW)

(IE40)

(IE4Data)

(IE5BAKEX)

(IEData)

(IEREADME)

(InstallShield Uninstall Information)

CM4 4.0.0 (InstallShield_{435E53AF-B62B-4094-AE12-F6ECF0BF3CE4})
version: 67108864
version (major): 4
estimated size: 434725
install date: 20050529
install source: E:\
uninstall cmd: C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{435E53AF-B62B-4094-AE12-F6ECF0BF3CE4}
publisher: Eidos Interactive
comments: Please contact Eidos Technical Support with any issues concerning CM4
contact: Technical Support
help link: http://www.eidosinteractive.co.uk/support/index.html
help telephone: 0870 9000 0222

Kaspersky On-line Scanner 5.0.78.0 (Kaspersky On-line Scanner)
estimated size: 6040
install location: C:\WINDOWS\system32\KASPER~1\KASPER~1
uninstall cmd: C:\WINDOWS\system32\KASPER~1\KASPER~1\kavuninstall.exe
publisher: Kaspersky Lab
contact: Customer Support Department
help link: http://www.kaspersky.com/support.asp

Windows XP Hotfix - KB867282 20050127.090417 (KB867282)
uninstall cmd: C:\WINDOWS\$NtUninstallKB867282$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=867282

Windows XP Hotfix - KB873333 20050114.005213 (KB873333)
uninstall cmd: C:\WINDOWS\$NtUninstallKB873333$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=873333

Windows XP Hotfix - KB873339 20041117.092459 (KB873339)
uninstall cmd: C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=873339

Security Update for Windows XP (KB883939) 1 (KB883939)
install date: 20050618
uninstall cmd: "C:\WINDOWS\$NtUninstallKB883939$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=883939

(KB884016)

Windows XP Hotfix - KB885250 20050118.202711 (KB885250)
uninstall cmd: C:\WINDOWS\$NtUninstallKB885250$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=885250

Windows XP Hotfix - KB885835 20041027.181713 (KB885835)
uninstall cmd: C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=885835

Windows XP Hotfix - KB885836 20041028.173203 (KB885836)
uninstall cmd: C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=885836

Windows XP Hotfix - KB885884 20040924.025457 (KB885884)
uninstall cmd: C:\WINDOWS\$NtUninstallKB885884$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=885884

Windows XP Hotfix - KB886185 20041021.090540 (KB886185)
uninstall cmd: C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=886185

Windows XP Hotfix - KB887472 20041014.162858 (KB887472)
uninstall cmd: C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=887472

Windows XP Hotfix - KB887742 20041103.095002 (KB887742)
uninstall cmd: C:\WINDOWS\$NtUninstallKB887742$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=887742

Windows XP Hotfix - KB888113 20041116.131036 (KB888113)
uninstall cmd: C:\WINDOWS\$NtUninstallKB888113$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=888113

Windows XP Hotfix - KB888302 20041207.111426 (KB888302)
uninstall cmd: C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=888302

Security Update for Windows XP (KB890046) 1 (KB890046)
install date: 20050618
uninstall cmd: "C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=890046

Windows XP Hotfix - KB890047 20041221.124506 (KB890047)
uninstall cmd: C:\WINDOWS\$NtUninstallKB890047$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=890047

Windows XP Hotfix - KB890175 20041201.233338 (KB890175)
uninstall cmd: C:\WINDOWS\$NtUninstallKB890175$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=890175

Windows XP Hotfix - KB890859 1 (KB890859)
install date: 20050415
uninstall cmd: "C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=890859

Windows XP Hotfix - KB890923 1 (KB890923)
install date: 20050415
uninstall cmd: "C:\WINDOWS\$NtUninstallKB890923$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=890923

Windows XP Hotfix - KB891781 20050110.165439 (KB891781)
uninstall cmd: C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=891781

Windows XP Hotfix - KB893066 1 (KB893066)
install date: 20050415
uninstall cmd: "C:\WINDOWS\$NtUninstallKB893066$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=893066

Windows XP Hotfix - KB893086 1 (KB893086)
install date: 20050415
uninstall cmd: "C:\WINDOWS\$NtUninstallKB893086$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=893086

Security Update for Windows XP (KB893756) 1 (KB893756)
install date: 20050813
uninstall cmd: "C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=893756

Windows Installer 3.1 (KB893803) 3.1 (KB893803)
uninstall cmd: "C:\WINDOWS\$MSI31Uninstall_KB893803$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://go.microsoft.com/fwlink/?LinkId=42467

Windows Installer 3.1 (KB893803) 3.1 (KB893803v2)
uninstall cmd: "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://go.microsoft.com/fwlink/?LinkId=42467

Update for Windows XP (KB894391) 1 (KB894391)
install date: 20050813
uninstall cmd: "C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=894391

Windows Media Player 10 Hotfix - KB895316 (KB895316)
uninstall cmd: "C:\WINDOWS\$NtUninstallKB895316$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=895316

Security Update for Windows XP (KB896358) 1 (KB896358)
install date: 20050618
uninstall cmd: "C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=896358

Security Update for Windows XP (KB896422) 1 (KB896422)
install date: 20050618
uninstall cmd: "C:\WINDOWS\$NtUninstallKB896422$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=896422

Security Update for Windows XP (KB896423) 1 (KB896423)
install date: 20050813
uninstall cmd: "C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=896423

Security Update for Windows XP (KB896424) 1 (KB896424)
install date: 20051110
uninstall cmd: "C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=896424

Security Update for Windows XP (KB896428) 1 (KB896428)
install date: 20050618
uninstall cmd: "C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=896428

Security Update for Windows XP (KB896688) 1 (KB896688)
install date: 20051015
uninstall cmd: "C:\WINDOWS\$NtUninstallKB896688$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=896688

Update for Windows XP (KB896727) 1 (KB896727)
install date: 20050813
uninstall cmd: "C:\WINDOWS\$NtUninstallKB896727$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=896727

Update for Windows XP (KB898461) 1 (KB898461)
install date: 20050629
uninstall cmd: "C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=898461

Security Update for Windows XP (KB899587) 1 (KB899587)
install date: 20050813
uninstall cmd: "C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=899587

Security Update for Windows XP (KB899588) 1 (KB899588)
install date: 20050813
uninstall cmd: "C:\WINDOWS\$NtUninstallKB899588$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=899588

Security Update for Windows XP (KB899589) 1 (KB899589)
install date: 20051015
uninstall cmd: "C:\WINDOWS\$NtUninstallKB899589$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=899589

Security Update for Windows XP (KB899591) 1 (KB899591)
install date: 20050813
uninstall cmd: "C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=899591

Update for Windows XP (KB900485) 2 (KB900485)
install date: 20060426
uninstall cmd: "C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=900485

Security Update for Windows XP (KB900725) 1 (KB900725)
install date: 20051015
uninstall cmd: "C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=900725

Security Update for Windows XP (KB901017) 1 (KB901017)
install date: 20051015
uninstall cmd: "C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=901017

Security Update for Windows XP (KB901214) 1 (KB901214)
install date: 20050713
uninstall cmd: "C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=901214

Security Update for Windows XP (KB902400) 1 (KB902400)
install date: 20051015
uninstall cmd: "C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=902400

Security Update for Windows XP (KB903235) 1 (KB903235)
install date: 20050713
uninstall cmd: "C:\WINDOWS\$NtUninstallKB903235$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=903235

Security Update for Windows XP (KB904706) 1 (KB904706)
install date: 20051015
uninstall cmd: "C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=904706

Security Update for Windows XP (KB905414) 1 (KB905414)
install date: 20051015
uninstall cmd: "C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=905414

Security Update for Windows XP (KB905749) 1 (KB905749)
install date: 20051015
uninstall cmd: "C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=905749

Security Update for Windows XP (KB905915) 1 (KB905915)
install date: 20051215
uninstall cmd: "C:\WINDOWS\$NtUninstallKB905915$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=905915

Security Update for Windows XP (KB908519) 1 (KB908519)
install date: 20060111
uninstall cmd: "C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=908519

Security Update for Windows XP (KB908531) 1 (KB908531)
install date: 20060419
uninstall cmd: "C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=908531

Update for Windows XP (KB910437) 1 (KB910437)
install date: 20051215
uninstall cmd: "C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=910437

Update for Windows XP (KB911280) 2 (KB911280)
install date: 20060628
uninstall cmd: "C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=911280

Security Update for Windows XP (KB911562) 1 (KB911562)
install date: 20060419
uninstall cmd: "C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=911562

Security Update for Windows Media Player (KB911564) (KB911564)
install date: 20060216
uninstall cmd: "C:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com/?kbid=911564

Security Update for Windows Media Player 10 (KB911565) (KB911565)
install date: 20060216
uninstall cmd: "C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com/?kbid=911565

Security Update for Windows XP (KB911567) 1 (KB911567)
install date: 20060419
uninstall cmd: "C:\WINDOWS\$NtUninstallKB911567$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=911567

Security Update for Windows XP (KB911927) 1 (KB911927)
install date: 20060216
uninstall cmd: "C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=911927

Security Update for Windows XP (KB912812) 1 (KB912812)
install date: 20060419
uninstall cmd: "C:\WINDOWS\$NtUninstallKB912812$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=912812

Security Update for Windows XP (KB912919) 1 (KB912919)
install date: 20060106
uninstall cmd: "C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=912919

Security Update for Windows XP (KB913446) 1 (KB913446)
install date: 20060216
uninstall cmd: "C:\WINDOWS\$NtUninstallKB913446$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=913446

Security Update for Windows XP (KB913580) 1 (KB913580)
install date: 20060510
uninstall cmd: "C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=913580

Security Update for Windows XP (KB914388) 1 (KB914388)
install date: 20060714
uninstall cmd: "C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=914388

Security Update for Windows XP (KB914389) 1 (KB914389)
install date: 20060617
uninstall cmd: "C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=914389

Security Update for Windows XP (KB916281) 1 (KB916281)
install date: 20060617
uninstall cmd: "C:\WINDOWS\$NtUninstallKB916281$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=916281

Update for Windows XP (KB916595) 1 (KB916595)
install date: 20060714
uninstall cmd: "C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=916595

Security Update for Windows XP (KB917159) 1 (KB917159)
install date: 20060714
uninstall cmd: "C:\WINDOWS\$NtUninstallKB917159$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=917159


help link: http://support.microsoft.com?kbid=919007
brispie
2007-05-19, 13:59
Security Update for Windows XP (KB917344) 1 (KB917344)
install date: 20060617
uninstall cmd: "C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=917344

Security Update for Windows XP (KB917422) 1 (KB917422)
install date: 20060809
uninstall cmd: "C:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=917422

Security Update for Windows Media Player 10 (KB917734) (KB917734_WMP10)
install date: 20060617
uninstall cmd: "C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com/?kbid=917734

Security Update for Windows XP (KB917953) 1 (KB917953)
install date: 20060617
uninstall cmd: "C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=917953

Security Update for Windows XP (KB918118) 1 (KB918118)
install date: 20070217
uninstall cmd: "C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=918118

Security Update for Windows XP (KB918439) 1 (KB918439)
install date: 20060617
uninstall cmd: "C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=918439

Security Update for Windows XP (KB918899) 1 (KB918899)
install date: 20060809
uninstall cmd: "C:\WINDOWS\$NtUninstallKB918899$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=918899

Security Update for Windows XP (KB919007) 1 (KB919007)
install date: 20060913
uninstall cmd: "C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
Security Update for Windows XP (KB920213) 1 (KB920213)
install date: 20061115
uninstall cmd: "C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=920213

Security Update for Windows XP (KB920214) 1 (KB920214)
install date: 20060809
uninstall cmd: "C:\WINDOWS\$NtUninstallKB920214$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=920214

Security Update for Windows XP (KB920670) 1 (KB920670)
install date: 20060809
uninstall cmd: "C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=920670

Security Update for Windows XP (KB920683) 1 (KB920683)
install date: 20060809
uninstall cmd: "C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=920683

Security Update for Windows XP (KB920685) 1 (KB920685)
install date: 20060913
uninstall cmd: "C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=920685

Update for Windows XP (KB920872) 1 (KB920872)
install date: 20060913
uninstall cmd: "C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=920872

Security Update for Windows XP (KB921398) 1 (KB921398)
install date: 20060809
uninstall cmd: "C:\WINDOWS\$NtUninstallKB921398$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=921398

Security Update for Windows XP (KB921883) 1 (KB921883)
install date: 20060809
uninstall cmd: "C:\WINDOWS\$NtUninstallKB921883$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=921883

Update for Windows XP (KB922582) 1 (KB922582)
install date: 20060913
uninstall cmd: "C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=922582

Security Update for Windows XP (KB922616) 1 (KB922616)
install date: 20060809
uninstall cmd: "C:\WINDOWS\$NtUninstallKB922616$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=922616

Security Update for Windows XP (KB922760) 1 (KB922760)
install date: 20061115
uninstall cmd: "C:\WINDOWS\$NtUninstallKB922760$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=922760

Security Update for Windows XP (KB922819) 1 (KB922819)
install date: 20061011
uninstall cmd: "C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=922819

Security Update for Windows XP (KB923191) 1 (KB923191)
install date: 20061011
uninstall cmd: "C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=923191

Security Update for Windows XP (KB923414) 1 (KB923414)
install date: 20061011
uninstall cmd: "C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=923414

Security Update for Windows XP (KB923689) (KB923689)
install date: 20061217
uninstall cmd: "C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=923689

Security Update for Windows XP (KB923694) 1 (KB923694)
install date: 20061217
uninstall cmd: "C:\WINDOWS\$NtUninstallKB923694$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=923694

Security Update for Windows XP (KB923980) 1 (KB923980)
install date: 20061115
uninstall cmd: "C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=923980

Security Update for Windows XP (KB924191) 1 (KB924191)
install date: 20061011
uninstall cmd: "C:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=924191

Security Update for Windows XP (KB924270) 1 (KB924270)
install date: 20061115
uninstall cmd: "C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=924270

Security Update for Windows XP (KB924496) 1 (KB924496)
install date: 20061011
uninstall cmd: "C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=924496

Security Update for Windows XP (KB924667) 1 (KB924667)
install date: 20070217
uninstall cmd: "C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=924667

Security Update for Windows Media Player 6.4 (KB925398) (KB925398_WMP64)
install date: 20061217
uninstall cmd: "C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com/?kbid=925398

Security Update for Windows XP (KB925454) 1 (KB925454)
install date: 20061217
uninstall cmd: "C:\WINDOWS\$NtUninstallKB925454$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=925454

Security Update for Windows XP (KB925486) 1 (KB925486)
install date: 20060926
uninstall cmd: "C:\WINDOWS\$NtUninstallKB925486$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=925486

Security Update for Windows XP (KB925902) 1 (KB925902)
install date: 20070404
uninstall cmd: "C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=925902

Security Update for Windows XP (KB926255) 1 (KB926255)
install date: 20061217
uninstall cmd: "C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=926255

Security Update for Windows XP (KB926436) 1 (KB926436)
install date: 20070217
uninstall cmd: "C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=926436

Security Update for Windows XP (KB927779) 1 (KB927779)
install date: 20070217
uninstall cmd: "C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=927779

Security Update for Windows XP (KB927802) 1 (KB927802)
install date: 20070217
uninstall cmd: "C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=927802

Security Update for Windows XP (KB928090) 1 (KB928090)
install date: 20070217
uninstall cmd: "C:\WINDOWS\$NtUninstallKB928090$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=928090

Security Update for Windows XP (KB928255) 1 (KB928255)
install date: 20070217
uninstall cmd: "C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=928255

Security Update for Windows XP (KB928843) 1 (KB928843)
install date: 20070217
uninstall cmd: "C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=928843

Update for Windows XP (KB929338) 1 (KB929338)
install date: 20070316
uninstall cmd: "C:\WINDOWS\$NtUninstallKB929338$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=929338

Security Update for Windows XP (KB929969) 1 (KB929969)
install date: 20070110
uninstall cmd: "C:\WINDOWS\$NtUninstallKB929969$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=929969

Security Update for Windows XP (KB930178) 1 (KB930178)
install date: 20070411
uninstall cmd: "C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=930178

Update for Windows XP (KB930916) 1 (KB930916)
install date: 20070510
uninstall cmd: "C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=930916

Security Update for Windows XP (KB931261) 1 (KB931261)
install date: 20070411
uninstall cmd: "C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=931261

Security Update for Windows XP (KB931768) 1 (KB931768)
install date: 20070510
uninstall cmd: "C:\WINDOWS\$NtUninstallKB931768$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=931768

Security Update for Windows XP (KB931784) 1 (KB931784)
install date: 20070411
uninstall cmd: "C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=931784

Update for Windows XP (KB931836) 1 (KB931836)
install date: 20070217
uninstall cmd: "C:\WINDOWS\$NtUninstallKB931836$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=931836

Security Update for Windows XP (KB932168) 1 (KB932168)
install date: 20070411
uninstall cmd: "C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=932168

LimeWire PRO 4.8.0 4.8.0 (LimeWire)
uninstall cmd: "D:\Limewire Downloaded Files\LimeWire\uninstall.exe"
publisher: Lime Wire, LLC
help link: http://www.limewire.com/support

LiveUpdate 3.0 (Symantec Corporation) 3.0.0.166 (LiveUpdate)
install location: "C:\Program Files\Symantec\LiveUpdate"
uninstall cmd: "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
publisher: Symantec Corporation

(MobileOptionPack)

(MPlayer2)

(MSI30-Beta1)

(MSI30-Beta2)

(MSI30-KB884016)

(MSI30-RC1)

(MSI30-RC2)

(MSI30a-KB884016)

(MSI31-Beta)

(MSI31-RC1)

(MsJavaVM)

Ahead Nero Burning ROM (Nero - Burning Rom!UninstallKey)
uninstall cmd: C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL

(NetMeeting)

NVIDIA Drivers (NVIDIA Drivers)
uninstall cmd: C:\WINDOWS\system32\nvuaudio.exe UninstallGUI

(OutlookExpress)

(PCHealth)
uninstall cmd: rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
brispie
2007-05-19, 14:00
QuickTime (QuickTime)
uninstall cmd: C:\WINDOWS\unvise32qt.exe C:\WINDOWS\system32\QuickTime\Uninstall.log

(RealJukebox 1.0)
uninstall cmd: C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0

RealPlayer (RealPlayer 6.0)
uninstall cmd: C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0

Microsoft Rise Of Nations (RiseOfNations 1.0)
version (major): 1
install location: C:\Program Files\Microsoft Games\Rise of Nations
uninstall cmd: "C:\Program Files\Microsoft Games\Rise of Nations\UNINSTAL.EXE" /runtemp /addremove
publisher: Microsoft

(SchedulingAgent)

Macromedia Flash Player 8 8 (ShockwaveFlash)
uninstall cmd: C:\WINDOWS\system32\Macromed\Flash\UninstFl.exe
publisher: Macromedia
help link: http://www.macromedia.com/go/flashplayer_support/

Spybot - Search & Destroy 1.4 1.4 (Spybot - Search & Destroy_is1)
install location: C:\Program Files\Spybot - Search & Destroy\
uninstall cmd: "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
publisher: Safer Networking Limited

SpywareBlaster v3.5.1 3.5.1 (SpywareBlaster_is1)
install location: C:\Program Files\SpywareBlaster\
uninstall cmd: "C:\Program Files\SpywareBlaster\unins000.exe"
publisher: Javacool Software LLC

Creative System Information (SysInfo)
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x9 /remove

Windows Genuine Advantage Notifications (KB905474) 1.7.0018.5 (WgaNotify)
install date: 20060822
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=905474

Winamp (remove only) (Winamp)
uninstall cmd: "C:\Program Files\Winamp\UninstWA.exe"

Windows Media Format Runtime (Windows Media Format Runtime)
uninstall cmd: "C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll

Windows Media Player 10 (Windows Media Player)
uninstall cmd: "C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall

WinPatrol (WinPatrol)
uninstall cmd: C:\WINDOWS\uninst.exe -f"C:\Program Files\BillP Studios\WinPatrol\DeIsL1.isu" -c"C:\Program Files\BillP Studios\WinPatrol\_ISREG32.DLL"

WinRAR archiver (WinRAR archiver)
uninstall cmd: C:\Program Files\WinRAR\uninstall.exe

MSXML4 Parser 1.0.0 ({01501EBA-EC35-4F9F-8889-3BE346E5DA13})
version: 16777216
version (major): 1
estimated size: 1269
install date: 20050309
install source: C:\PROGRA~1\MICROS~4\RISEOF~1\
uninstall cmd: MsiExec.exe /I{01501EBA-EC35-4F9F-8889-3BE346E5DA13}
publisher: Microsoft Game Studios
contact: Microsoft Game Studios

Symantec KB-DocID:2003093015493306 1.0.0.1 ({08C5815C-2C6E-44f8-8748-0E61BC9AFB68})
version: 16777216
version (major): 1
estimated size: 332
install date: 20070210
install source: C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec\LIVEUP~1\DOWNLO~1\Updt849\
uninstall cmd: MsiExec.exe /I{08C5815C-2C6E-44f8-8748-0E61BC9AFB68}
publisher: Symantec Corporation

ATI Control Panel 6.14.10.5120 ({0BEDBD4E-2D34-47B5-9973-57E62B29307C})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"

AutoUpdate 1.1 ({18D10072035C4515918F7E37EAFAACFC})
install location: C:\Program Files\DivX

2.00 ({19822917-61F6-4221-B1D0-1C3B8A06BE60})
version: 33554432
install location: C:\Program Files\Creative\SmartFill Wizard
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{19822917-61F6-4221-B1D0-1C3B8A06BE60}\setup.exe" -l0x9

Google Toolbar for Internet Explorer ({2318C2B1-4965-11d4-9B18-009027A5CD4F})
uninstall cmd: regsvr32 /u /s "c:\program files\google\googletoolbar.dll"

J2SE Runtime Environment 5.0 Update 6 1.5.0.60 ({3248F0A8-6813-11D6-A77B-00B0D0150060})
version: 17104896
version (major): 1
version (minor): 5
estimated size: 122273
install date: 20060508
install source: http://jdl.sun.com/webapps/download/GetFile/1.5.0_06plus-b05/windows-i586//
uninstall cmd: MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
publisher: Sun Microsystems, Inc.
contact: http://java.com
help link: http://java.com
readme: C:\Program Files\Java\jre1.5.0_06\README.txt

J2SE Runtime Environment 5.0 Update 9 1.5.0.90 ({3248F0A8-6813-11D6-A77B-00B0D0150090})
version: 17104896
version (major): 1
version (minor): 5
estimated size: 122833
install date: 20061126
install source: http://jdl.sun.com/webapps/download/GetFile/1.5.0_09-b03/windows-i586//
uninstall cmd: MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150090}
publisher: Sun Microsystems, Inc.
contact: http://java.com
help link: http://java.com
readme: C:\Program Files\Java\jre1.5.0_09\README.txt

J2SE Runtime Environment 5.0 Update 10 1.5.0.100 ({3248F0A8-6813-11D6-A77B-00B0D0150100})
version: 17104896
version (major): 1
version (minor): 5
estimated size: 122989
install date: 20061228
install source: http://javadl.sun.com/webapps/download/GetFile/1.5.0_10-b03/windows-i586//
uninstall cmd: MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100}
publisher: Sun Microsystems, Inc.
contact: http://java.com
help link: http://java.com
readme: C:\Program Files\Java\jre1.5.0_10\README.txt

J2SE Runtime Environment 5.0 Update 11 1.5.0.110 ({3248F0A8-6813-11D6-A77B-00B0D0150110})
version: 17104896
version (major): 1
version (minor): 5
estimated size: 123326
install date: 20070222
install source: http://javadl.sun.com/webapps/download/GetFile/1.5.0_11-b03/windows-i586//
uninstall cmd: MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}
publisher: Sun Microsystems, Inc.
contact: http://java.com
help link: http://java.com
readme: C:\Program Files\Java\jre1.5.0_11\README.txt

Java(TM) SE Runtime Environment 6 Update 1 1.6.0.10 ({3248F0A8-6813-11D6-A77B-00B0D0160010})
version: 17170432
version (major): 1
version (minor): 6
estimated size: 137306
install date: 20070423
install source: http://javadl.sun.com/webapps/download/GetFile/1.6.0_01-b06/windows-i586/
uninstall cmd: MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
publisher: Sun Microsystems, Inc.
contact: http://java.com
help link: http://java.com
readme: C:\Program Files\Java\jre1.6.0_01\README.txt

WebFldrs XP 9.50.7523 ({350C97B0-3D7C-4EE8-BAA9-00BCB3D54227})
version: 154279267
version (major): 9
version (minor): 50
estimated size: 2472
install date: 20050308
install source: C:\WINDOWS\system32\
publisher: Microsoft Corporation
help link: http://www.microsoft.com/windows

MSXML 4.0 SP2 (KB927978) 4.20.9841.0 ({37477865-A3F1-4772-AD43-AAFC6BCFF99F})
version: 68429425
version (major): 4
version (minor): 20
estimated size: 2625
install date: 20061115
install source: c:\057a6f3ce3584e76c51a6dbf7180\
uninstall cmd: MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
publisher: Microsoft Corporation
help link: http://support.microsoft.com/kb/927978

CM4 4.0.0 ({435E53AF-B62B-4094-AE12-F6ECF0BF3CE4})
version: 67108864
version (major): 4
estimated size: 434725
install date: 20050529
install source: E:\
publisher: Eidos Interactive
comments: Please contact Eidos Technical Support with any issues concerning CM4
contact: Technical Support
help link: http://www.eidosinteractive.co.uk/support/index.html
help telephone: 0870 9000 0222

Sid Meier's Civilization 4 1.00.0000 ({4377F918-E6C9-4ECA-A7F5-754B310B7ED8})
version: 16777216
version (major): 1
estimated size: 808
install date: 20060228
install location: C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\
install source: C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\{4377F918-E6C9-4ECA-A7F5-754B310B7ED8}\
publisher: Firaxis Games
contact: Customer Support Department
help link: http://www.2kgames.com/civ4/

({62369F2F77534556AEF4C58152E3BDE5})

1.0 ({63A317D0-60A6-43FC-848A-9FE4A53B29CE})
version: 16777216
install location: C:\Program Files\Creative\Support\System Information
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x9

Norton Ghost 76.00.775 ({6975E810-C92F-45F0-0BFD-187B312F10E8})
version: 1275069191
version (major): 76
estimated size: 60977
install date: 20050308
install source: D:\Install\
uninstall cmd: MsiExec.exe /I{6975E810-C92F-45F0-0BFD-187B312F10E8}
publisher: Symantec
help link: http://www.symantec.com
help telephone: 555-555-1234
readme: C:\Program Files\Symantec\Norton Ghost 2003\readme.txt

1.03 ({700932B3-A964-4878-82A2-96054622A1F7})
version: 16973824
install location: C:\Program Files\Creative\ShareDLL\CADI
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9

DivX 6.0.3 ({7B63B2922B174135AFC0E1377DD81EC2})
install location: C:\Program Files\DivX
uninstall cmd: C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
publisher: DivXNetworks, Inc.

DivX Player 6.0 ({8ADFC4160D694100B5B8A22DE9DCABD9})
install location: C:\Program Files\DivX
uninstall cmd: C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
publisher: DivXNetworks, Inc.

Microsoft Office XP Professional with FrontPage 10.0.6626.0 ({90280409-6000-11D3-8CFE-0050048383C9})
version: 167778786
version (major): 10
estimated size: 255577
install date: 20050308
install source: D:\
uninstall cmd: MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}
publisher: Microsoft Corporation
help link: http://www.microsoft.com/support
readme: C:\Program Files\Microsoft Office\Office10\1033\OFREAD10.HTM

5.10 ({9A0B5225-B59B-4D72-B3FE-71AAA693A8E2})
version: 84541440
install location: C:\Program Files\Creative\CD Ripping Wizard Unicode 2
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A0B5225-B59B-4D72-B3FE-71AAA693A8E2}\setup.exe" -l0x9

3.00 ({9B7A778E-AF38-4341-9EA0-1FC981106ADA})
version: 50331648
install location: C:\Program Files\Creative\Creative ZEN Nano Plus\ZEN Nano Plus Media Explorer
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9B7A778E-AF38-4341-9EA0-1FC981106ADA}\setup.exe" -l0x9

Adobe Reader 6.0.1 006.000.001 ({AC76BA86-7AD7-1033-7B44-A00000000001})
version: 100663297
version (major): 6
estimated size: 45049
install date: 20050308
install location: C:\Program Files\Adobe\Acrobat 6.0\Reader\
install source: C:\WINDOWS\Cache\Adobe Reader 6.0.1\ENUBIG\
uninstall cmd: MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A00000000001}
publisher: Adobe Systems Incorporated
comments:
contact: Customer Support Department
help link: http://www.adobe.com/support/main.html
help telephone:
readme: C:\Program Files\Adobe\Acrobat 6.0\Reader\Readme.htm

({B13A7C41581B411290FBC0395694E2A9})

Creative ZEN Nano Plus 1.0 ({BA63612E-0458-416A-ADCD-B2349194F20F})
version: 16777216
install location: C:\Program Files\Creative\Creative ZEN Nano Plus
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BA63612E-0458-416A-ADCD-B2349194F20F}\SETUP.EXE" -l0x9 /remove

Creative MediaSource 5 5.00 ({BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD})
version: 83886080
install location: C:\Program Files\Creative\MediaSource5
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}\SETUP.EXE" -l0x9 /remove
help link: http://www.creative.com/support

Sid Meier's Civilization 4 1.61 ({CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8})
version: 20774912
install date: 20060523
install location: C:\Program Files\Firaxis Games\Sid Meier's Civilization 4
install source: C:\DOCUME~1\PHIL\LOCALS~1\Temp\bye8.tmp\Disk1\
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}\setup.exe" -l0x9 -removeonly
publisher: Firaxis Games
help link: http://www.2kgames.com/civ4/support.htm
readme: C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Readme.htm



--- System Services ---
Service (registry key): Abiosdsk
Start: 4
Type: 1
Error Control: 0

Service (registry key): abp480n5
Start: 4
Type: 1
Error Control: 1

Service (registry key): acap2000
Start: 0
Type: 0
Error Control: 0

Service (registry key): ACPI
Display name: Microsoft ACPI Driver
Image path: system32\DRIVERS\ACPI.sys
Image size: 187776
Image MD5: A10C7534F7223F4A73A948967D00E69B
Start: 0
Type: 1
Error Control: 1

Service (registry key): ACPIEC
Start: 4
Type: 1
Error Control: 1

Service (registry key): adpu160m
Start: 4
Type: 1
Error Control: 1

Service (registry key): aec
Display name: Microsoft Kernel Acoustic Echo Canceller
Image path: system32\drivers\aec.sys
Image size: 142464
Image MD5: 1EE7B434BA961EF845DE136224C30FEC
Start: 3
Type: 1
Error Control: 1

Service (registry key): AFD
Display name: AFD
Description: AFD Networking Support Environment
Image path: \SystemRoot\System32\drivers\afd.sys
Start: 1
Type: 1
Error Control: 1

Service (registry key): Aha154x
Start: 4
Type: 1
Error Control: 1

Service (registry key): aic78u2
Start: 4
Type: 1
Error Control: 1

Service (registry key): aic78xx
Start: 4
Type: 1
Error Control: 1

Service (registry key): Alerter
Display name: Alerter
Description: Notifies selected users and computers of administrative alerts. If the service is stopped, programs that use administrative alerts will not receive them. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k LocalService
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 4
Type: 32
Error Control: 1
Depends On services: LanmanWorkstation

Service (registry key): ALG
Display name: Application Layer Gateway Service
Description: Provides support for 3rd party protocol plug-ins for Internet Connection Sharing and the Windows Firewall.
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\alg.exe
Image size: 44544
Image MD5: F1958FBF86D5C004CF19A5951A9514B7
Start: 3
Type: 16
Error Control: 1

Service (registry key): AliIde
Start: 4
Type: 1
Error Control: 1

Service (registry key): AmdK7
Display name: AMD K7 Processor Driver
Image path: system32\DRIVERS\amdk7.sys
Image size: 37376
Image MD5: 680AD1C1BB16239E28D8F33A54A7A3C7
Start: 1
Type: 1
Error Control: 1

Service (registry key): amsint
Start: 4
Type: 1
Error Control: 1

Service (registry key): AppMgmt
Display name: Application Management
Description: Provides software installation services such as Assign, Publish, and Remove.
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 3
Type: 32
Error Control: 1

Service (registry key): asc
Start: 4
Type: 1
Error Control: 1

Service (registry key): asc3350p
Start: 4
Type: 1
Error Control: 1

Service (registry key): asc3550
Start: 4
Type: 1
Error Control: 1

Service (registry key): aslm75
Display name: aslm75
Image path: \??\C:\WINDOWS\system32\drivers\aslm75.sys
Image size: 6272
Image MD5: 71356A1370739E25375A1D17B6AE318F
Start: 1
Type: 1
Error Control: 1

Service (registry key): Aspi32
Start: 2
Type: 1
Error Control: 1

Service (registry key): AsyncMac
Display name: RAS Asynchronous Media Driver
Description: RAS Asynchronous Media Driver
Image path: system32\DRIVERS\asyncmac.sys
Image size: 14336
Image MD5: 02000ABF34AF4C218C35D257024807D6
Start: 3
Type: 1
Error Control: 1
brispie
2007-05-19, 14:01
Service (registry key): atapi
Display name: Standard IDE/ESDI Hard Disk Controller
Image path: system32\DRIVERS\atapi.sys
Image size: 95360
Image MD5: CDFE4411A69C224BD1D11B2DA92DAC51
Start: 0
Type: 1
Error Control: 1

Service (registry key): Atdisk
Start: 4
Type: 1
Error Control: 0

Service (registry key): Ati HotKey Poller
Object name: LocalSystem
Image path: %SystemRoot%\system32\Ati2evxx.exe
Image size: 389120
Image MD5: DF7CE16CFF3217E71742E3D700844C07
Start: 2
Type: 272
Error Control: 1

Service (registry key): ATI Smart
Display name: ATI Smart
Object name: LocalSystem
Image path: C:\WINDOWS\system32\ati2sgag.exe
Image size: 516096
Image MD5: 01B14B2EC8123995E2B961D42BAC8EF9
Start: 2
Type: 272
Error Control: 1

Service (registry key): ati2mtag
Image path: system32\DRIVERS\ati2mtag.sys
Image size: 786944
Image MD5: 49C75E63B8B23B0E534447BA25CE2E76
Start: 3
Type: 1
Error Control: 0

Service (registry key): Atmarpc
Display name: ATM ARP Client Protocol
Description: ATM ARP Client Protocol
Image path: system32\DRIVERS\atmarpc.sys
Image size: 59904
Image MD5: EC88DA854AB7D7752EC8BE11A741BB7F
Start: 3
Type: 1
Error Control: 1
Depends On services: Tcpip

Service (registry key): AudioSrv
Display name: Windows Audio
Description: Manages audio devices for Windows-based programs. If this service is stopped, audio devices and effects will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 2
Type: 32
Error Control: 1
Depends On services: PlugPlay,RpcSs

Service (registry key): audstub
Display name: Audio Stub Driver
Image path: system32\DRIVERS\audstub.sys
Image size: 3072
Image MD5: D9F724AA26C010A217C97606B160ED68
Start: 3
Type: 1
Error Control: 1

Service (registry key): Automatic LiveUpdate Scheduler
Display name: Automatic LiveUpdate Scheduler
Description: Manages the scheduling of Automatic LiveUpdate sessions
Object name: LocalSystem
Image path: "C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe"
Image size: 100032
Image MD5: B825F25B8FC988F18C2EAA6737E83512
Start: 2
Type: 16
Error Control: 1
Depends On services: RPCSS

Service (registry key): Avg7Alrt
Display name: AVG7 Alert Manager Server
Object name: LocalSystem
Image path: C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
Image size: 353280
Image MD5: 5F4ED1DBA7E1EAECBA443A53DA176485
Start: 2
Type: 272
Error Control: 1
Depends On services: RPCSS

Service (registry key): Avg7Core
Display name: AVG7 Kernel
Image path: \SystemRoot\System32\Drivers\avg7core.sys
Start: 1
Type: 1
Error Control: 1

Service (registry key): Avg7RsW
Display name: AVG7 Wrap Driver
Image path: \SystemRoot\System32\Drivers\avg7rsw.sys
Start: 1
Type: 1
Error Control: 1

Service (registry key): Avg7RsXP
Display name: AVG7 Resident Driver XP
Image path: \SystemRoot\System32\Drivers\avg7rsxp.sys
Start: 1
Type: 1
Error Control: 1

Service (registry key): Avg7UpdSvc
Display name: AVG7 Update Service
Object name: LocalSystem
Image path: C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
Image size: 49664
Image MD5: 30A14F65DB477DC00A64A5A24E96919C
Start: 2
Type: 16
Error Control: 1
Depends On services: RPCSS

Service (registry key): AvgClean
Display name: AVG7 Clean Driver
Image path: \SystemRoot\System32\Drivers\avgclean.sys
Start: 1
Type: 1
Error Control: 1
Depends On services: Ntfs

Service (registry key): AVGEMS
Display name: AVG E-mail Scanner
Object name: LocalSystem
Image path: C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
Image size: 351744
Image MD5: C6A162BEDAA82DBE9EBF8C7EEBD2929B
Start: 2
Type: 272
Error Control: 1
Depends On services: RPCSS

Service (registry key): AvgTdi
Display name: AVG Network Redirector
Image path: \SystemRoot\System32\Drivers\avgtdi.sys
Start: 2
Type: 1
Error Control: 1

Service (registry key): BattC
Start: 0
Type: 0
Error Control: 0

Service (registry key): Beep
Start: 1
Type: 1
Error Control: 1

Service (registry key): BITS
Display name: Background Intelligent Transfer Service
Description: Transfers data between clients and servers in the background. If BITS is disabled, features such as Windows Update will not work correctly.
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 3
Type: 32
Error Control: 1
Depends On services: RpcSs

Service (registry key): Browser
Display name: Computer Browser
Description: Maintains an updated list of computers on the network and supplies this list to computers designated as browsers. If this service is stopped, this list will not be updated or maintained. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 2
Type: 32
Error Control: 1
Depends On services: LanmanWorkstation,LanmanServer

Service (registry key): cbidf2k
Start: 4
Type: 1
Error Control: 1

Service (registry key): cd20xrnt
Start: 4
Type: 1
Error Control: 1

Service (registry key): Cdaudio
Start: 1
Type: 1
Error Control: 0

Service (registry key): Cdfs
Start: 4
Type: 2
Error Control: 1
Depends On group: "SCSI CDROM Class"

Service (registry key): Cdrom
Display name: CD-ROM Driver
Image path: system32\DRIVERS\cdrom.sys
Image size: 49536
Image MD5: AF9C19B3100FE010496B1A27181FBF72
Start: 1
Type: 1
Error Control: 1
Depends On group: "SCSI miniport"

Service (registry key): Changer
Start: 1
Type: 1
Error Control: 0

Service (registry key): CiSvc
Display name: Indexing Service
Description: Indexes contents and properties of files on local and remote computers; provides rapid access to files through flexible querying language.
Object name: LocalSystem
Image path: %SystemRoot%\system32\cisvc.exe
Image size: 5632
Image MD5: 3192BD04D032A9C4A85A3278C268A13A
Start: 3
Type: 288
Error Control: 1
Depends On services: RPCSS

Service (registry key): ClipSrv
Display name: ClipBook
Description: Enables ClipBook Viewer to store information and share it with remote computers. If the service is stopped, ClipBook Viewer will not be able to share information with remote computers. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\system32\clipsrv.exe
Image size: 33280
Image MD5: C8DEC22C4137D7A90F8BDF41CA4B82AE
Start: 4
Type: 16
Error Control: 1
Depends On services: NetDDE

Service (registry key): CmdIde
Start: 4
Type: 1
Error Control: 1

Service (registry key): cmdService
Start: 0
Type: 272
Error Control: 0

Service (registry key): COMSysApp
Display name: COM+ System Application
Description: Manages the configuration and tracking of Component Object Model (COM)+-based components. If the service is stopped, most COM+-based components will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
Image size: 5120
Image MD5: DD87DB7387B9EB441C5674888A0D840C
Start: 3
Type: 16
Error Control: 1
Depends On services: rpcss

Service (registry key): ContentFilter
Start: 0
Type: 0
Error Control: 0

Service (registry key): ContentIndex
Start: 0
Type: 0
Error Control: 0

Service (registry key): Cpqarray
Start: 4
Type: 1
Error Control: 1

Service (registry key): Creative Service for CDROM Access
Display name: Creative Service for CDROM Access
Object name: LocalSystem
Image path: C:\WINDOWS\system32\CTsvcCDA.exe
Image size: 44032
Image MD5: 3C8B6609712F4FF78E521F6DCFC4032B
Start: 4
Type: 16
Error Control: 1

Service (registry key): CryptSvc
Display name: Cryptographic Services
Description: Provides three management services: Catalog Database Service, which confirms the signatures of Windows files; Protected Root Service, which adds and removes Trusted Root Certification Authority certificates from this computer; and Key Service, which helps enroll this computer for certificates. If this service is stopped, these management services will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 2
Type: 32
Error Control: 1
Depends On services: RpcSs

Service (registry key): dac2w2k
Start: 4
Type: 1
Error Control: 0

Service (registry key): dac960nt
Start: 4
Type: 1
Error Control: 1

Service (registry key): DcomLaunch
Display name: DCOM Server Process Launcher
Description: Provides launch functionality for DCOM services.
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost -k DcomLaunch
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 2
Type: 32
Error Control: 1

Service (registry key): Dhcp
Display name: DHCP Client
Description: Manages network configuration by registering and updating IP addresses and DNS names.
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 2
Type: 32
Error Control: 1
Depends On services: Tcpip,Afd,NetBT

Service (registry key): Disk
Display name: Disk Driver
Image path: system32\DRIVERS\disk.sys
Image size: 36352
Image MD5: 00CA44E4534865F8A3B64F7C0984BFF0
Start: 0
Type: 1
Error Control: 1
Depends On group: "SCSI miniport"

Service (registry key): dmadmin
Display name: Logical Disk Manager Administrative Service
Description: Configures hard disk drives and volumes. The service only runs for configuration processes and then stops.
Object name: LocalSystem
Image path: %SystemRoot%\System32\dmadmin.exe /com
Image size: 224768
Image MD5: 554C7CB178FE3BD12450B81AD63ADBC3
Start: 3
Type: 32
Error Control: 1
Depends On services: RpcSs,PlugPlay,DmServer

Service (registry key): dmboot
Image path: System32\drivers\dmboot.sys
Image size: 799744
Image MD5: C0FBB516E06E243F0CF31F597E7EBF7D
Start: 4
Type: 1
Error Control: 1

Service (registry key): dmio
Display name: Logical Disk Manager Driver
Image path: System32\drivers\dmio.sys
Image size: 153344
Image MD5: F5E7B358A732D09F4BCF2824B88B9E28
Start: 0
Type: 1
Error Control: 1

Service (registry key): dmload
Image path: System32\drivers\dmload.sys
Image size: 5888
Image MD5: E9317282A63CA4D188C0DF5E09C6AC5F
Start: 0
Type: 1
Error Control: 1

Service (registry key): dmserver
Display name: Logical Disk Manager
Description: Detects and monitors new hard disk drives and sends disk volume information to Logical Disk Manager Administrative Service for configuration. If this service is stopped, dynamic disk status and configuration information may become out of date. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 2
Type: 32
Error Control: 1
Depends On services: RpcSs,PlugPlay

Service (registry key): DMusic
Display name: Microsoft Kernel DLS Syntheiszer
Image path: system32\drivers\DMusic.sys
Image size: 52864
Image MD5: A6F881284AC1150E37D9AE47FF601267
Start: 3
Type: 1
Error Control: 1

Service (registry key): Dnscache
Display name: DNS Client
Description: Resolves and caches Domain Name System (DNS) names for this computer. If this service is stopped, this computer will not be able to resolve DNS names and locate Active Directory domain controllers. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: NT AUTHORITY\NetworkService
Image path: %SystemRoot%\system32\svchost.exe -k NetworkService
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 2
Type: 32
Error Control: 1
Depends On services: Tcpip

Service (registry key): dpti2o
Start: 4
Type: 1
Error Control: 1

Service (registry key): drmkaud
Display name: Microsoft Kernel DRM Audio Descrambler
Image path: system32\drivers\drmkaud.sys
Image size: 2944
Image MD5: 1ED4DBBAE9F5D558DBBA4CC450E3EB2E
Start: 3
Type: 1
Error Control: 1

Service (registry key): eeCtrl
Display name: Symantec Eraser Control driver
Image path: \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
Image size: 383800
Image MD5: 1DF3D1BE3403D663827496E62D24CA4C
Start: 1
Type: 1
Error Control: 1
Depends On services: FltMgr

Service (registry key): EIO
Display name: EIO
Image path: \??\C:\WINDOWS\system32\drivers\EIO.sys
Image size: 7296
Image MD5: E41F6AC72E597E5F87B4A9AB0D8AB8BC
Start: 2
Type: 1
Error Control: 1

Service (registry key): ERSvc
Display name: Error Reporting Service
Description: Allows error reporting for services and applictions running in non-standard environments.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 2
Type: 32
Error Control: 0
Depends On services: RpcSs
brispie
2007-05-19, 14:02
Service (registry key): Eventlog
Display name: Event Log
Description: Enables event log messages issued by Windows-based programs and components to be viewed in Event Viewer. This service cannot be stopped.
Object name: LocalSystem
Image path: %SystemRoot%\system32\services.exe
Image size: 108032
Image MD5: C6CE6EEC82F187615D1002BB3BB50ED4
Start: 2
Type: 32
Error Control: 1

Service (registry key): EventSystem
Display name: COM+ Event System
Description: Supports System Event Notification Service (SENS), which provides automatic distribution of events to subscribing Component Object Model (COM) components. If the service is stopped, SENS will close and will not be able to provide logon and logoff notifications. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: C:\WINDOWS\system32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 3
Type: 32
Error Control: 1
Depends On services: RPCSS

Service (registry key): ewido security suite control
Display name: ewido security suite control
Object name: LocalSystem
Image path: C:\Program Files\ewido anti-malware\ewidoctrl.exe
Image size: 13888
Image MD5: 26830B750372AB1BF29C95DEEBEB802F
Start: 4
Type: 272
Error Control: 0

Service (registry key): Fastfat
Start: 4
Type: 2
Error Control: 1

Service (registry key): FastUserSwitchingCompatibility
Display name: Fast User Switching Compatibility
Description: Provides management for applications that require assistance in a multiple user environment.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 3
Type: 32
Error Control: 1
Depends On services: TermService

Service (registry key): Fdc
Display name: Floppy Disk Controller Driver
Image path: system32\DRIVERS\fdc.sys
Image size: 27392
Image MD5: CED2E8396A8838E59D8FD529C680E02C
Start: 3
Type: 1
Error Control: 1

Service (registry key): Fips
Start: 1
Type: 1
Error Control: 1

Service (registry key): Flpydisk
Display name: Floppy Disk Driver
Image path: system32\DRIVERS\flpydisk.sys
Image size: 20480
Image MD5: 0DD1DE43115B93F4D85E889D7A86F548
Start: 3
Type: 1
Error Control: 1

Service (registry key): FltMgr
Display name: FltMgr
Description: File System Filter Manager Driver
Image path: system32\DRIVERS\fltMgr.sys
Image size: 128896
Image MD5: 3D234FB6D6EE875EB009864A299BEA29
Start: 0
Type: 2
Error Control: 1

Service (registry key): Fs_Rec
Start: 1
Type: 8
Error Control: 0

Service (registry key): Ftdisk
Display name: Volume Manager Driver
Image path: system32\DRIVERS\ftdisk.sys
Image size: 125056
Image MD5: 6AC26732762483366C3969C9E4D2259D
Start: 0
Type: 1
Error Control: 1

Service (registry key): gameenum
Display name: Game Port Enumerator
Image path: system32\DRIVERS\gameenum.sys
Image size: 10624
Image MD5: 5F92FD09E5610A5995DA7D775EADCD12
Start: 3
Type: 1
Error Control: 0

Service (registry key): GhostStartService
Display name: GhostStartService
Description: Background service to allow Norton Ghost to perform priviledged operations
Object name: LocalSystem
Image path: C:\PROGRA~1\Symantec\NORTON~1\GHOSTS~2.EXE
Image size: 200704
Image MD5: BC9C77FAC763D84BFDF09B55D4B41AFA
Start: 2
Type: 16
Error Control: 1
Depends On services: RPCSS

Service (registry key): GhPciScan
Display name: GhostPciScanner
Image path: \??\C:\Program Files\Symantec\Norton Ghost 2003\ghpciscan.sys
Image size: 5632
Image MD5: 4D0E1DDFC571285A0BBABB0A534F4D3D
Start: 1
Type: 1
Error Control: 0

Service (registry key): Gpc
Display name: Generic Packet Classifier
Description: Generic Packet Classifier
Image path: system32\DRIVERS\msgpc.sys
Image size: 35072
Image MD5: C0F1D4A21DE5A415DF8170616703DEBF
Start: 3
Type: 1
Error Control: 1

Service (registry key): helpsvc
Display name: Help and Support
Description: Enables Help and Support Center to run on this computer. If this service is stopped, Help and Support Center will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 2
Type: 32
Error Control: 1
Depends On services: RPCSS

Service (registry key): HidServ
Display name: Human Interface Device Access
Description: Enables generic input access to Human Interface Devices (HID), which activates and maintains the use of predefined hot buttons on keyboards, remote controls, and other multimedia devices. If this service is stopped, hot buttons controlled by this service will no longer function. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 4
Type: 32
Error Control: 1
Depends On services: RpcSs

Service (registry key): hidusb
Display name: Microsoft HID Class Driver
Image path: system32\DRIVERS\hidusb.sys
Image size: 9600
Image MD5: 1DE6783B918F540149AA69943BDFEBA8
Start: 3
Type: 1
Error Control: 0

Service (registry key): hpn
Start: 4
Type: 1
Error Control: 1

Service (registry key): HTTP
Display name: HTTP
Description: This service implements the hypertext transfer protocol (HTTP). If this service is disabled, any services that explicitly depend on it will fail to start.
Image path: System32\Drivers\HTTP.sys
Image size: 262784
Image MD5: CB77BB47E67E84DEB17BA29632501730
Start: 3
Type: 1
Error Control: 1

Service (registry key): HTTPFilter
Display name: HTTP SSL
Description: This service implements the secure hypertext transfer protocol (HTTPS) for the HTTP service, using the Secure Socket Layer (SSL). If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k HTTPFilter
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 3
Type: 32
Error Control: 1
Depends On services: HTTP

Service (registry key): i2omgmt
Start: 1
Type: 1
Error Control: 1

Service (registry key): i2omp
Start: 4
Type: 1
Error Control: 1

Service (registry key): i8042prt
Display name: i8042 Keyboard and PS/2 Mouse Port Driver
Image path: system32\DRIVERS\i8042prt.sys
Image size: 52736
Image MD5: 5502B58EEF7486EE6F93F3F164DCB808
Start: 1
Type: 1
Error Control: 1

Service (registry key): Imapi
Display name: CD-Burning Filter Driver
Image path: system32\DRIVERS\imapi.sys
Image size: 41856
Image MD5: F8AA320C6A0409C0380E5D8A99D76EC6
Start: 1
Type: 1
Error Control: 1

Service (registry key): ImapiService
Display name: IMAPI CD-Burning COM Service
Description: Manages CD recording using Image Mastering Applications Programming Interface (IMAPI). If this service is stopped, this computer will be unable to record CDs. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: C:\WINDOWS\system32\imapi.exe
Image size: 150016
Image MD5: FA788520BCAC0F5D9D5CDE5615C0D931
Start: 3
Type: 16
Error Control: 1

Service (registry key): inetaccs
Start: 0
Type: 0
Error Control: 0

Service (registry key): ini910u
Start: 4
Type: 1
Error Control: 1

Service (registry key): Inport
Start: 0
Type: 0
Error Control: 0

Service (registry key): IntelIde
Start: 4
Type: 1
Error Control: 1

Service (registry key): Ip6Fw
Display name: IPv6 Windows Firewall Driver
Description: Provides intrusion prevention service for a home or small office network.
Image path: system32\DRIVERS\Ip6Fw.sys
Image size: 29056
Image MD5: 4448006B6BC60E6C027932CFC38D6855
Start: 3
Type: 1
Error Control: 1

Service (registry key): IpFilterDriver
Display name: IP Traffic Filter Driver
Description: IP Traffic Filter Driver
Image path: system32\DRIVERS\ipfltdrv.sys
Image size: 32896
Image MD5: 731F22BA402EE4B62748ADAF6363C182
Start: 3
Type: 1
Error Control: 1
Depends On services: Tcpip

Service (registry key): IpInIp
Display name: IP in IP Tunnel Driver
Description: IP in IP Tunnel Driver
Image path: system32\DRIVERS\ipinip.sys
Image size: 20992
Image MD5: E1EC7F5DA720B640CD8FB8424F1B14BB
Start: 3
Type: 1
Error Control: 1
Depends On services: Tcpip

Service (registry key): IpNat
Display name: IP Network Address Translator
Description: IP Network Address Translator
Image path: system32\DRIVERS\ipnat.sys
Image size: 134912
Image MD5: E2168CBC7098FFE963C6F23F472A3593
Start: 3
Type: 1
Error Control: 1
Depends On services: Tcpip

Service (registry key): IPSec
Display name: IPSEC driver
Description: IPSEC driver
Image path: system32\DRIVERS\ipsec.sys
Image size: 74752
Image MD5: 64537AA5C003A6AFEEE1DF819062D0D1
Start: 1
Type: 1
Error Control: 1

Service (registry key): IRENUM
Display name: IR Enumerator Service
Image path: system32\DRIVERS\irenum.sys
Image size: 11264
Image MD5: 50708DAA1B1CBB7D6AC1CF8F56A24410
Start: 3
Type: 1
Error Control: 1

Service (registry key): ISAPISearch
Start: 0
Type: 0
Error Control: 0

Service (registry key): isapnp
Display name: PnP ISA/EISA Bus Driver
Image path: system32\DRIVERS\isapnp.sys
Image size: 35840
Image MD5: E504F706CCB699C2596E9A3DA1596E87
Start: 0
Type: 1
Error Control: 3

Service (registry key): Kbdclass
Display name: Keyboard Class Driver
Image path: system32\DRIVERS\kbdclass.sys
Image size: 24576
Image MD5: EBDEE8A2EE5393890A1ACEE971C4C246
Start: 1
Type: 1
Error Control: 1

Service (registry key): kmixer
Display name: Microsoft Kernel Wave Audio Mixer
Image path: system32\drivers\kmixer.sys
Image size: 172416
Image MD5: BA5DEDA4D934E6288C2F66CAF58D2562
Start: 3
Type: 1
Error Control: 1

Service (registry key): KSecDD
Start: 0
Type: 1
Error Control: 1
brispie
2007-05-19, 14:02
Service (registry key): lanmanserver
Display name: Server
Description: Supports file, print, and named-pipe sharing over the network for this computer. If this service is stopped, these functions will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 2
Type: 32
Error Control: 1

Service (registry key): lanmanworkstation
Display name: Workstation
Description: Creates and maintains client network connections to remote servers. If this service is stopped, these connections will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 2
Type: 32
Error Control: 1

Service (registry key): lbrtfdc
Start: 1
Type: 1
Error Control: 0

Service (registry key): ldap
Start: 0
Type: 0
Error Control: 0

Service (registry key): LicenseService
Start: 0
Type: 0
Error Control: 0

Service (registry key): LiveUpdate
Display name: LiveUpdate
Description: LiveUpdate Core Engine
Object name: LocalSystem
Image path: "C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE"
Image size: 2086592
Image MD5: 7570EC7CC3E3E13379037FDE7EF282B3
Start: 3
Type: 16
Error Control: 1
Depends On services: RPCSS

Service (registry key): LmHosts
Display name: TCP/IP NetBIOS Helper
Description: Enables support for NetBIOS over TCP/IP (NetBT) service and NetBIOS name resolution.
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k LocalService
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 2
Type: 32
Error Control: 1
Depends On services: NetBT,Afd

Service (registry key): Messenger
Display name: Messenger
Description: Transmits net send and Alerter service messages between clients and servers. This service is not related to Windows Messenger. If this service is stopped, Alerter messages will not be transmitted. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 4
Type: 32
Error Control: 1
Depends On services: LanmanWorkstation,NetBIOS,PlugPlay,RpcSS

Service (registry key): mnmdd
Start: 1
Type: 1
Error Control: 0

Service (registry key): mnmsrvc
Display name: NetMeeting Remote Desktop Sharing
Description: Enables an authorized user to access this computer remotely by using NetMeeting over a corporate intranet. If this service is stopped, remote desktop sharing will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: C:\WINDOWS\system32\mnmsrvc.exe
Image size: 32768
Image MD5: F6415361201915B9FE3896B0E4E724FF
Start: 3
Type: 272
Error Control: 1

Service (registry key): Modem
Start: 3
Type: 1
Error Control: 0

Service (registry key): Mouclass
Display name: Mouse Class Driver
Image path: system32\DRIVERS\mouclass.sys
Image size: 23040
Image MD5: 34E1F0031153E491910E12551400192C
Start: 1
Type: 1
Error Control: 1

Service (registry key): mouhid
Display name: Mouse HID Driver
Image path: system32\DRIVERS\mouhid.sys
Image size: 12160
Image MD5: B1C303E17FB9D46E87A98E4BA6769685
Start: 3
Type: 1
Error Control: 0

Service (registry key): MountMgr
Start: 0
Type: 1
Error Control: 1

Service (registry key): mraid35x
Start: 4
Type: 1
Error Control: 1

Service (registry key): MRxDAV
Display name: WebDav Client Redirector
Description: WebDav Client Redirector
Image path: system32\DRIVERS\mrxdav.sys
Image size: 181248
Image MD5: 46EDCC8F2DB2F322C24F48785CB46366
Start: 3
Type: 2
Error Control: 1

Service (registry key): MRxSmb
Display name: MRXSMB
Description: MRXSMB
Image path: system32\DRIVERS\mrxsmb.sys
Image size: 453120
Image MD5: 025AF03CE51645C62F3B6907A7E2BE5E
Start: 1
Type: 2
Error Control: 1

Service (registry key): MSDTC
Display name: Distributed Transaction Coordinator
Description: Coordinates transactions that span multiple resource managers, such as databases, message queues, and file systems. If this service is stopped, these transactions will not occur. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: NT AUTHORITY\NetworkService
Image path: C:\WINDOWS\system32\msdtc.exe
Image size: 6144
Image MD5: C7C3D89EB0A6F3DBA622EA737FA335B1
Start: 3
Type: 16
Error Control: 1
Depends On services: RPCSS,SamSS

Service (registry key): Msfs
Start: 1
Type: 2
Error Control: 1

Service (registry key): MSIServer
Display name: Windows Installer
Description: Adds, modifies, and removes applications provided as a Windows Installer (*.msi) package. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: C:\WINDOWS\system32\msiexec.exe /V
Image size: 78848
Image MD5: F5F0146580E7023ADB963879840777F8
Start: 3
Type: 32
Error Control: 1
Depends On services: RpcSs

Service (registry key): MSKSSRV
Display name: Microsoft Streaming Service Proxy
Image path: system32\drivers\MSKSSRV.sys
Image size: 7552
Image MD5: AE431A8DD3C1D0D0610CDBAC16057AD0
Start: 3
Type: 1
Error Control: 1

Service (registry key): MSPCLOCK
Display name: Microsoft Streaming Clock Proxy
Image path: system32\drivers\MSPCLOCK.sys
Image size: 5376
Image MD5: 13E75FEF9DFEB08EEDED9D0246E1F448
Start: 3
Type: 1
Error Control: 1

Service (registry key): MSPQM
Display name: Microsoft Streaming Quality Manager Proxy
Image path: system32\drivers\MSPQM.sys
Image size: 4992
Image MD5: 1988A33FF19242576C3D0EF9CE785DA7
Start: 3
Type: 1
Error Control: 1

Service (registry key): mssmbios
Display name: Microsoft System Management BIOS Driver
Image path: system32\DRIVERS\mssmbios.sys
Image size: 15488
Image MD5: 469541F8BFD2B32659D5D463A6714BCE
Start: 3
Type: 1
Error Control: 1

Service (registry key): ms_mpu401
Display name: Microsoft MPU-401 MIDI UART Driver
Image path: system32\drivers\msmpu401.sys
Image size: 2944
Image MD5: CA3E22598F411199ADC2DFEE76CD0AE0
Start: 3
Type: 1
Error Control: 1

Service (registry key): Mup
Display name: Mup
Start: 0
Type: 2
Error Control: 1

Service (registry key): NDIS
Display name: NDIS System Driver
Start: 0
Type: 1
Error Control: 1

Service (registry key): NdisTapi
Display name: Remote Access NDIS TAPI Driver
Description: Remote Access NDIS TAPI Driver
Image path: system32\DRIVERS\ndistapi.sys
Image size: 9600
Image MD5: 08D43BBDACDF23F34D79E44ED35C1B4C
Start: 3
Type: 1
Error Control: 1

Service (registry key): Ndisuio
Display name: NDIS Usermode I/O Protocol
Description: NDIS Usermode I/O Protocol
Image path: system32\DRIVERS\ndisuio.sys
Image size: 12928
Image MD5: 34D6CD56409DA9A7ED573E1C90A308BF
Start: 3
Type: 1
Error Control: 1

Service (registry key): NdisWan
Display name: Remote Access NDIS WAN Driver
Description: Remote Access NDIS WAN Driver
Image path: system32\DRIVERS\ndiswan.sys
Image size: 91776
Image MD5: 0B90E255A9490166AB368CD55A529893
Start: 3
Type: 1
Error Control: 1

Service (registry key): NDProxy
Start: 3
Type: 1
Error Control: 1

Service (registry key): NetBIOS
Display name: NetBIOS Interface
Description: NetBIOS Interface
Image path: system32\DRIVERS\netbios.sys
Image size: 34560
Image MD5: 3A2ACA8FC1D7786902CA434998D7CEB4
Start: 1
Type: 2
Error Control: 1

Service (registry key): NetBT
Display name: NetBios over Tcpip
Description: NetBios over Tcpip
Image path: system32\DRIVERS\netbt.sys
Image size: 162816
Image MD5: 0C80E410CD2F47134407EE7DD19CC86B
Start: 1
Type: 1
Error Control: 1
Depends On services: Tcpip

Service (registry key): NetDDE
Display name: Network DDE
Description: Provides network transport and security for Dynamic Data Exchange (DDE) for programs running on the same computer or on different computers. If this service is stopped, DDE transport and security will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\system32\netdde.exe
Image size: 111104
Image MD5: 05AFB5AD06462257BEA7495283C86D50
Start: 4
Type: 32
Error Control: 1
Depends On services: NetDDEDSDM

Service (registry key): NetDDEdsdm
Display name: Network DDE DSDM
Description: Manages Dynamic Data Exchange (DDE) network shares. If this service is stopped, DDE network shares will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\system32\netdde.exe
Image size: 111104
Image MD5: 05AFB5AD06462257BEA7495283C86D50
Start: 4
Type: 32
Error Control: 1

Service (registry key): Netlogon
Display name: Net Logon
Description: Supports pass-through authentication of account logon events for computers in a domain.
Object name: LocalSystem
Image path: %SystemRoot%\system32\lsass.exe
Image size: 13312
Image MD5: 84885F9B82F4D55C6146EBF6065D75D2
Start: 3
Type: 32
Error Control: 1
Depends On services: LanmanWorkstation

Service (registry key): Netman
Display name: Network Connections
Description: Manages objects in the Network and Dial-Up Connections folder, in which you can view both local area network and remote connections.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 3
Type: 288
Error Control: 1
Depends On services: RpcSs

Service (registry key): Nla
Display name: Network Location Awareness (NLA)
Description: Collects and stores network configuration and location information, and notifies applications when this information changes.
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 3
Type: 32
Error Control: 1
Depends On services: Tcpip,Afd

Service (registry key): Npfs
Start: 1
Type: 2
Error Control: 1

Service (registry key): Ntfs
Start: 4
Type: 2
Error Control: 1
brispie
2007-05-19, 14:03
Service (registry key): NtLmSsp
Display name: NT LM Security Support Provider
Description: Provides security to remote procedure call (RPC) programs that use transports other than named pipes.
Object name: LocalSystem
Image path: %SystemRoot%\system32\lsass.exe
Image size: 13312
Image MD5: 84885F9B82F4D55C6146EBF6065D75D2
Start: 3
Type: 32
Error Control: 1

Service (registry key): NtmsSvc
Display name: Removable Storage
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 3
Type: 32
Error Control: 1
Depends On services: RpcSs

Service (registry key): Null
Start: 1
Type: 1
Error Control: 1

Service (registry key): nvax
Display name: Service for NVIDIA(R) nForce(TM) Audio Enumerator
Image path: system32\drivers\nvax.sys
Image size: 53376
Image MD5: C940418D48B98359E9CCBAD695E5F530
Start: 3
Type: 1
Error Control: 1

Service (registry key): NVENET
Display name: NVIDIA nForce MCP Networking Adapter Driver
Image path: system32\DRIVERS\NVENET.sys
Image size: 80896
Image MD5: FBE448EFA5484A256528E1D02B959BBC
Start: 3
Type: 1
Error Control: 1

Service (registry key): nvnforce
Display name: Service for NVIDIA(R) nForce(TM) Audio
Image path: system32\drivers\nvapu.sys
Image size: 413824
Image MD5: B000A8B4946F786A56C7B020620B3A46
Start: 3
Type: 1
Error Control: 1

Service (registry key): NwlnkFlt
Display name: IPX Traffic Filter Driver
Description: IPX Traffic Filter Driver
Image path: system32\DRIVERS\nwlnkflt.sys
Image size: 12416
Image MD5: B305F3FAD35083837EF46A0BBCE2FC57
Start: 3
Type: 1
Error Control: 1
Depends On services: NwlnkFwd

Service (registry key): NwlnkFwd
Display name: IPX Traffic Forwarder Driver
Description: IPX Traffic Forwarder Driver
Image path: system32\DRIVERS\nwlnkfwd.sys
Image size: 32512
Image MD5: C99B3415198D1AAB7227F2C88FD664B9
Start: 3
Type: 1
Error Control: 1

Service (registry key): Parport
Display name: Parallel port driver
Image path: system32\DRIVERS\parport.sys
Image size: 80128
Image MD5: 29744EB4CE659DFE3B4122DEB45BC478
Start: 3
Type: 1
Error Control: 1

Service (registry key): PartMgr
Start: 0
Type: 1
Error Control: 1

Service (registry key): ParVdm
Start: 2
Type: 1
Error Control: 0
Depends On services: Parport
Depends On group: "Parallel arbitrator"

Service (registry key): PCI
Display name: PCI Bus Driver
Image path: system32\DRIVERS\pci.sys
Image size: 68224
Image MD5: 8086D9979234B603AD5BC2F5D890B234
Start: 0
Type: 1
Error Control: 3

Service (registry key): PCIDump
Start: 1
Type: 1
Error Control: 0

Service (registry key): PCIIde
Image path: system32\DRIVERS\pciide.sys
Image size: 3328
Image MD5: CCF5F451BB1A5A2A522A76E670000FF0
Start: 0
Type: 1
Error Control: 1

Service (registry key): Pcmcia
Start: 4
Type: 1
Error Control: 1

Service (registry key): PDCOMP
Start: 3
Type: 1
Error Control: 0

Service (registry key): PDFRAME
Start: 3
Type: 1
Error Control: 0

Service (registry key): PDRELI
Start: 3
Type: 1
Error Control: 0

Service (registry key): PDRFRAME
Start: 3
Type: 1
Error Control: 0

Service (registry key): perc2
Start: 4
Type: 1
Error Control: 1

Service (registry key): perc2hib
Start: 4
Type: 1
Error Control: 1

Service (registry key): PerfDisk
Start: 0
Type: 0
Error Control: 0

Service (registry key): PerfNet
Start: 0
Type: 0
Error Control: 0

Service (registry key): PerfOS
Start: 0
Type: 0
Error Control: 0

Service (registry key): PerfProc
Start: 0
Type: 0
Error Control: 0

Service (registry key): PlugPlay
Display name: Plug and Play
Description: Enables a computer to recognize and adapt to hardware changes with little or no user input. Stopping or disabling this service will result in system instability.
Object name: LocalSystem
Image path: %SystemRoot%\system32\services.exe
Image size: 108032
Image MD5: C6CE6EEC82F187615D1002BB3BB50ED4
Start: 2
Type: 32
Error Control: 1

Service (registry key): PolicyAgent
Display name: IPSEC Services
Description: Manages IP security policy and starts the ISAKMP/Oakley (IKE) and the IP security driver.
Object name: LocalSystem
Image path: %SystemRoot%\system32\lsass.exe
Image size: 13312
Image MD5: 84885F9B82F4D55C6146EBF6065D75D2
Start: 2
Type: 32
Error Control: 1
Depends On services: RPCSS,Tcpip,IPSec

Service (registry key): PptpMiniport
Display name: WAN Miniport (PPTP)
Description: WAN Miniport (PPTP)
Image path: system32\DRIVERS\raspptp.sys
Image size: 48384
Image MD5: 1C5CC65AAC0783C344F16353E60B72AC
Start: 3
Type: 1
Error Control: 1

Service (registry key): ProtectedStorage
Display name: Protected Storage
Description: Provides protected storage for sensitive data, such as private keys, to prevent access by unauthorized services, processes, or users.
Object name: LocalSystem
Image path: %SystemRoot%\system32\lsass.exe
Image size: 13312
Image MD5: 84885F9B82F4D55C6146EBF6065D75D2
Start: 2
Type: 288
Error Control: 1
Depends On services: RpcSs

Service (registry key): PSched
Display name: QoS Packet Scheduler
Description: QoS Packet Scheduler
Image path: system32\DRIVERS\psched.sys
Image size: 69120
Image MD5: 48671F327553DCF1D27F6197F622A668
Start: 3
Type: 1
Error Control: 1
Depends On services: Gpc

Service (registry key): Ptilink
Display name: Direct Parallel Link Driver
Description: Direct Parallel Link Driver
Image path: system32\DRIVERS\ptilink.sys
Image size: 17792
Image MD5: 80D317BD1C3DBC5D4FE7B1678C60CADD
Start: 3
Type: 1
Error Control: 1

Service (registry key): PxHelp20
Image path: system32\DRIVERS\PxHelp20.sys
Image size: 20016
Image MD5: B572ED0C3E6165643FA116AF20425A54
Start: 0
Type: 1
Error Control: 1

Service (registry key): ql1080
Start: 4
Type: 1
Error Control: 1

Service (registry key): Ql10wnt
Start: 4
Type: 1
Error Control: 1

Service (registry key): ql12160
Start: 4
Type: 1
Error Control: 1

Service (registry key): ql1240
Start: 4
Type: 1
Error Control: 1

Service (registry key): ql1280
Start: 4
Type: 1
Error Control: 1
brispie
2007-05-19, 14:04
Service (registry key): RasAcd
Display name: Remote Access Auto Connection Driver
Description: Remote Access Auto Connection Driver
Image path: system32\DRIVERS\rasacd.sys
Image size: 8832
Image MD5: FE0D99D6F31E4FAD8159F690D68DED9C
Start: 1
Type: 1
Error Control: 1

Service (registry key): RasAuto
Display name: Remote Access Auto Connection Manager
Description: Creates a connection to a remote network whenever a program references a remote DNS or NetBIOS name or address.
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 3
Type: 32
Error Control: 1
Depends On services: RasMan,Tapisrv

Service (registry key): Rasl2tp
Display name: WAN Miniport (L2TP)
Description: WAN Miniport (L2TP)
Image path: system32\DRIVERS\rasl2tp.sys
Image size: 51328
Image MD5: 98FAEB4A4DCF812BA1C6FCA4AA3E115C
Start: 3
Type: 1
Error Control: 1

Service (registry key): RasMan
Display name: Remote Access Connection Manager
Description: Creates a network connection.
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 3
Type: 32
Error Control: 1
Depends On services: Tapisrv

Service (registry key): RasPppoe
Display name: Remote Access PPPOE Driver
Description: Remote Access PPPOE Driver
Image path: system32\DRIVERS\raspppoe.sys
Image size: 41472
Image MD5: 7306EEED8895454CBED4669BE9F79FAA
Start: 3
Type: 1
Error Control: 1

Service (registry key): Raspti
Display name: Direct Parallel
Description: Direct Parallel
Image path: system32\DRIVERS\raspti.sys
Image size: 16512
Image MD5: FDBB1D60066FCFBB7452FD8F9829B242
Start: 3
Type: 1
Error Control: 1

Service (registry key): Rdbss
Display name: Rdbss
Description: Rdbss
Image path: system32\DRIVERS\rdbss.sys
Image size: 174592
Image MD5: 03B965B1CA47F6EF60EB5E51CB50E0AF
Start: 1
Type: 2
Error Control: 1

Service (registry key): RDPCDD
Image path: System32\DRIVERS\RDPCDD.sys
Image size: 4224
Image MD5: 4912D5B403614CE99C28420F75353332
Start: 1
Type: 1
Error Control: 0

Service (registry key): RDPDD
Start: 0
Type: 0
Error Control: 0

Service (registry key): rdpdr
Display name: Terminal Server Device Redirector Driver
Image path: system32\DRIVERS\rdpdr.sys
Image size: 196864
Image MD5: A2CAE2C60BC37E0751EF9DDA7CEAF4AD
Start: 3
Type: 1
Error Control: 1

Service (registry key): RDPNP
Start: 0
Type: 0
Error Control: 0

Service (registry key): RDPWD
Start: 3
Type: 1
Error Control: 0

Service (registry key): RDSessMgr
Display name: Remote Desktop Help Session Manager
Description: Manages and controls Remote Assistance. If this service is stopped, Remote Assistance will be unavailable. Before stopping this service, see the Dependencies tab of the Properties dialog box.
Object name: LocalSystem
Image path: C:\WINDOWS\system32\sessmgr.exe
Image size: 140800
Image MD5: 729798E0933076B8FCFCD9934698F164
Start: 3
Type: 16
Error Control: 1
Depends On services: RPCSS

Service (registry key): redbook
Display name: Digital CD Audio Playback Filter Driver
Image path: system32\DRIVERS\redbook.sys
Image size: 57472
Image MD5: B31B4588E4086D8D84ADBF9845C2402B
Start: 1
Type: 1
Error Control: 1

Service (registry key): RemoteAccess
Display name: Routing and Remote Access
Description: Offers routing services to businesses in local area and wide area network environments.
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 4
Type: 32
Error Control: 1
Depends On services: RpcSS
Depends On group: NetBIOSGroup

Service (registry key): RemoteRegistry
Display name: Remote Registry
Description: Enables remote users to modify registry settings on this computer. If this service is stopped, the registry can be modified only by users on this computer. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k LocalService
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 2
Type: 32
Error Control: 1
Depends On services: RPCSS

Service (registry key): RpcLocator
Display name: Remote Procedure Call (RPC) Locator
Description: Manages the RPC name service database.
Object name: NT AUTHORITY\NetworkService
Image path: %SystemRoot%\system32\locator.exe
Image size: 75264
Image MD5: 793F04A09B15E7C6C11DBDFFAF06C0AB
Start: 3
Type: 16
Error Control: 1
Depends On services: LanmanWorkstation

Service (registry key): RpcSs
Display name: Remote Procedure Call (RPC)
Description: Provides the endpoint mapper and other miscellaneous RPC services.
Object name: NT AUTHORITY\NetworkService
Image path: %SystemRoot%\system32\svchost -k rpcss
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 2
Type: 32
Error Control: 1

Service (registry key): RSVP
Display name: QoS RSVP
Description: Provides network signaling and local traffic control setup functionality for QoS-aware programs and control applets.
Object name: LocalSystem
Image path: %SystemRoot%\system32\rsvp.exe
Image size: 132608
Image MD5: 471B3F9741D762ABE75E9DEEA4787E47
Start: 3
Type: 16
Error Control: 1
Depends On services: TcpIp,Afd,RpcSs

Service (registry key): rtl8139
Display name: Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver
Image path: system32\DRIVERS\RTL8139.SYS
Image size: 20992
Image MD5: D507C1400284176573224903819FFDA3
Start: 3
Type: 1
Error Control: 1

Service (registry key): SamSs
Display name: Security Accounts Manager
Description: Stores security information for local user accounts.
Object name: LocalSystem
Image path: %SystemRoot%\system32\lsass.exe
Image size: 13312
Image MD5: 84885F9B82F4D55C6146EBF6065D75D2
Start: 2
Type: 32
Error Control: 1
Depends On services: RPCSS

Service (registry key): SCardSvr
Display name: Smart Card
Description: Manages access to smart cards read by this computer. If this service is stopped, this computer will be unable to read smart cards. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\SCardSvr.exe
Image size: 95744
Image MD5: 25D8DE134DF108E3DBC8D7D23B1AA58E
Start: 3
Type: 32
Error Control: 0
Depends On services: PlugPlay

Service (registry key): Schedule
Display name: Task Scheduler
Description: Enables a user to configure and schedule automated tasks on this computer. If this service is stopped, these tasks will not be run at their scheduled times. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 2
Type: 32
Error Control: 1
Depends On services: RpcSs

Service (registry key): Secdrv
Display name: Secdrv
Description: SafeDisc driver
Image path: system32\DRIVERS\secdrv.sys
Image size: 163644
Image MD5: 07F7F501AD50DE2BA2D5842D9B6D6155
Start: 2
Type: 1
Error Control: 1

Service (registry key): seclogon
Display name: Secondary Logon
Description: Enables starting processes under alternate credentials. If this service is stopped, this type of logon access will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 2
Type: 288
Error Control: 0

Service (registry key): SENS
Display name: System Event Notification
Description: Tracks system events such as Windows logon, network, and power events. Notifies COM+ Event System subscribers of these events.
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 2
Type: 32
Error Control: 1
Depends On services: EventSystem

Service (registry key): serenum
Display name: Serenum Filter Driver
Image path: system32\DRIVERS\serenum.sys
Image size: 15488
Image MD5: A2D868AEEFF612E70E213C451A70CAFB
Start: 3
Type: 1
Error Control: 1

Service (registry key): Serial
Display name: Serial port driver
Image path: system32\DRIVERS\serial.sys
Image size: 64896
Image MD5: CD9404D115A00D249F70A371B46D5A26
Start: 1
Type: 1
Error Control: 0
brispie
2007-05-19, 14:05
Service (registry key): Sfloppy
Start: 1
Type: 1
Error Control: 0
Depends On group: "SCSI miniport"

Service (registry key): SharedAccess
Display name: Windows Firewall/Internet Connection Sharing (ICS)
Description: Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network.
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 2
Type: 32
Error Control: 1
Depends On services: Netman,WinMgmt

Service (registry key): ShellHWDetection
Display name: Shell Hardware Detection
Description: Provides notifications for AutoPlay hardware events.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 2
Type: 32
Error Control: 0
Depends On services: RpcSs

Service (registry key): Simbad
Start: 4
Type: 1
Error Control: 1

Service (registry key): SocketLock
Display name: Raw Socket Lock Driver
Image path: \??\C:\WINDOWS\system32\socketlock.sys
Image size: 3712
Image MD5: C49AC412A5C58F29BEDA9F3D507F6B82
Start: 2
Type: 1
Error Control: 1

Service (registry key): Sparrow
Start: 4
Type: 1
Error Control: 1

Service (registry key): splitter
Display name: Microsoft Kernel Audio Splitter
Image path: system32\drivers\splitter.sys
Image size: 6400
Image MD5: 0CE218578FFF5F4F7E4201539C45C78F
Start: 3
Type: 1
Error Control: 1

Service (registry key): Spooler
Display name: Print Spooler
Description: Loads files to memory for later printing.
Object name: LocalSystem
Image path: %SystemRoot%\system32\spoolsv.exe
Image size: 57856
Image MD5: DA81EC57ACD4CDC3D4C51CF3D409AF9F
Start: 2
Type: 272
Error Control: 1
Depends On services: RPCSS

Service (registry key): spupdsvc
Display name: Windows Service Pack Installer update service
Description: Enables Installer to complete its scheduled post-reboot tasks
Object name: LocalSystem
Image path: C:\WINDOWS\system32\spupdsvc.exe
Image size: 22752
Image MD5: 72EB21DC82132064065CFFC1417AD9FF
Start: 4
Type: 16
Error Control: 1
Depends On services: SamSs

Service (registry key): sr
Display name: System Restore Filter Driver
Image path: system32\DRIVERS\sr.sys
Image size: 73472
Image MD5: E41B6D037D6CD08461470AF04500DC24
Start: 0
Type: 2
Error Control: 1

Service (registry key): srservice
Display name: System Restore Service
Description: Performs system restore functions. To stop service, turn off System Restore from the System Restore tab in My Computer->Properties
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 2
Type: 32
Error Control: 1
Depends On services: RpcSs

Service (registry key): Srv
Display name: Srv
Description: Srv
Image path: system32\DRIVERS\srv.sys
Image size: 332928
Image MD5: EA554A3FFC3F536FE8320EB38F5E4843
Start: 3
Type: 2
Error Control: 1

Service (registry key): SSDPSRV
Display name: SSDP Discovery Service
Description: Enables discovery of UPnP devices on your home network.
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k LocalService
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 4
Type: 32
Error Control: 1
Depends On services: HTTP

Service (registry key): STEC3
Display name: STEC3
Image path: \??\C:\WINDOWS\system32\STEC3.sys
Image size: 2368
Image MD5: E4EBF293D1F612BDA19B646C36715B20
Start: 2
Type: 1
Error Control: 1

Service (registry key): stisvc
Display name: Windows Image Acquisition (WIA)
Description: Provides image acquisition services for scanners and cameras.
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k imgsvc
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 3
Type: 32
Error Control: 1
Depends On services: RpcSs

Service (registry key): swenum
Display name: Software Bus Driver
Image path: system32\DRIVERS\swenum.sys
Image size: 4352
Image MD5: 03C1BAE4766E2450219D20B993D6E046
Start: 3
Type: 1
Error Control: 1

Service (registry key): swmidi
Display name: Microsoft Kernel GS Wavetable Synthesizer
Image path: system32\drivers\swmidi.sys
Image size: 54272
Image MD5: 94ABC808FC4B6D7D2BBF42B85E25BB4D
Start: 3
Type: 1
Error Control: 1

Service (registry key): SwPrv
Display name: MS Software Shadow Copy Provider
Description: Manages software-based volume shadow copies taken by the Volume Shadow Copy service. If this service is stopped, software-based volume shadow copies cannot be managed. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: C:\WINDOWS\system32\dllhost.exe /Processid:{8EF5B028-DF33-4429-8E7C-EC58432E157E}
Image size: 5120
Image MD5: DD87DB7387B9EB441C5674888A0D840C
Start: 3
Type: 16
Error Control: 0
Depends On services: rpcss

Service (registry key): Symantec Core LC
Display name: Symantec Core LC
Description: Symantec Core LC
Object name: LocalSystem
Image path: "C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe"
Image size: 1174152
Image MD5: C1C706751F0499747DA9442C2679A0B7
Start: 2
Type: 272
Error Control: 1
Depends On services: RPCSS

Service (registry key): symc810
Start: 4
Type: 1
Error Control: 1

Service (registry key): symc8xx
Start: 4
Type: 1
Error Control: 1

Service (registry key): symlcbrd
Display name: symlcbrd
Image path: \??\C:\WINDOWS\system32\drivers\symlcbrd.sys
Image size: 10344
Image MD5: B226F8A4D780ACDF76145B58BB791D5B
Start: 2
Type: 1
Error Control: 0

Service (registry key): sym_hi
Start: 4
Type: 1
Error Control: 1

Service (registry key): sym_u3
Start: 4
Type: 1
Error Control: 1

Service (registry key): sysaudio
Display name: Microsoft Kernel System Audio Device
Image path: system32\drivers\sysaudio.sys
Image size: 60800
Image MD5: 650AD082D46BAC0E64C9C0E0928492FD
Start: 3
Type: 1
Error Control: 1

Service (registry key): SysmonLog
Display name: Performance Logs and Alerts
Description: Collects performance data from local or remote computers based on preconfigured schedule parameters, then writes the data to a log or triggers an alert. If this service is stopped, performance information will not be collected. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: NT Authority\NetworkService
Image path: %SystemRoot%\system32\smlogsvc.exe
Image size: 89600
Image MD5: 8B54AA346D1B1B113FFAA75501B8B1B2
Start: 3
Type: 16
Error Control: 1

Service (registry key): TapiSrv
Display name: Telephony
Description: Provides Telephony API (TAPI) support for programs that control telephony devices and IP based voice connections on the local computer and, through the LAN, on servers that are also running the service.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 3
Type: 32
Error Control: 1
Depends On services: PlugPlay,RpcSs

Service (registry key): Tcpip
Display name: TCP/IP Protocol Driver
Description: TCP/IP Protocol Driver
Image path: system32\DRIVERS\tcpip.sys
Image size: 359808
Image MD5: 1DBF125862891817F374F407626967F4
Start: 1
Type: 1
Error Control: 1
Depends On services: IPSec

Service (registry key): TDPIPE
Start: 3
Type: 1
Error Control: 0

Service (registry key): TDTCP
Start: 3
Type: 1
Error Control: 0

Service (registry key): TermDD
Display name: Terminal Device Driver
Image path: system32\DRIVERS\termdd.sys
Image size: 40840
Image MD5: A540A99C281D933F3D69D55E48727F47
Start: 1
Type: 1
Error Control: 1

Service (registry key): TermService
Display name: Terminal Services
Description: Allows multiple users to be connected interactively to a machine as well as the display of desktops and applications to remote computers. The underpinning of Remote Desktop (including RD for Administrators), Fast User Switching, Remote Assistance, and Terminal Server.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost -k DComLaunch
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 3
Type: 32
Error Control: 1
Depends On services: RPCSS

Service (registry key): Themes
Display name: Themes
Description: Provides user experience theme management.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 2
Type: 32
Error Control: 1

Service (registry key): TlntSvr
Display name: Telnet
Description: Enables a remote user to log on to this computer and run programs, and supports various TCP/IP Telnet clients, including UNIX-based and Windows-based computers. If this service is stopped, remote user access to programs might be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: C:\WINDOWS\system32\tlntsvr.exe
Image size: 73216
Image MD5: 37DB0A7D097310E8B4DE803FC3119C78
Start: 4
Type: 16
Error Control: 1
Depends On services: RPCSS,TCPIP,NTLMSSP

Service (registry key): TosIde
Start: 4
Type: 1
Error Control: 1

Service (registry key): TrkWks
Display name: Distributed Link Tracking Client
Description: Maintains links between NTFS files within a computer or across computers in a network domain.
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 2
Type: 32
Error Control: 1
Depends On services: RpcSs

Service (registry key): TSDDD
Start: 0
Type: 0
Error Control: 0

Service (registry key): Udfs
Start: 4
Type: 2
Error Control: 1

Service (registry key): ultra
Start: 4
Type: 1
Error Control: 1

Service (registry key): UMWdf
Display name: Windows User Mode Driver Framework
Description: Enables Windows user mode drivers.
Object name: NT AUTHORITY\LocalService
Image path: C:\WINDOWS\system32\wdfmgr.exe
Image size: 38912
Image MD5: AB0A7CA90D9E3D6A193905DC1715DED0
Start: 4
Type: 16
Error Control: 1
Depends On services: RpcSs

Service (registry key): Update
Display name: Microcode Update Driver
Image path: system32\DRIVERS\update.sys
Image size: 209408
Image MD5: AFF2E5045961BBC0A602BB6F95EB1345
Start: 3
Type: 1
Error Control: 1
brispie
2007-05-19, 14:06
Service (registry key): upnphost
Display name: Universal Plug and Play Device Host
Description: Provides support to host Universal Plug and Play devices.
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k LocalService
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 4
Type: 32
Error Control: 1
Depends On services: SSDPSRV,HTTP

Service (registry key): UPS
Display name: Uninterruptible Power Supply
Description: Manages an uninterruptible power supply (UPS) connected to the computer.
Object name: LocalSystem
Image path: %SystemRoot%\System32\ups.exe
Image size: 18432
Image MD5: 3F5DF65B0758675F95A2D43918A740A3
Start: 3
Type: 16
Error Control: 1

Service (registry key): usbehci
Display name: Microsoft USB 2.0 Enhanced Host Controller Miniport Driver
Image path: system32\DRIVERS\usbehci.sys
Image size: 26624
Image MD5: 15E993BA2F6946B2BFBBFCD30398621E
Start: 3
Type: 1
Error Control: 1

Service (registry key): usbhub
Display name: USB2 Enabled Hub
Image path: system32\DRIVERS\usbhub.sys
Image size: 57600
Image MD5: C72F40947F92CEA56A8FB532EDF025F1
Start: 3
Type: 1
Error Control: 1

Service (registry key): usbohci
Display name: Microsoft USB Open Host Controller Miniport Driver
Image path: system32\DRIVERS\usbohci.sys
Image size: 17024
Image MD5: BDFE799A8531BAD8A5A985821FE78760
Start: 3
Type: 1
Error Control: 1

Service (registry key): USBSTOR
Display name: USB Mass Storage Driver
Image path: system32\DRIVERS\USBSTOR.SYS
Image size: 26496
Image MD5: 6CD7B22193718F1D17A47A1CD6D37E75
Start: 3
Type: 1
Error Control: 1

Service (registry key): VgaSave
Image path: \SystemRoot\System32\drivers\vga.sys
Start: 1
Type: 1
Error Control: 0

Service (registry key): ViaIde
Start: 4
Type: 1
Error Control: 1

Service (registry key): VolSnap
Start: 0
Type: 1
Error Control: 1

Service (registry key): VSS
Display name: Volume Shadow Copy
Description: Manages and implements Volume Shadow Copies used for backup and other purposes. If this service is stopped, shadow copies will be unavailable for backup and the backup may fail. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\System32\vssvc.exe
Image size: 289792
Image MD5: 3EE00364AE0FD8D604F46CBAF512838A
Start: 3
Type: 16
Error Control: 1
Depends On services: RPCSS

Service (registry key): VXD
Start: 0
Type: 0
Error Control: 0

Service (registry key): W32Time
Display name: Windows Time
Description: Maintains date and time synchronization on all clients and servers in the network. If this service is stopped, date and time synchronization will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.

Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 2
Type: 32
Error Control: 1

Service (registry key): W3SVC
Start: 0
Type: 0
Error Control: 0

Service (registry key): Wanarp
Display name: Remote Access IP ARP Driver
Description: Remote Access IP ARP Driver
Image path: system32\DRIVERS\wanarp.sys
Image size: 34560
Image MD5: 984EF0B9788ABF89974CFED4BFBAACBC
Start: 3
Type: 1
Error Control: 1

Service (registry key): WDICA
Start: 3
Type: 1
Error Control: 0

Service (registry key): wdmaud
Display name: Microsoft WINMM WDM Audio Compatibility Driver
Image path: system32\drivers\wdmaud.sys
Image size: 82944
Image MD5: EFD235CA22B57C81118C1AEB4798F1C1
Start: 3
Type: 1
Error Control: 1

Service (registry key): WebClient
Display name: WebClient
Description: Enables Windows-based programs to create, access, and modify Internet-based files. If this service is stopped, these functions will not be available. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k LocalService
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 2
Type: 32
Error Control: 1
Depends On services: MRxDAV

Service (registry key): winmgmt
Display name: Windows Management Instrumentation
Description: Provides a common interface and object model to access management information about operating system, devices, applications and services. If this service is stopped, most Windows-based software will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %systemroot%\system32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 2
Type: 32
Error Control: 0
Depends On services: RPCSS

Service (registry key): Winsock
Start: 3
Type: 4
Error Control: 1

Service (registry key): Winsock - Google Desktop Search Backup Before First Install
Start: 3
Type: 4
Error Control: 1

Service (registry key): Winsock - Google Desktop Search Backup Before Last Install
Start: 3
Type: 4
Error Control: 1

Service (registry key): WinSock2
Start: 0
Type: 0
Error Control: 0

Service (registry key): Winsock2 - Google Desktop Search Backup Before First Install
Start: 0
Type: 0
Error Control: 0

Service (registry key): Winsock2 - Google Desktop Search Backup Before Last Install
Start: 0
Type: 0
Error Control: 0

Service (registry key): WinTrust
Start: 0
Type: 0
Error Control: 0

Service (registry key): WmdmPmSN
Display name: Portable Media Serial Number Service
Description: Retrieves the serial number of any portable media player connected to this computer. If this service is stopped, protected content might not be down loaded to the device.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 3
Type: 32
Error Control: 1

Service (registry key): Wmi
Display name: Windows Management Instrumentation Driver Extensions
Description: Provides systems management information to and from drivers.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 3
Type: 32
Error Control: 1

Service (registry key): WmiApRpl
Start: 0
Type: 0
Error Control: 0

Service (registry key): WmiApSrv
Display name: WMI Performance Adapter
Description: Provides performance library information from WMI HiPerf providers.
Object name: LocalSystem
Image path: C:\WINDOWS\system32\wbem\wmiapsrv.exe
Image size: 126464
Image MD5: BA8CECC3E813E1F7C441B20393D4F86C
Start: 3
Type: 16
Error Control: 1
Depends On services: RPCSS

Service (registry key): WS2IFSL
Start: 1
Type: 0
Error Control: 0

Service (registry key): wscsvc
Display name: Security Center
Description: Monitors system security settings and configurations.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 2
Type: 32
Error Control: 1
Depends On services: RpcSs,winmgmt

Service (registry key): wuauserv
Display name: Automatic Updates
Description: Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site.
Object name: LocalSystem
Image path: %systemroot%\system32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 2
Type: 32
Error Control: 1

Service (registry key): WZCSVC
Display name: Wireless Zero Configuration
Description: Provides automatic configuration for the 802.11 adapters
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 2
Type: 32
Error Control: 1
Depends On services: RpcSs,Ndisuio

Service (registry key): xmlprov
Display name: Network Provisioning Service
Description: Manages XML configuration files on a domain basis for automatic network provisioning.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 3
Type: 32
Error Control: 1
Depends On services: RpcSs

Service (registry key): {AEC81411-BE1E-4DE1-BB79-D79261782333}
Start: 0
Type: 0
Error Control: 0

Service (registry key): {CE5FA0D0-384D-4387-9E47-D25184030D99}
Start: 0
Type: 0
Error Control: 0
Shaba
2007-05-19, 14:09
Hi

Looks like there's no info we need, unfortunately (nothing in "Search result list")

Please download the Registry Search tool by clicking on the "hard drive" icon halfway down this page:
http://www.billsway.com/vbspage/
Save it to the desktop and run it. If you get an alert from your antivirus about scripting, choose to allow the script to run. Search for cmdService and click OK. Post the logfile from the tool here for me.
brispie
2007-05-20, 18:32
Sorry to sound dumb again, but I can't see a hard drive icon on that page.

Can you clarify?

Thanks
Shaba
2007-05-20, 18:45
Hi

It looks like this -> http://www.billsway.com/images/download.gif
brispie
2007-05-20, 23:30
Sorry! Very slow on the uptake today! :oops:

REGEDIT4
; RegSrch.vbs © Bill James

; Registry search results for string "cmdService" 20/05/2007 22:17:18

; NOTE: This file will be deleted when you close WordPad.
; You must manually save this file to a new location if you want to refer to it again later.
; (If you save the file with a .reg extension, you can use it to restore any Registry changes you make to these values.)


[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_CMDSERVICE]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_CMDSERVICE\0000]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_CMDSERVICE\0000]
"Service"="cmdService"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\cmdService]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\cmdService\Enum]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\cmdService\Enum]
"0"="Root\\LEGACY_CMDSERVICE\\0000"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_CMDSERVICE]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_CMDSERVICE\0000]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_CMDSERVICE\0000]
"Service"="cmdService"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\cmdService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000]
"Service"="cmdService"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cmdService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cmdService\Enum]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cmdService\Enum]
"0"="Root\\LEGACY_CMDSERVICE\\0000"

[HKEY_USERS\S-1-5-21-1606980848-1547161642-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\*]
"a"="C:\\Documents and Settings\\PHIL\\Desktop\\delcmdservice.zip"

[HKEY_USERS\S-1-5-21-1606980848-1547161642-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\zip]
"a"="C:\\Documents and Settings\\PHIL\\Desktop\\delcmdservice.zip"

[HKEY_USERS\S-1-5-21-1606980848-1547161642-1801674531-1003\Software\WinRAR\ArcHistory]
"1"="C:\\Documents and Settings\\PHIL\\Desktop\\delcmdservice.zip"

"2"="C:\\Documents and Settings\\PHIL\\Local Settings\\Temporary Internet Files\\Content.IE5\\WLIRO5U3\\delcmdservice[1].zip"

"3"="C:\\Documents and Settings\\PHIL\\Local Settings\\Temporary Internet Files\\Content.IE5\\VEKNZ1C1\\delcmdservice[1].zip"
Shaba
2007-05-21, 08:31
Hi


Download RegASSASSIN by malwarebytes.org from here (http://www.malwarebytes.org/RegASSASSIN.zip)
Unzip/extract it to a folder on your desktop
Double-click on RegASSASSIN.exe to start RegASSASSIN
Copy and paste the below into the white box


[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_CMDSERVICE]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\cmdService]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_CMDSERVICE]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\cmdService]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cmdService]


Click Delete
Answer Yes to any prompts


Do another search for "cmdService" with registry search tool and post back results.
brispie
2007-05-21, 21:39
When running RegASSASSIN I got 'Error: Hive return NULL' for every single one.

REGEDIT4
; RegSrch.vbs © Bill James

; Registry search results for string "cmdservice" 21/05/2007 20:37:33

; NOTE: This file will be deleted when you close WordPad.
; You must manually save this file to a new location if you want to refer to it again later.
; (If you save the file with a .reg extension, you can use it to restore any Registry changes you make to these values.)


[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_CMDSERVICE]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_CMDSERVICE\0000]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_CMDSERVICE\0000]
"Service"="cmdService"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\cmdService]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\cmdService\Enum]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\cmdService\Enum]
"0"="Root\\LEGACY_CMDSERVICE\\0000"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_CMDSERVICE]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_CMDSERVICE\0000]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_CMDSERVICE\0000]
"Service"="cmdService"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\cmdService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000]
"Service"="cmdService"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cmdService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cmdService\Enum]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cmdService\Enum]
"0"="Root\\LEGACY_CMDSERVICE\\0000"

[HKEY_USERS\S-1-5-21-1606980848-1547161642-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\*]
"a"="C:\\Documents and Settings\\PHIL\\Desktop\\delcmdservice.zip"

[HKEY_USERS\S-1-5-21-1606980848-1547161642-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\zip]
"a"="C:\\Documents and Settings\\PHIL\\Desktop\\delcmdservice.zip"

[HKEY_USERS\S-1-5-21-1606980848-1547161642-1801674531-1003\Software\WinRAR\ArcHistory]
"2"="C:\\Documents and Settings\\PHIL\\Desktop\\delcmdservice.zip"

"3"="C:\\Documents and Settings\\PHIL\\Local Settings\\Temporary Internet Files\\Content.IE5\\WLIRO5U3\\delcmdservice[1].zip"
Shaba
2007-05-22, 08:15
Hi

Ok, then try again without these in each line -> [ ]
brispie
2007-05-22, 11:41
1,2,3,5&6 on the list 'Could not be removed'. 4 was succesfully deleted.

REGEDIT4
; RegSrch.vbs © Bill James

; Registry search results for string "cmdService" 22/05/2007 10:40:18

; NOTE: This file will be deleted when you close WordPad.
; You must manually save this file to a new location if you want to refer to it again later.
; (If you save the file with a .reg extension, you can use it to restore any Registry changes you make to these values.)


[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_CMDSERVICE]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_CMDSERVICE\0000]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_CMDSERVICE\0000]
"Service"="cmdService"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\cmdService]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\cmdService\Enum]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\cmdService\Enum]
"0"="Root\\LEGACY_CMDSERVICE\\0000"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_CMDSERVICE]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_CMDSERVICE\0000]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_CMDSERVICE\0000]
"Service"="cmdService"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000]
"Service"="cmdService"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cmdService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cmdService\Enum]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cmdService\Enum]
"0"="Root\\LEGACY_CMDSERVICE\\0000"

[HKEY_USERS\S-1-5-21-1606980848-1547161642-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\*]
"a"="C:\\Documents and Settings\\PHIL\\Desktop\\delcmdservice.zip"

[HKEY_USERS\S-1-5-21-1606980848-1547161642-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\zip]
"a"="C:\\Documents and Settings\\PHIL\\Desktop\\delcmdservice.zip"

[HKEY_USERS\S-1-5-21-1606980848-1547161642-1801674531-1003\Software\WinRAR\ArcHistory]
"2"="C:\\Documents and Settings\\PHIL\\Desktop\\delcmdservice.zip"

"3"="C:\\Documents and Settings\\PHIL\\Local Settings\\Temporary Internet Files\\Content.IE5\\WLIRO5U3\\delcmdservice[1].zip"
Shaba
2007-05-22, 12:48
Hi

Then we use another tool:


Go here (http://www.microsoft.com/downloads/details.aspx?familyid=e8ba3e56-d8fe-4a91-93cf-ed6985e3927b&displaylang=en) and download subinacl.msi
Double click on subinacl.msi to start the installation of Subinacl
Click Next>
Select I accept and click Next>
Click browse
From the drop down menu select C:\
Double click on WINDOWS and then system32
Click OK
Click Install now
Click Finish


Copy text below to Notepad and save it as delcmd.bat (save it as all files, *.*)

@echo off
FOR %%R IN (
"HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_CMDSERVICE"
"HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\cmdService"
"HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_CMDSERVICE"
"HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE"
"HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cmdService"
) Do (
subinacl.exe /subkeyreg %%R /setowner=%username% /grant=%username%=F
reg delete %%R /f
)

It should look like this -> http://users.telenet.be/bluepatchy/miekiemoes/images/bat.JPG

Doubleclick delcmd.bat; black dos windows will flash, that's normal.

(In case you are unsure how to create a bat file, take a look here (http://www.nellie2.co.uk/file.htm#How_to_Make_a_.Bat_File) with screenshots.)

Do another search for cmdService with reg search tool and post back results.
brispie
2007-05-22, 14:32
Think I did that all OK.

REGEDIT4
; RegSrch.vbs © Bill James

; Registry search results for string "cmdService" 22/05/2007 13:31:58

; NOTE: This file will be deleted when you close WordPad.
; You must manually save this file to a new location if you want to refer to it again later.
; (If you save the file with a .reg extension, you can use it to restore any Registry changes you make to these values.)


[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_CMDSERVICE]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_CMDSERVICE\0000]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_CMDSERVICE\0000]
"Service"="cmdService"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\cmdService]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\cmdService\Enum]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\cmdService\Enum]
"0"="Root\\LEGACY_CMDSERVICE\\0000"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_CMDSERVICE]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_CMDSERVICE\0000]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_CMDSERVICE\0000]
"Service"="cmdService"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000]
"Service"="cmdService"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cmdService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cmdService\Enum]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cmdService\Enum]
"0"="Root\\LEGACY_CMDSERVICE\\0000"

[HKEY_USERS\S-1-5-21-1606980848-1547161642-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\*]
"a"="C:\\Documents and Settings\\PHIL\\Desktop\\delcmdservice.zip"

[HKEY_USERS\S-1-5-21-1606980848-1547161642-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\zip]
"a"="C:\\Documents and Settings\\PHIL\\Desktop\\delcmdservice.zip"

[HKEY_USERS\S-1-5-21-1606980848-1547161642-1801674531-1003\Software\WinRAR\ArcHistory]
"2"="C:\\Documents and Settings\\PHIL\\Desktop\\delcmdservice.zip"

"3"="C:\\Documents and Settings\\PHIL\\Local Settings\\Temporary Internet Files\\Content.IE5\\WLIRO5U3\\delcmdservice[1].zip"
Shaba
2007-05-22, 15:17
Hi

Ok, then we do it manually.

Make sure that you have logged in as administrator.

Go to start -> run -> regedit -> ok

Go to HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_CMDSERVICE

Select key (highlight it) and to go edit -> permissions.
Select there first your user account (that it's highlighted), then in Full control Allow and after that delete that key (right-click, choose delete).

Repeat for:

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\cmdService
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_CMDSERVICE
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cmdService

Do another search for cmdService with reg search tool and post back results.
brispie
2007-05-22, 23:29
I did all that, but every single one came up with the message 'Error while deleting key'. they have not been deleted.
brispie
2007-05-22, 23:30
Sorry, forgot to post.

REGEDIT4
; RegSrch.vbs © Bill James

; Registry search results for string "cmdService" 22/05/2007 22:31:06

; NOTE: This file will be deleted when you close WordPad.
; You must manually save this file to a new location if you want to refer to it again later.
; (If you save the file with a .reg extension, you can use it to restore any Registry changes you make to these values.)


[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_CMDSERVICE]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_CMDSERVICE\0000]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_CMDSERVICE\0000]
"Service"="cmdService"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\cmdService]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\cmdService\Enum]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\cmdService\Enum]
"0"="Root\\LEGACY_CMDSERVICE\\0000"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_CMDSERVICE]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_CMDSERVICE\0000]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_CMDSERVICE\0000]
"Service"="cmdService"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000]
"Service"="cmdService"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cmdService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cmdService\Enum]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cmdService\Enum]
"0"="Root\\LEGACY_CMDSERVICE\\0000"

[HKEY_USERS\S-1-5-21-1606980848-1547161642-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Applets\Regedit]
"LastKey"="My Computer\\HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\cmdService"

[HKEY_USERS\S-1-5-21-1606980848-1547161642-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\*]
"a"="C:\\Documents and Settings\\PHIL\\Desktop\\delcmdservice.zip"

[HKEY_USERS\S-1-5-21-1606980848-1547161642-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\zip]
"a"="C:\\Documents and Settings\\PHIL\\Desktop\\delcmdservice.zip"

[HKEY_USERS\S-1-5-21-1606980848-1547161642-1801674531-1003\Software\WinRAR\ArcHistory]
"2"="C:\\Documents and Settings\\PHIL\\Desktop\\delcmdservice.zip"

"3"="C:\\Documents and Settings\\PHIL\\Local Settings\\Temporary Internet Files\\Content.IE5\\WLIRO5U3\\delcmdservice[1].zip"
Shaba
2007-05-23, 09:05
Hi

Well then there's likely a lot of bigger problem with permissions.

I'll do some research and post back ASAP.
Shaba
2007-05-23, 16:56
Hi

Download RegDACL to your Desktop
http://www.heysoft.de/nt/reg/doc/RegDACLE.zip

Create a folder on the desktop called Regdacl. You can do this by right clicking on an empty space on the Desktop, select New folder from the popup menu and name it Regdacl.
Unzip the content of RegDACLE.zip into the Regdacl folder on your Desktop.
Don't run anything in Regdacl folder till I tell you.

Copy/paste the following text into a new Notepad document. Make sure that wordwrap is turned off.



@echo off
if exist regperms.txt del regperms.txt
For %%i in ("HKLM\SYSTEM\ControlSet001","HKLM\SYSTEM\ControlSet001\Services","HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\cmdService") Do regdacl %%i /L /E >> regperms.txt

regedit /a /e regkey.txt "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services"

Notepad regperms.txt
notepad regkey.txt


Save it in the new Regdacl folder on your desktop as readperm.bat. Save it as:
File Type: All Files (not as a text document or it wont work).
Name: readperm.bat

Open the Regdacl folder on your Desktop. Double click readperm.bat. Notepad will open with regperms.txt and regkey.txt. Post the content please of both files please. If notepad doesn't bring up the text files, open the RegDacl folder and open regperms.txt and regkey.txt yourself.
brispie
2007-05-23, 23:47
REGEDIT4

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Abiosdsk]
"ErrorControl"=dword:00000000
"Group"="Primary disk"
"Start"=dword:00000004
"Tag"=dword:00000003
"Type"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\abp480n5]
"ErrorControl"=dword:00000001
"Group"="SCSI miniport"
"Start"=dword:00000004
"Tag"=dword:00000038
"Type"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\abp480n5\Parameters]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\abp480n5\Parameters\PnpInterface]
"5"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\acap2000]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\acap2000\Parameters]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ACPI]
"ErrorControl"=dword:00000001
"Group"="Boot Bus Extender"
"Start"=dword:00000000
"Tag"=dword:00000001
"Type"=dword:00000001
"DisplayName"="Microsoft ACPI Driver"
"ImagePath"=hex(2):73,79,73,74,65,6d,33,32,5c,44,52,49,56,45,52,53,5c,41,43,50,\
49,2e,73,79,73,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ACPI\Enum]
"0"="ACPI_HAL\\PNP0C08\\0"
"Count"=dword:00000001
"NextInstance"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ACPIEC]
"ErrorControl"=dword:00000001
"Group"="Boot Bus Extender"
"Start"=dword:00000004
"Tag"=dword:00000005
"Type"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\adpu160m]
"ErrorControl"=dword:00000001
"Group"="SCSI miniport"
"Start"=dword:00000004
"Tag"=dword:0000003c
"Type"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\adpu160m\Parameters]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\adpu160m\Parameters\PnpInterface]
"5"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\aec]
"Type"=dword:00000001
"Start"=dword:00000003
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):73,79,73,74,65,6d,33,32,5c,64,72,69,76,65,72,73,5c,61,65,63,\
2e,73,79,73,00
"DisplayName"="Microsoft Kernel Acoustic Echo Canceller"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\aec\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,60,00,04,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,\
05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,\
00,18,00,fd,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,02,00,00,01,01,\
00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\aec\Enum]
"Count"=dword:00000000
"NextInstance"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AFD]
"DisplayName"="AFD"
"Description"="AFD Networking Support Environment"
"Group"="TDI"
"ImagePath"="\\SystemRoot\\System32\\drivers\\afd.sys"
"Start"=dword:00000001
"Type"=dword:00000001
"ErrorControl"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AFD\Parameters]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AFD\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,60,00,04,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,\
05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,\
00,18,00,fd,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,02,00,00,01,01,\
00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AFD\Enum]
"0"="Root\\LEGACY_AFD\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Aha154x]
"ErrorControl"=dword:00000001
"Group"="SCSI miniport"
"Start"=dword:00000004
"Tag"=dword:00000006
"Type"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Aha154x\Parameters]
"LegacyAdapterDetection"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Aha154x\Parameters\PnpInterface]
"1"=dword:00000001
"3"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\aic78u2]
"ErrorControl"=dword:00000001
"Group"="SCSI miniport"
"Start"=dword:00000004
"Tag"=dword:00000034
"Type"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\aic78u2\Parameters]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\aic78u2\Parameters\PnpInterface]
"5"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\aic78xx]
"ErrorControl"=dword:00000001
"Group"="SCSI miniport"
"Start"=dword:00000004
"Tag"=dword:0000001e
"Type"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\aic78xx\Parameters]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\aic78xx\Parameters\PnpInterface]
"5"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Alerter]
"Type"=dword:00000020
"Start"=dword:00000004
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,6d,33,\
32,5c,73,76,63,68,6f,73,74,2e,65,78,65,20,2d,6b,20,4c,6f,63,61,6c,53,65,72,\
76,69,63,65,00
"DisplayName"="Alerter"
"DependOnService"=hex(7):4c,61,6e,6d,61,6e,57,6f,72,6b,73,74,61,74,69,6f,6e,00,\
00
"DependOnGroup"=hex(7):00
"ObjectName"="NT AUTHORITY\\LocalService"
"Description"="Notifies selected users and computers of administrative alerts. If the service is stopped, programs that use administrative alerts will not receive them. If this service is disabled, any services that explicitly depend on it will fail to start."

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Alerter\Parameters]
"AlertNames"=hex(7):00
"ServiceDll"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,6d,\
33,32,5c,61,6c,72,73,76,63,2e,64,6c,6c,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Alerter\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,60,00,04,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,\
05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,\
00,18,00,fd,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,02,00,00,01,01,\
00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ALG]
"Description"="Provides support for 3rd party protocol plug-ins for Internet Connection Sharing and the Windows Firewall."
"Type"=dword:00000010
"Start"=dword:00000003
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,65,6d,33,\
32,5c,61,6c,67,2e,65,78,65,00
"DisplayName"="Application Layer Gateway Service"
"ObjectName"="NT AUTHORITY\\LocalService"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ALG\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,60,00,04,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,\
05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,\
00,18,00,fd,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,02,00,00,01,01,\
00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ALG\Enum]
"0"="Root\\LEGACY_ALG\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AliIde]
"ErrorControl"=dword:00000001
"Group"="System Bus Extender"
"Start"=dword:00000004
"Tag"=dword:00000004
"Type"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AmdK7]
"Type"=dword:00000001
"Start"=dword:00000001
"ErrorControl"=dword:00000001
"Tag"=dword:00000003
"ImagePath"=hex(2):73,79,73,74,65,6d,33,32,5c,44,52,49,56,45,52,53,5c,61,6d,64,\
6b,37,2e,73,79,73,00
"DisplayName"="AMD K7 Processor Driver"
"Group"="Extended Base"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AmdK7\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,60,00,04,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,\
05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,\
00,18,00,fd,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,02,00,00,01,01,\
00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AmdK7\Enum]
"0"="ACPI\\AuthenticAMD_-_x86_Family_6_Model_8\\_0"
"Count"=dword:00000001
"NextInstance"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\amsint]
"ErrorControl"=dword:00000001
"Group"="SCSI miniport"
"Start"=dword:00000004
"Tag"=dword:00000024
"Type"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\amsint\Parameters]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\amsint\Parameters\PnpInterface]
"5"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AppMgmt]
"Description"="Provides software installation services such as Assign, Publish, and Remove."
"DisplayName"="Application Management"
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,6d,33,\
32,5c,73,76,63,68,6f,73,74,2e,65,78,65,20,2d,6b,20,6e,65,74,73,76,63,73,00
"ObjectName"="LocalSystem"
"Start"=dword:00000003
"Type"=dword:00000020

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AppMgmt\Parameters]
"ServiceDll"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,65,6d,\
33,32,5c,61,70,70,6d,67,6d,74,73,2e,64,6c,6c,00
"ServiceDllUnloadOnStop"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AppMgmt\Security]
"Security"=hex:01,00,14,80,a8,00,00,00,b4,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,78,00,05,00,00,00,00,00,14,00,8d,00,02,00,01,01,00,00,00,00,00,\
05,0b,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
20,02,00,00,00,00,18,00,8d,00,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,\
02,00,00,00,00,14,00,9d,00,00,00,01,01,00,00,00,00,00,05,04,00,00,00,00,00,\
18,00,9d,00,00,00,01,02,00,00,00,00,00,05,20,00,00,00,21,02,00,00,01,01,00,\
00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AppMgmt\Enum]
"0"="Root\\LEGACY_APPMGMT\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\asc]
"ErrorControl"=dword:00000001
"Group"="SCSI miniport"
"Start"=dword:00000004
"Tag"=dword:00000029
"Type"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\asc\Parameters]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\asc\Parameters\PnpInterface]
"5"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\asc3350p]
"ErrorControl"=dword:00000001
"Group"="SCSI miniport"
"Start"=dword:00000004
"Tag"=dword:00000039
"Type"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\asc3350p\Parameters]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\asc3350p\Parameters\PnpInterface]
"1"=dword:00000011

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\asc3550]
"ErrorControl"=dword:00000001
"Group"="SCSI miniport"
"Start"=dword:00000004
"Tag"=dword:0000002a
"Type"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\asc3550\Parameters]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\asc3550\Parameters\PnpInterface]
"5"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\aslm75]
"Type"=dword:00000001
"Start"=dword:00000001
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):5c,3f,3f,5c,43,3a,5c,57,49,4e,44,4f,57,53,5c,73,79,73,74,65,\
6d,33,32,5c,64,72,69,76,65,72,73,5c,61,73,6c,6d,37,35,2e,73,79,73,00
"DisplayName"="aslm75"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\aslm75\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,60,00,04,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,\
05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,\
00,18,00,fd,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,02,00,00,01,01,\
00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\aslm75\Enum]
"0"="Root\\LEGACY_ASLM75\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Aspi32]
"ErrorControl"=dword:00000001
"Type"=dword:00000001
"Start"=dword:00000002
"MatchFlags"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Aspi32\Parameters]
"ExcludeMiniports"=""

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Aspi32\Enum]
"0"="Root\\LEGACY_ASPI32\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AsyncMac]
"Type"=dword:00000001
"Start"=dword:00000003
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):73,79,73,74,65,6d,33,32,5c,44,52,49,56,45,52,53,5c,61,73,79,\
6e,63,6d,61,63,2e,73,79,73,00
"DisplayName"="RAS Asynchronous Media Driver"
"Description"="RAS Asynchronous Media Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AsyncMac\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,60,00,04,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,\
05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,\
00,18,00,fd,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,02,00,00,01,01,\
00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\atapi]
"ErrorControl"=dword:00000001
"Group"="SCSI miniport"
"Start"=dword:00000000
"Tag"=dword:00000019
"Type"=dword:00000001
"DisplayName"="Standard IDE/ESDI Hard Disk Controller"
"ImagePath"=hex(2):73,79,73,74,65,6d,33,32,5c,44,52,49,56,45,52,53,5c,61,74,61,\
70,69,2e,73,79,73,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\atapi\Parameters]
"LegacyDetection"=dword:00000001
"GhostSlave"=hex(7):53,75,6e,44,69,73,6b,20,00,00
"UseCheckPowerForFlush"=hex(7):53,41,4d,53,55,4e,47,20,57,4e,52,2d,33,31,36,30,\
31,41,20,28,31,36,30,30,4d,42,29,20,20,20,20,20,20,20,20,20,20,20,20,20,00,\
53,41,4d,53,55,4e,47,20,57,4e,52,2d,33,31,36,30,31,41,20,28,31,2e,36,47,42,\
29,20,20,20,20,20,20,20,20,20,20,20,20,20,20,00,49,42,4d,2d,44,54,43,41,2d,\
32,34,30,39,30,20,20,20,20,20,20,20,20,20,20,20,20,20,20,20,20,20,20,20,20,\
20,20,20,20,20,20,54,43,36,4f,41,41,32,41,00,49,42,4d,2d,44,54,43,41,2d,32,\
34,30,39,30,20,20,20,20,20,20,20,20,20,20,20,20,20,20,20,20,20,20,20,20,20,\
20,20,20,20,20,54,43,36,49,41,41,32,41,00,49,42,4d,2d,44,50,4c,41,2d,32,35,\
31,32,30,20,20,20,20,20,20,20,20,20,20,20,20,20,20,20,20,20,20,20,20,20,20,\
20,20,20,20,50,4c,38,4f,41,41,32,41,00,49,42,4d,2d,44,50,4c,41,2d,32,35,31,\
32,30,20,20,20,20,20,20,20,20,20,20,20,20,20,20,20,20,20,20,20,20,20,20,20,\
20,20,20,50,4c,38,49,41,41,32,41,00,49,42,4d,2d,44,50,4c,41,2d,32,35,31,32,\
30,20,20,20,20,20,20,20,20,20,20,20,20,20,20,20,20,20,20,20,20,20,20,20,20,\
20,20,50,4c,38,49,41,41,34,41,00,49,42,4d,2d,44,54,43,41,2d,32,33,32,34,30,\
20,20,20,20,20,20,20,20,20,20,20,20,20,20,20,20,20,20,20,20,20,20,20,20,20,\
20,54,43,35,4f,41,41,32,41,00,49,42,4d,2d,44,54,43,41,2d,32,33,32,34,30,20,\
20,20,20,20,20,20,20,20,20,20,20,20,20,20,20,20,20,20,20,20,20,20,20,20,20,\
54,43,35,49,41,41,32,41,00,49,42,4d,2d,44,50,4c,41,2d,32,34,34,38,30,20,20,\
20,20,20,20,20,20,20,20,20,20,20,20,20,20,20,20,20,20,20,20,20,20,20,20,50,\
4c,37,4f,41,41,32,41,00,49,42,4d,2d,44,50,4c,41,2d,32,34,34,38,30,20,20,20,\
20,20,20,20,20,20,20,20,20,20,20,20,20,20,20,20,20,20,20,20,20,20,20,50,4c,\
37,49,41,41,32,41,00,00
"NoFlushDevice"=hex(7):51,55,41,4e,54,55,4d,5f,4c,50,53,35,32,35,41,20,20,20,\
20,20,20,20,20,20,20,20,20,20,20,20,20,20,20,20,20,20,20,20,20,20,00,53,43,\
52,2d,37,33,30,20,20,20,20,20,20,20,20,20,20,20,20,20,20,20,20,20,20,20,20,\
20,20,20,20,20,20,20,20,20,20,20,20,20,00,00
"PioOnlyDevice"=hex(7):20,20,20,20,43,6f,6e,6e,65,72,20,50,65,72,69,70,68,65,\
72,61,6c,73,20,34,32,35,4d,42,20,2d,20,43,46,53,34,32,35,41,20,20,00,4d,41,\
54,53,48,49,54,41,20,43,52,2d,35,38,31,20,20,20,20,20,20,20,20,20,20,20,20,\
20,20,20,20,20,20,20,20,20,20,20,20,20,00,46,58,36,30,30,53,20,20,20,20,20,\
20,20,20,20,20,20,20,20,20,20,20,20,20,20,20,20,20,20,20,20,20,20,20,20,20,\
20,20,20,20,00,43,44,2d,34,34,45,20,20,20,20,20,20,20,20,20,20,20,20,20,20,\
20,20,20,20,20,20,20,20,20,20,20,20,20,20,20,20,20,20,20,20,00,51,55,41,4e,\
54,55,4d,20,54,52,42,38,35,30,41,20,20,20,20,20,20,20,20,20,20,20,20,20,20,\
20,20,20,20,20,20,20,20,20,20,20,00,51,55,41,4e,54,55,4d,20,4d,41,52,56,45,\
52,49,43,4b,20,35,34,30,41,20,20,20,20,20,20,20,20,20,20,20,20,20,20,20,20,\
20,20,00,20,4d,41,58,54,4f,52,20,4d,58,54,2d,35,34,30,20,20,41,54,20,20,20,\
20,20,20,20,20,20,20,20,20,20,20,20,20,20,20,20,20,20,00,4d,61,78,74,6f,72,\
20,37,31,32,36,30,20,41,54,20,20,20,20,20,20,20,20,20,20,20,20,20,20,20,20,\
20,20,20,20,20,20,20,20,20,00,4d,61,78,74,6f,72,20,37,38,35,30,20,41,56,20,\
20,20,20,20,20,20,20,20,20,20,20,20,20,20,20,20,20,20,20,20,20,20,20,20,20,\
00,4d,61,78,74,6f,72,20,37,35,34,30,20,41,56,20,20,20,20,20,20,20,20,20,20,\
20,20,20,20,20,20,20,20,20,20,20,20,20,20,20,20,00,4d,61,78,74,6f,72,20,37,\
32,31,33,20,41,54,20,20,20,20,20,20,20,20,20,20,20,20,20,20,20,20,20,20,20,\
brispie
2007-05-23, 23:48
20,20,20,20,20,20,20,00,4d,61,78,74,6f,72,20,37,33,34,35,20,20,20,20,20,20,\
20,20,20,20,20,20,20,20,20,20,20,20,20,20,20,20,20,20,20,20,20,20,20,00,4d,\
61,78,74,6f,72,20,37,32,34,35,20,41,54,20,20,20,20,20,20,20,20,20,20,20,20,\
20,20,20,20,20,20,20,20,20,20,20,20,20,20,00,4d,61,78,74,6f,72,20,37,32,34,\
35,20,20,20,20,20,20,20,20,20,20,20,20,20,20,20,20,20,20,20,20,20,20,20,20,\
20,20,20,20,20,00,4d,61,78,74,6f,72,20,37,32,31,31,41,55,20,20,20,20,20,20,\
20,20,20,20,20,20,20,20,20,20,20,20,20,20,20,20,20,20,20,20,20,00,4d,61,78,\
74,6f,72,20,37,31,37,31,20,41,54,20,20,20,20,20,20,20,20,20,20,20,20,20,20,\
20,20,20,20,20,20,20,20,20,20,20,20,00,43,44,2d,33,31,36,45,20,20,20,20,20,\
20,20,20,20,20,20,20,20,20,20,20,20,20,20,20,20,20,20,20,20,20,20,20,20,20,\
20,20,20,00,53,41,4d,53,55,4e,47,5f,53,43,52,2d,32,34,33,30,00,43,52,2d,32,\
38,30,31,54,45,00,00
"NonRemovableMedia"=hex(7):4b,69,6e,67,73,74,6f,6e,20,54,65,63,68,6e,6f,6c,6f,\
67,79,20,44,61,74,61,50,61,6b,20,33,34,30,20,20,20,20,20,20,20,20,20,00,53,\
75,6e,44,69,73,6b,20,53,44,50,35,41,2d,31,30,20,20,20,20,20,20,20,20,20,20,\
20,20,20,20,20,20,20,20,20,20,20,20,20,20,00,53,75,6e,44,69,73,6b,20,53,44,\
43,46,42,2d,31,30,20,20,20,20,20,20,20,20,20,20,20,20,20,20,20,20,20,20,20,\
20,20,20,20,20,00,53,75,6e,44,69,73,6b,20,53,44,50,33,42,2d,32,30,20,20,20,\
20,20,20,20,20,20,20,20,20,20,20,20,20,20,20,20,20,20,20,20,20,00,53,75,6e,\
44,69,73,6b,20,53,44,50,33,42,2d,31,37,35,20,20,20,20,20,20,20,20,20,20,20,\
20,20,20,20,20,20,20,20,20,20,20,20,00,53,75,6e,44,69,73,6b,20,53,44,50,35,\
2d,32,2e,35,20,20,20,20,20,20,20,20,20,20,20,20,20,20,20,20,20,20,20,20,20,\
20,20,20,00,43,61,6c,6c,75,6e,61,20,54,65,63,68,6e,6f,6c,6f,67,79,20,43,54,\
32,36,30,4d,43,20,20,20,20,20,20,20,20,20,20,20,20,20,20,00,42,4e,2d,53,30,\
30,34,41,43,2d,53,20,31,2e,30,30,00,43,61,6c,6c,75,6e,61,20,54,65,63,68,6e,\
6f,6c,6f,67,79,20,43,54,35,32,30,52,4d,00,48,69,74,61,63,68,69,20,43,56,20,\
35,2e,31,2e,31,00,20,20,20,20,20,20,41,54,41,5f,46,4c,41,53,48,20,00,4d,69,\
74,73,75,62,69,73,68,69,20,41,54,41,20,43,61,72,64,20,00,4c,45,58,41,52,20,\
41,54,41,5f,46,4c,41,53,48,00,4d,69,63,72,6f,6e,20,4d,54,43,46,30,30,34,41,\
00,4d,69,63,72,6f,6e,20,4d,54,43,46,30,30,38,41,00,53,75,6e,44,69,73,6b,20,\
53,44,50,33,42,2d,31,31,30,00,53,75,6e,44,69,73,6b,20,53,44,43,46,42,2d,34,\
00,42,4e,2d,43,41,42,2d,54,00,4d,45,4d,4f,52,59,53,54,49,43,4b,00,4d,45,4d,\
4f,52,59,53,54,49,43,4b,20,20,20,38,4d,20,20,38,4b,00,00
"NoPowerDownDevice"=hex(7):52,44,2d,44,52,43,30,30,31,2d,4d,20,20,20,20,20,20,\
20,20,20,20,20,20,20,20,20,20,20,20,20,20,20,20,20,20,20,20,20,20,20,00,43,\
53,2d,52,33,37,20,30,20,20,20,20,20,20,20,20,20,20,20,20,20,20,20,20,20,20,\
20,20,20,20,20,20,20,20,20,20,20,20,20,20,00,00
"AutoEjectZipDevice"=hex(7):49,4f,4d,45,47,41,20,20,5a,49,50,20,31,30,30,20,20,\
20,20,20,20,20,41,54,41,50,49,20,20,20,20,20,20,20,20,20,20,20,20,20,32,33,\
2e,44,20,20,20,20,00,49,4f,4d,45,47,41,20,20,5a,49,50,20,31,30,30,20,20,20,\
20,20,20,20,41,54,41,50,49,20,20,20,20,20,20,20,20,20,20,20,20,20,32,31,2e,\
44,20,20,20,20,00,49,4f,4d,45,47,41,20,20,5a,49,50,20,31,30,30,20,20,20,20,\
20,20,20,41,54,41,50,49,20,20,20,20,20,20,20,20,20,20,20,20,20,32,30,2e,44,\
20,20,20,20,00,49,4f,4d,45,47,41,20,20,5a,49,50,20,31,30,30,20,20,20,20,20,\
20,20,41,54,41,50,49,20,20,20,20,20,20,20,20,20,20,20,20,20,39,31,2e,44,20,\
20,20,20,00,49,4f,4d,45,47,41,20,20,5a,49,50,20,31,30,30,20,20,20,20,20,20,\
20,20,20,20,20,20,20,20,20,20,20,20,20,20,20,20,20,20,20,42,2e,32,39,20,20,\
20,20,00,49,4f,4d,45,47,41,20,20,5a,49,50,20,31,30,30,20,20,20,20,20,20,20,\
20,20,20,20,20,20,20,20,20,20,20,20,20,20,20,20,20,20,42,2e,32,32,20,20,20,\
20,00,00
"NeedIdentDevice"=hex(7):51,55,41,4e,54,55,4d,20,46,49,52,45,42,41,4c,4c,00,00
"DefaultPioAtapiDevice"=hex(7):54,4f,52,69,53,41,4e,20,44,56,44,2d,52,4f,4d,20,\
44,52,44,2d,4e,32,31,36,00,49,44,45,2d,43,44,20,52,2f,52,57,20,32,78,32,78,\
32,34,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\atapi\Enum]
"0"="PCIIDE\\IDEChannel\\4&26e3677b&0&0"
"Count"=dword:00000002
"NextInstance"=dword:00000002
"1"="PCIIDE\\IDEChannel\\4&26e3677b&0&1"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Atdisk]
"ErrorControl"=dword:00000000
"Group"="Primary disk"
"Start"=dword:00000004
"Tag"=dword:00000001
"Type"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Ati HotKey Poller]
"Type"=dword:00000110
"Start"=dword:00000002
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,6d,33,\
32,5c,41,74,69,32,65,76,78,78,2e,65,78,65,00
"Group"="Event log"
"ObjectName"="LocalSystem"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Ati HotKey Poller\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,60,00,04,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,\
05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,\
00,18,00,fd,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,02,00,00,01,01,\
00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Ati HotKey Poller\Enum]
"0"="Root\\LEGACY_ATI_HOTKEY_POLLER\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ATI Smart]
"Type"=dword:00000110
"Start"=dword:00000002
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,73,79,73,74,65,6d,33,32,5c,\
61,74,69,32,73,67,61,67,2e,65,78,65,00
"DisplayName"="ATI Smart"
"ObjectName"="LocalSystem"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ATI Smart\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,60,00,04,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,\
05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,\
00,18,00,fd,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,02,00,00,01,01,\
00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ATI Smart\Enum]
"0"="Root\\LEGACY_ATI_SMART\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ati2mtag]
"Type"=dword:00000001
"Start"=dword:00000003
"ErrorControl"=dword:00000000
"Tag"=dword:00000001
"ImagePath"=hex(2):73,79,73,74,65,6d,33,32,5c,44,52,49,56,45,52,53,5c,61,74,69,\
32,6d,74,61,67,2e,73,79,73,00
"Group"="Video"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ati2mtag\Device0]
"InstalledDisplayDrivers"=hex(7):61,74,69,32,64,76,61,67,00,00
"MultiFunctionSupported"=dword:00000001
"GCOOPTION_DisableGPIOPowerSaveMode"=dword:00000001
"ReleaseVersion"="8.05-040812a-017884C-Asus"
"BuildNumber"="17884"
"drv"="ati2dvag.dll"
"DALGameGammaScale"=dword:00646464
"UseNewOGLRegPath"=dword:00000001
"DALRULE_DYNAMICFIXEDDISPLAYMODEREPORTING"=dword:00000001
"DALRULE_ALLOWMONITORRANGELIMITMODESCRT"=dword:00000001
"DALRULE_GETVGAEXPANSIONATBOOT"=dword:00000000
"DisableHotPlugDFP"=dword:00000000
"ExtEvent_EnableAlpsMouseOrientation"=dword:00000000
"ExtEvent_SafeEscapeSupport"=dword:00000001
"DALRULE_DISABLEPSEUDOLARGEDESKTOP"=dword:00000000
"OvlTheaterMode"=hex:00,00,00,00
"DisableOvlTheaterMode"=dword:00000000
"UseVMRPitch"=dword:00000001
"DisableMMSnifferCode"=dword:00000000
"DisableProgPCILatency"=dword:00000000
"DALRULE_GetTVFakeEDID"=dword:00000000
"Catalyst_Version"="0"
"DALRULE_REGISTRYACCESS"=dword:00000000
"DALRULE_RESTRICTCRTANALOGDETECTIONONEDIDMISMATCH"=dword:00000000
"DALRULE_ENABLEDRIVERMODEPRUNNING"=dword:00000000
"GCORULE_ENABLETILEDMEMORYCALCULATION"=dword:00000001
"DALRULE_MACROVISIONINFOREPORT"=dword:00000000
"DALRULE_BANDWIDTHMODEENUM"=dword:00000001
"ExtEvent_LCDSetNativeModeOnResume"=dword:00000000
"DALRULE_LIMITTMDSMODES"=dword:00000000
"DALRULE_RESTRICT640x480MODE"=dword:00000000
"DALRULE_RESTRICT8BPPON2NDDRV"=dword:00000000
"TVForceDetection"=dword:00000000
"DALRULE_ADAPTERBANDWIDTHMODEENUM"=dword:00000000
"GCOOPTION_MinMemEff"=dword:00000000
"GCORULE_IncreaseMinMemEff"=dword:00000000
"DALRULE_DISABLECWDDEDETECTION"=dword:00000000
"DALRULE_SELECTION_SCHEME"=dword:00000000
"DALRULE_NOCRTANDDFPACTIVESIMULTANEOUSLY"=dword:00000000
"DisableTabletPCRotation"=dword:00000001
"DisableSmartSave"=dword:00000000
"DisableSmartSave_DEF"=dword:00000000
"VPUEnableSubmissionBox_DEF"="1"
"ExtEvent_EnableMultiSessions"=dword:00000001
"TVEnableOverscan"=dword:00000001
"RotationSupportLevel"=dword:00000002
"NewRotation"="1"
"DALRULE_DYNAMICMODESUPPORT"=dword:00000001
"CVRULE_CUSTOMIZEDMODESENABLED"=dword:00000001
"GSettingControl"=dword:00000002
"GCOOPTION_DigitalCrtInfo"=hex:a3,38,61,c1,a3,38,61,b1
"GCORULE_FracFbDivSupport"=dword:00000000
"PrimaryTiling"="1"
"GCORULE_FlickerWA"=dword:00000001
"SMOOTHVISION_NAME"="SMOOTHVISION 2.1"
"GCORULE_ENABLERMXFILTER"=dword:00000001
"DALRULE_RESTRICT2ACTIVEDISPLAYS"=dword:00000000
"TVM6Flag"=dword:00000001
"DXVA_WMV"="0"
"DALRULE_ONEDISPLAYBOOTDEFAULT"=dword:00000001
"DfpUsePixSlip"=dword:00000001
"GI"="0"
"Main3D_DEF"="3"
"AntiAlias_DEF"="1"
"AntiAliasSamples_DEF"="0"
"AnisoType_DEF"="0"
"AnisoDegree_DEF"="0"
"TextureOpt_DEF"="0"
"TextureLod_DEF"="0"
"TruformMode_DEF"="0"
"VSyncControl_DEF"="1"
"SwapEffect_DEF"="0"
"TemporalAAMultiplier_DEF"="0"
"ExportCompressedTex_DEF"="1"
"PixelCenter_DEF"="0"
"ForceZBufferDepth_DEF"="0"
"EnableTripleBuffering_DEF"="0"
"ColourDesktopGamma_DEF"="1.0 1.0 1.0"
"ColourDesktopBrightness_DEF"="0 0 0"
"ColourDesktopContrast_DEF"="1.0 1.0 1.0"
"ColourFullscreenGamma_DEF"="1.0 1.0 1.0"
"ColourFullscreenBrightness_DEF"="0 0 0"
"ColourFullscreenContrast_DEF"="1.0 1.0 1.0"
"DALLargeDesktopModesBCD"=hex:12,80,04,80,00,00,00,60,06,40,09,60,00,00,00,60,\
16,00,06,00,00,00,00,60,08,00,12,00,00,00,00,60,20,48,07,68,00,00,00,60,10,\
24,15,36,00,00,00,60,23,04,08,64,00,00,00,60,11,52,17,28,00,00,00,60,25,60,\
10,24,00,00,00,60,12,80,20,48,00,00,00,60,32,00,12,00,00,00,00,60,16,00,24,\
00,00,08,00,60,16,00,24,00,00,16,00,60
"Device Description"="ASUS A9550 Secondary"
"DDC2Disabled"=dword:00000000
"DisableBlockWrite"=dword:00000001
"DisableDMACopy"=dword:00000000
"TestEnv"=dword:00000000
"TimingSelection"=dword:00000000
"VgaCompatible"=dword:00000000
"Adaptive De-interlacing"=dword:00000001
"VPE Adaptive De-interlacing"=dword:00000001
"DisableTimeStampWriteBack"=dword:00000000
"DisableTiling"=dword:00000000
"ExtEvent_EnableHotPlug"=dword:00000001
"ExtEvent_EnableMouseRotation"=dword:00000000
"ExtEvent_DriverMessageSupport"=dword:00000001
"DFPRULE_HotplugSupported"=dword:00000001
"DALRULE_NOTVANDCRTONSAMECONTROLLER"=dword:00000000
"DALRULE_NOCRTANDLCDONSAMECONTROLLER"=dword:00000000
"DALRULE_DISPLAYSRESTRICTMODES"=dword:00000000
"VPUEnableSubmissionBox"="1"
"DALRULE_NOFORCEBOOT"=dword:00000001
"DALRULE_ADDNATIVEMODESTOMODETABLE"=dword:00000001
"DisableFullAdapterInit"=dword:00000000
"GCOOPTION_MaxTmdsPllOutFreq"=hex:50,c3,00,00
"DALNonStandardModesBCD1"=hex:12,80,07,68,00,00,00,00,12,80,09,60,00,00,00,00,\
17,92,13,44,00,00,00,00,18,00,14,40,00,00,00,00,18,56,13,92,00,00,00,00,16,\
00,12,00,00,00,00,70
"DALRULE_NOCRTANDDFPONSAMECONTROLLER"=dword:00000001
"GCORULE_IntTMDSReduceBlankTiming"=dword:00000000
"HDTVRULE_HDTVGDOENABLE"=dword:00000001
"HDTVRULE_HDTVSIGNALFORMAT"=dword:00000001
"DisableEnumAllChilds"=dword:00000001
"TestedBusCaps"=dword:00000000
"RequestedBusCaps"=dword:0000007f

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ati2mtag\Device0\ATI WDM Configurations]
"PnP ID Version"="34"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ati2mtag\Device1]
"InstalledDisplayDrivers"=hex(7):61,74,69,32,64,76,61,67,00,00
"MultiFunctionSupported"=dword:00000001
"GCOOPTION_DisableGPIOPowerSaveMode"=dword:00000001
"ReleaseVersion"="8.05-040812a-017884C-Asus"
"BuildNumber"="17884"
"drv"="ati2dvag.dll"
"DALGameGammaScale"=dword:00646464
"UseNewOGLRegPath"=dword:00000001
"DALRULE_DYNAMICFIXEDDISPLAYMODEREPORTING"=dword:00000001
"DALRULE_ALLOWMONITORRANGELIMITMODESCRT"=dword:00000001
"DALRULE_GETVGAEXPANSIONATBOOT"=dword:00000000
"DisableHotPlugDFP"=dword:00000000
"ExtEvent_EnableAlpsMouseOrientation"=dword:00000000
"ExtEvent_SafeEscapeSupport"=dword:00000001
"DALRULE_DISABLEPSEUDOLARGEDESKTOP"=dword:00000000
"OvlTheaterMode"=hex:00,00,00,00
"DisableOvlTheaterMode"=dword:00000000
"UseVMRPitch"=dword:00000001
"DisableMMSnifferCode"=dword:00000000
"DisableProgPCILatency"=dword:00000000
"DALRULE_GetTVFakeEDID"=dword:00000000
"Catalyst_Version"="0"
"DALRULE_REGISTRYACCESS"=dword:00000000
"DALRULE_RESTRICTCRTANALOGDETECTIONONEDIDMISMATCH"=dword:00000000
"DALRULE_ENABLEDRIVERMODEPRUNNING"=dword:00000000
"GCORULE_ENABLETILEDMEMORYCALCULATION"=dword:00000001
"DALRULE_MACROVISIONINFOREPORT"=dword:00000000
"DALRULE_BANDWIDTHMODEENUM"=dword:00000001
"ExtEvent_LCDSetNativeModeOnResume"=dword:00000000
"DALRULE_LIMITTMDSMODES"=dword:00000000
"DALRULE_RESTRICT640x480MODE"=dword:00000000
"DALRULE_RESTRICT8BPPON2NDDRV"=dword:00000000
"TVForceDetection"=dword:00000000
"DALRULE_ADAPTERBANDWIDTHMODEENUM"=dword:00000000
"GCOOPTION_MinMemEff"=dword:00000000
"GCORULE_IncreaseMinMemEff"=dword:00000000
"DALRULE_DISABLECWDDEDETECTION"=dword:00000000
"DALRULE_SELECTION_SCHEME"=dword:00000000
"DALRULE_NOCRTANDDFPACTIVESIMULTANEOUSLY"=dword:00000000
"DisableTabletPCRotation"=dword:00000001
"DisableSmartSave"=dword:00000000
"DisableSmartSave_DEF"=dword:00000000
"VPUEnableSubmissionBox_DEF"="1"
"ExtEvent_EnableMultiSessions"=dword:00000001
"TVEnableOverscan"=dword:00000001
"RotationSupportLevel"=dword:00000002
"NewRotation"="1"
"DALRULE_DYNAMICMODESUPPORT"=dword:00000001
"CVRULE_CUSTOMIZEDMODESENABLED"=dword:00000001
"GSettingControl"=dword:00000002
"GCOOPTION_DigitalCrtInfo"=hex:a3,38,61,c1,a3,38,61,b1
"GCORULE_FracFbDivSupport"=dword:00000000
"PrimaryTiling"="1"
"GCORULE_FlickerWA"=dword:00000001
"SMOOTHVISION_NAME"="SMOOTHVISION 2.1"
"GCORULE_ENABLERMXFILTER"=dword:00000001
"DALRULE_RESTRICT2ACTIVEDISPLAYS"=dword:00000000
"TVM6Flag"=dword:00000001
"DXVA_WMV"="0"
"DALRULE_ONEDISPLAYBOOTDEFAULT"=dword:00000001
"DfpUsePixSlip"=dword:00000001
"GI"="0"
"Main3D_DEF"="3"
"AntiAlias_DEF"="1"
"AntiAliasSamples_DEF"="0"
"AnisoType_DEF"="0"
"AnisoDegree_DEF"="0"
"TextureOpt_DEF"="0"
"TextureLod_DEF"="0"
"TruformMode_DEF"="0"
"VSyncControl_DEF"="1"
"SwapEffect_DEF"="0"
"TemporalAAMultiplier_DEF"="0"
"ExportCompressedTex_DEF"="1"
"PixelCenter_DEF"="0"
"ForceZBufferDepth_DEF"="0"
"EnableTripleBuffering_DEF"="0"
"ColourDesktopGamma_DEF"="1.0 1.0 1.0"
"ColourDesktopBrightness_DEF"="0 0 0"
"ColourDesktopContrast_DEF"="1.0 1.0 1.0"
"ColourFullscreenGamma_DEF"="1.0 1.0 1.0"
"ColourFullscreenBrightness_DEF"="0 0 0"
"ColourFullscreenContrast_DEF"="1.0 1.0 1.0"
"DALLargeDesktopModesBCD"=hex:12,80,04,80,00,00,00,60,06,40,09,60,00,00,00,60,\
16,00,06,00,00,00,00,60,08,00,12,00,00,00,00,60,20,48,07,68,00,00,00,60,10,\
24,15,36,00,00,00,60,23,04,08,64,00,00,00,60,11,52,17,28,00,00,00,60,25,60,\
10,24,00,00,00,60,12,80,20,48,00,00,00,60,32,00,12,00,00,00,00,60,16,00,24,\
00,00,08,00,60,16,00,24,00,00,16,00,60
"Device Description"="ASUS A9550 Secondary"
"DDC2Disabled"=dword:00000000
"DisableBlockWrite"=dword:00000001
"DisableDMACopy"=dword:00000000
"TestEnv"=dword:00000000
"TimingSelection"=dword:00000000
"VgaCompatible"=dword:00000000
"Adaptive De-interlacing"=dword:00000001
"VPE Adaptive De-interlacing"=dword:00000001
"DisableTimeStampWriteBack"=dword:00000000
"DisableTiling"=dword:00000000
"ExtEvent_EnableHotPlug"=dword:00000001
"ExtEvent_EnableMouseRotation"=dword:00000000
"ExtEvent_DriverMessageSupport"=dword:00000001
"DFPRULE_HotplugSupported"=dword:00000001
"DALRULE_NOTVANDCRTONSAMECONTROLLER"=dword:00000000
"DALRULE_NOCRTANDLCDONSAMECONTROLLER"=dword:00000000
"DALRULE_DISPLAYSRESTRICTMODES"=dword:00000000
"VPUEnableSubmissionBox"="1"
"DALRULE_NOFORCEBOOT"=dword:00000001
"DALRULE_ADDNATIVEMODESTOMODETABLE"=dword:00000001
"DisableFullAdapterInit"=dword:00000000
"GCOOPTION_MaxTmdsPllOutFreq"=hex:50,c3,00,00
"DALNonStandardModesBCD1"=hex:12,80,07,68,00,00,00,00,12,80,09,60,00,00,00,00,\
17,92,13,44,00,00,00,00,18,00,14,40,00,00,00,00,18,56,13,92,00,00,00,00,16,\
00,12,00,00,00,00,70
"DALRULE_NOCRTANDDFPONSAMECONTROLLER"=dword:00000001
"GCORULE_IntTMDSReduceBlankTiming"=dword:00000000
"HDTVRULE_HDTVGDOENABLE"=dword:00000001
"HDTVRULE_HDTVSIGNALFORMAT"=dword:00000001
"DisableEnumAllChilds"=dword:00000001
"TestedBusCaps"=dword:00000000
"RequestedBusCaps"=dword:0000007f

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ati2mtag\Device1\ATI WDM Configurations]
"PnP ID Version"="34"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ati2mtag\Device2]
"InstalledDisplayDrivers"=hex(7):61,74,69,32,64,76,61,67,00,00
"MultiFunctionSupported"=dword:00000001
"GCOOPTION_DisableGPIOPowerSaveMode"=dword:00000001
"ReleaseVersion"="8.05-040812a-017884C-Asus"
"BuildNumber"="17884"
"drv"="ati2dvag.dll"
"DALGameGammaScale"=dword:00646464
"UseNewOGLRegPath"=dword:00000001
"DALRULE_DYNAMICFIXEDDISPLAYMODEREPORTING"=dword:00000001
"DALRULE_ALLOWMONITORRANGELIMITMODESCRT"=dword:00000001
"DALRULE_GETVGAEXPANSIONATBOOT"=dword:00000000
brispie
2007-05-23, 23:49
"VSyncControl_DEF"="1"
"SwapEffect_DEF"="0"
"TemporalAAMultiplier_DEF"="0"
"ExportCompressedTex_DEF"="1"
"PixelCenter_DEF"="0"
"ForceZBufferDepth_DEF"="0"
"EnableTripleBuffering_DEF"="0"
"ColourDesktopGamma_DEF"="1.0 1.0 1.0"
"ColourDesktopBrightness_DEF"="0 0 0"
"ColourDesktopContrast_DEF"="1.0 1.0 1.0"
"ColourFullscreenGamma_DEF"="1.0 1.0 1.0"
"ColourFullscreenBrightness_DEF"="0 0 0"
"ColourFullscreenContrast_DEF"="1.0 1.0 1.0"
"DALLargeDesktopModesBCD"=hex:12,80,04,80,00,00,00,60,06,40,09,60,00,00,00,60,\
16,00,06,00,00,00,00,60,08,00,12,00,00,00,00,60,20,48,07,68,00,00,00,60,10,\
24,15,36,00,00,00,60,23,04,08,64,00,00,00,60,11,52,17,28,00,00,00,60,25,60,\
10,24,00,00,00,60,12,80,20,48,00,00,00,60,32,00,12,00,00,00,00,60,16,00,24,\
00,00,08,00,60,16,00,24,00,00,16,00,60
"Device Description"="ASUS A9550 Secondary"
"DDC2Disabled"=dword:00000000
"DisableBlockWrite"=dword:00000001
"DisableDMACopy"=dword:00000000
"TestEnv"=dword:00000000
"TimingSelection"=dword:00000000
"VgaCompatible"=dword:00000000
"Adaptive De-interlacing"=dword:00000001
"VPE Adaptive De-interlacing"=dword:00000001
"DisableTimeStampWriteBack"=dword:00000000
"DisableTiling"=dword:00000000
"ExtEvent_EnableHotPlug"=dword:00000001
"ExtEvent_EnableMouseRotation"=dword:00000000
"ExtEvent_DriverMessageSupport"=dword:00000001
"DFPRULE_HotplugSupported"=dword:00000001
"DALRULE_NOTVANDCRTONSAMECONTROLLER"=dword:00000000
"DALRULE_NOCRTANDLCDONSAMECONTROLLER"=dword:00000000
"DALRULE_DISPLAYSRESTRICTMODES"=dword:00000000
"VPUEnableSubmissionBox"="1"
"DALRULE_NOFORCEBOOT"=dword:00000001
"DALRULE_ADDNATIVEMODESTOMODETABLE"=dword:00000001
"DisableFullAdapterInit"=dword:00000000
"GCOOPTION_MaxTmdsPllOutFreq"=hex:50,c3,00,00
"DALNonStandardModesBCD1"=hex:12,80,07,68,00,00,00,00,12,80,09,60,00,00,00,00,\
17,92,13,44,00,00,00,00,18,00,14,40,00,00,00,00,18,56,13,92,00,00,00,00,16,\
00,12,00,00,00,00,70
"DALRULE_NOCRTANDDFPONSAMECONTROLLER"=dword:00000001
"GCORULE_IntTMDSReduceBlankTiming"=dword:00000000
"HDTVRULE_HDTVGDOENABLE"=dword:00000001
"HDTVRULE_HDTVSIGNALFORMAT"=dword:00000001
"DisableEnumAllChilds"=dword:00000001
"TestedBusCaps"=dword:00000000
"RequestedBusCaps"=dword:0000007f

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ati2mtag\Device2\ATI WDM Configurations]
"PnP ID Version"="34"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ati2mtag\Device3]
"InstalledDisplayDrivers"=hex(7):61,74,69,32,64,76,61,67,00,00
"MultiFunctionSupported"=dword:00000001
"GCOOPTION_DisableGPIOPowerSaveMode"=dword:00000001
"ReleaseVersion"="8.05-040812a-017884C-Asus"
"BuildNumber"="17884"
"drv"="ati2dvag.dll"
"DALGameGammaScale"=dword:00646464
"UseNewOGLRegPath"=dword:00000001
"DALRULE_DYNAMICFIXEDDISPLAYMODEREPORTING"=dword:00000001
"DALRULE_ALLOWMONITORRANGELIMITMODESCRT"=dword:00000001
"DALRULE_GETVGAEXPANSIONATBOOT"=dword:00000000
"DisableHotPlugDFP"=dword:00000000
"ExtEvent_EnableAlpsMouseOrientation"=dword:00000000
"ExtEvent_SafeEscapeSupport"=dword:00000001
"DALRULE_DISABLEPSEUDOLARGEDESKTOP"=dword:00000000
"OvlTheaterMode"=hex:00,00,00,00
"DisableOvlTheaterMode"=dword:00000000
"UseVMRPitch"=dword:00000001
"DisableMMSnifferCode"=dword:00000000
"DisableProgPCILatency"=dword:00000000
"DALRULE_GetTVFakeEDID"=dword:00000000
"Catalyst_Version"="0"
"DALRULE_REGISTRYACCESS"=dword:00000000
"DALRULE_RESTRICTCRTANALOGDETECTIONONEDIDMISMATCH"=dword:00000000
"DALRULE_ENABLEDRIVERMODEPRUNNING"=dword:00000000
"GCORULE_ENABLETILEDMEMORYCALCULATION"=dword:00000001
"DALRULE_MACROVISIONINFOREPORT"=dword:00000000
"DALRULE_BANDWIDTHMODEENUM"=dword:00000001
"ExtEvent_LCDSetNativeModeOnResume"=dword:00000000
"DALRULE_LIMITTMDSMODES"=dword:00000000
"DALRULE_RESTRICT640x480MODE"=dword:00000000
"DALRULE_RESTRICT8BPPON2NDDRV"=dword:00000000
"TVForceDetection"=dword:00000000
"DALRULE_ADAPTERBANDWIDTHMODEENUM"=dword:00000000
"GCOOPTION_MinMemEff"=dword:00000000
"GCORULE_IncreaseMinMemEff"=dword:00000000
"DALRULE_DISABLECWDDEDETECTION"=dword:00000000
"DALRULE_SELECTION_SCHEME"=dword:00000000
"DALRULE_NOCRTANDDFPACTIVESIMULTANEOUSLY"=dword:00000000
"DisableTabletPCRotation"=dword:00000001
"DisableSmartSave"=dword:00000000
"DisableSmartSave_DEF"=dword:00000000
"VPUEnableSubmissionBox_DEF"="1"
"ExtEvent_EnableMultiSessions"=dword:00000001
"TVEnableOverscan"=dword:00000001
"RotationSupportLevel"=dword:00000002
"NewRotation"="1"
"DALRULE_DYNAMICMODESUPPORT"=dword:00000001
"CVRULE_CUSTOMIZEDMODESENABLED"=dword:00000001
"GSettingControl"=dword:00000002
"GCOOPTION_DigitalCrtInfo"=hex:a3,38,61,c1,a3,38,61,b1
"GCORULE_FracFbDivSupport"=dword:00000000
"PrimaryTiling"="1"
"GCORULE_FlickerWA"=dword:00000001
"SMOOTHVISION_NAME"="SMOOTHVISION 2.1"
"GCORULE_ENABLERMXFILTER"=dword:00000001
"DALRULE_RESTRICT2ACTIVEDISPLAYS"=dword:00000000
"TVM6Flag"=dword:00000001
"DXVA_WMV"="0"
"DALRULE_ONEDISPLAYBOOTDEFAULT"=dword:00000001
"DfpUsePixSlip"=dword:00000001
"GI"="0"
"Main3D_DEF"="3"
"AntiAlias_DEF"="1"
"AntiAliasSamples_DEF"="0"
"AnisoType_DEF"="0"
"AnisoDegree_DEF"="0"
"TextureOpt_DEF"="0"
"TextureLod_DEF"="0"
"TruformMode_DEF"="0"
"VSyncControl_DEF"="1"
"SwapEffect_DEF"="0"
"TemporalAAMultiplier_DEF"="0"
"ExportCompressedTex_DEF"="1"
"PixelCenter_DEF"="0"
"ForceZBufferDepth_DEF"="0"
"EnableTripleBuffering_DEF"="0"
"ColourDesktopGamma_DEF"="1.0 1.0 1.0"
"ColourDesktopBrightness_DEF"="0 0 0"
"ColourDesktopContrast_DEF"="1.0 1.0 1.0"
"ColourFullscreenGamma_DEF"="1.0 1.0 1.0"
"ColourFullscreenBrightness_DEF"="0 0 0"
"ColourFullscreenContrast_DEF"="1.0 1.0 1.0"
"DALLargeDesktopModesBCD"=hex:12,80,04,80,00,00,00,60,06,40,09,60,00,00,00,60,\
16,00,06,00,00,00,00,60,08,00,12,00,00,00,00,60,20,48,07,68,00,00,00,60,10,\
24,15,36,00,00,00,60,23,04,08,64,00,00,00,60,11,52,17,28,00,00,00,60,25,60,\
10,24,00,00,00,60,12,80,20,48,00,00,00,60,32,00,12,00,00,00,00,60,16,00,24,\
00,00,08,00,60,16,00,24,00,00,16,00,60
"Device Description"="ASUS A9550 Secondary"
"DDC2Disabled"=dword:00000000
"DisableBlockWrite"=dword:00000001
"DisableDMACopy"=dword:00000000
"TestEnv"=dword:00000000
"TimingSelection"=dword:00000000
"VgaCompatible"=dword:00000000
"Adaptive De-interlacing"=dword:00000001
"VPE Adaptive De-interlacing"=dword:00000001
"DisableTimeStampWriteBack"=dword:00000000
"DisableTiling"=dword:00000000
"ExtEvent_EnableHotPlug"=dword:00000001
"ExtEvent_EnableMouseRotation"=dword:00000000
"ExtEvent_DriverMessageSupport"=dword:00000001
"DFPRULE_HotplugSupported"=dword:00000001
"DALRULE_NOTVANDCRTONSAMECONTROLLER"=dword:00000000
"DALRULE_NOCRTANDLCDONSAMECONTROLLER"=dword:00000000
"DALRULE_DISPLAYSRESTRICTMODES"=dword:00000000
"VPUEnableSubmissionBox"="1"
"DALRULE_NOFORCEBOOT"=dword:00000001
"DALRULE_ADDNATIVEMODESTOMODETABLE"=dword:00000001
"DisableFullAdapterInit"=dword:00000000
"GCOOPTION_MaxTmdsPllOutFreq"=hex:50,c3,00,00
"DALNonStandardModesBCD1"=hex:12,80,07,68,00,00,00,00,12,80,09,60,00,00,00,00,\
17,92,13,44,00,00,00,00,18,00,14,40,00,00,00,00,18,56,13,92,00,00,00,00,16,\
00,12,00,00,00,00,70
"DALRULE_NOCRTANDDFPONSAMECONTROLLER"=dword:00000001
"GCORULE_IntTMDSReduceBlankTiming"=dword:00000000
"HDTVRULE_HDTVGDOENABLE"=dword:00000001
"HDTVRULE_HDTVSIGNALFORMAT"=dword:00000001
"DisableEnumAllChilds"=dword:00000001
"TestedBusCaps"=dword:00000000
"RequestedBusCaps"=dword:0000007f

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ati2mtag\Device3\ATI WDM Configurations]
"PnP ID Version"="34"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ati2mtag\Enum]
"0"="PCI\\VEN_1002&DEV_4153&SUBSYS_00381043&REV_00\\4&102ac5bc&0&00F0"
"Count"=dword:00000002
"NextInstance"=dword:00000002
"1"="PCI\\VEN_1002&DEV_4173&SUBSYS_00391043&REV_00\\4&102ac5bc&0&01F0"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ati2mtag\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,60,00,04,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,\
05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,\
00,18,00,fd,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,02,00,00,01,01,\
00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ati2mtag\Video]
"Service"="ati2mtag"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Atmarpc]
"Type"=dword:00000001
"Start"=dword:00000003
"ErrorControl"=dword:00000001
"Tag"=dword:0000000a
"ImagePath"=hex(2):73,79,73,74,65,6d,33,32,5c,44,52,49,56,45,52,53,5c,61,74,6d,\
61,72,70,63,2e,73,79,73,00
"DisplayName"="ATM ARP Client Protocol"
"Group"="NDIS"
"DependOnService"=hex(7):54,63,70,69,70,00,00
"DependOnGroup"=hex(7):00
"Description"="ATM ARP Client Protocol"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Atmarpc\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,60,00,04,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,\
05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,\
00,18,00,fd,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,02,00,00,01,01,\
00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AudioSrv]
"DependOnService"=hex(7):50,6c,75,67,50,6c,61,79,00,52,70,63,53,73,00,00
"Description"="Manages audio devices for Windows-based programs. If this service is stopped, audio devices and effects will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start."
"DisplayName"="Windows Audio"
"ErrorControl"=dword:00000001
"Group"="AudioGroup"
"ImagePath"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,65,6d,33,\
32,5c,73,76,63,68,6f,73,74,2e,65,78,65,20,2d,6b,20,6e,65,74,73,76,63,73,00
"ObjectName"="LocalSystem"
"Start"=dword:00000002
"Type"=dword:00000020

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AudioSrv\Parameters]
"ServiceDll"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,65,6d,\
33,32,5c,61,75,64,69,6f,73,72,76,2e,64,6c,6c,00
"ServiceDllUnloadOnStop"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AudioSrv\Enum]
"0"="Root\\LEGACY_AUDIOSRV\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001
brispie
2007-05-23, 23:50
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\audstub]
"Type"=dword:00000001
"Start"=dword:00000003
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):73,79,73,74,65,6d,33,32,5c,44,52,49,56,45,52,53,5c,61,75,64,\
73,74,75,62,2e,73,79,73,00
"DisplayName"="Audio Stub Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\audstub\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,60,00,04,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,\
05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,\
00,18,00,fd,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,02,00,00,01,01,\
00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\audstub\Enum]
"0"="Root\\MEDIA\\MS_MMACM"
"Count"=dword:00000005
"NextInstance"=dword:00000005
"1"="Root\\MEDIA\\MS_MMDRV"
"2"="Root\\MEDIA\\MS_MMMCI"
"3"="Root\\MEDIA\\MS_MMVCD"
"4"="Root\\MEDIA\\MS_MMVID"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Automatic LiveUpdate Scheduler]
"Type"=dword:00000010
"Start"=dword:00000002
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):22,43,3a,5c,50,72,6f,67,72,61,6d,20,46,69,6c,65,73,5c,53,79,\
6d,61,6e,74,65,63,5c,4c,69,76,65,55,70,64,61,74,65,5c,41,4c,55,53,63,68,65,\
64,75,6c,65,72,53,76,63,2e,65,78,65,22,00
"DisplayName"="Automatic LiveUpdate Scheduler"
"DependOnService"=hex(7):52,50,43,53,53,00,00
"DependOnGroup"=hex(7):00
"ObjectName"="LocalSystem"
"Description"="Manages the scheduling of Automatic LiveUpdate sessions"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Automatic LiveUpdate Scheduler\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,60,00,04,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,\
05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,\
00,18,00,fd,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,02,00,00,01,01,\
00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Automatic LiveUpdate Scheduler\Enum]
"0"="Root\\LEGACY_AUTOMATIC_LIVEUPDATE_SCHEDULER\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Avg7Alrt]
"Type"=dword:00000110
"Start"=dword:00000002
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):43,3a,5c,50,52,4f,47,52,41,7e,31,5c,47,72,69,73,6f,66,74,5c,\
41,56,47,37,5c,61,76,67,61,6d,73,76,72,2e,65,78,65,00
"DisplayName"="AVG7 Alert Manager Server"
"DependOnService"=hex(7):52,50,43,53,53,00,00
"DependOnGroup"=hex(7):00
"ObjectName"="LocalSystem"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Avg7Alrt\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,60,00,04,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,\
05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,\
00,18,00,fd,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,02,00,00,01,01,\
00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Avg7Alrt\Enum]
"0"="Root\\LEGACY_AVG7ALRT\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Avg7Core]
"Type"=dword:00000001
"Start"=dword:00000001
"ErrorControl"=dword:00000001
"Tag"=dword:00000001
"ImagePath"=hex(2):5c,53,79,73,74,65,6d,52,6f,6f,74,5c,53,79,73,74,65,6d,33,32,\
5c,44,72,69,76,65,72,73,5c,61,76,67,37,63,6f,72,65,2e,73,79,73,00
"DisplayName"="AVG7 Kernel"
"Group"="AVG"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Avg7Core\Parameters]
"AvgDir"="C:\\PROGRA~1\\Grisoft\\AVG7\\"
"AvgLng"=dword:00000001
"TempDir"="C:\\DOCUME~1\\ALLUSE~1\\APPLIC~1\\Grisoft\\Avg7Data\\"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Avg7Core\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,60,00,04,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,\
05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,\
00,18,00,fd,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,02,00,00,01,01,\
00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Avg7Core\Enum]
"0"="Root\\LEGACY_AVG7CORE\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Avg7RsW]
"Type"=dword:00000001
"Start"=dword:00000001
"ErrorControl"=dword:00000001
"Tag"=dword:00000002
"ImagePath"=hex(2):5c,53,79,73,74,65,6d,52,6f,6f,74,5c,53,79,73,74,65,6d,33,32,\
5c,44,72,69,76,65,72,73,5c,61,76,67,37,72,73,77,2e,73,79,73,00
"DisplayName"="AVG7 Wrap Driver"
"Group"="AVG"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Avg7RsW\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,60,00,04,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,\
05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,\
00,18,00,fd,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,02,00,00,01,01,\
00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Avg7RsW\Enum]
"0"="Root\\LEGACY_AVG7RSW\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Avg7RsXP]
"Type"=dword:00000001
"Start"=dword:00000001
"ErrorControl"=dword:00000001
"Tag"=dword:00000003
"ImagePath"=hex(2):5c,53,79,73,74,65,6d,52,6f,6f,74,5c,53,79,73,74,65,6d,33,32,\
5c,44,72,69,76,65,72,73,5c,61,76,67,37,72,73,78,70,2e,73,79,73,00
"DisplayName"="AVG7 Resident Driver XP"
"Group"="AVG"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Avg7RsXP\Parameters]
"Params"=dword:0000c007
"IgnoreFilesystem"=dword:000000c0
"Extensions"=hex:36,69,c4,8b,53,68,0c,c8,f7,fa,2a,09,15,f2,ab,88,44,3a,ca,67,\
e6,cf,eb,95,e5,93,34,f4,36,6a,c4,8b,53,3c,4d,8a,28,33,ed,c5,ca,2d,74,57,44,\
74,83,55,39,40,67,0b,3a,4c,eb,2b,36,3a,89,c9,8c,b7,d3,17,f7,ec,32,1a,ca,62,\
3b,15,9b,e5,15,c8,e6,9f,b8,d4,3a,01,a3,68,e9,b5,1b,54,53,68,0c,c8,f7,ad,7e,\
59,15,f2,ab,88,44,3a,ca,17,b5,de,f4,97,e5,93,34,f4,36,6a,c4,8b,53,2c,41,8b,\
28,33,ed,c5,ca,2d,74,57,44,77,84,54,39,40,67,0b,3a,4c,eb,2b,36,27,8b,c8,8c,\
b7,d3,17,f7,ec,32,1a,ca,61,24,14,9b,e5,15,c8,e6,9f,b8,d4,3a,1a,ae,6f,e9,b5,\
1b,54,53,68,0c,c8,f7,a0,7e,5e,15,f2,ab,88,44,3a,ca,17,e6,9f,f7,90,3a,4c,34,\
f4,36,6a,c4,8b,53,3e,5e,8c,28,33,ed,c5,ca,2d,74,57,44,76,87,52,39,40,67,0b,\
3a,4c,eb,2b,36,2f,9c,ce,8c,b7,d3,17,f7,ec,32,1a,ca,6b,3d,10,9b,e5,15,c8,e6,\
9f,b8,d4,3a,1c,a7,63,e9,b5,1b,54,53,68,0c,c8,f7,ec,66,52,ca,2d,ab,88,44,3a,\
ca,17,e6,d6,f6,9d,e5,93,34,f4,36,6a,c4,8b,14,2d,5c,82,28,33,ed,c5,ca,2d,74,\
57,44,7d,9a,5d,39,40,67,0b,3a,4c,eb,2b,36,6a,97,c1,53,68,d3,17,f7,ec,32,1a,\
ca,66,3a,1b,9b,e5,15,c8,e6,9f,b8,d4,3a,4c,af,66,36,6a,1b,54,53,68,0c,c8,f7,\
ab,61,57,15,f2,ab,88,44,3a,ca,17,e6,cc,ef,9a,e5,93,34,f4,36,6a,c4,8b,53,30,\
4f,87,28,33,ed,c5,ca,2d,74,57,44,3a,9c,58,e6,9f,67,0b,3a,4c,eb,2b,36,32,87,\
db,8c,b7,d3,17,f7,ec,32,1a,ca,60,33,07,9b,e5,15,c8,e6,9f,b8,d4,3a,1c,a3,7b,\
36,b5,1b,54,53,68,0c,c8,f7,aa,7b,4a,15,f2,ab,88,44,3a,ca,17,e6,9f,f4,84,3a,\
4c,34,f4,36,6a,c4,8b,53,2f,42,98,28,33,ed,c5,ca,2d,74,57,44,6e,85,47,39,40,\
67,0b,3a,4c,eb,2b,36,6a,94,db,53,68,d3,17,f7,ec,32,1a,ca,7f,37,04,9b,e5,15,\
c8,e6,9f,b8,d4,3a,1f,a3,78,e9,b5,1b,54,53,68,0c,c8,f7,a1,7f,49,15,f2,ab,88,\
44,3a,ca,17,e6,cc,e1,87,e5,93,34,f4,36,6a,c4,8b,53,2e,45,9c,28,33,ed,c5,ca,\
2d,74,57,44,7f,88,41,39,40,67,0b,3a,4c,eb,2b,36,39,86,dd,8c,b7,d3,17,f7,ec,\
32,1a,ca,75,36,01,9b,e5,15,c8,e6,9f,b8,d4,3a,08,b3,7d,e9,b5,1b,54,53,68,0c,\
c8,f7,aa,7f,4d,15,f2,ab,88,44,3a,ca,17,e6,9f,f4,8c,3a,4c,34,f4,36,6a,c4,8b,\
53,24,41,90,28,33,ed,c5,ca,2d,74,57,44,3a,86,4d,e6,9f,67,0b,3a,4c,eb,2b,c9,\
95,3b,74,53,68,0c,c8,f7,ec,32,1a,35,d2,8b,a8,44,3a,ca,17,e6,9f,b8,d4,c5,b3,\
14,d4,36,6a,c4,8b,53,68,0c,c8,08,13,cd,e5,ca,2d,74,57,44,3a,ca,17,19,60,47,\
2b,3a,4c,eb,2b,36,6a,c4,8b,ac,97,f3,37,f7,ec,32,1a,ca,2d,74,57,bb,c5,35,e8,\
e6,9f,b8,d4,3a,4c,eb,2b,c9,95,3b,74,53,68,0c,c8,f7,ec,32,1a,35,d2,8b,a8,44,\
3a,ca,17,e6,9f,b8,d4,c5,b3,14,d4,36,6a,c4,8b,53,68,0c,c8,08,13,cd,e5,ca,2d,\
74,57,44,3a,ca,17,0b,6d
"Security"=hex:01,00,04,90,00,00,00,00,00,00,00,00,00,00,00,00,14,00,00,00,02,\
00,20,00,01,00,00,00,00,03,18,00,ff,01,1f,00,01,02,00,00,00,00,00,05,20,00,\
00,00,20,02,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Avg7RsXP\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,60,00,04,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,\
05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,\
00,18,00,fd,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,02,00,00,01,01,\
00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Avg7RsXP\Enum]
"0"="Root\\LEGACY_AVG7RSXP\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Avg7UpdSvc]
"Type"=dword:00000010
"Start"=dword:00000002
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):43,3a,5c,50,52,4f,47,52,41,7e,31,5c,47,72,69,73,6f,66,74,5c,\
41,56,47,37,5c,61,76,67,75,70,73,76,63,2e,65,78,65,00
"DisplayName"="AVG7 Update Service"
"DependOnService"=hex(7):52,50,43,53,53,00,00
"DependOnGroup"=hex(7):00
"ObjectName"="LocalSystem"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Avg7UpdSvc\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,60,00,04,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,\
05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,\
00,18,00,fd,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,02,00,00,01,01,\
00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Avg7UpdSvc\Enum]
"0"="Root\\LEGACY_AVG7UPDSVC\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AvgClean]
"Type"=dword:00000001
"Start"=dword:00000001
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):5c,53,79,73,74,65,6d,52,6f,6f,74,5c,53,79,73,74,65,6d,33,32,\
5c,44,72,69,76,65,72,73,5c,61,76,67,63,6c,65,61,6e,2e,73,79,73,00
"DisplayName"="AVG7 Clean Driver"
"Group"="base"
"DependOnService"=hex(7):4e,74,66,73,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AvgClean\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,60,00,04,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,\
05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,\
00,18,00,fd,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,02,00,00,01,01,\
00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AvgClean\Enum]
"0"="Root\\LEGACY_AVGCLEAN\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AVGEMS]
"Type"=dword:00000110
"Start"=dword:00000002
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):43,3a,5c,50,52,4f,47,52,41,7e,31,5c,47,72,69,73,6f,66,74,5c,\
41,56,47,37,5c,61,76,67,65,6d,63,2e,65,78,65,00
"DisplayName"="AVG E-mail Scanner"
"DependOnService"=hex(7):52,50,43,53,53,00,00
"DependOnGroup"=hex(7):00
"ObjectName"="LocalSystem"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AVGEMS\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,60,00,04,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,\
05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,\
00,18,00,fd,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,02,00,00,01,01,\
00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AVGEMS\Enum]
"0"="Root\\LEGACY_AVGEMS\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AvgTdi]
"Type"=dword:00000001
"Start"=dword:00000002
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):5c,53,79,73,74,65,6d,52,6f,6f,74,5c,53,79,73,74,65,6d,33,32,\
5c,44,72,69,76,65,72,73,5c,61,76,67,74,64,69,2e,73,79,73,00
"DisplayName"="AVG Network Redirector"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AvgTdi\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,60,00,04,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,\
05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,\
00,18,00,fd,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,02,00,00,01,01,\
00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AvgTdi\Enum]
"0"="Root\\LEGACY_AVGTDI\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BattC]
"MofImagePath"=hex(2):53,79,73,74,65,6d,33,32,5c,44,72,69,76,65,72,73,5c,62,61,\
74,74,63,2e,73,79,73,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Beep]
"ErrorControl"=dword:00000001
"Group"="Base"
"Start"=dword:00000001
"Tag"=dword:00000002
"Type"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Beep\Enum]
"0"="Root\\LEGACY_BEEP\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BITS]
"Type"=dword:00000020
"Start"=dword:00000003
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,6d,33,\
32,5c,73,76,63,68,6f,73,74,2e,65,78,65,20,2d,6b,20,6e,65,74,73,76,63,73,00
"DisplayName"="Background Intelligent Transfer Service"
"DependOnService"=hex(7):52,70,63,53,73,00,00
"DependOnGroup"=hex(7):00
"ObjectName"="LocalSystem"
"Description"="Transfers data between clients and servers in the background. If BITS is disabled, features such as Windows Update will not work correctly."
"FailureActions"=hex:00,00,00,00,00,00,00,00,00,00,00,00,03,00,00,00,68,e3,0c,\
00,01,00,00,00,60,ea,00,00,01,00,00,00,60,ea,00,00,01,00,00,00,60,ea,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BITS\Parameters]
"ServiceDll"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,73,79,73,74,65,6d,33,32,\
5c,71,6d,67,72,2e,64,6c,6c,00
brispie
2007-05-23, 23:51
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BITS\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,60,00,04,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,\
05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,\
00,18,00,fd,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,02,00,00,01,01,\
00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BITS\Enum]
"0"="Root\\LEGACY_BITS\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Browser]
"Type"=dword:00000020
"Start"=dword:00000002
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,6d,33,\
32,5c,73,76,63,68,6f,73,74,2e,65,78,65,20,2d,6b,20,6e,65,74,73,76,63,73,00
"DisplayName"="Computer Browser"
"DependOnService"=hex(7):4c,61,6e,6d,61,6e,57,6f,72,6b,73,74,61,74,69,6f,6e,00,\
4c,61,6e,6d,61,6e,53,65,72,76,65,72,00,00
"DependOnGroup"=hex(7):00
"ObjectName"="LocalSystem"
"Description"="Maintains an updated list of computers on the network and supplies this list to computers designated as browsers. If this service is stopped, this list will not be updated or maintained. If this service is disabled, any services that explicitly depend on it will fail to start."

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Browser\Parameters]
"IsDomainMaster"="FALSE"
"MaintainServerList"="Auto"
"ServiceDll"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,65,6d,\
33,32,5c,62,72,6f,77,73,65,72,2e,64,6c,6c,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Browser\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,60,00,04,00,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,\
05,0b,00,00,00,00,00,18,00,9d,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,\
23,02,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,20,\
02,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,05,12,00,00,00,01,01,\
00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Browser\Enum]
"0"="Root\\LEGACY_BROWSER\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\cbidf2k]
"ErrorControl"=dword:00000001
"Group"="SCSI miniport"
"Start"=dword:00000004
"Tag"=dword:00000019
"Type"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\cbidf2k\Parameters]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\cbidf2k\Parameters\PnpInterface]
"1"=dword:00000001
"5"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\cd20xrnt]
"ErrorControl"=dword:00000001
"Group"="SCSI miniport"
"Start"=dword:00000004
"Tag"=dword:0000003a
"Type"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\cd20xrnt\Parameters]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\cd20xrnt\Parameters\PnpInterface]
"1"=dword:00000011

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Cdaudio]
"ErrorControl"=dword:00000000
"Group"="Filter"
"Start"=dword:00000001
"Tag"=dword:00000006
"Type"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Cdaudio\Enum]
"Count"=dword:00000000
"NextInstance"=dword:00000000
"INITSTARTFAILED"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Cdfs]
"DependOnGroup"=hex(7):53,43,53,49,20,43,44,52,4f,4d,20,43,6c,61,73,73,00,00
"ErrorControl"=dword:00000001
"Group"="File system"
"Start"=dword:00000004
"Type"=dword:00000002

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Cdfs\Enum]
"0"="Root\\LEGACY_CDFS\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Cdrom]
"DependOnGroup"=hex(7):53,43,53,49,20,6d,69,6e,69,70,6f,72,74,00,00
"ErrorControl"=dword:00000001
"Group"="SCSI CDROM Class"
"Start"=dword:00000001
"Tag"=dword:00000002
"Type"=dword:00000001
"DisplayName"="CD-ROM Driver"
"ImagePath"=hex(2):73,79,73,74,65,6d,33,32,5c,44,52,49,56,45,52,53,5c,63,64,72,\
6f,6d,2e,73,79,73,00
"AutoRun"=dword:00000001
"AutoRunAlwaysDisable"=hex(7):4e,45,43,20,20,20,20,20,4d,42,52,2d,37,20,20,20,\
00,4e,45,43,20,20,20,20,20,4d,42,52,2d,37,2e,34,20,00,50,49,4f,4e,45,45,52,\
20,43,48,41,4e,47,52,20,44,52,4d,2d,31,38,30,34,58,00,50,49,4f,4e,45,45,52,\
20,43,44,2d,52,4f,4d,20,44,52,4d,2d,36,33,32,34,58,00,50,49,4f,4e,45,45,52,\
20,43,44,2d,52,4f,4d,20,44,52,4d,2d,36,32,34,58,20,00,54,4f,52,69,53,41,4e,\
20,43,44,2d,52,4f,4d,20,43,44,52,5f,43,33,36,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Cdrom\Enum]
"0"="IDE\\CdRomSONY_CD-RW__CRX320EE____________________RYK3____\\3032353030313630303030303533383520202020"
"Count"=dword:00000001
"NextInstance"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Changer]
"ErrorControl"=dword:00000000
"Group"="Filter"
"Start"=dword:00000001
"Tag"=dword:00000005
"Type"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\CiSvc]
"DependOnService"=hex(7):52,50,43,53,53,00,00
"Description"="Indexes contents and properties of files on local and remote computers; provides rapid access to files through flexible querying language."
"DisplayName"="Indexing Service"
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,6d,33,\
32,5c,63,69,73,76,63,2e,65,78,65,00
"ObjectName"="LocalSystem"
"Start"=dword:00000003
"Type"=dword:00000120

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ClipSrv]
"DependOnService"=hex(7):4e,65,74,44,44,45,00,00
"Description"="Enables ClipBook Viewer to store information and share it with remote computers. If the service is stopped, ClipBook Viewer will not be able to share information with remote computers. If this service is disabled, any services that explicitly depend on it will fail to start."
"DisplayName"="ClipBook"
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,6d,33,\
32,5c,63,6c,69,70,73,72,76,2e,65,78,65,00
"ObjectName"="LocalSystem"
"Start"=dword:00000004
"Type"=dword:00000010

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ClipSrv\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,60,00,04,00,00,00,00,00,14,00,8d,00,02,00,01,01,00,00,00,00,00,\
05,0b,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
20,02,00,00,00,00,18,00,8d,00,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,\
02,00,00,00,00,14,00,9d,00,00,00,01,01,00,00,00,00,00,05,04,00,00,00,01,01,\
00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\CmdIde]
"ErrorControl"=dword:00000001
"Group"="System Bus Extender"
"Start"=dword:00000004
"Tag"=dword:00000004
"Type"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\cmdService]
"Type"=dword:00000110

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\cmdService\Enum]
"0"="Root\\LEGACY_CMDSERVICE\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\COMSysApp]
"Type"=dword:00000010
"Start"=dword:00000003
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,73,79,73,74,65,6d,33,32,5c,\
64,6c,6c,68,6f,73,74,2e,65,78,65,20,2f,50,72,6f,63,65,73,73,69,64,3a,7b,30,\
32,44,34,42,33,46,31,2d,46,44,38,38,2d,31,31,44,31,2d,39,36,30,44,2d,30,30,\
38,30,35,46,43,37,39,32,33,35,7d,00
"DisplayName"="COM+ System Application"
"DependOnService"=hex(7):72,70,63,73,73,00,00
"DependOnGroup"=hex(7):00
"ObjectName"="LocalSystem"
"Description"="Manages the configuration and tracking of Component Object Model (COM)+-based components. If the service is stopped, most COM+-based components will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start."
"FailureActions"=hex:1e,00,00,00,00,00,00,00,00,00,00,00,03,00,00,00,04,00,03,\
00,01,00,00,00,e8,03,00,00,01,00,00,00,88,13,00,00,00,00,00,00,e8,03,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\COMSysApp\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,60,00,04,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,\
05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,\
00,18,00,fd,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,02,00,00,01,01,\
00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\COMSysApp\Enum]
"0"="Root\\LEGACY_COMSYSAPP\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ContentFilter]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ContentFilter\Linkage]
"Bind"="\\Dummy"
"Export"="\\Dummy"
"Route"="\\Dummy"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ContentFilter\Performance]
"Close"="DoneFILTERPerformanceData"
"Collect"="CollectFILTERPerformanceData"
"Open"="InitializeFILTERPerformanceData"
"Library"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,65,6d,33,\
32,5c,71,75,65,72,79,2e,64,6c,6c,00
"Last Counter"=dword:000008c8
"Last Help"=dword:000008c9
"First Counter"=dword:000008c2
"First Help"=dword:000008c3
"Object List"="2242"
"WbemAdapFileSignature"=hex:0e,5a,34,78,55,08,cd,55,5e,d1,bb,15,d3,71,55,79
"WbemAdapFileTime"=hex:00,5b,4e,ea,bd,79,c4,01
"WbemAdapFileSize"=dword:0015e800
"WbemAdapStatus"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ContentIndex]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ContentIndex\Linkage]
"Bind"="\\Dummy"
"Export"="\\Dummy"
"Route"="\\Dummy"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ContentIndex\Performance]
"Close"="DoneCIPerformanceData"
"Collect"="CollectCIPerformanceData"
"Open"="InitializeCIPerformanceData"
"Library"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,65,6d,33,\
32,5c,71,75,65,72,79,2e,64,6c,6c,00
"Last Counter"=dword:000008c0
"Last Help"=dword:000008c1
"First Counter"=dword:000008aa
"First Help"=dword:000008ab
"Object List"="2218"
"WbemAdapFileSignature"=hex:0e,5a,34,78,55,08,cd,55,5e,d1,bb,15,d3,71,55,79
"WbemAdapFileTime"=hex:00,5b,4e,ea,bd,79,c4,01
"WbemAdapFileSize"=dword:0015e800
"WbemAdapStatus"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Cpqarray]
"ErrorControl"=dword:00000001
"Group"="SCSI miniport"
"Start"=dword:00000004
"Tag"=dword:00000100
"Type"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Cpqarray\Parameters]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Cpqarray\Parameters\PnpInterface]
"2"=dword:00000001
"5"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Creative Service for CDROM Access]
"Type"=dword:00000010
"Start"=dword:00000004
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,73,79,73,74,65,6d,33,32,5c,\
43,54,73,76,63,43,44,41,2e,65,78,65,00
"DisplayName"="Creative Service for CDROM Access"
"ObjectName"="LocalSystem"
brispie
2007-05-23, 23:51
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Creative Service for CDROM Access\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,60,00,04,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,\
05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,\
00,18,00,fd,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,02,00,00,01,01,\
00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Creative Service for CDROM Access\Enum]
"0"="Root\\LEGACY_CREATIVE_SERVICE_FOR_CDROM_ACCESS\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\CryptSvc]
"DependOnService"=hex(7):52,70,63,53,73,00,00
"Description"="Provides three management services: Catalog Database Service, which confirms the signatures of Windows files; Protected Root Service, which adds and removes Trusted Root Certification Authority certificates from this computer; and Key Service, which helps enroll this computer for certificates. If this service is stopped, these management services will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start."
"DisplayName"="Cryptographic Services"
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,6d,33,\
32,5c,73,76,63,68,6f,73,74,2e,65,78,65,20,2d,6b,20,6e,65,74,73,76,63,73,00
"ObjectName"="LocalSystem"
"Start"=dword:00000002
"Type"=dword:00000020

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\CryptSvc\Parameters]
"ServiceDll"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,65,6d,\
33,32,5c,63,72,79,70,74,73,76,63,2e,64,6c,6c,00
"ServiceMain"="CryptServiceMain"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\CryptSvc\Security]
"Security"=hex:00,00,0e,00,01

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\CryptSvc\Enum]
"0"="Root\\LEGACY_CRYPTSVC\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\dac2w2k]
"Group"="SCSI miniport"
"Start"=dword:00000004
"Tag"=dword:00000020
"Type"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\dac2w2k\Parameters]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\dac2w2k\Parameters\PnpInterface]
"2"=dword:00000001
"5"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\dac960nt]
"ErrorControl"=dword:00000001
"Group"="SCSI miniport"
"Start"=dword:00000004
"Tag"=dword:00000020
"Type"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\dac960nt\Parameters]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\dac960nt\Parameters\PnpInterface]
"2"=dword:00000001
"5"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\DcomLaunch]
"Description"="Provides launch functionality for DCOM services."
"DisplayName"="DCOM Server Process Launcher"
"ErrorControl"=dword:00000001
"Group"="Event Log"
"ImagePath"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,6d,33,\
32,5c,73,76,63,68,6f,73,74,20,2d,6b,20,44,63,6f,6d,4c,61,75,6e,63,68,00
"ObjectName"="LocalSystem"
"Start"=dword:00000002
"Type"=dword:00000020
"FailureActions"=hex:00,00,00,00,00,00,00,00,00,00,00,00,01,00,00,00,00,00,00,\
00,02,00,00,00,60,ea,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\DcomLaunch\Parameters]
"ServiceDll"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,6d,\
33,32,5c,72,70,63,73,73,2e,64,6c,6c,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\DcomLaunch\Security]
"Security"=hex:01,00,14,80,b4,00,00,00,c0,00,00,00,14,00,00,00,34,00,00,00,02,\
00,20,00,01,00,00,00,02,80,18,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,20,02,00,00,02,00,80,00,05,00,00,00,00,03,18,00,8d,00,02,00,01,01,00,\
00,00,00,00,01,00,00,00,00,00,00,00,00,00,03,18,00,ff,01,0f,00,01,02,00,00,\
00,00,00,05,20,00,00,00,20,02,00,00,00,03,18,00,8f,00,02,00,01,02,00,00,00,\
00,00,05,20,00,00,00,23,02,00,00,00,03,18,00,9d,00,00,00,01,01,00,00,00,00,\
00,05,04,00,00,00,23,02,00,00,00,03,18,00,9d,00,00,00,01,02,00,00,00,00,00,\
05,20,00,00,00,21,02,00,00,01,01,00,00,00,00,00,05,12,00,00,00,01,01,00,00,\
00,00,00,05,12,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\DcomLaunch\Enum]
"0"="Root\\LEGACY_DCOMLAUNCH\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dhcp]
"Type"=dword:00000020
"Start"=dword:00000002
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,6d,33,\
32,5c,73,76,63,68,6f,73,74,2e,65,78,65,20,2d,6b,20,6e,65,74,73,76,63,73,00
"DisplayName"="DHCP Client"
"Group"="TDI"
"DependOnService"=hex(7):54,63,70,69,70,00,41,66,64,00,4e,65,74,42,54,00,00
"DependOnGroup"=hex(7):00
"ObjectName"="LocalSystem"
"Description"="Manages network configuration by registering and updating IP addresses and DNS names."

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dhcp\Configurations]
"Options"=hex:32,00,00,00,00,00,00,00,04,00,00,00,00,00,00,00,ff,ff,ff,7f,00,\
00,00,00,01,00,00,00,00,00,00,00,04,00,00,00,00,00,00,00,ff,ff,ff,7f,00,00,\
00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dhcp\Linkage]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dhcp\Linkage\Disabled]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dhcp\Parameters]
"ServiceDll"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,65,6d,\
33,32,5c,64,68,63,70,63,73,76,63,2e,64,6c,6c,00
"{AEC81411-BE1E-4DE1-BB79-D79261782333}"=hex:0f,00,00,00,00,00,00,00,0b,00,00,\
00,00,00,00,00,a7,36,37,42,6d,73,68,6f,6d,65,2e,6e,65,74,00,00,51,00,00,00,\
00,00,00,00,03,00,00,00,00,00,00,00,a7,36,37,42,03,00,00,00,2e,00,00,00,00,\
00,00,00,01,00,00,00,00,00,00,00,a7,36,37,42,04,00,00,00,33,00,00,00,00,00,\
00,00,04,00,00,00,00,00,00,00,a7,36,37,42,00,09,3a,80,3b,00,00,00,00,00,00,\
00,04,00,00,00,00,00,00,00,a7,36,37,42,00,06,eb,e0,3a,00,00,00,00,00,00,00,\
04,00,00,00,00,00,00,00,a7,36,37,42,00,00,01,2c,06,00,00,00,00,00,00,00,04,\
00,00,00,00,00,00,00,a7,36,37,42,c0,a8,00,01,03,00,00,00,00,00,00,00,04,00,\
00,00,00,00,00,00,a7,36,37,42,c0,a8,00,01,01,00,00,00,00,00,00,00,04,00,00,\
00,00,00,00,00,a7,36,37,42,ff,ff,ff,00,36,00,00,00,00,00,00,00,04,00,00,00,\
00,00,00,00,a7,36,37,42,c0,a8,00,01,35,00,00,00,00,00,00,00,01,00,00,00,00,\
00,00,00,a7,36,37,42,05,00,00,00
"{CE5FA0D0-384D-4387-9E47-D25184030D99}"=hex:51,00,00,00,00,00,00,00,08,00,00,\
00,00,00,00,00,94,d3,55,46,00,ff,ff,50,68,69,6c,2e,1f,00,00,00,00,00,00,00,\
01,00,00,00,00,00,00,00,94,d3,55,46,01,00,00,00,06,00,00,00,00,00,00,00,0c,\
00,00,00,00,00,00,00,94,d3,55,46,3e,1f,b0,27,c2,75,86,13,c3,bc,35,af,03,00,\
00,00,00,00,00,00,04,00,00,00,00,00,00,00,94,d3,55,46,52,20,68,01,01,00,00,\
00,00,00,00,00,04,00,00,00,00,00,00,00,94,d3,55,46,ff,ff,f8,00,33,00,00,00,\
00,00,00,00,04,00,00,00,00,00,00,00,94,d3,55,46,00,01,51,80,36,00,00,00,00,\
00,00,00,04,00,00,00,00,00,00,00,94,d3,55,46,3e,1e,40,72,35,00,00,00,00,00,\
00,00,01,00,00,00,00,00,00,00,94,d3,55,46,05,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dhcp\Parameters\Options]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dhcp\Parameters\Options\1]
"KeyType"=dword:00000007
"RegLocation"=hex(7):53,59,53,54,45,4d,5c,43,75,72,72,65,6e,74,43,6f,6e,74,72,\
6f,6c,53,65,74,5c,53,65,72,76,69,63,65,73,5c,54,63,70,69,70,5c,50,61,72,61,\
6d,65,74,65,72,73,5c,49,6e,74,65,72,66,61,63,65,73,5c,3f,5c,44,68,63,70,53,\
75,62,6e,65,74,4d,61,73,6b,4f,70,74,00,53,59,53,54,45,4d,5c,43,75,72,72,65,\
6e,74,43,6f,6e,74,72,6f,6c,53,65,74,5c,53,65,72,76,69,63,65,73,5c,3f,5c,50,\
61,72,61,6d,65,74,65,72,73,5c,54,63,70,69,70,5c,44,68,63,70,53,75,62,6e,65,\
74,4d,61,73,6b,4f,70,74,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dhcp\Parameters\Options\15]
"KeyType"=dword:00000001
"RegLocation"=hex(7):53,59,53,54,45,4d,5c,43,75,72,72,65,6e,74,43,6f,6e,74,72,\
6f,6c,53,65,74,5c,53,65,72,76,69,63,65,73,5c,54,63,70,69,70,5c,50,61,72,61,\
6d,65,74,65,72,73,5c,49,6e,74,65,72,66,61,63,65,73,5c,3f,5c,44,68,63,70,44,\
6f,6d,61,69,6e,00,53,59,53,54,45,4d,5c,43,75,72,72,65,6e,74,43,6f,6e,74,72,\
6f,6c,53,65,74,5c,53,65,72,76,69,63,65,73,5c,54,63,70,49,70,5c,50,61,72,61,\
6d,65,74,65,72,73,5c,44,68,63,70,44,6f,6d,61,69,6e,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dhcp\Parameters\Options\3]
"KeyType"=dword:00000007
"RegLocation"=hex(7):53,59,53,54,45,4d,5c,43,75,72,72,65,6e,74,43,6f,6e,74,72,\
6f,6c,53,65,74,5c,53,65,72,76,69,63,65,73,5c,54,63,70,69,70,5c,50,61,72,61,\
6d,65,74,65,72,73,5c,49,6e,74,65,72,66,61,63,65,73,5c,3f,5c,44,68,63,70,44,\
65,66,61,75,6c,74,47,61,74,65,77,61,79,00,53,59,53,54,45,4d,5c,43,75,72,72,\
65,6e,74,43,6f,6e,74,72,6f,6c,53,65,74,5c,53,65,72,76,69,63,65,73,5c,3f,5c,\
50,61,72,61,6d,65,74,65,72,73,5c,54,63,70,69,70,5c,44,68,63,70,44,65,66,61,\
75,6c,74,47,61,74,65,77,61,79,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dhcp\Parameters\Options\44]
"KeyType"=dword:00000001
"RegLocation"=hex(7):53,59,53,54,45,4d,5c,43,75,72,72,65,6e,74,43,6f,6e,74,72,\
6f,6c,53,65,74,5c,53,65,72,76,69,63,65,73,5c,4e,65,74,42,54,5c,50,61,72,61,\
6d,65,74,65,72,73,5c,49,6e,74,65,72,66,61,63,65,73,5c,54,63,70,69,70,5f,3f,\
5c,44,68,63,70,4e,61,6d,65,53,65,72,76,65,72,4c,69,73,74,00,53,59,53,54,45,\
4d,5c,43,75,72,72,65,6e,74,43,6f,6e,74,72,6f,6c,53,65,74,5c,53,65,72,76,69,\
63,65,73,5c,4e,65,74,42,54,5c,41,64,61,70,74,65,72,73,5c,3f,5c,44,68,63,70,\
4e,61,6d,65,53,65,72,76,65,72,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dhcp\Parameters\Options\46]
"KeyType"=dword:00000004
"RegLocation"="SYSTEM\\CurrentControlSet\\Services\\NetBT\\Parameters\\DhcpNodeType"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dhcp\Parameters\Options\47]
"KeyType"=dword:00000001
"RegLocation"="SYSTEM\\CurrentControlSet\\Services\\NetBT\\Parameters\\DhcpScopeID"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dhcp\Parameters\Options\6]
"KeyType"=dword:00000001
"RegLocation"=hex(7):53,59,53,54,45,4d,5c,43,75,72,72,65,6e,74,43,6f,6e,74,72,\
6f,6c,53,65,74,5c,53,65,72,76,69,63,65,73,5c,54,63,70,69,70,5c,50,61,72,61,\
6d,65,74,65,72,73,5c,49,6e,74,65,72,66,61,63,65,73,5c,3f,5c,44,68,63,70,4e,\
61,6d,65,53,65,72,76,65,72,00,53,59,53,54,45,4d,5c,43,75,72,72,65,6e,74,43,\
6f,6e,74,72,6f,6c,53,65,74,5c,53,65,72,76,69,63,65,73,5c,54,63,70,69,70,5c,\
50,61,72,61,6d,65,74,65,72,73,5c,44,68,63,70,4e,61,6d,65,53,65,72,76,65,72,\
00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dhcp\Parameters\Options\DhcpNetbiosOptions]
"KeyType"=dword:00000004
"OptionId"=dword:00000001
"VendorType"=dword:00000001
"RegLocation"=hex(7):53,59,53,54,45,4d,5c,43,75,72,72,65,6e,74,43,6f,6e,74,72,\
6f,6c,53,65,74,5c,53,65,72,76,69,63,65,73,5c,4e,65,74,42,54,5c,50,61,72,61,\
6d,65,74,65,72,73,5c,49,6e,74,65,72,66,61,63,65,73,5c,54,63,70,69,70,5f,3f,\
5c,44,68,63,70,4e,65,74,62,69,6f,73,4f,70,74,69,6f,6e,73,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dhcp\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,60,00,04,00,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,\
05,0b,00,00,00,00,00,18,00,fd,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,\
2c,02,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,20,\
02,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,05,12,00,00,00,01,01,\
00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dhcp\Enum]
"0"="Root\\LEGACY_DHCP\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Disk]
"DependOnGroup"=hex(7):53,43,53,49,20,6d,69,6e,69,70,6f,72,74,00,00
"ErrorControl"=dword:00000001
"Group"="SCSI Class"
"Start"=dword:00000000
"Tag"=dword:00000002
"Type"=dword:00000001
"DisplayName"="Disk Driver"
"ImagePath"=hex(2):73,79,73,74,65,6d,33,32,5c,44,52,49,56,45,52,53,5c,64,69,73,\
6b,2e,73,79,73,00
"AutoRunAlwaysDisable"=hex(7):42,72,6f,74,68,65,72,20,52,65,6d,6f,76,61,62,6c,\
65,44,69,73,6b,28,55,29,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum]
"0"="IDE\\DiskMaxtor_6E040L0__________________________NAR61HA0\\394536324d504548202020202020202020202020"
"Count"=dword:00000001
"NextInstance"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\dmadmin]
"DependOnService"=hex(7):52,70,63,53,73,00,50,6c,75,67,50,6c,61,79,00,44,6d,53,\
65,72,76,65,72,00,00
"Type"=dword:00000020
"Start"=dword:00000003
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,65,6d,33,\
32,5c,64,6d,61,64,6d,69,6e,2e,65,78,65,20,2f,63,6f,6d,00
"DisplayName"="Logical Disk Manager Administrative Service"
"ObjectName"="LocalSystem"
"Description"="Configures hard disk drives and volumes. The service only runs for configuration processes and then stops."

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\dmadmin\Parameters]
"EnableDynamicConversionFor1394"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\dmadmin\Enum]
"0"="Root\\LEGACY_DMADMIN\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\dmboot]
"Type"=dword:00000001
"Start"=dword:00000004
"ErrorControl"=dword:00000001
"Group"="Filter"
"Tag"=dword:0000000b
"ImagePath"=hex(2):53,79,73,74,65,6d,33,32,5c,64,72,69,76,65,72,73,5c,64,6d,62,\
6f,6f,74,2e,73,79,73,00
"VolumeRecoveryNeeded"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\dmboot\Enum]
"0"="Root\\LEGACY_DMBOOT\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\dmio]
"Type"=dword:00000001
"Start"=dword:00000000
"ErrorControl"=dword:00000001
"Group"="System Bus Extender"
"Tag"=dword:0000000d
"ImagePath"=hex(2):53,79,73,74,65,6d,33,32,5c,64,72,69,76,65,72,73,5c,64,6d,69,\
6f,2e,73,79,73,00
"DisplayName"="Logical Disk Manager Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\dmio\Boot Info]
"Boot ID"="eab194c1-9020-11d9-a154-806d6172696f"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\dmio\Enum]
"0"="Root\\dmio\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\dmload]
"Type"=dword:00000001
"Start"=dword:00000000
"ErrorControl"=dword:00000001
"Group"="System Bus Extender"
"Tag"=dword:0000000c
"ImagePath"=hex(2):53,79,73,74,65,6d,33,32,5c,64,72,69,76,65,72,73,5c,64,6d,6c,\
6f,61,64,2e,73,79,73,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\dmload\Enum]
"0"="Root\\LEGACY_DMLOAD\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\dmserver]
"DependOnService"=hex(7):52,70,63,53,73,00,50,6c,75,67,50,6c,61,79,00,00
"Type"=dword:00000020
"Start"=dword:00000002
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,65,6d,33,\
32,5c,73,76,63,68,6f,73,74,2e,65,78,65,20,2d,6b,20,6e,65,74,73,76,63,73,00
"DisplayName"="Logical Disk Manager"
"ObjectName"="LocalSystem"
"Description"="Detects and monitors new hard disk drives and sends disk volume information to Logical Disk Manager Administrative Service for configuration. If this service is stopped, dynamic disk status and configuration information may become out of date. If this service is disabled, any services that explicitly depend on it will fail to start."

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\dmserver\Parameters]
"ServiceDll"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,65,6d,\
33,32,5c,64,6d,73,65,72,76,65,72,2e,64,6c,6c,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\dmserver\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,60,00,04,00,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,\
05,0b,00,00,00,00,00,18,00,9d,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,\
23,02,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,20,\
02,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,05,12,00,00,00,01,01,\
00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\dmserver\Enum]
"0"="Root\\LEGACY_DMSERVER\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\DMusic]
"Type"=dword:00000001
"Start"=dword:00000003
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):73,79,73,74,65,6d,33,32,5c,64,72,69,76,65,72,73,5c,44,4d,75,\
73,69,63,2e,73,79,73,00
"DisplayName"="Microsoft Kernel DLS Syntheiszer"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\DMusic\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,60,00,04,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,\
05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,\
00,18,00,fd,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,02,00,00,01,01,\
00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\DMusic\Enum]
"Count"=dword:00000000
"NextInstance"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache]
"Type"=dword:00000020
"Start"=dword:00000002
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,6d,33,\
32,5c,73,76,63,68,6f,73,74,2e,65,78,65,20,2d,6b,20,4e,65,74,77,6f,72,6b,53,\
65,72,76,69,63,65,00
"DisplayName"="DNS Client"
"Group"="TDI"
"DependOnService"=hex(7):54,63,70,69,70,00,00
"DependOnGroup"=hex(7):00
"ObjectName"="NT AUTHORITY\\NetworkService"
"Description"="Resolves and caches Domain Name System (DNS) names for this computer. If this service is stopped, this computer will not be able to resolve DNS names and locate Active Directory domain controllers. If this service is disabled, any services that explicitly depend on it will fail to start."
brispie
2007-05-23, 23:53
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters]
"ServiceDll"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,65,6d,\
33,32,5c,64,6e,73,72,73,6c,76,72,2e,64,6c,6c,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Security]
"Security"=hex:01,00,14,80,a8,00,00,00,b4,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,78,00,05,00,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,\
05,0b,00,00,00,00,00,18,00,9d,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,\
23,02,00,00,00,00,18,00,fd,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,2c,\
02,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,20,02,\
00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,05,12,00,00,00,01,01,00,\
00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Enum]
"0"="Root\\LEGACY_DNSCACHE\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\dpti2o]
"ErrorControl"=dword:00000001
"Group"="SCSI miniport"
"Start"=dword:00000004
"Tag"=dword:0000003c
"Type"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\dpti2o\Parameters]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\dpti2o\Parameters\PnpInterface]
"5"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\drmkaud]
"Type"=dword:00000001
"Start"=dword:00000003
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):73,79,73,74,65,6d,33,32,5c,64,72,69,76,65,72,73,5c,64,72,6d,\
6b,61,75,64,2e,73,79,73,00
"DisplayName"="Microsoft Kernel DRM Audio Descrambler"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\drmkaud\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,60,00,04,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,\
05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,\
00,18,00,fd,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,02,00,00,01,01,\
00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\drmkaud\Enum]
"Count"=dword:00000000
"NextInstance"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\eeCtrl]
"Type"=dword:00000001
"Start"=dword:00000001
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):5c,3f,3f,5c,43,3a,5c,50,72,6f,67,72,61,6d,20,46,69,6c,65,73,\
5c,43,6f,6d,6d,6f,6e,20,46,69,6c,65,73,5c,53,79,6d,61,6e,74,65,63,20,53,68,\
61,72,65,64,5c,45,45,4e,47,49,4e,45,5c,65,65,43,74,72,6c,2e,73,79,73,00
"DisplayName"="Symantec Eraser Control driver"
"DependOnService"=hex(7):46,6c,74,4d,67,72,00,00
"DependOnGroup"=hex(7):00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\eeCtrl\Instances]
"DefaultInstance"="eeCtrl"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\eeCtrl\Instances\eeCtrl]
"Altitude"="329010"
"Flags"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\eeCtrl\Parameters]
"SPManifest"="\\??\\C:\\Program Files\\Common Files\\Symantec Shared\\SPManifests"
"Version"=hex(b):45,00,00,00,01,00,6b,00
"LastUsedDefs"="C:\\PROGRA~1\\COMMON~1\\SYMANT~1\\VIRUSD~1\\"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\eeCtrl\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,60,00,04,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,\
05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,\
00,18,00,fd,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,02,00,00,01,01,\
00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\eeCtrl\Enum]
"0"="Root\\LEGACY_EECTRL\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\eeCtrl\Started]
@=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EIO]
"Type"=dword:00000001
"Start"=dword:00000002
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):5c,3f,3f,5c,43,3a,5c,57,49,4e,44,4f,57,53,5c,73,79,73,74,65,\
6d,33,32,5c,64,72,69,76,65,72,73,5c,45,49,4f,2e,73,79,73,00
"DisplayName"="EIO"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EIO\Parameters]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EIO\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,60,00,04,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,\
05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,\
00,18,00,fd,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,02,00,00,01,01,\
00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EIO\Enum]
"0"="Root\\LEGACY_EIO\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ERSvc]
"DependOnService"=hex(7):52,70,63,53,73,00,00
"Description"="Allows error reporting for services and applictions running in non-standard environments."
"DisplayName"="Error Reporting Service"
"ErrorControl"=dword:00000000
"ImagePath"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,65,6d,33,\
32,5c,73,76,63,68,6f,73,74,2e,65,78,65,20,2d,6b,20,6e,65,74,73,76,63,73,00
"ObjectName"="LocalSystem"
"Start"=dword:00000002
"Type"=dword:00000020

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ERSvc\Parameters]
"ServiceDll"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,65,6d,\
33,32,5c,65,72,73,76,63,2e,64,6c,6c,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ERSvc\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,60,00,04,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,\
05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,\
00,18,00,fd,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,02,00,00,01,01,\
00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ERSvc\Enum]
"0"="Root\\LEGACY_ERSVC\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog]
"Description"="Enables event log messages issued by Windows-based programs and components to be viewed in Event Viewer. This service cannot be stopped."
"DisplayName"="Event Log"
"ErrorControl"=dword:00000001
"Group"="Event log"
"ImagePath"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,6d,33,\
32,5c,73,65,72,76,69,63,65,73,2e,65,78,65,00
"ObjectName"="LocalSystem"
"PlugPlayServiceType"=dword:00000003
"Start"=dword:00000002
"Type"=dword:00000020
"ComputerName"="PHIL"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application]
"DisplayNameFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,\
6d,33,32,5c,65,6c,73,2e,64,6c,6c,00
"DisplayNameID"=dword:00000100
"File"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,6d,33,32,\
5c,63,6f,6e,66,69,67,5c,41,70,70,45,76,65,6e,74,2e,45,76,74,00
"MaxSize"=dword:00080000
"PrimaryModule"="Application"
"Retention"=dword:00093a80
"Sources"=hex(7):57,53,48,00,57,4d,49,41,64,61,70,74,65,72,00,57,6d,64,6d,50,\
6d,53,4e,00,57,69,6e,4d,67,6d,74,00,57,69,6e,6c,6f,67,6f,6e,00,57,69,6e,64,\
6f,77,73,20,50,72,6f,64,75,63,74,20,41,63,74,69,76,61,74,69,6f,6e,00,57,69,\
6e,64,6f,77,73,20,33,2e,31,20,4d,69,67,72,61,74,69,6f,6e,00,57,65,62,43,6c,\
69,65,6e,74,00,56,53,53,00,56,42,52,75,6e,74,69,6d,65,00,55,73,65,72,69,6e,\
69,74,00,55,73,65,72,65,6e,76,00,54,6c,6e,74,73,76,72,00,53,79,73,6d,6f,6e,\
4c,6f,67,00,53,74,61,72,74,65,72,00,53,70,6f,6f,6c,65,72,43,74,72,73,00,53,\
6f,66,74,77,61,72,65,20,52,65,73,74,72,69,63,74,69,6f,6e,20,50,6f,6c,69,63,\
69,65,73,00,53,6f,66,74,77,61,72,65,20,49,6e,73,74,61,6c,6c,61,74,69,6f,6e,\
00,53,65,63,75,72,69,74,79,43,65,6e,74,65,72,00,53,63,6c,67,4e,74,66,79,00,\
53,63,65,53,72,76,00,53,63,65,43,6c,69,00,73,61,66,72,73,6c,76,00,53,41,46,\
72,64,6d,73,00,52,65,6d,6f,74,65,20,41,73,73,69,73,74,61,6e,63,65,00,50,65,\
72,66,50,72,6f,63,00,50,65,72,66,4f,53,00,50,65,72,66,4e,65,74,00,50,65,72,\
66,6d,6f,6e,00,50,65,72,66,6c,69,62,00,50,65,72,66,44,69,73,6b,00,50,65,72,\
66,63,74,72,73,00,4f,66,66,6c,69,6e,65,20,46,69,6c,65,73,00,4f,61,6b,6c,65,\
79,00,6e,74,62,61,63,6b,75,70,00,4e,65,72,6f,43,68,65,63,6b,00,4d,53,53,51,\
4c,53,45,52,56,45,52,2f,4d,53,44,45,00,4d,73,69,49,6e,73,74,61,6c,6c,65,72,\
00,4d,53,44,54,43,20,43,6c,69,65,6e,74,00,4d,53,44,54,43,00,4d,53,44,4d,69,\
6e,65,00,6d,6e,6d,73,72,76,63,00,4d,69,63,72,6f,73,6f,66,74,20,4f,66,66,69,\
63,65,20,31,30,00,4d,69,63,72,6f,73,6f,66,74,20,48,2e,33,32,33,20,54,65,6c,\
65,70,68,6f,6e,79,20,53,65,72,76,69,63,65,20,50,72,6f,76,69,64,65,72,00,4c,\
6f,61,64,50,65,72,66,00,4c,69,76,65,55,70,64,61,74,65,00,4a,61,76,61,20,56,\
4d,00,48,65,6c,70,53,76,63,00,46,6f,6c,64,65,72,20,52,65,64,69,72,65,63,74,\
69,6f,6e,00,46,69,6c,65,20,44,65,70,6c,6f,79,6d,65,6e,74,00,45,76,65,6e,74,\
53,79,73,74,65,6d,00,45,53,45,4e,54,00,44,72,57,61,74,73,6f,6e,00,44,69,73,\
6b,51,75,6f,74,61,00,63,72,79,70,74,33,32,00,43,72,65,61,74,69,76,65,20,53,\
65,72,76,69,63,65,20,66,6f,72,20,43,44,52,4f,4d,20,41,63,63,65,73,73,00,43,\
4f,4d,2b,00,43,4f,4d,00,43,69,00,43,68,6b,64,73,6b,00,41,76,67,45,6d,73,00,\
41,76,67,37,55,70,64,53,76,63,00,41,76,67,37,41,6c,72,74,00,41,56,47,37,00,\
41,75,74,6f,6d,61,74,69,63,20,4c,69,76,65,55,70,64,61,74,65,20,53,63,68,65,\
64,75,6c,65,72,00,41,75,74,6f,45,6e,72,6f,6c,6c,6d,65,6e,74,00,41,75,74,6f,\
63,68,6b,00,41,54,49,20,53,6d,61,72,74,00,41,70,70,6c,69,63,61,74,69,6f,6e,\
20,4d,61,6e,61,67,65,6d,65,6e,74,00,41,70,70,6c,69,63,61,74,69,6f,6e,20,48,\
61,6e,67,00,41,70,70,6c,69,63,61,74,69,6f,6e,20,45,72,72,6f,72,00,41,70,70,\
6c,69,63,61,74,69,6f,6e,00,00
"RestrictGuestAccess"=dword:00000001
@="mnmsrvc"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\Application]
"CategoryCount"=dword:00000007
"CategoryMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,\
74,65,6d,33,32,5c,65,76,65,6e,74,6c,6f,67,2e,64,6c,6c,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\Application Error]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,66,61,75,6c,74,72,65,70,2e,64,6c,6c,3b,25,53,79,73,74,65,6d,\
52,6f,6f,74,25,5c,53,79,73,74,65,6d,33,32,5c,78,70,73,70,32,72,65,73,2e,64,\
6c,6c,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\Application Hang]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,66,61,75,6c,74,72,65,70,2e,64,6c,6c,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\Application Management]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,61,70,70,6d,67,6d,74,73,2e,64,6c,6c,00
"ParameterMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,\
74,65,6d,33,32,5c,6b,65,72,6e,65,6c,33,32,2e,64,6c,6c,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\ATI Smart]
"EventMessageFile"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,73,79,73,74,65,6d,\
33,32,5c,61,74,69,32,73,67,61,67,2e,65,78,65,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\Autochk]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,77,69,6e,6c,6f,67,6f,6e,2e,65,78,65,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\AutoEnrollment]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,70,61,75,74,6f,65,6e,72,2e,64,6c,6c,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\Automatic LiveUpdate Scheduler]
"CategoryCount"=dword:00000001
"EventMessageFile"="C:\\Program Files\\Symantec\\LiveUpdate\\ALUSchedulerSvcRes.dll"
"CategoryMessageFile"="C:\\Program Files\\Symantec\\LiveUpdate\\ALUSchedulerSvcRes.dll"
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\AVG7]
"EventMessageFile"="C:\\PROGRA~1\\Grisoft\\AVG7\\avglog.dll"
"CategoryMessageFile"="C:\\PROGRA~1\\Grisoft\\AVG7\\avglog.dll"
"TypesSupported"=dword:00000007
"CategoryCount"=dword:00000005

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\Avg7Alrt]
"EventMessageFile"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgamint.dll"
"CategoryMessageFile"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgamint.dll"
"CategoryCount"=dword:00000001
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\Avg7UpdSvc]
"EventMessageFile"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgupsvc.dll"
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\AvgEms]
"EventMessageFile"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgemc.exe"
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\Chkdsk]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,75,6c,69,62,2e,64,6c,6c,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\Ci]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,71,75,65,72,79,2e,64,6c,6c,00
"CategoryMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,\
74,65,6d,33,32,5c,71,75,65,72,79,2e,64,6c,6c,00
"TypesSupported"=dword:00000007
"CategoryCount"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\COM]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,6e,65,74,65,76,65,6e,74,2e,64,6c,6c,3b,25,53,79,73,74,65,6d,\
52,6f,6f,74,25,5c,53,79,73,74,65,6d,33,32,5c,78,70,73,70,32,72,65,73,2e,64,\
6c,6c,00
"ParameterMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,\
74,65,6d,33,32,5c,6b,65,72,6e,65,6c,33,32,2e,64,6c,6c,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\COM+]
"EventMessageFile"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,73,79,73,74,65,6d,\
33,32,5c,43,4f,4d,52,65,73,2e,64,6c,6c,00
"CategoryMessageFile"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,73,79,73,74,65,\
6d,33,32,5c,43,4f,4d,52,65,73,2e,64,6c,6c,00
"ParameterMessageFile"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,73,79,73,74,65,\
6d,33,32,5c,43,4f,4d,52,65,73,2e,64,6c,6c,00
"TypeSupported"=dword:00000007
"CategoryCount"=dword:00000075

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\Creative Service for CDROM Access]
"EventMessageFile"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,73,79,73,74,65,6d,\
33,32,5c,43,54,73,76,63,43,44,41,2e,65,78,65,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\crypt32]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,63,72,79,70,74,33,32,2e,64,6c,6c,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\DiskQuota]
"EventMessageFile"="%SystemRoot%\\System32\\dskquota.dll"
"TypesSupported"="0x00000007"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\DrWatson]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,64,72,77,74,73,6e,33,32,2e,65,78,65,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\ESENT]
"EventMessageFile"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,73,79,73,74,65,6d,\
33,32,5c,45,53,45,4e,54,2e,64,6c,6c,00
"CategoryMessageFile"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,73,79,73,74,65,\
6d,33,32,5c,45,53,45,4e,54,2e,64,6c,6c,00
"CategoryCount"=dword:00000010
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\EventSystem]
"CategoryCount"=dword:00000006
"TypesSupported"=dword:00000007
"CategoryMessageFile"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,73,79,73,74,65,\
6d,33,32,5c,43,4f,4d,52,65,73,2e,64,6c,6c,00
"EventMessageFile"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,73,79,73,74,65,6d,\
33,32,5c,43,4f,4d,52,65,73,2e,64,6c,6c,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\File Deployment]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,66,64,65,70,6c,6f,79,2e,64,6c,6c,00
"ParameterMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,\
74,65,6d,33,32,5c,6b,65,72,6e,65,6c,33,32,2e,64,6c,6c,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\Folder Redirection]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,66,64,65,70,6c,6f,79,2e,64,6c,6c,00
"ParameterMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,\
74,65,6d,33,32,5c,6b,65,72,6e,65,6c,33,32,2e,64,6c,6c,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\HelpSvc]
"EventMessageFile"="C:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\HCAppRes.dll"
"TypesSupported"=dword:0000001f

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\Java VM]
"EventMessageFile"="C:\\WINDOWS\\system32\\vmhelper.dll"
"TypesSupported"=hex:07,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\LiveUpdate]
"EventMessageFile"="C:\\Program Files\\Symantec\\LiveUpdate\\LuComServerRes.dll"
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\LoadPerf]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,6c,6f,61,64,70,65,72,66,2e,64,6c,6c,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\Microsoft H.323 Telephony Service Provider]
"EventMessageFile"="C:\\WINDOWS\\System32\\h323.tsp"
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\Microsoft Office 10]
"EventMessageFile"="C:\\PROGRA~1\\COMMON~1\\MICROS~1\\Office10\\DW.EXE"
"TypesSupported"=dword:00000007
brispie
2007-05-23, 23:54
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\mnmsrvc]
"EventMessageFile"="%SystemRoot%\\System32\\nmevtmsg.dll"
"TypeSupported"=hex:07,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\MSDMine]
"CategoryCount"=dword:00000002
"CategoryMessageFile"="C:\\PROGRA~1\\COMMON~1\\System\\OLEDB~1\\MSDMINE.DLL"
"EventMessageFile"="C:\\PROGRA~1\\COMMON~1\\System\\OLEDB~1\\MSDMINE.DLL"
"TypesSupported"=hex:00,12,b8,58

"DisableHotPlugDFP"=dword:00000000
"ExtEvent_EnableAlpsMouseOrientation"=dword:00000000
"ExtEvent_SafeEscapeSupport"=dword:00000001
"DALRULE_DISABLEPSEUDOLARGEDESKTOP"=dword:00000000
"OvlTheaterMode"=hex:00,00,00,00
"DisableOvlTheaterMode"=dword:00000000
"UseVMRPitch"=dword:00000001
"DisableMMSnifferCode"=dword:00000000
"DisableProgPCILatency"=dword:00000000
"DALRULE_GetTVFakeEDID"=dword:00000000
"Catalyst_Version"="0"
"DALRULE_REGISTRYACCESS"=dword:00000000
"DALRULE_RESTRICTCRTANALOGDETECTIONONEDIDMISMATCH"=dword:00000000
"DALRULE_ENABLEDRIVERMODEPRUNNING"=dword:00000000
"GCORULE_ENABLETILEDMEMORYCALCULATION"=dword:00000001
"DALRULE_MACROVISIONINFOREPORT"=dword:00000000
"DALRULE_BANDWIDTHMODEENUM"=dword:00000001
"ExtEvent_LCDSetNativeModeOnResume"=dword:00000000
"DALRULE_LIMITTMDSMODES"=dword:00000000
"DALRULE_RESTRICT640x480MODE"=dword:00000000
"DALRULE_RESTRICT8BPPON2NDDRV"=dword:00000000
"TVForceDetection"=dword:00000000
"DALRULE_ADAPTERBANDWIDTHMODEENUM"=dword:00000000
"GCOOPTION_MinMemEff"=dword:00000000
"GCORULE_IncreaseMinMemEff"=dword:00000000
"DALRULE_DISABLECWDDEDETECTION"=dword:00000000
"DALRULE_SELECTION_SCHEME"=dword:00000000
"DALRULE_NOCRTANDDFPACTIVESIMULTANEOUSLY"=dword:00000000
"DisableTabletPCRotation"=dword:00000001
"DisableSmartSave"=dword:00000000
"DisableSmartSave_DEF"=dword:00000000
"VPUEnableSubmissionBox_DEF"="1"
"ExtEvent_EnableMultiSessions"=dword:00000001
"TVEnableOverscan"=dword:00000001
"RotationSupportLevel"=dword:00000002
"NewRotation"="1"
"DALRULE_DYNAMICMODESUPPORT"=dword:00000001
"CVRULE_CUSTOMIZEDMODESENABLED"=dword:00000001
"GSettingControl"=dword:00000002
"GCOOPTION_DigitalCrtInfo"=hex:a3,38,61,c1,a3,38,61,b1
"GCORULE_FracFbDivSupport"=dword:00000000
"PrimaryTiling"="1"
"GCORULE_FlickerWA"=dword:00000001
"SMOOTHVISION_NAME"="SMOOTHVISION 2.1"
"GCORULE_ENABLERMXFILTER"=dword:00000001
"DALRULE_RESTRICT2ACTIVEDISPLAYS"=dword:00000000
"TVM6Flag"=dword:00000001
"DXVA_WMV"="0"
"DALRULE_ONEDISPLAYBOOTDEFAULT"=dword:00000001
"DfpUsePixSlip"=dword:00000001
"GI"="0"
"Main3D_DEF"="3"
"AntiAlias_DEF"="1"
"AntiAliasSamples_DEF"="0"
"AnisoType_DEF"="0"
"AnisoDegree_DEF"="0"
"TextureOpt_DEF"="0"
"TextureLod_DEF"="0"
"TruformMode_DEF"="0"







[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\MSDTC]
"EventMessageFile"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,73,79,73,74,65,6d,\
33,32,5c,43,4f,4d,52,45,53,2e,44,4c,4c,3b,43,3a,5c,57,49,4e,44,4f,57,53,5c,\
73,79,73,74,65,6d,33,32,5c,78,70,73,70,32,72,65,73,2e,64,6c,6c,00
"TypesSupported"=dword:00000007
"CategoryMessageFile"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,73,79,73,74,65,\
6d,33,32,5c,43,4f,4d,52,45,53,2e,44,4c,4c,3b,43,3a,5c,57,49,4e,44,4f,57,53,\
5c,73,79,73,74,65,6d,33,32,5c,78,70,73,70,32,72,65,73,2e,64,6c,6c,00
"CategoryCount"=dword:0000000f

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\MSDTC Client]
"EventMessageFile"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,73,79,73,74,65,6d,\
33,32,5c,43,4f,4d,52,45,53,2e,44,4c,4c,3b,43,3a,5c,57,49,4e,44,4f,57,53,5c,\
73,79,73,74,65,6d,33,32,5c,78,70,73,70,32,72,65,73,2e,64,6c,6c,00
"TypesSupported"=dword:00000007
"CategoryMessageFile"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,73,79,73,74,65,\
6d,33,32,5c,43,4f,4d,52,45,53,2e,44,4c,4c,3b,43,3a,5c,57,49,4e,44,4f,57,53,\
5c,73,79,73,74,65,6d,33,32,5c,78,70,73,70,32,72,65,73,2e,64,6c,6c,00
"CategoryCount"=dword:0000000f

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\MsiInstaller]
"EventMessageFile"="C:\\WINDOWS\\system32\\msi.dll"
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\MSSQLSERVER/MSDE]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,78,70,73,70,32,72,65,73,2e,64,6c,6c,00
"TypesSupported"=dword:00000007
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\NeroCheck]
"EventMessageFile"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"CategoryMessageFile"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"TypesSupported"=dword:00000007
"CategoryCount"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\ntbackup]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,6e,74,62,61,63,6b,75,70,2e,65,78,65,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\Oakley]
"EventMessageFile"="%SystemRoot%\\System32\\oakley.dll"
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\Offline Files]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,63,73,63,75,69,2e,64,6c,6c,00
"TypesSupported"="0x00000007"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\Perfctrs]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,70,65,72,66,63,74,72,73,2e,64,6c,6c,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\PerfDisk]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,70,65,72,66,64,69,73,6b,2e,64,6c,6c,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\Perflib]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,70,72,66,6c,62,6d,73,67,2e,64,6c,6c,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\Perfmon]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,70,65,72,66,6d,6f,6e,2e,65,78,65,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\PerfNet]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,70,65,72,66,6e,65,74,2e,64,6c,6c,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\PerfOS]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,70,65,72,66,4f,53,2e,64,6c,6c,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\PerfProc]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,70,65,72,66,70,72,6f,63,2e,64,6c,6c,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\Remote Assistance]
"EventMessageFile"="%SystemRoot%\\System32\\xpsp2res.dll"
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\SAFrdms]
"EventMessageFile"="C:\\WINDOWS\\system32\\safrdm.dll"
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\safrslv]
"EventMessageFile"="C:\\WINDOWS\\system32\\safrslv.dll"
"TypesSupported"=dword:0000001f

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\SceCli]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,73,63,65,63,6c,69,2e,64,6c,6c,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\SceSrv]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,73,63,65,73,72,76,2e,64,6c,6c,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\SclgNtfy]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,73,63,6c,67,6e,74,66,79,2e,64,6c,6c,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\SecurityCenter]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,\
65,6d,33,32,5c,78,70,73,70,32,72,65,73,2e,64,6c,6c,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\Software Installation]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,61,70,70,6d,67,72,2e,64,6c,6c,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\Software Restriction Policies]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,6e,74,64,6c,6c,2e,64,6c,6c,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\SpoolerCtrs]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,77,69,6e,73,70,6f,6f,6c,2e,64,72,76,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\Starter]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,78,70,73,70,32,72,65,73,2e,64,6c,6c,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\SysmonLog]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,73,6d,6c,6f,67,73,76,63,2e,65,78,65,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\Tlntsvr]
"EventMessageFile"="C:\\WINDOWS\\system32\\tlntsvr.exe;C:\\WINDOWS\\system32\\xpsp1res.dll"
"TypesSupported"=dword:0000001f

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\Userenv]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,75,73,65,72,65,6e,76,2e,64,6c,6c,3b,25,53,79,73,74,65,6d,52,\
6f,6f,74,25,5c,53,79,73,74,65,6d,33,32,5c,78,70,73,70,31,72,65,73,2e,64,6c,\
6c,3b,25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,65,6d,33,32,5c,78,\
70,73,70,32,72,65,73,2e,64,6c,6c,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\Userinit]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,75,73,65,72,69,6e,69,74,2e,65,78,65,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\VBRuntime]
"EventMessageFile"="C:\\WINDOWS\\system32\\msvbvm60.dll"
"TypesSupported"=dword:00000004

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\VSS]
"TypesSupported"=dword:00000007
"EventMessageFile"="C:\\WINDOWS\\system32\\vssvc.exe"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\WebClient]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,6e,65,74,65,76,65,6e,74,2e,64,6c,6c,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\Windows 3.1 Migration]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,61,64,76,61,70,69,33,32,2e,64,6c,6c,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\Windows Product Activation]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,64,70,63,64,6c,6c,2e,64,6c,6c,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\Winlogon]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,77,69,6e,6c,6f,67,6f,6e,2e,65,78,65,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\WinMgmt]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,\
65,6d,33,32,5c,57,42,45,4d,5c,57,69,6e,4d,67,6d,74,52,2e,64,6c,6c,3b,25,53,\
79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,6d,33,32,5c,78,70,73,70,32,\
72,65,73,2e,64,6c,6c,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\WmdmPmSN]
"EventMessageFile"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,73,79,73,74,65,6d,\
33,32,5c,4d,73,50,4d,53,4e,53,76,2e,64,6c,6c,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\WMIAdapter]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,\
65,6d,33,32,5c,57,42,45,4d,5c,57,4d,49,41,70,52,65,73,2e,64,6c,6c,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\WSH]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,77,73,68,65,78,74,2e,64,6c,6c,00
"TypesSupported"=dword:0000001f

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Security]
"DisplayNameFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,65,\
6d,33,32,5c,65,6c,73,2e,64,6c,6c,00
"DisplayNameID"=dword:00000101
"File"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,65,6d,33,32,\
5c,63,6f,6e,66,69,67,5c,53,65,63,45,76,65,6e,74,2e,45,76,74,00
"MaxSize"=dword:00080000
"PrimaryModule"="Security"
"Retention"=dword:00093a80
"Sources"=hex(7):53,70,6f,6f,6c,65,72,00,53,65,63,75,72,69,74,79,20,41,63,63,\
6f,75,6e,74,20,4d,61,6e,61,67,65,72,00,53,43,20,4d,61,6e,61,67,65,72,00,4e,\
65,74,44,44,45,20,4f,62,6a,65,63,74,00,4c,53,41,00,44,53,00,53,65,63,75,72,\
69,74,79,00,00
"RestrictGuestAccess"=dword:00000001
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,60,00,04,00,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,\
05,0b,00,00,00,00,00,18,00,9d,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,\
23,02,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,20,\
02,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,05,12,00,00,00,01,01,\
00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Security\DS]
"ParameterMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,\
74,65,6d,33,32,5c,4d,73,4f,62,6a,73,2e,64,6c,6c,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Security\DS\ObjectNames]
"Directory Service Object"=dword:00001e00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Security\LSA]
"ParameterMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,\
74,65,6d,33,32,5c,4d,73,4f,62,6a,73,2e,64,6c,6c,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Security\LSA\ObjectNames]
"PolicyObject"=dword:00001600
"SecretObject"=dword:00001610
"TrustedDomainObject"=dword:00001620
"UserAccountObject"=dword:00001630

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Security\NetDDE Object]
"ParameterMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,\
74,65,6d,33,32,5c,4d,73,4f,62,6a,73,2e,64,6c,6c,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Security\NetDDE Object\ObjectNames]
"DDE Share"=dword:00001d00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Security\SC Manager]
"ParameterMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,\
74,65,6d,33,32,5c,4d,73,4f,62,6a,73,2e,64,6c,6c,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Security\SC Manager\ObjectNames]
"SC_MANAGER Object"=dword:00001c00
"SERVICE Object"=dword:00001c10

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Security\Security]
"CategoryCount"=dword:00000009
"CategoryMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,\
74,65,6d,33,32,5c,4d,73,41,75,64,69,74,45,2e,64,6c,6c,00
"GuidMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,65,\
6d,33,32,5c,4e,74,4d,61,72,74,61,2e,64,6c,6c,00
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,4d,73,41,75,64,69,74,45,2e,64,6c,6c,3b,25,53,79,73,74,65,6d,\
52,6f,6f,74,25,5c,53,79,73,74,65,6d,33,32,5c,78,70,73,70,32,72,65,73,2e,64,\
6c,6c,00
"ParameterMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,\
74,65,6d,33,32,5c,4d,73,4f,62,6a,73,2e,64,6c,6c,00
"TypesSupported"=dword:0000001c

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Security\Security\ObjectNames]
"Channel"=dword:00001400
"Desktop"=dword:00001a10
"Device"=dword:00001100
"Directory"=dword:00001110
"Event"=dword:00001120
"EventPair"=dword:00001130
"File"=dword:00001140
"IoCompletion"=dword:00001300
"Job"=dword:00001410
"Key"=dword:00001150
"MailSlot"=dword:00001140
"Mutant"=dword:00001160
"NamedPipe"=dword:00001140
"Port"=dword:00001170
"Process"=dword:00001180
"Profile"=dword:00001190
"Section"=dword:000011a0
"Semaphore"=dword:000011b0
"SymbolicLink"=dword:000011c0
"Thread"=dword:000011d0
"Timer"=dword:000011e0
"Token"=dword:000011f0
"Type"=dword:00001200
"WaitablePort"=dword:00001170
"WindowStation"=dword:00001a00
brispie
2007-05-23, 23:55
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Security\Security Account Manager]
"ParameterMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,\
74,65,6d,33,32,5c,4d,73,4f,62,6a,73,2e,64,6c,6c,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Security\Security Account Manager\ObjectNames]
"SAM_ALIAS"=dword:00001530
"SAM_DOMAIN"=dword:00001510
"SAM_GROUP"=dword:00001520
"SAM_SERVER"=dword:00001500
"SAM_USER"=dword:00001540

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Security\Spooler]
"ParameterMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,\
74,65,6d,33,32,5c,4d,73,4f,62,6a,73,2e,64,6c,6c,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Security\Spooler\ObjectNames]
"Document"=dword:00001b20
"Printer"=dword:00001b10
"Server"=dword:00001b00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System]
"DisplayNameFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,\
6d,33,32,5c,65,6c,73,2e,64,6c,6c,00
"DisplayNameID"=dword:00000102
"File"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,6d,33,32,\
5c,63,6f,6e,66,69,67,5c,53,79,73,45,76,65,6e,74,2e,45,76,74,00
"MaxSize"=dword:00080000
"PrimaryModule"="System"
"Retention"=dword:00093a80
"Sources"=hex(7):57,5a,43,53,56,43,00,57,6f,72,6b,73,74,61,74,69,6f,6e,00,57,\
69,6e,64,6f,77,73,4d,65,64,69,61,00,57,69,6e,64,6f,77,73,20,55,70,64,61,74,\
65,20,41,67,65,6e,74,00,57,69,6e,64,6f,77,73,20,53,63,72,69,70,74,20,48,6f,\
73,74,00,57,69,6e,64,6f,77,73,20,49,6e,73,74,61,6c,6c,65,72,20,33,2e,31,00,\
57,69,6e,64,6f,77,73,20,46,69,6c,65,20,50,72,6f,74,65,63,74,69,6f,6e,00,57,\
69,6e,33,32,6b,00,57,67,61,4e,6f,74,69,66,79,00,57,33,32,54,69,6d,65,00,56,\
6f,6c,53,6e,61,70,00,76,69,61,69,64,65,00,56,67,61,53,61,76,65,00,55,53,45,\
52,33,32,00,55,50,53,00,75,6c,74,72,61,00,75,64,66,73,00,74,6f,73,69,64,65,\
00,54,65,72,6d,53,65,72,76,53,65,73,73,44,69,72,00,54,65,72,6d,53,65,72,76,\
69,63,65,00,54,65,72,6d,53,65,72,76,44,65,76,69,63,65,73,00,54,65,72,6d,44,\
44,00,74,64,69,00,54,43,50,4d,6f,6e,00,54,63,70,69,70,00,53,79,73,74,65,6d,\
20,45,72,72,6f,72,00,73,79,6d,5f,75,33,00,73,79,6d,5f,68,69,00,73,79,6d,63,\
38,78,78,00,73,79,6d,63,38,31,30,00,53,74,69,6c,6c,49,6d,61,67,65,00,53,53,\
44,50,53,52,56,00,53,72,76,00,73,72,73,65,72,76,69,63,65,00,73,72,00,73,70,\
61,72,72,6f,77,00,73,6e,64,62,6c,73,74,00,53,69,6d,62,61,64,00,53,69,64,65,\
42,79,53,69,64,65,00,73,66,6c,6f,70,70,79,00,53,65,74,75,70,00,53,65,72,76,\
69,63,65,20,43,6f,6e,74,72,6f,6c,20,4d,61,6e,61,67,65,72,00,53,65,72,76,65,\
72,00,73,65,72,69,61,6c,00,73,63,73,69,70,6f,72,74,00,53,63,68,65,64,75,6c,\
65,00,53,63,68,61,6e,6e,65,6c,00,53,43,61,72,64,53,76,72,00,53,61,76,65,20,\
44,75,6d,70,00,53,41,4d,00,72,74,6c,38,31,33,39,00,52,53,56,50,00,52,65,6d,\
6f,76,61,62,6c,65,20,53,74,6f,72,61,67,65,20,53,65,72,76,69,63,65,00,52,65,\
6d,6f,74,65,41,63,63,65,73,73,00,72,65,64,62,6f,6f,6b,00,52,64,62,73,73,00,\
52,61,73,4d,61,6e,00,52,61,73,41,75,74,6f,00,71,6c,31,32,38,30,00,71,6c,31,\
32,34,30,00,71,6c,31,32,31,36,30,00,71,6c,31,30,77,6e,74,00,71,6c,31,30,38,\
30,00,50,78,48,65,6c,70,32,30,00,50,53,63,68,65,64,00,50,72,69,6e,74,00,50,\
70,74,70,4d,69,6e,69,70,6f,72,74,00,50,6f,6c,69,63,79,41,67,65,6e,74,00,50,\
6c,75,67,50,6c,61,79,4d,61,6e,61,67,65,72,00,70,65,72,63,32,00,70,63,6d,63,\
69,61,00,70,63,69,69,64,65,00,70,63,69,00,70,61,72,76,64,6d,00,70,61,72,74,\
6d,67,72,00,70,61,72,70,6f,72,74,00,4f,53,50,46,4d,69,62,00,4f,53,50,46,00,\
4e,56,45,4e,45,54,00,6e,75,6c,6c,00,4e,74,53,65,72,76,69,63,65,50,61,63,6b,\
00,6e,74,66,73,00,6e,70,66,73,00,4e,6c,61,00,4e,65,74,6c,6f,67,6f,6e,00,4e,\
65,74,44,44,45,00,4e,65,74,42,54,00,4e,65,74,42,49,4f,53,00,4e,64,69,73,57,\
61,6e,00,6e,64,69,73,00,4d,75,70,00,6d,73,66,73,00,6d,73,61,64,6c,69,62,00,\
4d,72,78,53,6d,62,00,4d,52,78,44,41,56,00,6d,72,61,69,64,33,35,78,00,6d,6f,\
75,68,69,64,00,6d,6f,75,63,6c,61,73,73,00,4d,6f,64,65,6d,00,4c,73,61,53,72,\
76,00,4c,6d,48,6f,73,74,73,00,4c,44,4d,53,00,4c,44,4d,00,6c,62,72,74,66,64,\
63,00,4b,65,72,62,65,72,6f,73,00,6b,62,64,63,6c,61,73,73,00,69,73,61,70,6e,\
70,00,49,50,58,53,41,50,00,49,50,58,52,6f,75,74,65,72,4d,61,6e,61,67,65,72,\
00,49,50,58,52,49,50,00,49,50,58,43,50,00,49,50,53,65,63,00,49,50,52,6f,75,\
74,65,72,4d,61,6e,61,67,65,72,00,49,50,52,49,50,32,00,49,50,4e,41,54,48,4c,\
50,00,49,50,4d,47,4d,00,49,50,42,4f,4f,54,50,00,69,6e,74,65,6c,69,64,65,00,\
69,6e,69,39,31,30,75,00,49,47,4d,50,76,32,00,69,38,30,34,32,70,72,74,00,69,\
32,6f,6d,70,00,69,32,6f,6d,67,6d,74,00,48,74,74,70,00,68,70,6e,00,66,74,64,\
69,73,6b,00,66,73,5f,72,65,63,00,66,6c,70,79,64,69,73,6b,00,46,69,70,73,00,\
66,64,63,00,66,61,73,74,66,61,74,00,65,76,65,6e,74,6c,6f,67,00,65,66,73,00,\
64,70,74,69,32,6f,00,44,6e,73,63,61,63,68,65,00,44,6e,73,61,70,69,00,64,6d,\
69,6f,00,64,6d,62,6f,6f,74,00,44,69,73,74,72,69,62,75,74,65,64,20,4c,69,6e,\
6b,20,54,72,61,63,6b,69,6e,67,20,43,6c,69,65,6e,74,00,64,69,73,6b,00,44,68,\
63,70,00,44,66,73,53,76,63,00,44,66,73,44,72,69,76,65,72,00,44,43,4f,4d,00,\
64,61,63,39,36,30,6e,74,00,64,61,63,32,77,32,6b,00,63,70,71,61,72,72,61,79,\
00,63,6d,64,69,64,65,00,63,68,61,6e,67,65,72,00,63,64,72,6f,6d,00,43,64,6d,\
00,63,64,66,73,00,63,64,61,75,64,69,6f,00,63,64,32,30,78,72,6e,74,00,63,62,\
69,64,66,32,6b,00,42,72,6f,77,73,65,72,00,42,49,54,53,00,62,65,65,70,00,41,\
74,6d,61,72,70,63,00,61,74,69,32,6d,74,61,67,00,41,74,69,20,48,6f,74,4b,65,\
79,20,50,6f,6c,6c,65,72,00,61,74,64,69,73,6b,00,61,74,61,70,69,00,41,73,79,\
6e,63,4d,61,63,00,61,73,63,33,35,35,30,00,61,73,63,33,33,35,30,70,00,61,73,\
63,00,41,70,70,6c,69,63,61,74,69,6f,6e,20,50,6f,70,75,70,00,61,70,70,68,65,\
6c,70,00,61,6d,73,69,6e,74,00,61,6d,69,30,6e,74,00,41,6d,64,4b,37,00,61,6c,\
69,69,64,65,00,41,6c,65,72,74,65,72,00,61,69,63,37,38,78,78,00,61,69,63,37,\
38,75,32,00,61,68,61,31,35,34,78,00,61,64,70,75,31,36,30,6d,00,61,63,70,69,\
65,63,00,61,63,70,69,00,61,62,70,34,38,30,6e,35,00,61,62,69,6f,73,64,73,6b,\
00,53,79,73,74,65,6d,00,00
"RestrictGuestAccess"=dword:00000001
"EventMessageFile"="%systemroot%\\system32\\stisvc.exe"
"TypesSupported"=hex:07,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\abiosdsk]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,49,6f,4c,6f,67,4d,73,67,2e,64,6c,6c,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\abp480n5]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,49,6f,4c,6f,67,4d,73,67,2e,64,6c,6c,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\acpi]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,49,6f,4c,6f,67,4d,73,67,2e,64,6c,6c,3b,25,53,79,73,74,65,6d,\
52,6f,6f,74,25,5c,53,79,73,74,65,6d,33,32,5c,44,72,69,76,65,72,73,5c,61,63,\
70,69,2e,73,79,73,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\acpiec]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,49,6f,4c,6f,67,4d,73,67,2e,64,6c,6c,3b,25,53,79,73,74,65,6d,\
52,6f,6f,74,25,5c,53,79,73,74,65,6d,33,32,5c,44,72,69,76,65,72,73,5c,61,63,\
70,69,65,63,2e,73,79,73,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\adpu160m]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,49,6f,4c,6f,67,4d,73,67,2e,64,6c,6c,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\aha154x]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,49,6f,4c,6f,67,4d,73,67,2e,64,6c,6c,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\aic78u2]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,49,6f,4c,6f,67,4d,73,67,2e,64,6c,6c,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\aic78xx]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,49,6f,4c,6f,67,4d,73,67,2e,64,6c,6c,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\Alerter]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,6e,65,74,6d,73,67,2e,64,6c,6c,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\aliide]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,49,6f,4c,6f,67,4d,73,67,2e,64,6c,6c,3b,25,53,79,73,74,65,6d,\
52,6f,6f,74,25,5c,53,79,73,74,65,6d,33,32,5c,44,72,69,76,65,72,73,5c,41,6c,\
69,49,64,65,2e,73,79,73,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\AmdK7]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,49,6f,4c,6f,67,4d,73,67,2e,64,6c,6c,3b,25,53,79,73,74,65,6d,\
52,6f,6f,74,25,5c,53,79,73,74,65,6d,33,32,5c,64,72,69,76,65,72,73,5c,61,6d,\
64,6b,37,2e,73,79,73,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\ami0nt]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,49,6f,4c,6f,67,4d,73,67,2e,64,6c,6c,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\amsint]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,49,6f,4c,6f,67,4d,73,67,2e,64,6c,6c,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\apphelp]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,61,70,70,68,65,6c,70,2e,64,6c,6c,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\Application Popup]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,6e,74,64,6c,6c,2e,64,6c,6c,3b,25,53,79,73,74,65,6d,52,6f,6f,\
74,25,5c,53,79,73,74,65,6d,33,32,5c,78,70,73,70,32,72,65,73,2e,64,6c,6c,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\asc]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,49,6f,4c,6f,67,4d,73,67,2e,64,6c,6c,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\asc3350p]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,49,6f,4c,6f,67,4d,73,67,2e,64,6c,6c,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\asc3550]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,49,6f,4c,6f,67,4d,73,67,2e,64,6c,6c,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\AsyncMac]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,6d,70,72,6d,73,67,2e,64,6c,6c,00
"TypesSupported"=dword:0000001f

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\atapi]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,49,6f,4c,6f,67,4d,73,67,2e,64,6c,6c,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\atdisk]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,49,6f,4c,6f,67,4d,73,67,2e,64,6c,6c,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\Ati HotKey Poller]
"EventMessageFile"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,73,79,73,74,65,6d,\
33,32,5c,41,74,69,32,65,76,78,78,2e,65,78,65,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\ati2mtag]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,49,6f,4c,6f,67,4d,73,67,2e,64,6c,6c,3b,25,53,79,73,74,65,6d,\
52,6f,6f,74,25,5c,53,79,73,74,65,6d,33,32,5c,64,72,69,76,65,72,73,5c,61,74,\
69,32,6d,74,61,67,2e,73,79,73,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\Atmarpc]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,6e,65,74,65,76,65,6e,74,2e,64,6c,6c,3b,25,53,79,73,74,65,6d,\
52,6f,6f,74,25,5c,53,79,73,74,65,6d,33,32,5c,78,70,73,70,32,72,65,73,2e,64,\
6c,6c,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\beep]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,49,6f,4c,6f,67,4d,73,67,2e,64,6c,6c,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\BITS]
"TypesSupported"=dword:00000007
"CategoryCount"=dword:00000001
"CategoryMessageFile"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,\
74,65,6d,33,32,5c,78,70,6f,62,32,72,65,73,2e,64,6c,6c,00
"EventMessageFile"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,\
65,6d,33,32,5c,78,70,6f,62,32,72,65,73,2e,64,6c,6c,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\Browser]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,6e,65,74,65,76,65,6e,74,2e,64,6c,6c,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\cbidf2k]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,49,6f,4c,6f,67,4d,73,67,2e,64,6c,6c,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\cd20xrnt]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,49,6f,4c,6f,67,4d,73,67,2e,64,6c,6c,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\cdaudio]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,49,6f,4c,6f,67,4d,73,67,2e,64,6c,6c,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\cdfs]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,49,6f,4c,6f,67,4d,73,67,2e,64,6c,6c,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\Cdm]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\cdrom]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,49,6f,4c,6f,67,4d,73,67,2e,64,6c,6c,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\changer]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,49,6f,4c,6f,67,4d,73,67,2e,64,6c,6c,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\cmdide]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,49,6f,4c,6f,67,4d,73,67,2e,64,6c,6c,3b,25,53,79,73,74,65,6d,\
52,6f,6f,74,25,5c,53,79,73,74,65,6d,33,32,5c,44,72,69,76,65,72,73,5c,43,6d,\
64,49,64,65,2e,73,79,73,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\cpqarray]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,49,6f,4c,6f,67,4d,73,67,2e,64,6c,6c,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\dac2w2k]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,49,6f,4c,6f,67,4d,73,67,2e,64,6c,6c,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\dac960nt]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,49,6f,4c,6f,67,4d,73,67,2e,64,6c,6c,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\DCOM]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,6e,65,74,65,76,65,6e,74,2e,64,6c,6c,3b,25,53,79,73,74,65,6d,\
52,6f,6f,74,25,5c,53,79,73,74,65,6d,33,32,5c,78,70,73,70,32,72,65,73,2e,64,\
6c,6c,00
"ParameterMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,\
74,65,6d,33,32,5c,6b,65,72,6e,65,6c,33,32,2e,64,6c,6c,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\DfsDriver]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,6e,65,74,65,76,65,6e,74,2e,64,6c,6c,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\DfsSvc]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,6e,65,74,65,76,65,6e,74,2e,64,6c,6c,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\Dhcp]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,64,68,63,70,63,73,76,63,2e,64,6c,6c,00
"ParameterMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,\
74,65,6d,33,32,5c,6b,65,72,6e,65,6c,33,32,2e,64,6c,6c,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\disk]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,49,6f,4c,6f,67,4d,73,67,2e,64,6c,6c,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\Distributed Link Tracking Client]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,6e,65,74,65,76,65,6e,74,2e,64,6c,6c,00
"TypesSupported"=dword:00000007
brispie
2007-05-23, 23:56
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\dmboot]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,44,72,69,76,65,72,73,5c,64,6d,62,6f,6f,74,2e,73,79,73,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\dmio]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,49,6f,4c,6f,67,4d,73,67,2e,64,6c,6c,3b,25,53,79,73,74,65,6d,\
52,6f,6f,74,25,5c,53,79,73,74,65,6d,33,32,5c,44,72,69,76,65,72,73,5c,64,6d,\
69,6f,2e,73,79,73,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\Dnsapi]
"ParameterMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,\
74,65,6d,33,32,5c,6b,65,72,6e,65,6c,33,32,2e,64,6c,6c,00
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,6e,65,74,65,76,65,6e,74,2e,64,6c,6c,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\Dnscache]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,6e,65,74,65,76,65,6e,74,2e,64,6c,6c,3b,25,53,79,73,74,65,6d,\
52,6f,6f,74,25,5c,53,79,73,74,65,6d,33,32,5c,78,70,73,70,32,72,65,73,2e,64,\
6c,6c,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\dpti2o]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,49,6f,4c,6f,67,4d,73,67,2e,64,6c,6c,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\efs]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,6c,73,61,73,72,76,2e,64,6c,6c,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\eventlog]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,6e,65,74,65,76,65,6e,74,2e,64,6c,6c,00
"TypesSupported"=dword:00000007


[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\fastfat]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,49,6f,4c,6f,67,4d,73,67,2e,64,6c,6c,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\fdc]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,49,6f,4c,6f,67,4d,73,67,2e,64,6c,6c,3b,25,53,79,73,74,65,6d,\
52,6f,6f,74,25,5c,53,79,73,74,65,6d,33,32,5c,44,72,69,76,65,72,73,5c,66,64,\
63,2e,73,79,73,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\Fips]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,44,72,69,76,65,72,73,5c,66,69,70,73,2e,73,79,73,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\flpydisk]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,49,6f,4c,6f,67,4d,73,67,2e,64,6c,6c,3b,25,53,79,73,74,65,6d,\
52,6f,6f,74,25,5c,53,79,73,74,65,6d,33,32,5c,44,72,69,76,65,72,73,5c,66,6c,\
70,79,64,69,73,6b,2e,73,79,73,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\fs_rec]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,49,6f,4c,6f,67,4d,73,67,2e,64,6c,6c,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\ftdisk]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,49,6f,4c,6f,67,4d,73,67,2e,64,6c,6c,3b,25,53,79,73,74,65,6d,\
52,6f,6f,74,25,5c,53,79,73,74,65,6d,33,32,5c,44,72,69,76,65,72,73,5c,46,74,\
44,69,73,6b,2e,73,79,73,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\hpn]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,49,6f,4c,6f,67,4d,73,67,2e,64,6c,6c,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\Http]
"TypesSupported"=dword:00000007
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,78,70,73,70,32,72,65,73,2e,64,6c,6c,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\i2omgmt]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,49,6f,4c,6f,67,4d,73,67,2e,64,6c,6c,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\i2omp]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,49,6f,4c,6f,67,4d,73,67,2e,64,6c,6c,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\i8042prt]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,49,6f,4c,6f,67,4d,73,67,2e,64,6c,6c,3b,25,53,79,73,74,65,6d,\
52,6f,6f,74,25,5c,53,79,73,74,65,6d,33,32,5c,64,72,69,76,65,72,73,5c,69,38,\
30,34,32,70,72,74,2e,73,79,73,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\IGMPv2]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,69,67,6d,70,76,32,2e,64,6c,6c,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\ini910u]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,49,6f,4c,6f,67,4d,73,67,2e,64,6c,6c,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\intelide]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,49,6f,4c,6f,67,4d,73,67,2e,64,6c,6c,3b,25,53,79,73,74,65,6d,\
52,6f,6f,74,25,5c,53,79,73,74,65,6d,33,32,5c,44,72,69,76,65,72,73,5c,49,6e,\
74,65,6c,49,64,65,2e,73,79,73,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\IPBOOTP]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,69,70,62,6f,6f,74,70,2e,64,6c,6c,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\IPMGM]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,72,74,6d,2e,64,6c,6c,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\IPNATHLP]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,69,70,6e,61,74,68,6c,70,2e,64,6c,6c,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\IPRIP2]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,69,70,72,69,70,32,2e,64,6c,6c,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\IPRouterManager]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,6d,70,72,6d,73,67,2e,64,6c,6c,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\IPSec]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,6e,65,74,65,76,65,6e,74,2e,64,6c,6c,3b,25,53,79,73,74,65,6d,\
52,6f,6f,74,25,5c,53,79,73,74,65,6d,33,32,5c,78,70,73,70,32,72,65,73,2e,64,\
6c,6c,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\IPXCP]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,6d,70,72,6d,73,67,2e,64,6c,6c,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\IPXRIP]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,6d,70,72,6d,73,67,2e,64,6c,6c,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\IPXRouterManager]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,6d,70,72,6d,73,67,2e,64,6c,6c,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\IPXSAP]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,6d,70,72,6d,73,67,2e,64,6c,6c,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\isapnp]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,49,6f,4c,6f,67,4d,73,67,2e,64,6c,6c,3b,25,53,79,73,74,65,6d,\
52,6f,6f,74,25,5c,53,79,73,74,65,6d,33,32,5c,64,72,69,76,65,72,73,5c,69,73,\
61,70,6e,70,2e,73,79,73,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\kbdclass]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,49,6f,4c,6f,67,4d,73,67,2e,64,6c,6c,3b,25,53,79,73,74,65,6d,\
52,6f,6f,74,25,5c,53,79,73,74,65,6d,33,32,5c,64,72,69,76,65,72,73,5c,6b,62,\
64,63,6c,61,73,73,2e,73,79,73,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\Kerberos]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,6b,65,72,62,65,72,6f,73,2e,64,6c,6c,3b,25,53,79,73,74,65,6d,\
52,6f,6f,74,25,5c,53,79,73,74,65,6d,33,32,5c,78,70,73,70,32,72,65,73,2e,64,\
6c,6c,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\lbrtfdc]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,49,6f,4c,6f,67,4d,73,67,2e,64,6c,6c,3b,25,53,79,73,74,65,6d,\
52,6f,6f,74,25,5c,53,79,73,74,65,6d,33,32,5c,44,72,69,76,65,72,73,5c,6c,62,\
72,74,66,64,63,2e,73,79,73,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\LDM]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,64,6d,61,64,6d,69,6e,2e,65,78,65,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\LDMS]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,64,6d,73,65,72,76,65,72,2e,64,6c,6c,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\LmHosts]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,6e,65,74,65,76,65,6e,74,2e,64,6c,6c,3b,25,53,79,73,74,65,6d,\
52,6f,6f,74,25,5c,53,79,73,74,65,6d,33,32,5c,78,70,73,70,32,72,65,73,2e,64,\
6c,6c,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\LsaSrv]
"TypesSupported"=dword:00000007
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,6c,73,61,73,72,76,2e,64,6c,6c,00
"CategoryMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,\
74,65,6d,33,32,5c,6c,73,61,73,72,76,2e,64,6c,6c,00
"CategoryCount"=dword:00000004

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\Modem]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,49,6f,4c,6f,67,4d,73,67,2e,64,6c,6c,3b,25,53,79,73,74,65,6d,\
52,6f,6f,74,25,5c,53,79,73,74,65,6d,33,32,5c,44,72,69,76,65,72,73,5c,4d,6f,\
64,65,6d,2e,73,79,73,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\mouclass]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,49,6f,4c,6f,67,4d,73,67,2e,64,6c,6c,3b,25,53,79,73,74,65,6d,\
52,6f,6f,74,25,5c,53,79,73,74,65,6d,33,32,5c,64,72,69,76,65,72,73,5c,6d,6f,\
75,63,6c,61,73,73,2e,73,79,73,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\mouhid]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,49,6f,4c,6f,67,4d,73,67,2e,64,6c,6c,3b,25,53,79,73,74,65,6d,\
52,6f,6f,74,25,5c,53,79,73,74,65,6d,33,32,5c,64,72,69,76,65,72,73,5c,6d,6f,\
75,68,69,64,2e,73,79,73,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\mraid35x]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,49,6f,4c,6f,67,4d,73,67,2e,64,6c,6c,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\MRxDAV]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,6e,65,74,65,76,65,6e,74,2e,64,6c,6c,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\MrxSmb]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,6e,65,74,65,76,65,6e,74,2e,64,6c,6c,3b,25,53,79,73,74,65,6d,\
52,6f,6f,74,25,5c,53,79,73,74,65,6d,33,32,5c,69,6f,6c,6f,67,6d,73,67,2e,64,\
6c,6c,00
"TypesSupported"=dword:00000007
"ParameterMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,\
74,65,6d,33,32,5c,6b,65,72,6e,65,6c,33,32,2e,64,6c,6c,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\msadlib]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,49,6f,4c,6f,67,4d,73,67,2e,64,6c,6c,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\msfs]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,49,6f,4c,6f,67,4d,73,67,2e,64,6c,6c,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\Mup]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,6e,65,74,65,76,65,6e,74,2e,64,6c,6c,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\ndis]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,6e,65,74,65,76,65,6e,74,2e,64,6c,6c,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\NdisWan]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,6d,70,72,6d,73,67,2e,64,6c,6c,00
"TypesSupported"=dword:0000001f

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\NetBIOS]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,69,6f,6c,6f,67,6d,73,67,2e,64,6c,6c,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\NetBT]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,6e,65,74,65,76,65,6e,74,2e,64,6c,6c,3b,25,53,79,73,74,65,6d,\
52,6f,6f,74,25,5c,53,79,73,74,65,6d,33,32,5c,78,70,73,70,32,72,65,73,2e,64,\
6c,6c,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\NetDDE]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,6e,65,74,64,64,65,2e,65,78,65,00
"TypesSupported"=dword:0000001f

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\Netlogon]
"ParameterMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,\
74,65,6d,33,32,5c,6b,65,72,6e,65,6c,33,32,2e,64,6c,6c,00
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,6e,65,74,6d,73,67,2e,64,6c,6c,00
"TypesSupported"=dword:00000007
brispie
2007-05-23, 23:57
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\Nla]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,6e,65,74,65,76,65,6e,74,2e,64,6c,6c,3b,25,53,79,73,74,65,6d,\
52,6f,6f,74,25,5c,53,79,73,74,65,6d,33,32,5c,78,70,73,70,32,72,65,73,2e,64,\
6c,6c,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\npfs]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,49,6f,4c,6f,67,4d,73,67,2e,64,6c,6c,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\ntfs]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,49,6f,4c,6f,67,4d,73,67,2e,64,6c,6c,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\NtServicePack]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,73,70,6d,73,67,2e,64,6c,6c,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\null]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,49,6f,4c,6f,67,4d,73,67,2e,64,6c,6c,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\NVENET]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,6e,65,74,65,76,65,6e,74,2e,64,6c,6c,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\OSPF]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,6f,73,70,66,2e,64,6c,6c,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\OSPFMib]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,6f,73,70,66,6d,69,62,2e,64,6c,6c,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\parport]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,49,6f,4c,6f,67,4d,73,67,2e,64,6c,6c,3b,25,53,79,73,74,65,6d,\
52,6f,6f,74,25,5c,53,79,73,74,65,6d,33,32,5c,64,72,69,76,65,72,73,5c,70,61,\
72,70,6f,72,74,2e,73,79,73,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\partmgr]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,49,6f,4c,6f,67,4d,73,67,2e,64,6c,6c,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\parvdm]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,49,6f,4c,6f,67,4d,73,67,2e,64,6c,6c,3b,25,53,79,73,74,65,6d,\
52,6f,6f,74,25,5c,53,79,73,74,65,6d,33,32,5c,44,72,69,76,65,72,73,5c,50,61,\
72,56,64,6d,2e,73,79,73,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\pci]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,49,6f,4c,6f,67,4d,73,67,2e,64,6c,6c,3b,25,53,79,73,74,65,6d,\
52,6f,6f,74,25,5c,53,79,73,74,65,6d,33,32,5c,44,72,69,76,65,72,73,5c,50,63,\
69,2e,73,79,73,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\pciide]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,49,6f,4c,6f,67,4d,73,67,2e,64,6c,6c,3b,25,53,79,73,74,65,6d,\
52,6f,6f,74,25,5c,53,79,73,74,65,6d,33,32,5c,44,72,69,76,65,72,73,5c,50,63,\
69,49,64,65,2e,73,79,73,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\pcmcia]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,49,6f,4c,6f,67,4d,73,67,2e,64,6c,6c,3b,25,53,79,73,74,65,6d,\
52,6f,6f,74,25,5c,53,79,73,74,65,6d,33,32,5c,44,72,69,76,65,72,73,5c,50,63,\
6d,63,69,61,2e,73,79,73,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\perc2]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,49,6f,4c,6f,67,4d,73,67,2e,64,6c,6c,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\PlugPlayManager]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,75,6d,70,6e,70,6d,67,72,2e,64,6c,6c,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\PolicyAgent]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,70,6f,6c,61,67,65,6e,74,2e,64,6c,6c,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\PptpMiniport]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,6e,65,74,65,76,65,6e,74,2e,64,6c,6c,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\Print]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,4c,6f,63,61,6c,53,70,6c,2e,64,6c,6c,3b,25,53,79,73,74,65,6d,\
52,6f,6f,74,25,5c,53,79,73,74,65,6d,33,32,5c,78,70,73,70,32,72,65,73,2e,64,\
6c,6c,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\PSched]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,6e,65,74,65,76,65,6e,74,2e,64,6c,6c,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\PxHelp20]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,49,6f,4c,6f,67,4d,73,67,2e,64,6c,6c,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\ql1080]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,49,6f,4c,6f,67,4d,73,67,2e,64,6c,6c,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\ql10wnt]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,49,6f,4c,6f,67,4d,73,67,2e,64,6c,6c,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\ql12160]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,49,6f,4c,6f,67,4d,73,67,2e,64,6c,6c,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\ql1240]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,49,6f,4c,6f,67,4d,73,67,2e,64,6c,6c,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\ql1280]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,49,6f,4c,6f,67,4d,73,67,2e,64,6c,6c,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\RasAuto]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,6d,70,72,6d,73,67,2e,64,6c,6c,00
"TypesSupported"=dword:0000001f

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\RasMan]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,6d,70,72,6d,73,67,2e,64,6c,6c,00
"TypesSupported"=dword:0000001f

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\Rdbss]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,6e,65,74,65,76,65,6e,74,2e,64,6c,6c,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\redbook]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,49,6f,4c,6f,67,4d,73,67,2e,64,6c,6c,3b,25,53,79,73,74,65,6d,\
52,6f,6f,74,25,5c,53,79,73,74,65,6d,33,32,5c,64,72,69,76,65,72,73,5c,72,65,\
64,62,6f,6f,6b,2e,73,79,73,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\RemoteAccess]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,6d,70,72,6d,73,67,2e,64,6c,6c,00
"ParameterMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,\
74,65,6d,33,32,5c,69,61,73,73,76,63,73,2e,64,6c,6c,00
"TypesSupported"=dword:0000001f

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\Removable Storage Service]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,4e,54,4d,53,45,56,54,2e,44,4c,4c,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\RSVP]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,72,73,76,70,6d,73,67,2e,64,6c,6c,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\rtl8139]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,6e,65,74,65,76,65,6e,74,2e,64,6c,6c,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\SAM]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,73,61,6d,73,72,76,2e,64,6c,6c,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\Save Dump]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,53,61,76,65,44,75,6d,70,2e,65,78,65,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\SCardSvr]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,53,43,61,72,64,53,76,72,2e,65,78,65,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\Schannel]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,\
65,6d,33,32,5c,6c,73,61,73,72,76,2e,64,6c,6c,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\Schedule]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,6e,65,74,65,76,65,6e,74,2e,64,6c,6c,00
"ParameterMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,\
74,65,6d,33,32,5c,6b,65,72,6e,65,6c,33,32,2e,64,6c,6c,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\scsiport]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,49,6f,4c,6f,67,4d,73,67,2e,64,6c,6c,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\serial]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,49,6f,4c,6f,67,4d,73,67,2e,64,6c,6c,3b,25,53,79,73,74,65,6d,\
52,6f,6f,74,25,5c,53,79,73,74,65,6d,33,32,5c,64,72,69,76,65,72,73,5c,73,65,\
72,69,61,6c,2e,73,79,73,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\Server]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,6e,65,74,65,76,65,6e,74,2e,64,6c,6c,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\Service Control Manager]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,6e,65,74,65,76,65,6e,74,2e,64,6c,6c,00
"ParameterMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,\
74,65,6d,33,32,5c,6b,65,72,6e,65,6c,33,32,2e,64,6c,6c,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\Setup]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,73,79,73,73,65,74,75,70,2e,64,6c,6c,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\sfloppy]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,49,6f,4c,6f,67,4d,73,67,2e,64,6c,6c,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\SideBySide]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,73,78,73,2e,64,6c,6c,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\Simbad]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,49,6f,4c,6f,67,4d,73,67,2e,64,6c,6c,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\sndblst]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,49,6f,4c,6f,67,4d,73,67,2e,64,6c,6c,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\sparrow]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,49,6f,4c,6f,67,4d,73,67,2e,64,6c,6c,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\sr]
"EventMessageFile"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,73,79,73,74,65,6d,\
33,32,5c,49,6f,4c,6f,67,4d,73,67,2e,64,6c,6c,3b,43,3a,5c,57,49,4e,44,4f,57,\
53,5c,73,79,73,74,65,6d,33,32,5c,44,52,49,56,45,52,53,5c,73,72,2e,73,79,73,\
00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\srservice]
"EventMessageFile"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,73,79,73,74,65,6d,\
33,32,5c,73,72,73,76,63,2e,64,6c,6c,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\Srv]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,6e,65,74,65,76,65,6e,74,2e,64,6c,6c,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\SSDPSRV]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\StillImage]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,77,69,61,73,65,72,76,63,2e,64,6c,6c,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\symc810]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,49,6f,4c,6f,67,4d,73,67,2e,64,6c,6c,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\symc8xx]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,49,6f,4c,6f,67,4d,73,67,2e,64,6c,6c,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\sym_hi]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,49,6f,4c,6f,67,4d,73,67,2e,64,6c,6c,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\sym_u3]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,49,6f,4c,6f,67,4d,73,67,2e,64,6c,6c,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\System]
"CategoryCount"=dword:00000007
"CategoryMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,\
74,65,6d,33,32,5c,65,76,65,6e,74,6c,6f,67,2e,64,6c,6c,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\System Error]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,66,61,75,6c,74,72,65,70,2e,64,6c,6c,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\Tcpip]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,6e,65,74,65,76,65,6e,74,2e,64,6c,6c,3b,25,53,79,73,74,65,6d,\
52,6f,6f,74,25,5c,53,79,73,74,65,6d,33,32,5c,78,70,73,70,32,72,65,73,2e,64,\
6c,6c,00
"TypesSupported"=dword:00000007
brispie
2007-05-23, 23:58
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\TCPMon]
"TypesSupported"=dword:00000007
"EventMessageFile"="%SystemRoot%\\System32\\tcpmon.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\tdi]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,49,6f,4c,6f,67,4d,73,67,2e,64,6c,6c,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\TermDD]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,6e,74,64,6c,6c,2e,64,6c,6c,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\TermServDevices]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,77,6c,6e,6f,74,69,66,79,2e,64,6c,6c,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\TermService]
"TypesSupported"=dword:00000007
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,74,65,72,6d,73,72,76,2e,64,6c,6c,3b,25,53,79,73,74,65,6d,52,\
6f,6f,74,25,5c,53,79,73,74,65,6d,33,32,5c,6e,74,64,6c,6c,2e,64,6c,6c,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\TermServSessDir]
"TypesSupported"=dword:00000007
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,74,73,73,64,69,73,2e,65,78,65,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\toside]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,49,6f,4c,6f,67,4d,73,67,2e,64,6c,6c,3b,25,53,79,73,74,65,6d,\
52,6f,6f,74,25,5c,53,79,73,74,65,6d,33,32,5c,44,72,69,76,65,72,73,5c,54,6f,\
73,49,64,65,2e,73,79,73,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\udfs]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,49,6f,4c,6f,67,4d,73,67,2e,64,6c,6c,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\ultra]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,49,6f,4c,6f,67,4d,73,67,2e,64,6c,6c,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\UPS]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,6e,65,74,6d,73,67,2e,64,6c,6c,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\USER32]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,75,73,65,72,33,32,2e,64,6c,6c,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\VgaSave]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,49,6f,4c,6f,67,4d,73,67,2e,64,6c,6c,3b,25,53,79,73,74,65,6d,\
52,6f,6f,74,25,5c,53,79,73,74,65,6d,33,32,5c,44,72,69,76,65,72,73,5c,76,67,\
61,2e,73,79,73,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\viaide]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,49,6f,4c,6f,67,4d,73,67,2e,64,6c,6c,3b,25,53,79,73,74,65,6d,\
52,6f,6f,74,25,5c,53,79,73,74,65,6d,33,32,5c,44,72,69,76,65,72,73,5c,56,69,\
61,49,64,65,2e,73,79,73,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\VolSnap]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,49,6f,4c,6f,67,4d,73,67,2e,64,6c,6c,3b,25,53,79,73,74,65,6d,\
52,6f,6f,74,25,5c,53,79,73,74,65,6d,33,32,5c,44,72,69,76,65,72,73,5c,56,6f,\
6c,53,6e,61,70,2e,73,79,73,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\W32Time]
"EventMessageFile"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,73,79,73,74,65,6d,\
33,32,5c,77,33,32,74,69,6d,65,2e,64,6c,6c,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\WgaNotify]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,73,70,6d,73,67,2e,64,6c,6c,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\Win32k]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,77,69,6e,33,32,6b,2e,73,79,73,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\Windows File Protection]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,73,66,63,5f,6f,73,2e,64,6c,6c,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\Windows Installer 3.1]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,73,70,6d,73,67,2e,64,6c,6c,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\Windows Script Host]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,77,73,68,65,78,74,2e,64,6c,6c,00
"TypesSupported"=dword:00000018

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\Windows Update Agent]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,\
65,6d,33,32,5c,77,75,61,75,63,70,6c,2e,63,70,6c,00
"TypesSupported"=dword:00000007
"CategoryMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,\
74,65,6d,33,32,5c,77,75,61,75,63,70,6c,2e,63,70,6c,00
"CategoryCount"=dword:00000009

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\WindowsMedia]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,73,70,6d,73,67,2e,64,6c,6c,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\Workstation]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,6e,65,74,6d,73,67,2e,64,6c,6c,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\WZCSVC]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,77,7a,63,73,76,63,2e,64,6c,6c,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventSystem]
"Type"=dword:00000020
"Start"=dword:00000003
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,73,79,73,74,65,6d,33,32,5c,\
73,76,63,68,6f,73,74,2e,65,78,65,20,2d,6b,20,6e,65,74,73,76,63,73,00
"DisplayName"="COM+ Event System"
"Group"="Network"
"DependOnService"=hex(7):52,50,43,53,53,00,00
"DependOnGroup"=hex(7):00
"ObjectName"="LocalSystem"
"Description"="Supports System Event Notification Service (SENS), which provides automatic distribution of events to subscribing Component Object Model (COM) components. If the service is stopped, SENS will close and will not be able to provide logon and logoff notifications. If this service is disabled, any services that explicitly depend on it will fail to start."

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventSystem\Parameters]
"ServiceDll"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,73,79,73,74,65,6d,33,32,\
5c,65,73,2e,64,6c,6c,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventSystem\Security]
"Security"=hex:01,00,14,80,7c,00,00,00,88,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,4c,00,03,00,00,00,00,00,14,00,9d,01,02,00,01,01,00,00,00,00,00,\
05,0b,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
20,02,00,00,00,00,18,00,8d,00,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,\
02,00,00,01,01,00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,\
00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventSystem\Enum]
"0"="Root\\LEGACY_EVENTSYSTEM\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ewido security suite control]
"Type"=dword:00000110
"Start"=dword:00000004
"ErrorControl"=dword:00000000
"ImagePath"=hex(2):43,3a,5c,50,72,6f,67,72,61,6d,20,46,69,6c,65,73,5c,65,77,69,\
64,6f,20,61,6e,74,69,2d,6d,61,6c,77,61,72,65,5c,65,77,69,64,6f,63,74,72,6c,\
2e,65,78,65,00
"DisplayName"="ewido security suite control"
"ObjectName"="LocalSystem"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ewido security suite control\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,60,00,04,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,\
05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,\
00,18,00,fd,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,02,00,00,01,01,\
00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ewido security suite control\Enum]
"0"="Root\\LEGACY_EWIDO_SECURITY_SUITE_CONTROL\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Fastfat]
"ErrorControl"=dword:00000001
"Group"="Boot file system"
"Start"=dword:00000004
"Type"=dword:00000002

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Fastfat\Enum]
"0"="Root\\LEGACY_FASTFAT\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\FastUserSwitchingCompatibility]
"Type"=dword:00000020
"Start"=dword:00000003
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,65,6d,33,\
32,5c,73,76,63,68,6f,73,74,2e,65,78,65,20,2d,6b,20,6e,65,74,73,76,63,73,00
"DisplayName"="Fast User Switching Compatibility"
"DependOnService"=hex(7):54,65,72,6d,53,65,72,76,69,63,65,00,00
"DependOnGroup"=hex(7):00
"ObjectName"="LocalSystem"
"Description"="Provides management for applications that require assistance in a multiple user environment."

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\FastUserSwitchingCompatibility\Parameters]
"ServiceDll"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,65,6d,\
33,32,5c,73,68,73,76,63,73,2e,64,6c,6c,00
"ServiceMain"="BadApplicationServiceMain"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\FastUserSwitchingCompatibility\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,60,00,04,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,\
05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,\
00,18,00,fd,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,02,00,00,01,01,\
00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\FastUserSwitchingCompatibility\Enum]
"0"="Root\\LEGACY_FASTUSERSWITCHINGCOMPATIBILITY\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Fdc]
"ErrorControl"=dword:00000001
"Group"="System Bus Extender"
"Start"=dword:00000003
"Tag"=dword:00000002
"Type"=dword:00000001
"SetupDone"=dword:00000001
"DisplayName"="Floppy Disk Controller Driver"
"ImagePath"=hex(2):73,79,73,74,65,6d,33,32,5c,44,52,49,56,45,52,53,5c,66,64,63,\
2e,73,79,73,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Fdc\Enum]
"0"="ACPI\\PNP0700\\3&13c0b0c5&0"
"Count"=dword:00000001
"NextInstance"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Fips]
"ErrorControl"=dword:00000001
"Start"=dword:00000001
"Type"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Fips\Enum]
"0"="Root\\LEGACY_FIPS\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Flpydisk]
"ErrorControl"=dword:00000001
"Group"="Primary disk"
"Start"=dword:00000003
"Tag"=dword:00000002
"Type"=dword:00000001
"DisplayName"="Floppy Disk Driver"
"ImagePath"=hex(2):73,79,73,74,65,6d,33,32,5c,44,52,49,56,45,52,53,5c,66,6c,70,\
79,64,69,73,6b,2e,73,79,73,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Flpydisk\Enum]
"0"="FDC\\GENERIC_FLOPPY_DRIVE\\4&33bc18fa&0&0"
"Count"=dword:00000001
"NextInstance"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\FltMgr]
"Type"=dword:00000002
"Start"=dword:00000000
"ErrorControl"=dword:00000001
"Tag"=dword:00000004
"ImagePath"=hex(2):73,79,73,74,65,6d,33,32,5c,44,52,49,56,45,52,53,5c,66,6c,74,\
4d,67,72,2e,73,79,73,00
"DisplayName"="FltMgr"
"Group"="FSFilter Infrastructure"
"Description"="File System Filter Manager Driver"
"AttachWhenLoaded"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\FltMgr\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,60,00,04,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,\
05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,\
00,18,00,fd,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,02,00,00,01,01,\
00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\FltMgr\Enum]
"0"="Root\\LEGACY_FLTMGR\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Fs_Rec]
"ErrorControl"=dword:00000000
"Group"="Boot file system"
"Start"=dword:00000001
"Type"=dword:00000008

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Fs_Rec\Enum]
"0"="Root\\LEGACY_FS_REC\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Ftdisk]
"ErrorControl"=dword:00000001
"Group"="System Bus Extender"
"Start"=dword:00000000
"Tag"=dword:00000009
"Type"=dword:00000001
"DisplayName"="Volume Manager Driver"
"ImagePath"=hex(2):73,79,73,74,65,6d,33,32,5c,44,52,49,56,45,52,53,5c,66,74,64,\
69,73,6b,2e,73,79,73,00
brispie
2007-05-23, 23:59
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Ftdisk\Enum]
"0"="Root\\ftdisk\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\gameenum]
"Type"=dword:00000001
"Start"=dword:00000003
"ErrorControl"=dword:00000000
"Tag"=dword:00000005
"ImagePath"=hex(2):73,79,73,74,65,6d,33,32,5c,44,52,49,56,45,52,53,5c,67,61,6d,\
65,65,6e,75,6d,2e,73,79,73,00
"DisplayName"="Game Port Enumerator"
"Group"="Extended Base"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\gameenum\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,60,00,04,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,\
05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,\
00,18,00,fd,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,02,00,00,01,01,\
00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\gameenum\Enum]
"0"="ACPI\\PNPB02F\\3&13c0b0c5&0"
"Count"=dword:00000001
"NextInstance"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\GhostStartService]
"Type"=dword:00000010
"Start"=dword:00000002
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):43,3a,5c,50,52,4f,47,52,41,7e,31,5c,53,79,6d,61,6e,74,65,63,\
5c,4e,4f,52,54,4f,4e,7e,31,5c,47,48,4f,53,54,53,7e,32,2e,45,58,45,00
"DisplayName"="GhostStartService"
"DependOnService"=hex(7):52,50,43,53,53,00,00
"DependOnGroup"=hex(7):00
"ObjectName"="LocalSystem"
"Description"="Background service to allow Norton Ghost to perform priviledged operations"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\GhostStartService\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,60,00,04,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,\
05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,\
00,18,00,fd,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,02,00,00,01,01,\
00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\GhostStartService\Enum]
"0"="Root\\LEGACY_GHOSTSTARTSERVICE\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\GhPciScan]
"Type"=dword:00000001
"Start"=dword:00000001
"ErrorControl"=dword:00000000
"ImagePath"=hex(2):5c,3f,3f,5c,43,3a,5c,50,72,6f,67,72,61,6d,20,46,69,6c,65,73,\
5c,53,79,6d,61,6e,74,65,63,5c,4e,6f,72,74,6f,6e,20,47,68,6f,73,74,20,32,30,\
30,33,5c,67,68,70,63,69,73,63,61,6e,2e,73,79,73,00
"DisplayName"="GhostPciScanner"
"Group"="Base"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\GhPciScan\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,60,00,04,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,\
05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,\
00,18,00,fd,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,02,00,00,01,01,\
00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\GhPciScan\Enum]
"0"="Root\\LEGACY_GHPCISCAN\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Gpc]
"Type"=dword:00000001
"Start"=dword:00000003
"ErrorControl"=dword:00000001
"Tag"=dword:00000003
"ImagePath"=hex(2):73,79,73,74,65,6d,33,32,5c,44,52,49,56,45,52,53,5c,6d,73,67,\
70,63,2e,73,79,73,00
"DisplayName"="Generic Packet Classifier"
"Group"="PNP_TDI"
"Description"="Generic Packet Classifier"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Gpc\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,60,00,04,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,\
05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,\
00,18,00,fd,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,02,00,00,01,01,\
00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Gpc\Enum]
"0"="Root\\LEGACY_GPC\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\helpsvc]
"Type"=dword:00000020
"Start"=dword:00000002
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,65,6d,33,\
32,5c,73,76,63,68,6f,73,74,2e,65,78,65,20,2d,6b,20,6e,65,74,73,76,63,73,00
"DisplayName"="Help and Support"
"DependOnService"=hex(7):52,50,43,53,53,00,00
"DependOnGroup"=hex(7):00
"ObjectName"="LocalSystem"
"Description"="Enables Help and Support Center to run on this computer. If this service is stopped, Help and Support Center will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start."
"FailureActions"=hex:80,51,01,00,00,00,00,00,00,00,00,00,03,00,00,00,05,00,03,\
00,01,00,00,00,64,00,00,00,01,00,00,00,64,00,00,00,00,00,00,00,64,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\helpsvc\Parameters]
"ServiceDll"=hex(2):25,57,49,4e,44,49,52,25,5c,50,43,48,65,61,6c,74,68,5c,48,\
65,6c,70,43,74,72,5c,42,69,6e,61,72,69,65,73,5c,70,63,68,73,76,63,2e,64,6c,\
6c,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\helpsvc\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,60,00,04,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,\
05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,\
00,18,00,fd,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,02,00,00,01,01,\
00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\helpsvc\Enum]
"0"="Root\\LEGACY_HELPSVC\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\HidServ]
"DependOnService"=hex(7):52,70,63,53,73,00,00
"Description"="Enables generic input access to Human Interface Devices (HID), which activates and maintains the use of predefined hot buttons on keyboards, remote controls, and other multimedia devices. If this service is stopped, hot buttons controlled by this service will no longer function. If this service is disabled, any services that explicitly depend on it will fail to start."
"DisplayName"="Human Interface Device Access"
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,65,6d,33,\
32,5c,73,76,63,68,6f,73,74,2e,65,78,65,20,2d,6b,20,6e,65,74,73,76,63,73,00
"ObjectName"="LocalSystem"
"Start"=dword:00000004
"Type"=dword:00000020

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\HidServ\Parameters]
"ServiceDll"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,65,6d,\
33,32,5c,68,69,64,73,65,72,76,2e,64,6c,6c,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\hidusb]
"Type"=dword:00000001
"Start"=dword:00000003
"ErrorControl"=dword:00000000
"DisplayName"="Microsoft HID Class Driver"
"ImagePath"=hex(2):73,79,73,74,65,6d,33,32,5c,44,52,49,56,45,52,53,5c,68,69,64,\
75,73,62,2e,73,79,73,00
"Group"="extended base"
"Tag"=dword:00000006

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\hidusb\Enum]
"0"="USB\\Vid_06a2&Pid_0033\\5&df9f058&0&1"
"Count"=dword:00000001
"NextInstance"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\hpn]
"ErrorControl"=dword:00000001
"Group"="SCSI miniport"
"Start"=dword:00000004
"Type"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\hpn\Parameters]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\hpn\Parameters\PnpInterface]
"5"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\HTTP]
"DisplayName"="HTTP"
"Description"="This service implements the hypertext transfer protocol (HTTP). If this service is disabled, any services that explicitly depend on it will fail to start."
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):53,79,73,74,65,6d,33,32,5c,44,72,69,76,65,72,73,5c,48,54,54,\
50,2e,73,79,73,00
"Start"=dword:00000003
"Type"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\HTTP\Parameters]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\HTTP\Parameters\SslBindingInfo]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\HTTP\Parameters\UrlAclInfo]
"http://*:2869/"=hex:01,00,04,80,00,00,00,00,00,00,00,00,00,00,00,00,14,00,00,\
00,02,00,1c,00,01,00,00,00,00,00,14,00,00,00,00,20,01,01,00,00,00,00,00,05,\
13,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\HTTP\Security]
"Security"=hex:01,00,14,80,b8,00,00,00,c4,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,88,00,06,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,\
05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,\
00,18,00,fd,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,02,00,00,00,00,\
14,00,14,00,00,00,01,01,00,00,00,00,00,05,04,00,00,00,00,00,14,00,14,00,00,\
00,01,01,00,00,00,00,00,05,06,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00,\
01,01,00,00,00,00,00,05,12,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\HTTP\Enum]
"0"="Root\\LEGACY_HTTP\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\HTTPFilter]
"DependOnService"=hex(7):48,54,54,50,00,00
"Description"="This service implements the secure hypertext transfer protocol (HTTPS) for the HTTP service, using the Secure Socket Layer (SSL). If this service is disabled, any services that explicitly depend on it will fail to start."
"DisplayName"="HTTP SSL"
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,65,6d,33,\
32,5c,73,76,63,68,6f,73,74,2e,65,78,65,20,2d,6b,20,48,54,54,50,46,69,6c,74,\
65,72,00
"ObjectName"="LocalSystem"
"Start"=dword:00000003
"Type"=dword:00000020

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\HTTPFilter\Parameters]
"ServiceDll"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,65,6d,\
33,32,5c,77,33,73,73,6c,2e,64,6c,6c,00
"ServiceMain"="HTTPFilterServiceMain"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\HTTPFilter\Security]
"Security"=hex:01,00,14,80,b8,00,00,00,c4,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,88,00,06,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,\
05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,\
00,18,00,fd,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,02,00,00,00,00,\
14,00,14,00,00,00,01,01,00,00,00,00,00,05,04,00,00,00,00,00,14,00,14,00,00,\
00,01,01,00,00,00,00,00,05,06,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00,\
01,01,00,00,00,00,00,05,12,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\i2omgmt]
"ErrorControl"=dword:00000001
"Group"="SCSI Class"
"Start"=dword:00000001
"Tag"=dword:0000002d
"Type"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\i2omp]
"ErrorControl"=dword:00000001
"Group"="SCSI miniport"
"Start"=dword:00000004
"Tag"=dword:0000002d
"Type"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\i2omp\Parameters]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\i2omp\Parameters\PnpInterface]
"5"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\i8042prt]
"Type"=dword:00000001
"Start"=dword:00000001
"Group"="Keyboard Port"
"ErrorControl"=dword:00000001
"DisplayName"="i8042 Keyboard and PS/2 Mouse Port Driver"
"ImagePath"=hex(2):73,79,73,74,65,6d,33,32,5c,44,52,49,56,45,52,53,5c,69,38,30,\
34,32,70,72,74,2e,73,79,73,00
"Tag"=dword:00000004

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\i8042prt\Parameters]
"LayerDriver JPN"="kbd101.dll"
"LayerDriver KOR"="kbd101a.dll"
"PollingIterations"=dword:00002ee0
"PollingIterationsMaximum"=dword:00002ee0
"ResendIterations"=dword:00000003

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\i8042prt\Enum]
"0"="ACPI\\PNP0303\\3&13c0b0c5&0"
"Count"=dword:00000001
"NextInstance"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Imapi]
"ErrorControl"=dword:00000001
"Group"="Pnp Filter"
"Start"=dword:00000001
"Tag"=dword:00000002
"Type"=dword:00000001
"DisplayName"="CD-Burning Filter Driver"
"ImagePath"=hex(2):73,79,73,74,65,6d,33,32,5c,44,52,49,56,45,52,53,5c,69,6d,61,\
70,69,2e,73,79,73,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Imapi\Enum]
"0"="IDE\\CdRomSONY_CD-RW__CRX320EE____________________RYK3____\\3032353030313630303030303533383520202020"
"Count"=dword:00000001
"NextInstance"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ImapiService]
"Type"=dword:00000010
"Start"=dword:00000003
"ErrorControl"=dword:00000001
"ImagePath"="C:\\WINDOWS\\system32\\imapi.exe"
"ObjectName"="LocalSystem"
"DisplayName"="IMAPI CD-Burning COM Service"
"Description"="Manages CD recording using Image Mastering Applications Programming Interface (IMAPI). If this service is stopped, this computer will be unable to record CDs. If this service is disabled, any services that explicitly depend on it will fail to start."

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ImapiService\Enum]
"0"="Root\\LEGACY_IMAPISERVICE\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\inetaccs]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\inetaccs\Parameters]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ini910u]
"ErrorControl"=dword:00000001
"Group"="SCSI miniport"
"Start"=dword:00000004
"Tag"=dword:00000030
"Type"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ini910u\Parameters]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ini910u\Parameters\PnpInterface]
"5"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Inport]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Inport\Parameters]
"HzMode"=dword:00000002

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\IntelIde]
"ErrorControl"=dword:00000001
"Group"="System Bus Extender"
"Start"=dword:00000004
"Tag"=dword:00000004
"Type"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Ip6Fw]
"Type"=dword:00000001
"Start"=dword:00000003
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):73,79,73,74,65,6d,33,32,5c,44,52,49,56,45,52,53,5c,49,70,36,\
46,77,2e,73,79,73,00
"DisplayName"="IPv6 Windows Firewall Driver"
"Description"="Provides intrusion prevention service for a home or small office network."

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Ip6Fw\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,60,00,04,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,\
05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,\
00,18,00,fd,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,02,00,00,01,01,\
00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00
brispie
2007-05-24, 00:00
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\IpFilterDriver]
"Type"=dword:00000001
"Start"=dword:00000003
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):73,79,73,74,65,6d,33,32,5c,44,52,49,56,45,52,53,5c,69,70,66,\
6c,74,64,72,76,2e,73,79,73,00
"DisplayName"="IP Traffic Filter Driver"
"DependOnService"=hex(7):54,63,70,69,70,00,00
"DependOnGroup"=hex(7):00
"Description"="IP Traffic Filter Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\IpFilterDriver\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,60,00,04,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,\
05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,\
00,18,00,fd,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,02,00,00,01,01,\
00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\IpInIp]
"Type"=dword:00000001
"Start"=dword:00000003
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):73,79,73,74,65,6d,33,32,5c,44,52,49,56,45,52,53,5c,69,70,69,\
6e,69,70,2e,73,79,73,00
"DisplayName"="IP in IP Tunnel Driver"
"DependOnService"=hex(7):54,63,70,69,70,00,00
"DependOnGroup"=hex(7):00
"Description"="IP in IP Tunnel Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\IpInIp\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,60,00,04,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,\
05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,\
00,18,00,fd,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,02,00,00,01,01,\
00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\IpNat]
"DependOnGroup"=hex(7):00
"DependOnService"=hex(7):54,63,70,69,70,00,00
"Description"="IP Network Address Translator"
"DisplayName"="IP Network Address Translator"
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):73,79,73,74,65,6d,33,32,5c,44,52,49,56,45,52,53,5c,69,70,6e,\
61,74,2e,73,79,73,00
"Start"=dword:00000003
"Type"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\IpNat\Enum]
"0"="Root\\LEGACY_IPNAT\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\IPSec]
"Type"=dword:00000001
"Start"=dword:00000001
"ErrorControl"=dword:00000001
"Tag"=dword:00000005
"ImagePath"=hex(2):73,79,73,74,65,6d,33,32,5c,44,52,49,56,45,52,53,5c,69,70,73,\
65,63,2e,73,79,73,00
"DisplayName"="IPSEC driver"
"Group"="PNP_TDI"
"Description"="IPSEC driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\IPSec\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,60,00,04,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,\
05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,\
00,18,00,fd,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,02,00,00,01,01,\
00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\IPSec\Enum]
"0"="Root\\LEGACY_IPSEC\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\IRENUM]
"Type"=dword:00000001
"Start"=dword:00000003
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):73,79,73,74,65,6d,33,32,5c,44,52,49,56,45,52,53,5c,69,72,65,\
6e,75,6d,2e,73,79,73,00
"DisplayName"="IR Enumerator Service"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\IRENUM\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,60,00,04,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,\
05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,\
00,18,00,fd,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,02,00,00,01,01,\
00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ISAPISearch]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ISAPISearch\Linkage]
"Bind"="\\Dummy"
"Export"="\\Dummy"
"Route"="\\Dummy"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ISAPISearch\Performance]
"Close"="DoneCIISAPIPerformanceData"
"Collect"="CollectCIISAPIPerformanceData"
"Open"="InitializeCIISAPIPerformanceData"
"Library"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,65,6d,33,\
32,5c,71,75,65,72,79,2e,64,6c,6c,00
"Last Counter"=dword:000008de
"Last Help"=dword:000008df
"First Counter"=dword:000008ca
"First Help"=dword:000008cb
"Object List"="2250"
"WbemAdapFileSignature"=hex:0e,5a,34,78,55,08,cd,55,5e,d1,bb,15,d3,71,55,79
"WbemAdapFileTime"=hex:00,5b,4e,ea,bd,79,c4,01
"WbemAdapFileSize"=dword:0015e800
"WbemAdapStatus"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\isapnp]
"ErrorControl"=dword:00000003
"Group"="Boot Bus Extender"
"Start"=dword:00000000
"Tag"=dword:00000003
"Type"=dword:00000001
"HasBootConfig"=dword:00000000
"DisplayName"="PnP ISA/EISA Bus Driver"
"ImagePath"=hex(2):73,79,73,74,65,6d,33,32,5c,44,52,49,56,45,52,53,5c,69,73,61,\
70,6e,70,2e,73,79,73,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\isapnp\Parameters]
"ADP1502"=dword:00000001
"ADP1505"=dword:00000001
"ADP1510"=dword:00000001
"ADP1512"=dword:00000001
"ADP1515"=dword:00000001
"ADP1520"=dword:00000001
"ADP1522"=dword:00000001
"ADP3015"=dword:00000001
"ADP3215"=dword:00000001
"ADP6360"=dword:00000001
"ADP6370"=dword:00000001
"USR0014"=dword:00000001
"USR1001"=dword:00000001
"USR1002"=dword:00000001
"USR1003"=dword:00000001
"USR1004"=dword:00000001
"USR6001"=dword:00000001
"USR6002"=dword:00000001
"USR6003"=dword:00000001
"USR6004"=dword:00000001
"USR6005"=dword:00000001
"USR6006"=dword:00000001
"USR6007"=dword:00000001
"USR6008"=dword:00000001
"USR6009"=dword:00000001
"USR600A"=dword:00000001
"USR600B"=dword:00000001
"USR600C"=dword:00000001
"USR600D"=dword:00000001
"USR600E"=dword:00000001
"USR600F"=dword:00000001
"USR6010"=dword:00000001
"USR6011"=dword:00000001
"USR6012"=dword:00000001
"USR6101"=dword:00000001
"USR6020"=dword:00000001
"USR0041"=dword:00000001
"USR002C"=dword:00000001
"AZT4029"=dword:00000001
"AZT4023"=dword:00000001
"USR0040"=dword:00000001
"HAY8601"=dword:00000001
"EQX2400"=dword:00000002
"EQX0900"=dword:00000002
"EQX1B00"=dword:00000002
"EQX1700"=dword:00000002
"EQX0700"=dword:00000002
"EQX0F00"=dword:00000002
"EQX0800"=dword:00000002
"EQX1000"=dword:00000002
"EQX3F00"=dword:00000002
"EQX1200"=dword:00000002
"IBM0001"=dword:00000010

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\isapnp\Enum]
"0"="PCI\\VEN_10DE&DEV_0060&SUBSYS_00000000&REV_A4\\3&13c0b0c5&0&08"
"Count"=dword:00000001
"NextInstance"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Kbdclass]
"ErrorControl"=dword:00000001
"Group"="Keyboard Class"
"Start"=dword:00000001
"Tag"=dword:00000001
"Type"=dword:00000001
"DisplayName"="Keyboard Class Driver"
"ImagePath"=hex(2):73,79,73,74,65,6d,33,32,5c,44,52,49,56,45,52,53,5c,6b,62,64,\
63,6c,61,73,73,2e,73,79,73,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Kbdclass\Parameters]
"ConnectMultiplePorts"=dword:00000000
"KeyboardDataQueueSize"=dword:00000064
"KeyboardDeviceBaseName"="KeyboardClass"
"MaximumPortsServiced"=dword:00000003
"SendOutputToAllPorts"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Kbdclass\Enum]
"0"="Root\\RDP_KBD\\0000"
"Count"=dword:00000002
"NextInstance"=dword:00000002
"1"="ACPI\\PNP0303\\3&13c0b0c5&0"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\kmixer]
"Type"=dword:00000001
"Start"=dword:00000003
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):73,79,73,74,65,6d,33,32,5c,64,72,69,76,65,72,73,5c,6b,6d,69,\
78,65,72,2e,73,79,73,00
"DisplayName"="Microsoft Kernel Wave Audio Mixer"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\kmixer\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,60,00,04,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,\
05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,\
00,18,00,fd,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,02,00,00,01,01,\
00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\kmixer\Enum]
"Count"=dword:00000000
"NextInstance"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\KSecDD]
"ErrorControl"=dword:00000001
"Group"="Base"
"Start"=dword:00000000
"Tag"=dword:00000001
"Type"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\KSecDD\Enum]
"0"="Root\\LEGACY_KSECDD\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\lanmanserver]
"Type"=dword:00000020
"Start"=dword:00000002
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,6d,33,\
32,5c,73,76,63,68,6f,73,74,2e,65,78,65,20,2d,6b,20,6e,65,74,73,76,63,73,00
"DisplayName"="Server"
"ObjectName"="LocalSystem"
"Description"="Supports file, print, and named-pipe sharing over the network for this computer. If this service is stopped, these functions will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start."

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\lanmanserver\AutotunedParameters]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\lanmanserver\DefaultSecurity]
"SrvsvcConfigInfo"=hex:01,00,04,80,a0,00,00,00,ac,00,00,00,00,00,00,00,14,00,\
00,00,02,00,8c,00,06,00,00,00,00,00,18,00,17,00,0f,00,01,02,00,00,00,00,00,\
05,20,00,00,00,20,02,00,00,00,00,18,00,17,00,0f,00,01,02,00,00,00,00,00,05,\
20,00,00,00,25,02,00,00,00,00,14,00,17,00,0f,00,01,01,00,00,00,00,00,05,12,\
00,00,00,00,00,18,00,03,00,00,00,01,02,00,00,00,00,00,05,20,00,00,00,23,02,\
00,00,00,00,14,00,01,00,00,00,01,01,00,00,00,00,00,01,00,00,00,00,00,00,14,\
00,01,00,00,00,01,01,00,00,00,00,00,05,07,00,00,00,01,01,00,00,00,00,00,05,\
12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00
"SrvsvcTransportEnum"=hex:01,00,04,80,8c,00,00,00,98,00,00,00,00,00,00,00,14,\
00,00,00,02,00,78,00,05,00,00,00,00,00,18,00,17,00,0f,00,01,02,00,00,00,00,\
00,05,20,00,00,00,20,02,00,00,00,00,18,00,17,00,0f,00,01,02,00,00,00,00,00,\
05,20,00,00,00,25,02,00,00,00,00,14,00,17,00,0f,00,01,01,00,00,00,00,00,05,\
12,00,00,00,00,00,18,00,03,00,00,00,01,02,00,00,00,00,00,05,20,00,00,00,23,\
02,00,00,00,00,14,00,01,00,00,00,01,01,00,00,00,00,00,05,0b,00,00,00,01,01,\
00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00
"SrvsvcConnection"=hex:01,00,04,80,7c,00,00,00,88,00,00,00,00,00,00,00,14,00,\
00,00,02,00,68,00,04,00,00,00,00,00,18,00,01,00,0f,00,01,02,00,00,00,00,00,\
05,20,00,00,00,20,02,00,00,00,00,18,00,01,00,0f,00,01,02,00,00,00,00,00,05,\
20,00,00,00,25,02,00,00,00,00,18,00,01,00,00,00,01,02,00,00,00,00,00,05,20,\
00,00,00,26,02,00,00,00,00,18,00,01,00,00,00,01,02,00,00,00,00,00,05,20,00,\
00,00,23,02,00,00,01,01,00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,\
05,12,00,00,00
"SrvsvcServerDiskEnum"=hex:01,00,04,80,4c,00,00,00,58,00,00,00,00,00,00,00,14,\
00,00,00,02,00,38,00,02,00,00,00,00,00,18,00,01,00,0f,00,01,02,00,00,00,00,\
00,05,20,00,00,00,20,02,00,00,00,00,18,00,01,00,0f,00,01,02,00,00,00,00,00,\
05,20,00,00,00,25,02,00,00,01,01,00,00,00,00,00,05,12,00,00,00,01,01,00,00,\
00,00,00,05,12,00,00,00
"SrvsvcFile"=hex:01,00,04,80,64,00,00,00,70,00,00,00,00,00,00,00,14,00,00,00,\
02,00,50,00,03,00,00,00,00,00,18,00,11,00,0f,00,01,02,00,00,00,00,00,05,20,\
00,00,00,20,02,00,00,00,00,18,00,11,00,0f,00,01,02,00,00,00,00,00,05,20,00,\
00,00,25,02,00,00,00,00,18,00,11,00,0f,00,01,02,00,00,00,00,00,05,20,00,00,\
00,23,02,00,00,01,01,00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,\
12,00,00,00
"SrvsvcShareFileInfo"=hex:01,00,04,80,8c,00,00,00,98,00,00,00,00,00,00,00,14,\
00,00,00,02,00,78,00,05,00,00,00,00,00,18,00,13,00,0f,00,01,02,00,00,00,00,\
00,05,20,00,00,00,20,02,00,00,00,00,18,00,13,00,0f,00,01,02,00,00,00,00,00,\
05,20,00,00,00,25,02,00,00,00,00,18,00,13,00,0f,00,01,02,00,00,00,00,00,05,\
20,00,00,00,23,02,00,00,00,00,14,00,01,00,00,00,01,01,00,00,00,00,00,01,00,\
00,00,00,00,00,14,00,01,00,00,00,01,01,00,00,00,00,00,05,07,00,00,00,01,01,\
00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00
"SrvsvcSharePrintInfo"=hex:01,00,04,80,a4,00,00,00,b0,00,00,00,00,00,00,00,14,\
00,00,00,02,00,90,00,06,00,00,00,00,00,18,00,13,00,0f,00,01,02,00,00,00,00,\
00,05,20,00,00,00,20,02,00,00,00,00,18,00,13,00,0f,00,01,02,00,00,00,00,00,\
05,20,00,00,00,25,02,00,00,00,00,18,00,13,00,0f,00,01,02,00,00,00,00,00,05,\
20,00,00,00,26,02,00,00,00,00,18,00,13,00,0f,00,01,02,00,00,00,00,00,05,20,\
00,00,00,23,02,00,00,00,00,14,00,01,00,00,00,01,01,00,00,00,00,00,01,00,00,\
00,00,00,00,14,00,01,00,00,00,01,01,00,00,00,00,00,05,07,00,00,00,01,01,00,\
00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00
"SrvsvcShareAdminInfo"=hex:01,00,04,80,8c,00,00,00,98,00,00,00,00,00,00,00,14,\
00,00,00,02,00,78,00,05,00,00,00,00,00,18,00,13,00,0f,00,01,02,00,00,00,00,\
00,05,20,00,00,00,20,02,00,00,00,00,18,00,02,00,00,00,01,02,00,00,00,00,00,\
05,20,00,00,00,25,02,00,00,00,00,18,00,02,00,00,00,01,02,00,00,00,00,00,05,\
20,00,00,00,23,02,00,00,00,00,14,00,01,00,00,00,01,01,00,00,00,00,00,01,00,\
00,00,00,00,00,14,00,01,00,00,00,01,01,00,00,00,00,00,05,07,00,00,00,01,01,\
00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00
"SrvsvcShareConnect"=hex:01,00,04,80,8c,00,00,00,98,00,00,00,00,00,00,00,14,00,\
00,00,02,00,78,00,05,00,00,00,00,00,18,00,03,00,0f,00,01,02,00,00,00,00,00,\
05,20,00,00,00,20,02,00,00,00,00,18,00,03,00,0f,00,01,02,00,00,00,00,00,05,\
20,00,00,00,25,02,00,00,00,00,18,00,03,00,0f,00,01,02,00,00,00,00,00,05,20,\
00,00,00,27,02,00,00,00,00,14,00,01,00,00,00,01,01,00,00,00,00,00,01,00,00,\
00,00,00,00,14,00,01,00,00,00,01,01,00,00,00,00,00,05,07,00,00,00,01,01,00,\
00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00
"SrvsvcShareAdminConnect"=hex:01,00,04,80,64,00,00,00,70,00,00,00,00,00,00,00,\
14,00,00,00,02,00,50,00,03,00,00,00,00,00,18,00,03,00,0f,00,01,02,00,00,00,\
00,00,05,20,00,00,00,20,02,00,00,00,00,18,00,03,00,0f,00,01,02,00,00,00,00,\
00,05,20,00,00,00,25,02,00,00,00,00,18,00,03,00,0f,00,01,02,00,00,00,00,00,\
05,20,00,00,00,27,02,00,00,01,01,00,00,00,00,00,05,12,00,00,00,01,01,00,00,\
00,00,00,05,12,00,00,00
"SrvsvcStatisticsInfo"=hex:01,00,04,80,60,00,00,00,6c,00,00,00,00,00,00,00,14,\
00,00,00,02,00,4c,00,03,00,00,00,00,00,18,00,01,00,0f,00,01,02,00,00,00,00,\
00,05,20,00,00,00,20,02,00,00,00,00,18,00,01,00,0f,00,01,02,00,00,00,00,00,\
05,20,00,00,00,25,02,00,00,00,00,14,00,01,00,00,00,01,01,00,00,00,00,00,02,\
00,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,\
00,00,00
"AnonymousDescriptorsUpgraded"=dword:00000001
"PreviousAnonymousRestriction"=dword:00000000
"SrvsvcSessionInfo"=hex:01,00,04,80,78,00,00,00,84,00,00,00,00,00,00,00,14,00,\
00,00,02,00,64,00,04,00,00,00,00,00,18,00,13,00,0f,00,01,02,00,00,00,00,00,\
05,20,00,00,00,20,02,00,00,00,00,18,00,13,00,0f,00,01,02,00,00,00,00,00,05,\
20,00,00,00,25,02,00,00,00,00,18,00,13,00,0f,00,01,02,00,00,00,00,00,05,20,\
00,00,00,23,02,00,00,00,00,14,00,01,00,00,00,01,01,00,00,00,00,00,05,0b,00,\
00,00,01,01,00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,\
00
"SessionSecurityDescriptorRegenerated"=dword:00000001
brispie
2007-05-24, 00:01
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\lanmanserver\Linkage]
"Bind"=hex(7):5c,44,65,76,69,63,65,5c,4e,65,74,62,69,6f,73,53,6d,62,00,5c,44,\
65,76,69,63,65,5c,4e,65,74,42,54,5f,54,63,70,69,70,5f,7b,43,45,35,46,41,30,\
44,30,2d,33,38,34,44,2d,34,33,38,37,2d,39,45,34,37,2d,44,32,35,31,38,34,30,\
33,30,44,39,39,7d,00,5c,44,65,76,69,63,65,5c,4e,65,74,42,54,5f,54,63,70,69,\
70,5f,7b,41,45,43,38,31,34,31,31,2d,42,45,31,45,2d,34,44,45,31,2d,42,42,37,\
39,2d,44,37,39,32,36,31,37,38,32,33,33,33,7d,00,5c,44,65,76,69,63,65,5c,4e,\
65,74,42,54,5f,54,63,70,69,70,5f,7b,45,46,41,41,31,41,32,30,2d,31,31,33,36,\
2d,34,41,31,33,2d,41,35,33,43,2d,42,31,45,34,45,34,43,35,32,43,42,45,7d,00,\
5c,44,65,76,69,63,65,5c,4e,65,74,42,54,5f,54,63,70,69,70,5f,7b,39,35,42,42,\
43,34,35,35,2d,30,43,42,41,2d,34,45,44,33,2d,42,39,44,38,2d,32,41,46,43,45,\
31,38,43,34,39,45,37,7d,00,00
"Route"=hex(7):22,4e,65,74,62,69,6f,73,53,6d,62,22,00,22,4e,65,74,42,54,22,20,\
22,54,63,70,69,70,22,20,22,7b,43,45,35,46,41,30,44,30,2d,33,38,34,44,2d,34,\
33,38,37,2d,39,45,34,37,2d,44,32,35,31,38,34,30,33,30,44,39,39,7d,22,00,22,\
4e,65,74,42,54,22,20,22,54,63,70,69,70,22,20,22,7b,41,45,43,38,31,34,31,31,\
2d,42,45,31,45,2d,34,44,45,31,2d,42,42,37,39,2d,44,37,39,32,36,31,37,38,32,\
33,33,33,7d,22,00,22,4e,65,74,42,54,22,20,22,54,63,70,69,70,22,20,22,4e,64,\
69,73,57,61,6e,49,70,22,00,00
"Export"=hex(7):5c,44,65,76,69,63,65,5c,4c,61,6e,6d,61,6e,53,65,72,76,65,72,5f,\
4e,65,74,62,69,6f,73,53,6d,62,00,5c,44,65,76,69,63,65,5c,4c,61,6e,6d,61,6e,\
53,65,72,76,65,72,5f,4e,65,74,42,54,5f,54,63,70,69,70,5f,7b,43,45,35,46,41,\
30,44,30,2d,33,38,34,44,2d,34,33,38,37,2d,39,45,34,37,2d,44,32,35,31,38,34,\
30,33,30,44,39,39,7d,00,5c,44,65,76,69,63,65,5c,4c,61,6e,6d,61,6e,53,65,72,\
76,65,72,5f,4e,65,74,42,54,5f,54,63,70,69,70,5f,7b,41,45,43,38,31,34,31,31,\
2d,42,45,31,45,2d,34,44,45,31,2d,42,42,37,39,2d,44,37,39,32,36,31,37,38,32,\
33,33,33,7d,00,5c,44,65,76,69,63,65,5c,4c,61,6e,6d,61,6e,53,65,72,76,65,72,\
5f,4e,65,74,42,54,5f,54,63,70,69,70,5f,7b,45,46,41,41,31,41,32,30,2d,31,31,\
33,36,2d,34,41,31,33,2d,41,35,33,43,2d,42,31,45,34,45,34,43,35,32,43,42,45,\
7d,00,5c,44,65,76,69,63,65,5c,4c,61,6e,6d,61,6e,53,65,72,76,65,72,5f,4e,65,\
74,42,54,5f,54,63,70,69,70,5f,7b,39,35,42,42,43,34,35,35,2d,30,43,42,41,2d,\
34,45,44,33,2d,42,39,44,38,2d,32,41,46,43,45,31,38,43,34,39,45,37,7d,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\lanmanserver\parameters]
"autodisconnect"=dword:0000000f
"enableforcedlogoff"=dword:00000001
"enablesecuritysignature"=dword:00000000
"requiresecuritysignature"=dword:00000000
"NullSessionPipes"=hex(7):43,4f,4d,4e,41,50,00,43,4f,4d,4e,4f,44,45,00,53,51,\
4c,5c,51,55,45,52,59,00,53,50,4f,4f,4c,53,53,00,4c,4c,53,52,50,43,00,62,72,\
6f,77,73,65,72,00,00
"NullSessionShares"=hex(7):43,4f,4d,43,46,47,00,44,46,53,24,00,00
"ServiceDll"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,65,6d,\
33,32,5c,73,72,76,73,76,63,2e,64,6c,6c,00
"Lmannounce"=dword:00000000
"Size"=dword:00000001
"Guid"=hex:f9,45,d0,ea,ae,42,f0,4a,99,c8,cb,24,84,65,29,63
"AdjustedNullSessionPipes"=dword:00000001
"CachedOpenLimit"=dword:00000000
"srvcomment"="Phil"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\lanmanserver\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,60,00,04,00,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,\
05,0b,00,00,00,00,00,18,00,9d,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,\
23,02,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,20,\
02,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,05,12,00,00,00,01,01,\
00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\lanmanserver\Shares]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\lanmanserver\Shares\Security]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\lanmanserver\Enum]
"0"="Root\\LEGACY_LANMANSERVER\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\lanmanworkstation]
"Type"=dword:00000020
"Start"=dword:00000002
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,6d,33,\
32,5c,73,76,63,68,6f,73,74,2e,65,78,65,20,2d,6b,20,6e,65,74,73,76,63,73,00
"DisplayName"="Workstation"
"Group"="NetworkProvider"
"ObjectName"="LocalSystem"
"Description"="Creates and maintains client network connections to remote servers. If this service is stopped, these connections will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start."

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\lanmanworkstation\Linkage]
"Bind"=hex(7):5c,44,65,76,69,63,65,5c,4e,65,74,62,69,6f,73,53,6d,62,00,5c,44,\
65,76,69,63,65,5c,4e,65,74,42,54,5f,54,63,70,69,70,5f,7b,43,45,35,46,41,30,\
44,30,2d,33,38,34,44,2d,34,33,38,37,2d,39,45,34,37,2d,44,32,35,31,38,34,30,\
33,30,44,39,39,7d,00,5c,44,65,76,69,63,65,5c,4e,65,74,42,54,5f,54,63,70,69,\
70,5f,7b,41,45,43,38,31,34,31,31,2d,42,45,31,45,2d,34,44,45,31,2d,42,42,37,\
39,2d,44,37,39,32,36,31,37,38,32,33,33,33,7d,00,5c,44,65,76,69,63,65,5c,4e,\
65,74,42,54,5f,54,63,70,69,70,5f,7b,45,46,41,41,31,41,32,30,2d,31,31,33,36,\
2d,34,41,31,33,2d,41,35,33,43,2d,42,31,45,34,45,34,43,35,32,43,42,45,7d,00,\
5c,44,65,76,69,63,65,5c,4e,65,74,42,54,5f,54,63,70,69,70,5f,7b,39,35,42,42,\
43,34,35,35,2d,30,43,42,41,2d,34,45,44,33,2d,42,39,44,38,2d,32,41,46,43,45,\
31,38,43,34,39,45,37,7d,00,00
"Route"=hex(7):22,4e,65,74,62,69,6f,73,53,6d,62,22,00,22,4e,65,74,42,54,22,20,\
22,54,63,70,69,70,22,20,22,7b,43,45,35,46,41,30,44,30,2d,33,38,34,44,2d,34,\
33,38,37,2d,39,45,34,37,2d,44,32,35,31,38,34,30,33,30,44,39,39,7d,22,00,22,\
4e,65,74,42,54,22,20,22,54,63,70,69,70,22,20,22,7b,41,45,43,38,31,34,31,31,\
2d,42,45,31,45,2d,34,44,45,31,2d,42,42,37,39,2d,44,37,39,32,36,31,37,38,32,\
33,33,33,7d,22,00,22,4e,65,74,42,54,22,20,22,54,63,70,69,70,22,20,22,4e,64,\
69,73,57,61,6e,49,70,22,00,00
"Export"=hex(7):5c,44,65,76,69,63,65,5c,4c,61,6e,6d,61,6e,57,6f,72,6b,73,74,61,\
74,69,6f,6e,5f,4e,65,74,62,69,6f,73,53,6d,62,00,5c,44,65,76,69,63,65,5c,4c,\
61,6e,6d,61,6e,57,6f,72,6b,73,74,61,74,69,6f,6e,5f,4e,65,74,42,54,5f,54,63,\
70,69,70,5f,7b,43,45,35,46,41,30,44,30,2d,33,38,34,44,2d,34,33,38,37,2d,39,\
45,34,37,2d,44,32,35,31,38,34,30,33,30,44,39,39,7d,00,5c,44,65,76,69,63,65,\
5c,4c,61,6e,6d,61,6e,57,6f,72,6b,73,74,61,74,69,6f,6e,5f,4e,65,74,42,54,5f,\
54,63,70,69,70,5f,7b,41,45,43,38,31,34,31,31,2d,42,45,31,45,2d,34,44,45,31,\
2d,42,42,37,39,2d,44,37,39,32,36,31,37,38,32,33,33,33,7d,00,5c,44,65,76,69,\
63,65,5c,4c,61,6e,6d,61,6e,57,6f,72,6b,73,74,61,74,69,6f,6e,5f,4e,65,74,42,\
54,5f,54,63,70,69,70,5f,7b,45,46,41,41,31,41,32,30,2d,31,31,33,36,2d,34,41,\
31,33,2d,41,35,33,43,2d,42,31,45,34,45,34,43,35,32,43,42,45,7d,00,5c,44,65,\
76,69,63,65,5c,4c,61,6e,6d,61,6e,57,6f,72,6b,73,74,61,74,69,6f,6e,5f,4e,65,\
74,42,54,5f,54,63,70,69,70,5f,7b,39,35,42,42,43,34,35,35,2d,30,43,42,41,2d,\
34,45,44,33,2d,42,39,44,38,2d,32,41,46,43,45,31,38,43,34,39,45,37,7d,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\lanmanworkstation\NetworkProvider]
"Name"="Microsoft Windows Network"
"ProviderPath"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,65,6d,\
33,32,5c,6e,74,6c,61,6e,6d,61,6e,2e,64,6c,6c,00
"DeviceName"="\\Device\\LanmanRedirector"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\lanmanworkstation\parameters]
"enableplaintextpassword"=dword:00000000
"enablesecuritysignature"=dword:00000001
"requiresecuritysignature"=dword:00000000
"ServiceDll"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,65,6d,\
33,32,5c,77,6b,73,73,76,63,2e,64,6c,6c,00
"OtherDomains"=hex(7):00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\lanmanworkstation\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,60,00,04,00,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,\
05,0b,00,00,00,00,00,18,00,9d,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,\
23,02,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,20,\
02,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,05,12,00,00,00,01,01,\
00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\lanmanworkstation\Enum]
"0"="Root\\LEGACY_LANMANWORKSTATION\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\lbrtfdc]
"ErrorControl"=dword:00000000
"Group"="System Bus Extender"
"Start"=dword:00000001
"Tag"=dword:0000000e
"Type"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ldap]
"ldapclientintegrity"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\LicenseService]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\LicenseService\FilePrint]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\LicenseService\FilePrint\TermService]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\LiveUpdate]
"Type"=dword:00000010
"Start"=dword:00000003
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):22,43,3a,5c,50,52,4f,47,52,41,7e,31,5c,53,79,6d,61,6e,74,65,\
63,5c,4c,49,56,45,55,50,7e,31,5c,4c,55,43,4f,4d,53,7e,31,2e,45,58,45,22,00
"DisplayName"="LiveUpdate"
"DependOnService"=hex(7):52,50,43,53,53,00,00
"DependOnGroup"=hex(7):00
"ObjectName"="LocalSystem"
"Description"="LiveUpdate Core Engine"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\LiveUpdate\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,60,00,04,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,\
05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,\
00,18,00,fd,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,02,00,00,01,01,\
00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\LiveUpdate\Enum]
"0"="Root\\LEGACY_LIVEUPDATE\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\LmHosts]
"Type"=dword:00000020
"Start"=dword:00000002
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,6d,33,\
32,5c,73,76,63,68,6f,73,74,2e,65,78,65,20,2d,6b,20,4c,6f,63,61,6c,53,65,72,\
76,69,63,65,00
"DisplayName"="TCP/IP NetBIOS Helper"
"Group"="TDI"
"DependOnService"=hex(7):4e,65,74,42,54,00,41,66,64,00,00
"DependOnGroup"=hex(7):00
"ObjectName"="NT AUTHORITY\\LocalService"
"Description"="Enables support for NetBIOS over TCP/IP (NetBT) service and NetBIOS name resolution."

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\LmHosts\Parameters]
"ServiceDll"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,65,6d,\
33,32,5c,6c,6d,68,73,76,63,2e,64,6c,6c,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\LmHosts\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,60,00,04,00,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,\
05,0b,00,00,00,00,00,18,00,9d,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,\
23,02,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,20,\
02,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,05,12,00,00,00,01,01,\
00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\LmHosts\Enum]
"0"="Root\\LEGACY_LMHOSTS\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Messenger]
"Type"=dword:00000020
"Start"=dword:00000004
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,6d,33,\
32,5c,73,76,63,68,6f,73,74,2e,65,78,65,20,2d,6b,20,6e,65,74,73,76,63,73,00
"DisplayName"="Messenger"
"DependOnService"=hex(7):4c,61,6e,6d,61,6e,57,6f,72,6b,73,74,61,74,69,6f,6e,00,\
4e,65,74,42,49,4f,53,00,50,6c,75,67,50,6c,61,79,00,52,70,63,53,53,00,00
"DependOnGroup"=hex(7):00
"ObjectName"="LocalSystem"
"Description"="Transmits net send and Alerter service messages between clients and servers. This service is not related to Windows Messenger. If this service is stopped, Alerter messages will not be transmitted. If this service is disabled, any services that explicitly depend on it will fail to start."

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Messenger\Parameters]
"ServiceDll"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,65,6d,\
33,32,5c,6d,73,67,73,76,63,2e,64,6c,6c,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Messenger\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,60,00,04,00,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,\
05,0b,00,00,00,00,00,18,00,9d,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,\
23,02,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,20,\
02,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,05,12,00,00,00,01,01,\
00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mnmdd]
"ErrorControl"=dword:00000000
"Group"="Video Save"
"Start"=dword:00000001
"Type"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mnmdd\Device0]
"InstalledDisplayDrivers"=hex(7):6d,6e,6d,64,64,00,00
"Device Description"="NetMeeting driver"
"VgaCompatible"=dword:00000000
"MirrorDriver"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mnmdd\Video]
"VideoID"="{8B6D7859-A639-4A15-8790-7161976D057A}"
"Service"="mnmdd"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mnmdd\Enum]
"0"="Root\\LEGACY_MNMDD\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mnmsrvc]
"Type"=dword:00000110
"Start"=dword:00000003
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,73,79,73,74,65,6d,33,32,5c,\
6d,6e,6d,73,72,76,63,2e,65,78,65,00
"DisplayName"="NetMeeting Remote Desktop Sharing"
"ObjectName"="LocalSystem"
"Description"="Enables an authorized user to access this computer remotely by using NetMeeting over a corporate intranet. If this service is stopped, remote desktop sharing will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start."

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mnmsrvc\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,60,00,04,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,\
05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,\
00,18,00,fd,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,02,00,00,01,01,\
00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Modem]
"ErrorControl"=dword:00000000
"Group"="Extended base"
"Start"=dword:00000003
"Tag"=dword:00000004
"Type"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Modem\Parameters]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Mouclass]
"ErrorControl"=dword:00000001
"Group"="Pointer Class"
"Start"=dword:00000001
"Tag"=dword:00000001
"Type"=dword:00000001
"DisplayName"="Mouse Class Driver"
"ImagePath"=hex(2):73,79,73,74,65,6d,33,32,5c,44,52,49,56,45,52,53,5c,6d,6f,75,\
63,6c,61,73,73,2e,73,79,73,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Mouclass\Parameters]
"ConnectMultiplePorts"=dword:00000000
"MaximumPortsServiced"=dword:00000003
"MouseDataQueueSize"=dword:00000064
"PointerDeviceBaseName"="PointerClass"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Mouclass\Enum]
"0"="Root\\RDP_MOU\\0000"
"Count"=dword:00000002
"NextInstance"=dword:00000002
"1"="HID\\Vid_06a2&Pid_0033\\6&434331b&0&0000"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mouhid]
"Type"=dword:00000001
"Start"=dword:00000003
"Group"="Pointer Port"
"ErrorControl"=dword:00000000
"DisplayName"="Mouse HID Driver"
"ImagePath"=hex(2):73,79,73,74,65,6d,33,32,5c,44,52,49,56,45,52,53,5c,6d,6f,75,\
68,69,64,2e,73,79,73,00
"Tag"=dword:00000004

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mouhid\Parameters]
"UseOnlyMice"=dword:00000000
"TreatAbsoluteAsRelative"=dword:00000000
"TreatAbsolutePointerAsAbsolute"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mouhid\Enum]
"0"="HID\\Vid_06a2&Pid_0033\\6&434331b&0&0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MountMgr]
"ErrorControl"=dword:00000001
"Group"="System Bus Extender"
"Start"=dword:00000000
"Tag"=dword:00000008
"Type"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MountMgr\Enum]
"0"="Root\\LEGACY_MOUNTMGR\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001
brispie
2007-05-24, 00:02
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mraid35x]
"ErrorControl"=dword:00000001
"Group"="SCSI miniport"
"Start"=dword:00000004
"Tag"=dword:0000002b
"Type"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mraid35x\Parameters]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mraid35x\Parameters\PnpInterface]
"5"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MRxDAV]
"Type"=dword:00000002
"Start"=dword:00000003
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):73,79,73,74,65,6d,33,32,5c,44,52,49,56,45,52,53,5c,6d,72,78,\
64,61,76,2e,73,79,73,00
"DisplayName"="WebDav Client Redirector"
"Description"="WebDav Client Redirector"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MRxDAV\Parameters]
"FileInformationCacheLifeTimeInSec"=dword:0000003c
"FileNotFoundCacheLifeTimeInSec"=dword:0000003c
"NameCacheMaxEntries"=dword:0000012c
"DAVDebugFlag"=dword:00000000
"UMRxDebugFlag"=dword:00000000
"RequestTimeoutInSec"=dword:00000258

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MRxDAV\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,60,00,04,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,\
05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,\
00,18,00,fd,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,02,00,00,01,01,\
00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MRxDAV\Enum]
"0"="Root\\LEGACY_MRXDAV\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MRxSmb]
"Type"=dword:00000002
"Start"=dword:00000001
"ErrorControl"=dword:00000001
"Tag"=dword:00000005
"ImagePath"=hex(2):73,79,73,74,65,6d,33,32,5c,44,52,49,56,45,52,53,5c,6d,72,78,\
73,6d,62,2e,73,79,73,00
"DisplayName"="MRXSMB"
"Group"="Network"
"Description"="MRXSMB"
"LastLoadStatus"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MRxSmb\Parameters]
"CscEnabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MRxSmb\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,60,00,04,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,\
05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,\
00,18,00,fd,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,02,00,00,01,01,\
00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MRxSmb\Enum]
"0"="Root\\LEGACY_MRXSMB\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MSDTC]
"Type"=dword:00000010
"Start"=dword:00000003
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,73,79,73,74,65,6d,33,32,5c,\
6d,73,64,74,63,2e,65,78,65,00
"DisplayName"="Distributed Transaction Coordinator"
"Group"="MS Transactions"
"DependOnService"=hex(7):52,50,43,53,53,00,53,61,6d,53,53,00,00
"DependOnGroup"=hex(7):00
"ObjectName"="NT AUTHORITY\\NetworkService"
"Description"="Coordinates transactions that span multiple resource managers, such as databases, message queues, and file systems. If this service is stopped, these transactions will not occur. If this service is disabled, any services that explicitly depend on it will fail to start. "

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MSDTC\Performance]
"Library"="msdtcuiu.DLL"
"Open"="DtcPerfOpen"
"Collect"="DtcPerfCollect"
"Close"="DtcPerfClose"
"Last Counter"=dword:000008a2
"Last Help"=dword:000008a3
"First Counter"=dword:00000888
"First Help"=dword:00000889
"Object List"="2184"
"WbemAdapFileSignature"=hex:b2,f6,76,ba,72,a3,d4,7f,34,c4,bc,37,0c,a6,68,0f
"WbemAdapFileTime"=hex:72,44,d4,a3,eb,23,c5,01
"WbemAdapFileSize"=dword:00027600
"WbemAdapStatus"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MSDTC\Security]
"Security"=hex:01,00,14,80,e0,00,00,00,ec,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,b0,00,06,00,00,00,00,00,14,00,9d,01,02,00,01,01,00,00,00,00,00,\
02,00,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,05,12,00,00,00,\
00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,20,02,00,00,00,\
00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,00,18,00,fd,01,\
02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,02,00,00,00,00,14,00,9d,00,02,\
00,01,01,00,00,00,00,00,05,14,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,01,01,00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,\
00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MSDTC\Enum]
"0"="Root\\LEGACY_MSDTC\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Msfs]
"ErrorControl"=dword:00000001
"Group"="File system"
"Start"=dword:00000001
"Type"=dword:00000002

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Msfs\Enum]
"0"="Root\\LEGACY_MSFS\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MSIServer]
"Description"="Adds, modifies, and removes applications provided as a Windows Installer (*.msi) package. If this service is disabled, any services that explicitly depend on it will fail to start."
"Type"=dword:00000020
"Start"=dword:00000003
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,73,79,73,74,65,6d,33,32,5c,\
6d,73,69,65,78,65,63,2e,65,78,65,20,2f,56,00
"DisplayName"="Windows Installer"
"DependOnService"=hex(7):52,70,63,53,73,00,00
"DependOnGroup"=hex(7):00
"ObjectName"="LocalSystem"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MSIServer\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,60,00,04,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,\
05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,\
00,18,00,fd,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,02,00,00,01,01,\
00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MSIServer\Enum]
"0"="Root\\LEGACY_MSISERVER\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MSKSSRV]
"Type"=dword:00000001
"Start"=dword:00000003
"ErrorControl"=dword:00000001
"Tag"=dword:00000008
"ImagePath"=hex(2):73,79,73,74,65,6d,33,32,5c,64,72,69,76,65,72,73,5c,4d,53,4b,\
53,53,52,56,2e,73,79,73,00
"DisplayName"="Microsoft Streaming Service Proxy"
"Group"="Extended Base"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MSKSSRV\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,60,00,04,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,\
05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,\
00,18,00,fd,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,02,00,00,01,01,\
00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MSPCLOCK]
"Type"=dword:00000001
"Start"=dword:00000003
"ErrorControl"=dword:00000001
"Tag"=dword:00000007
"ImagePath"=hex(2):73,79,73,74,65,6d,33,32,5c,64,72,69,76,65,72,73,5c,4d,53,50,\
43,4c,4f,43,4b,2e,73,79,73,00
"DisplayName"="Microsoft Streaming Clock Proxy"
"Group"="Extended Base"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MSPCLOCK\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,60,00,04,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,\
05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,\
00,18,00,fd,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,02,00,00,01,01,\
00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MSPQM]
"Type"=dword:00000001
"Start"=dword:00000003
"ErrorControl"=dword:00000001
"Tag"=dword:00000009
"ImagePath"=hex(2):73,79,73,74,65,6d,33,32,5c,64,72,69,76,65,72,73,5c,4d,53,50,\
51,4d,2e,73,79,73,00
"DisplayName"="Microsoft Streaming Quality Manager Proxy"
"Group"="Extended Base"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MSPQM\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,60,00,04,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,\
05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,\
00,18,00,fd,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,02,00,00,01,01,\
00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mssmbios]
"Type"=dword:00000001
"Start"=dword:00000003
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):73,79,73,74,65,6d,33,32,5c,44,52,49,56,45,52,53,5c,6d,73,73,\
6d,62,69,6f,73,2e,73,79,73,00
"DisplayName"="Microsoft System Management BIOS Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mssmbios\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,60,00,04,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,\
05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,\
00,18,00,fd,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,02,00,00,01,01,\
00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mssmbios\Data]
"AcpiData"=hex:52,53,44,54,2c,00,00,00,01,11,4e,76,69,64,69,61,41,57,52,44,41,\
43,50,49,31,2e,30,42,41,57,52,44,00,00,00,00,40,30,ff,1f,c0,74,ff,1f,46,41,\
43,50,74,00,00,00,01,69,4e,76,69,64,69,61,41,57,52,44,41,43,50,49,31,2e,30,\
42,41,57,52,44,00,00,00,00,00,00,ff,1f,c0,30,ff,1f,01,00,09,00,2e,44,00,00,\
a1,a0,00,00,00,40,00,00,00,00,00,00,04,40,00,00,00,00,00,00,00,00,00,00,08,\
40,00,00,20,40,00,00,a0,44,00,00,04,02,00,04,08,10,20,00,65,00,e9,03,00,00,\
00,00,01,00,7d,7e,32,00,00,00,a5,04,00,00,44,53,44,54,e7,43,00,00,01,b2,4e,\
56,49,44,49,41,41,57,52,44,41,43,50,49,00,10,00,00,4d,53,46,54,0e,00,00,01,\
41,50,49,43,6e,00,00,00,01,75,4e,76,69,64,69,61,41,57,52,44,41,43,50,49,31,\
2e,30,42,41,57,52,44,00,00,00,00,00,00,e0,fe,01,00,00,00,00,08,00,00,01,00,\
00,00,01,0c,02,00,00,00,c0,fe,00,00,00,00,02,0a,00,00,02,00,00,00,00,00,02,\
0a,00,09,09,00,00,00,0d,00,02,0a,00,0e,0e,00,00,00,05,00,02,0a,00,0f,0f,00,\
00,00,05,00,04,06,00,05,00,01
"BiosData"=hex:0a,00,00,00,7e,00,4d,00,48,00,7a,00,00,00,04,00,00,00,04,00,00,\
00,d9,05,00,00,2c,00,00,00,43,00,6f,00,6d,00,70,00,6f,00,6e,00,65,00,6e,00,\
74,00,20,00,49,00,6e,00,66,00,6f,00,72,00,6d,00,61,00,74,00,69,00,6f,00,6e,\
00,00,00,03,00,00,00,10,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,01,00,\
00,00,26,00,00,00,43,00,6f,00,6e,00,66,00,69,00,67,00,75,00,72,00,61,00,74,\
00,69,00,6f,00,6e,00,20,00,44,00,61,00,74,00,61,00,00,00,09,00,00,00,10,00,\
00,00,ff,ff,ff,ff,ff,ff,ff,ff,00,00,00,00,00,00,00,00,16,00,00,00,49,00,64,\
00,65,00,6e,00,74,00,69,00,66,00,69,00,65,00,72,00,00,00,01,00,00,00,40,00,\
00,00,78,00,38,00,36,00,20,00,46,00,61,00,6d,00,69,00,6c,00,79,00,20,00,36,\
00,20,00,4d,00,6f,00,64,00,65,00,6c,00,20,00,38,00,20,00,53,00,74,00,65,00,\
70,00,70,00,69,00,6e,00,67,00,20,00,31,00,00,00,28,00,00,00,50,00,72,00,6f,\
00,63,00,65,00,73,00,73,00,6f,00,72,00,4e,00,61,00,6d,00,65,00,53,00,74,00,\
72,00,69,00,6e,00,67,00,00,00,01,00,00,00,30,00,00,00,41,00,4d,00,44,00,20,\
00,53,00,65,00,6d,00,70,00,72,00,6f,00,6e,00,28,00,74,00,6d,00,29,00,20,00,\
20,00,20,00,32,00,32,00,30,00,30,00,2b,00,00,00,1c,00,00,00,55,00,70,00,64,\
00,61,00,74,00,65,00,20,00,53,00,74,00,61,00,74,00,75,00,73,00,00,00,04,00,\
00,00,04,00,00,00,01,00,00,00,22,00,00,00,56,00,65,00,6e,00,64,00,6f,00,72,\
00,49,00,64,00,65,00,6e,00,74,00,69,00,66,00,69,00,65,00,72,00,00,00,01,00,\
00,00,1a,00,00,00,41,00,75,00,74,00,68,00,65,00,6e,00,74,00,69,00,63,00,41,\
00,4d,00,44,00,00,00
"SMBiosData"=hex:00,02,02,22,7e,05,00,00,00,13,00,00,01,02,00,f0,03,03,80,9e,\
cb,7f,00,00,00,00,37,50,68,6f,65,6e,69,78,20,54,65,63,68,6e,6f,6c,6f,67,69,\
65,73,2c,20,4c,54,44,00,41,53,55,53,20,41,37,4e,38,58,2d,58,20,41,43,50,49,\
20,42,49,4f,53,20,52,65,76,20,31,30,31,31,00,30,38,2f,30,34,2f,32,30,30,34,\
00,00,01,19,01,00,01,02,03,04,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,06,41,53,55,53,54,65,4b,20,43,6f,6d,70,75,74,65,72,20,49,4e,43,2e,00,41,\
37,4e,38,58,2d,58,00,52,45,56,20,32,2e,78,78,00,20,20,20,20,20,20,20,20,20,\
20,20,00,00,02,08,02,00,01,02,03,04,41,53,55,53,54,65,4b,20,43,6f,6d,70,75,\
74,65,72,20,49,4e,43,2e,00,41,37,4e,38,58,2d,58,00,52,45,56,20,32,2e,78,78,\
00,20,20,20,20,20,20,20,20,20,20,20,00,00,03,0d,03,00,01,03,02,03,04,03,03,\
03,03,43,68,61,73,73,69,73,20,4d,61,6e,75,66,61,63,74,74,75,72,65,00,43,68,\
61,73,73,69,73,20,56,65,72,73,69,6f,6e,00,20,20,20,20,20,20,20,20,20,20,20,\
20,20,20,20,20,20,20,20,20,20,00,20,20,20,20,20,20,20,20,20,20,20,20,20,20,\
20,20,00,00,04,20,04,00,01,03,85,02,81,06,00,00,ff,fb,83,03,03,90,a6,00,b8,\
0b,dc,05,41,04,09,00,0a,00,ff,ff,53,6f,63,6b,65,74,20,41,00,41,4d,44,00,41,\
4d,44,20,53,65,6d,70,72,6f,6e,28,74,6d,29,00,00,05,16,05,00,03,01,02,02,0a,\
1c,00,00,05,02,03,06,00,07,00,08,00,04,00,00,06,0c,06,00,01,0f,00,00,01,08,\
08,00,44,44,52,31,00,00,06,0c,07,00,01,2f,00,00,01,08,08,00,44,44,52,32,00,\
00,06,0c,08,00,01,ff,00,00,01,7f,7f,00,44,44,52,33,00,00,07,13,09,00,01,80,\
01,80,00,80,00,30,00,30,00,00,02,04,05,4c,31,20,43,61,63,68,65,00,00,07,13,\
0a,00,01,a1,01,00,01,00,01,30,00,30,00,00,02,04,05,4c,32,20,43,61,63,68,65,\
00,00,08,09,0b,00,01,16,00,00,00,50,52,49,4d,41,52,59,20,49,44,45,2f,48,44,\
44,00,00,08,09,0c,00,01,16,00,00,00,53,45,43,4f,4e,44,41,52,59,20,49,44,45,\
2f,48,44,44,00,00,08,09,0d,00,01,17,00,00,00,46,4c,4f,50,50,59,00,00,08,09,\
0e,00,01,00,02,08,08,53,65,72,69,61,6c,20,50,6f,72,74,20,31,00,53,65,72,69,\
61,6c,20,50,6f,72,74,20,31,00,00,08,09,0f,00,01,00,02,08,08,53,65,72,69,61,\
6c,20,50,6f,72,74,20,32,00,53,65,72,69,61,6c,20,50,6f,72,74,20,32,00,00,08,\
09,10,00,01,00,02,05,05,50,61,72,61,6c,6c,65,6c,20,50,6f,72,74,00,50,61,72,\
61,6c,6c,65,6c,20,50,6f,72,74,00,00,08,09,11,00,01,00,02,0f,0d,50,53,2f,32,\
20,4b,65,79,62,6f,61,72,64,00,50,53,2f,32,20,4b,65,79,62,6f,61,72,64,00,00,\
08,09,12,00,01,00,02,0f,0e,50,53,2f,32,20,4d,6f,75,73,65,00,50,53,2f,32,20,\
4d,6f,75,73,65,00,00,08,09,13,00,00,00,01,12,10,55,53,42,31,00,00,08,09,14,\
00,00,00,01,12,10,55,53,42,32,00,00,08,09,15,00,00,00,01,12,10,55,53,42,33,\
00,00,08,09,16,00,00,00,01,12,10,55,53,42,34,00,00,08,09,17,00,00,00,01,12,\
10,55,53,42,35,00,00,08,09,18,00,00,00,01,12,10,55,53,42,36,00,00,08,09,19,\
00,00,00,01,0b,1f,45,54,48,45,52,4e,45,54,00,00,08,09,1a,00,00,00,01,0b,1f,\
45,54,48,45,52,4e,45,54,00,00,08,09,1b,00,00,00,01,07,0c,4a,6f,79,73,74,69,\
63,20,50,6f,72,74,00,00,08,09,1c,00,00,00,01,07,0b,4d,49,44,49,20,50,6f,72,\
74,00,00,09,0d,1d,00,01,06,05,03,03,01,00,06,01,50,43,49,31,00,00,09,0d,1e,\
00,01,06,05,03,03,02,00,06,01,50,43,49,32,00,00,09,0d,1f,00,01,06,05,03,03,\
03,00,06,01,50,43,49,33,00,00,09,0d,20,00,01,06,05,04,03,04,00,06,01,50,43,\
49,34,00,00,09,0d,21,00,01,06,05,03,03,05,00,06,01,50,43,49,35,00,00,09,0d,\
22,00,01,0f,05,03,03,06,00,04,00,41,47,50,00,00,08,09,23,00,00,00,01,21,11,\
4f,6e,62,6f,61,72,64,20,31,33,39,34,00,00,08,09,24,00,00,00,01,1f,1d,4c,69,\
6e,65,20,49,6e,20,4a,61,63,6b,20,50,6f,72,74,00,00,0d,16,25,00,03,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,01,6e,7c,55,53,7c,69,73,6f,38,38,35,\
39,2d,31,00,6e,7c,55,53,7c,69,73,6f,38,38,35,39,2d,31,00,72,7c,43,41,7c,69,\
73,6f,38,38,35,39,2d,31,00,61,7c,4a,50,7c,75,6e,69,63,6f,64,65,00,00,10,0f,\
26,00,03,03,03,00,00,18,00,fe,ff,03,00,00,00,11,15,27,00,26,00,fe,ff,48,00,\
40,00,00,01,09,00,01,02,03,80,00,44,44,52,31,00,42,61,6e,6b,30,2f,31,00,00,\
11,15,28,00,26,00,fe,ff,48,00,40,00,00,01,09,00,01,02,03,80,00,44,44,52,32,\
00,42,61,6e,6b,32,2f,33,00,00,11,15,29,00,26,00,fe,ff,48,00,40,00,00,00,09,\
00,01,02,03,80,00,44,44,52,33,00,42,61,6e,6b,34,2f,35,00,00,13,0f,2a,00,00,\
00,00,00,ff,ff,07,00,26,00,02,00,00,14,13,2b,00,00,00,00,00,ff,ff,03,00,27,\
00,2a,00,01,00,00,00,00,14,13,2c,00,00,00,04,00,ff,ff,07,00,28,00,2a,00,01,\
00,00,00,00,14,13,2d,00,00,00,00,00,00,00,00,00,29,00,2a,00,01,00,00,00,00,\
20,0b,2e,00,00,00,00,00,00,00,00,00,00,7f,04,2f,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mssmbios\Enum]
"0"="Root\\SYSTEM\\0002"
"Count"=dword:00000001
"NextInstance"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ms_mpu401]
"Type"=dword:00000001
"Start"=dword:00000003
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):73,79,73,74,65,6d,33,32,5c,64,72,69,76,65,72,73,5c,6d,73,6d,\
70,75,34,30,31,2e,73,79,73,00
"DisplayName"="Microsoft MPU-401 MIDI UART Driver"
brispie
2007-05-24, 00:04
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ms_mpu401\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,60,00,04,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,\
05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,\
00,18,00,fd,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,02,00,00,01,01,\
00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ms_mpu401\Enum]
"0"="ACPI\\PNPB006\\3&13c0b0c5&0"
"Count"=dword:00000001
"NextInstance"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Mup]
"DisplayName"="Mup"
"ErrorControl"=dword:00000001
"Group"="Network"
"Start"=dword:00000000
"Tag"=dword:00000002
"Type"=dword:00000002

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Mup\Parameters]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Mup\Enum]
"0"="Root\\LEGACY_MUP\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NDIS]
"DisplayName"="NDIS System Driver"
"ErrorControl"=dword:00000001
"Group"="NDIS Wrapper"
"Start"=dword:00000000
"Type"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NDIS\MediaTypes]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NDIS\Parameters]
"ProcessorAffinityMask"=dword:ffffffff

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NDIS\Enum]
"0"="Root\\LEGACY_NDIS\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NdisTapi]
"Type"=dword:00000001
"Start"=dword:00000003
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):73,79,73,74,65,6d,33,32,5c,44,52,49,56,45,52,53,5c,6e,64,69,\
73,74,61,70,69,2e,73,79,73,00
"DisplayName"="Remote Access NDIS TAPI Driver"
"Description"="Remote Access NDIS TAPI Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NdisTapi\Parameters]
"AsyncEventQueueSize"=dword:00000300

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NdisTapi\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,60,00,04,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,\
05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,\
00,18,00,fd,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,02,00,00,01,01,\
00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NdisTapi\Enum]
"0"="Root\\LEGACY_NDISTAPI\\0000"
"Count"=dword:00000004
"NextInstance"=dword:00000004
"1"="Root\\MS_NDISWANIP\\0000"
"2"="Root\\MS_PPPOEMINIPORT\\0000"
"3"="Root\\MS_PPTPMINIPORT\\0000"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Ndisuio]
"Type"=dword:00000001
"Start"=dword:00000003
"ErrorControl"=dword:00000001
"Tag"=dword:0000000b
"ImagePath"=hex(2):73,79,73,74,65,6d,33,32,5c,44,52,49,56,45,52,53,5c,6e,64,69,\
73,75,69,6f,2e,73,79,73,00
"DisplayName"="NDIS Usermode I/O Protocol"
"Group"="NDIS"
"Description"="NDIS Usermode I/O Protocol"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Ndisuio\Linkage]
"Bind"=hex(7):5c,44,65,76,69,63,65,5c,7b,43,45,35,46,41,30,44,30,2d,33,38,34,\
44,2d,34,33,38,37,2d,39,45,34,37,2d,44,32,35,31,38,34,30,33,30,44,39,39,7d,\
00,5c,44,65,76,69,63,65,5c,7b,41,45,43,38,31,34,31,31,2d,42,45,31,45,2d,34,\
44,45,31,2d,42,42,37,39,2d,44,37,39,32,36,31,37,38,32,33,33,33,7d,00,00
"Route"=hex(7):22,7b,43,45,35,46,41,30,44,30,2d,33,38,34,44,2d,34,33,38,37,2d,\
39,45,34,37,2d,44,32,35,31,38,34,30,33,30,44,39,39,7d,22,00,22,7b,41,45,43,\
38,31,34,31,31,2d,42,45,31,45,2d,34,44,45,31,2d,42,42,37,39,2d,44,37,39,32,\
36,31,37,38,32,33,33,33,7d,22,00,00
"Export"=hex(7):5c,44,65,76,69,63,65,5c,4e,64,69,73,75,69,6f,5f,7b,43,45,35,46,\
41,30,44,30,2d,33,38,34,44,2d,34,33,38,37,2d,39,45,34,37,2d,44,32,35,31,38,\
34,30,33,30,44,39,39,7d,00,5c,44,65,76,69,63,65,5c,4e,64,69,73,75,69,6f,5f,\
7b,41,45,43,38,31,34,31,31,2d,42,45,31,45,2d,34,44,45,31,2d,42,42,37,39,2d,\
44,37,39,32,36,31,37,38,32,33,33,33,7d,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Ndisuio\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,60,00,04,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,\
05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,\
00,18,00,fd,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,02,00,00,01,01,\
00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Ndisuio\Enum]
"0"="Root\\LEGACY_NDISUIO\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NdisWan]
"Type"=dword:00000001
"Start"=dword:00000003
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):73,79,73,74,65,6d,33,32,5c,44,52,49,56,45,52,53,5c,6e,64,69,\
73,77,61,6e,2e,73,79,73,00
"DisplayName"="Remote Access NDIS WAN Driver"
"Description"="Remote Access NDIS WAN Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NdisWan\Linkage]
"Bind"=hex(7):5c,44,65,76,69,63,65,5c,7b,33,35,39,45,36,34,35,41,2d,41,35,45,\
43,2d,34,34,34,44,2d,38,34,44,45,2d,33,35,33,41,31,45,36,35,42,41,31,33,7d,\
00,5c,44,65,76,69,63,65,5c,7b,33,31,34,38,34,44,30,43,2d,41,35,37,32,2d,34,\
30,45,38,2d,38,33,35,44,2d,33,41,42,37,38,31,44,44,37,43,34,30,7d,00,5c,44,\
65,76,69,63,65,5c,7b,35,37,32,30,37,39,39,30,2d,45,45,41,42,2d,34,41,35,37,\
2d,38,36,31,46,2d,46,36,42,46,31,43,37,36,41,33,35,35,7d,00,5c,44,65,76,69,\
63,65,5c,7b,43,46,34,43,45,42,31,30,2d,38,44,45,45,2d,34,46,37,45,2d,38,30,\
31,31,2d,35,32,41,38,43,41,45,38,32,33,34,35,7d,00,5c,44,65,76,69,63,65,5c,\
7b,35,31,46,46,37,46,39,39,2d,33,34,36,36,2d,34,43,45,44,2d,42,36,30,35,2d,\
46,37,38,32,42,46,33,46,30,46,34,41,7d,00,00
"Route"=hex(7):22,7b,33,35,39,45,36,34,35,41,2d,41,35,45,43,2d,34,34,34,44,2d,\
38,34,44,45,2d,33,35,33,41,31,45,36,35,42,41,31,33,7d,22,00,22,7b,33,31,34,\
38,34,44,30,43,2d,41,35,37,32,2d,34,30,45,38,2d,38,33,35,44,2d,33,41,42,37,\
38,31,44,44,37,43,34,30,7d,22,00,22,7b,35,37,32,30,37,39,39,30,2d,45,45,41,\
42,2d,34,41,35,37,2d,38,36,31,46,2d,46,36,42,46,31,43,37,36,41,33,35,35,7d,\
22,00,22,7b,43,46,34,43,45,42,31,30,2d,38,44,45,45,2d,34,46,37,45,2d,38,30,\
31,31,2d,35,32,41,38,43,41,45,38,32,33,34,35,7d,22,00,22,7b,35,31,46,46,37,\
46,39,39,2d,33,34,36,36,2d,34,43,45,44,2d,42,36,30,35,2d,46,37,38,32,42,46,\
33,46,30,46,34,41,7d,22,00,00
"Export"=hex(7):5c,44,65,76,69,63,65,5c,4e,64,69,73,57,61,6e,5f,7b,33,35,39,45,\
36,34,35,41,2d,41,35,45,43,2d,34,34,34,44,2d,38,34,44,45,2d,33,35,33,41,31,\
45,36,35,42,41,31,33,7d,00,5c,44,65,76,69,63,65,5c,4e,64,69,73,57,61,6e,5f,\
7b,33,31,34,38,34,44,30,43,2d,41,35,37,32,2d,34,30,45,38,2d,38,33,35,44,2d,\
33,41,42,37,38,31,44,44,37,43,34,30,7d,00,5c,44,65,76,69,63,65,5c,4e,64,69,\
73,57,61,6e,5f,7b,35,37,32,30,37,39,39,30,2d,45,45,41,42,2d,34,41,35,37,2d,\
38,36,31,46,2d,46,36,42,46,31,43,37,36,41,33,35,35,7d,00,5c,44,65,76,69,63,\
65,5c,4e,64,69,73,57,61,6e,5f,7b,43,46,34,43,45,42,31,30,2d,38,44,45,45,2d,\
34,46,37,45,2d,38,30,31,31,2d,35,32,41,38,43,41,45,38,32,33,34,35,7d,00,5c,\
44,65,76,69,63,65,5c,4e,64,69,73,57,61,6e,5f,7b,35,31,46,46,37,46,39,39,2d,\
33,34,36,36,2d,34,43,45,44,2d,42,36,30,35,2d,46,37,38,32,42,46,33,46,30,46,\
34,41,7d,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NdisWan\Parameters]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NdisWan\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,60,00,04,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,\
05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,\
00,18,00,fd,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,02,00,00,01,01,\
00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NdisWan\Enum]
"0"="Root\\MS_NDISWANIP\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NDProxy]
"DisplayName"=hex(7):4e,44,49,53,20,50,72,6f,78,79,00,00
"ErrorControl"=dword:00000001
"Group"="PNP_TDI"
"Start"=dword:00000003
"Type"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NDProxy\Enum]
"0"="Root\\LEGACY_NDPROXY\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NetBIOS]
"Type"=dword:00000002
"Start"=dword:00000001
"ErrorControl"=dword:00000001
"Tag"=dword:00000001
"ImagePath"=hex(2):73,79,73,74,65,6d,33,32,5c,44,52,49,56,45,52,53,5c,6e,65,74,\
62,69,6f,73,2e,73,79,73,00
"DisplayName"="NetBIOS Interface"
"Group"="NetBIOSGroup"
"Description"="NetBIOS Interface"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NetBIOS\Linkage]
"LanaMap"=hex:01,03,01,00,00,01,00,02
"Bind"=hex(7):5c,44,65,76,69,63,65,5c,4e,65,74,42,54,5f,54,63,70,69,70,5f,7b,\
43,45,35,46,41,30,44,30,2d,33,38,34,44,2d,34,33,38,37,2d,39,45,34,37,2d,44,\
32,35,31,38,34,30,33,30,44,39,39,7d,00,5c,44,65,76,69,63,65,5c,4e,65,74,42,\
54,5f,54,63,70,69,70,5f,7b,41,45,43,38,31,34,31,31,2d,42,45,31,45,2d,34,44,\
45,31,2d,42,42,37,39,2d,44,37,39,32,36,31,37,38,32,33,33,33,7d,00,5c,44,65,\
76,69,63,65,5c,4e,65,74,42,54,5f,54,63,70,69,70,5f,7b,45,46,41,41,31,41,32,\
30,2d,31,31,33,36,2d,34,41,31,33,2d,41,35,33,43,2d,42,31,45,34,45,34,43,35,\
32,43,42,45,7d,00,5c,44,65,76,69,63,65,5c,4e,65,74,42,54,5f,54,63,70,69,70,\
5f,7b,39,35,42,42,43,34,35,35,2d,30,43,42,41,2d,34,45,44,33,2d,42,39,44,38,\
2d,32,41,46,43,45,31,38,43,34,39,45,37,7d,00,00
"Route"=hex(7):22,4e,65,74,42,54,22,20,22,54,63,70,69,70,22,20,22,7b,43,45,35,\
46,41,30,44,30,2d,33,38,34,44,2d,34,33,38,37,2d,39,45,34,37,2d,44,32,35,31,\
38,34,30,33,30,44,39,39,7d,22,00,22,4e,65,74,42,54,22,20,22,54,63,70,69,70,\
22,20,22,7b,41,45,43,38,31,34,31,31,2d,42,45,31,45,2d,34,44,45,31,2d,42,42,\
37,39,2d,44,37,39,32,36,31,37,38,32,33,33,33,7d,22,00,22,4e,65,74,42,54,22,\
20,22,54,63,70,69,70,22,20,22,4e,64,69,73,57,61,6e,49,70,22,00,00
"Export"=hex(7):5c,44,65,76,69,63,65,5c,4e,65,74,42,49,4f,53,5f,4e,65,74,42,54,\
5f,54,63,70,69,70,5f,7b,43,45,35,46,41,30,44,30,2d,33,38,34,44,2d,34,33,38,\
37,2d,39,45,34,37,2d,44,32,35,31,38,34,30,33,30,44,39,39,7d,00,5c,44,65,76,\
69,63,65,5c,4e,65,74,42,49,4f,53,5f,4e,65,74,42,54,5f,54,63,70,69,70,5f,7b,\
41,45,43,38,31,34,31,31,2d,42,45,31,45,2d,34,44,45,31,2d,42,42,37,39,2d,44,\
37,39,32,36,31,37,38,32,33,33,33,7d,00,5c,44,65,76,69,63,65,5c,4e,65,74,42,\
49,4f,53,5f,4e,65,74,42,54,5f,54,63,70,69,70,5f,7b,45,46,41,41,31,41,32,30,\
2d,31,31,33,36,2d,34,41,31,33,2d,41,35,33,43,2d,42,31,45,34,45,34,43,35,32,\
43,42,45,7d,00,5c,44,65,76,69,63,65,5c,4e,65,74,42,49,4f,53,5f,4e,65,74,42,\
54,5f,54,63,70,69,70,5f,7b,39,35,42,42,43,34,35,35,2d,30,43,42,41,2d,34,45,\
44,33,2d,42,39,44,38,2d,32,41,46,43,45,31,38,43,34,39,45,37,7d,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NetBIOS\Parameters]
"MaxLana"=dword:00000003

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NetBIOS\Parameters\Winsock]
"HelperDllName"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,65,\
6d,33,32,5c,77,73,68,6e,65,74,62,73,2e,64,6c,6c,00
"MaxSockAddrLength"=dword:00000014
"MinSockAddrLength"=dword:00000014
"Mapping"=hex:02,00,00,00,03,00,00,00,11,00,00,00,05,00,00,00,00,00,00,00,11,\
00,00,00,02,00,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NetBIOS\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,60,00,04,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,\
05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,\
00,18,00,fd,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,02,00,00,01,01,\
00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NetBIOS\Enum]
"0"="Root\\LEGACY_NETBIOS\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NetBT]
"Type"=dword:00000001
"Start"=dword:00000001
"ErrorControl"=dword:00000001
"Tag"=dword:00000006
"ImagePath"=hex(2):73,79,73,74,65,6d,33,32,5c,44,52,49,56,45,52,53,5c,6e,65,74,\
62,74,2e,73,79,73,00
"DisplayName"="NetBios over Tcpip"
"Group"="PNP_TDI"
"DependOnService"=hex(7):54,63,70,69,70,00,00
"DependOnGroup"=hex(7):00
"Description"="NetBios over Tcpip"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NetBT\Linkage]
"OtherDependencies"=hex(7):54,63,70,69,70,00,00
"Bind"=hex(7):5c,44,65,76,69,63,65,5c,54,63,70,69,70,5f,7b,43,45,35,46,41,30,\
44,30,2d,33,38,34,44,2d,34,33,38,37,2d,39,45,34,37,2d,44,32,35,31,38,34,30,\
33,30,44,39,39,7d,00,5c,44,65,76,69,63,65,5c,54,63,70,69,70,5f,7b,41,45,43,\
38,31,34,31,31,2d,42,45,31,45,2d,34,44,45,31,2d,42,42,37,39,2d,44,37,39,32,\
36,31,37,38,32,33,33,33,7d,00,5c,44,65,76,69,63,65,5c,54,63,70,69,70,5f,7b,\
45,46,41,41,31,41,32,30,2d,31,31,33,36,2d,34,41,31,33,2d,41,35,33,43,2d,42,\
31,45,34,45,34,43,35,32,43,42,45,7d,00,5c,44,65,76,69,63,65,5c,54,63,70,69,\
70,5f,7b,39,35,42,42,43,34,35,35,2d,30,43,42,41,2d,34,45,44,33,2d,42,39,44,\
38,2d,32,41,46,43,45,31,38,43,34,39,45,37,7d,00,00
"Route"=hex(7):22,54,63,70,69,70,22,20,22,7b,43,45,35,46,41,30,44,30,2d,33,38,\
34,44,2d,34,33,38,37,2d,39,45,34,37,2d,44,32,35,31,38,34,30,33,30,44,39,39,\
7d,22,00,22,54,63,70,69,70,22,20,22,7b,41,45,43,38,31,34,31,31,2d,42,45,31,\
45,2d,34,44,45,31,2d,42,42,37,39,2d,44,37,39,32,36,31,37,38,32,33,33,33,7d,\
22,00,22,54,63,70,69,70,22,20,22,4e,64,69,73,57,61,6e,49,70,22,00,00
"Export"=hex(7):5c,44,65,76,69,63,65,5c,4e,65,74,42,54,5f,54,63,70,69,70,5f,7b,\
43,45,35,46,41,30,44,30,2d,33,38,34,44,2d,34,33,38,37,2d,39,45,34,37,2d,44,\
32,35,31,38,34,30,33,30,44,39,39,7d,00,5c,44,65,76,69,63,65,5c,4e,65,74,42,\
54,5f,54,63,70,69,70,5f,7b,41,45,43,38,31,34,31,31,2d,42,45,31,45,2d,34,44,\
45,31,2d,42,42,37,39,2d,44,37,39,32,36,31,37,38,32,33,33,33,7d,00,5c,44,65,\
76,69,63,65,5c,4e,65,74,42,54,5f,54,63,70,69,70,5f,7b,45,46,41,41,31,41,32,\
30,2d,31,31,33,36,2d,34,41,31,33,2d,41,35,33,43,2d,42,31,45,34,45,34,43,35,\
32,43,42,45,7d,00,5c,44,65,76,69,63,65,5c,4e,65,74,42,54,5f,54,63,70,69,70,\
5f,7b,39,35,42,42,43,34,35,35,2d,30,43,42,41,2d,34,45,44,33,2d,42,39,44,38,\
2d,32,41,46,43,45,31,38,43,34,39,45,37,7d,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NetBT\Parameters]
"NbProvider"="_tcp"
"NameServerPort"=dword:00000089
"CacheTimeout"=dword:000927c0
"BcastNameQueryCount"=dword:00000003
"BcastQueryTimeout"=dword:000002ee
"NameSrvQueryCount"=dword:00000003
"NameSrvQueryTimeout"=dword:000005dc
"Size/Small/Medium/Large"=dword:00000001
"SessionKeepAlive"=dword:0036ee80
"TransportBindName"="\\Device\\"
"EnableLMHOSTS"=dword:00000001
"DhcpNodeType"=dword:00000008
brispie
2007-05-24, 00:05
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NetBT\Parameters\Interfaces]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NetBT\Parameters\Interfaces\Tcpip_{95BBC455-0CBA-4ED3-B9D8-2AFCE18C49E7}]
"NameServerList"=hex(7):00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NetBT\Parameters\Interfaces\Tcpip_{AEC81411-BE1E-4DE1-BB79-D79261782333}]
"NameServerList"=hex(7):00
"NetbiosOptions"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NetBT\Parameters\Interfaces\Tcpip_{CE5FA0D0-384D-4387-9E47-D25184030D99}]
"NameServerList"=hex(7):00
"NetbiosOptions"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NetBT\Parameters\Interfaces\Tcpip_{EFAA1A20-1136-4A13-A53C-B1E4E4C52CBE}]
"NameServerList"=hex(7):00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NetBT\Security]
"Security"=hex:01,00,14,80,e8,00,00,00,f4,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,b8,00,08,00,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,\
05,0b,00,00,00,00,00,18,00,9d,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,\
23,02,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,20,\
02,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,25,02,\
00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,05,12,00,00,00,00,00,14,\
00,40,00,00,00,01,01,00,00,00,00,00,05,13,00,00,00,00,00,14,00,40,00,00,00,\
01,01,00,00,00,00,00,05,14,00,00,00,00,00,18,00,9d,01,02,00,01,02,00,00,00,\
00,00,05,20,00,00,00,2c,02,00,00,01,01,00,00,00,00,00,05,12,00,00,00,01,01,\
00,00,00,00,00,05,12,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NetBT\Enum]
"0"="Root\\LEGACY_NETBT\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NetDDE]
"DependOnService"=hex(7):4e,65,74,44,44,45,44,53,44,4d,00,00
"Description"="Provides network transport and security for Dynamic Data Exchange (DDE) for programs running on the same computer or on different computers. If this service is stopped, DDE transport and security will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start."
"DisplayName"="Network DDE"
"ErrorControl"=dword:00000001
"Group"="NetDDEGroup"
"ImagePath"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,6d,33,\
32,5c,6e,65,74,64,64,65,2e,65,78,65,00
"ObjectName"="LocalSystem"
"Start"=dword:00000004
"Type"=dword:00000020

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NetDDE\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,60,00,04,00,00,00,00,00,14,00,8d,00,02,00,01,01,00,00,00,00,00,\
05,0b,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
20,02,00,00,00,00,18,00,8d,00,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,\
02,00,00,00,00,14,00,9d,00,00,00,01,01,00,00,00,00,00,05,04,00,00,00,01,01,\
00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NetDDEdsdm]
"DependOnService"=hex(7):00
"Description"="Manages Dynamic Data Exchange (DDE) network shares. If this service is stopped, DDE network shares will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. "
"DisplayName"="Network DDE DSDM"
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,6d,33,\
32,5c,6e,65,74,64,64,65,2e,65,78,65,00
"ObjectName"="LocalSystem"
"Start"=dword:00000004
"Type"=dword:00000020

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NetDDEdsdm\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,60,00,04,00,00,00,00,00,14,00,8d,00,02,00,01,01,00,00,00,00,00,\
05,0b,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
20,02,00,00,00,00,18,00,8d,00,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,\
02,00,00,00,00,14,00,9d,00,00,00,01,01,00,00,00,00,00,05,04,00,00,00,01,01,\
00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Netlogon]
"Type"=dword:00000020
"Start"=dword:00000003
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,6d,33,\
32,5c,6c,73,61,73,73,2e,65,78,65,00
"DisplayName"="Net Logon"
"Group"="RemoteValidation"
"DependOnService"=hex(7):4c,61,6e,6d,61,6e,57,6f,72,6b,73,74,61,74,69,6f,6e,00,\
00
"DependOnGroup"=hex(7):00
"ObjectName"="LocalSystem"
"Description"="Supports pass-through authentication of account logon events for computers in a domain."

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Netlogon\Parameters]
"DisablePasswordChange"=dword:00000000
"maximumpasswordage"=dword:0000001e
"requiresignorseal"=dword:00000001
"requirestrongkey"=dword:00000000
"sealsecurechannel"=dword:00000001
"signsecurechannel"=dword:00000001
"Update"="no"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Netlogon\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,60,00,04,00,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,\
05,0b,00,00,00,00,00,18,00,9d,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,\
23,02,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,20,\
02,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,05,12,00,00,00,01,01,\
00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Netman]
"DependOnService"=hex(7):52,70,63,53,73,00,00
"Description"="Manages objects in the Network and Dial-Up Connections folder, in which you can view both local area network and remote connections."
"DisplayName"="Network Connections"
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,65,6d,33,\
32,5c,73,76,63,68,6f,73,74,2e,65,78,65,20,2d,6b,20,6e,65,74,73,76,63,73,00
"ObjectName"="LocalSystem"
"Start"=dword:00000003
"Type"=dword:00000120

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Netman\Parameters]
"ServiceDll"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,65,6d,\
33,32,5c,6e,65,74,6d,61,6e,2e,64,6c,6c,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Netman\Enum]
"0"="Root\\LEGACY_NETMAN\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Nla]
"Type"=dword:00000020
"Start"=dword:00000003
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,6d,33,\
32,5c,73,76,63,68,6f,73,74,2e,65,78,65,20,2d,6b,20,6e,65,74,73,76,63,73,00
"DisplayName"="Network Location Awareness (NLA)"
"DependOnService"=hex(7):54,63,70,69,70,00,41,66,64,00,00
"DependOnGroup"=hex(7):00
"ObjectName"="LocalSystem"
"Description"="Collects and stores network configuration and location information, and notifies applications when this information changes."

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Nla\Parameters]
"ServiceDll"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,65,6d,\
33,32,5c,6d,73,77,73,6f,63,6b,2e,64,6c,6c,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Nla\Security]
"Security"=hex:01,00,14,80,7c,00,00,00,88,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,4c,00,03,00,00,00,00,00,14,00,9d,01,02,00,01,01,00,00,00,00,00,\
05,0b,00,00,00,00,00,18,00,fd,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,\
23,02,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,20,\
02,00,00,01,01,00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,\
00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Nla\Enum]
"0"="Root\\LEGACY_NLA\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Npfs]
"ErrorControl"=dword:00000001
"Group"="File system"
"Start"=dword:00000001
"Type"=dword:00000002

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Npfs\Aliases]
"lsass"=hex(7):70,72,6f,74,65,63,74,65,64,5f,73,74,6f,72,61,67,65,00,6e,65,74,\
6c,6f,67,6f,6e,00,6c,73,61,72,70,63,00,73,61,6d,72,00,00
"ntsvcs"=hex(7):65,76,65,6e,74,6c,6f,67,00,73,76,63,63,74,6c,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Npfs\Enum]
"0"="Root\\LEGACY_NPFS\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Ntfs]
"ErrorControl"=dword:00000001
"Group"="File system"
"Start"=dword:00000004
"Type"=dword:00000002

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Ntfs\Enum]
"0"="Root\\LEGACY_NTFS\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NtLmSsp]
"Type"=dword:00000020
"Start"=dword:00000003
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,6d,33,\
32,5c,6c,73,61,73,73,2e,65,78,65,00
"DisplayName"="NT LM Security Support Provider"
"ObjectName"="LocalSystem"
"Description"="Provides security to remote procedure call (RPC) programs that use transports other than named pipes."

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NtLmSsp\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,60,00,04,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,\
05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,\
00,18,00,fd,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,02,00,00,01,01,\
00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NtmsSvc]
"Type"=dword:00000020
"Start"=dword:00000003
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,6d,33,\
32,5c,73,76,63,68,6f,73,74,2e,65,78,65,20,2d,6b,20,6e,65,74,73,76,63,73,00
"DisplayName"="Removable Storage"
"DependOnService"=hex(7):52,70,63,53,73,00,00
"DependOnGroup"=hex(7):00
"ObjectName"="LocalSystem"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NtmsSvc\Parameters]
"ServiceDll"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,6d,\
33,32,5c,6e,74,6d,73,73,76,63,2e,64,6c,6c,00
"ShutdownTimeout"=dword:00007530

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NtmsSvc\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,60,00,04,00,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,\
05,0b,00,00,00,00,00,18,00,9d,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,\
23,02,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,20,\
02,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,05,12,00,00,00,01,01,\
00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Null]
"ErrorControl"=dword:00000001
"Group"="Base"
"Start"=dword:00000001
"Tag"=dword:00000001
"Type"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Null\Enum]
"0"="Root\\LEGACY_NULL\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\nvax]
"Type"=dword:00000001
"Start"=dword:00000003
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):73,79,73,74,65,6d,33,32,5c,64,72,69,76,65,72,73,5c,6e,76,61,\
78,2e,73,79,73,00
"DisplayName"="Service for NVIDIA(R) nForce(TM) Audio Enumerator"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\nvax\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,60,00,04,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,\
05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,\
00,18,00,fd,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,02,00,00,01,01,\
00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\nvax\Enum]
"0"="PCI\\VEN_10DE&DEV_006A&SUBSYS_80951043&REV_A1\\3&13c0b0c5&0&30"
"Count"=dword:00000001
"NextInstance"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NVENET]
"Type"=dword:00000001
"Start"=dword:00000003
"ErrorControl"=dword:00000001
"Tag"=dword:0000000c
"ImagePath"=hex(2):73,79,73,74,65,6d,33,32,5c,44,52,49,56,45,52,53,5c,4e,56,45,\
4e,45,54,2e,73,79,73,00
"DisplayName"="NVIDIA nForce MCP Networking Adapter Driver"
"Group"="NDIS"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NVENET\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,60,00,04,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,\
05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,\
00,18,00,fd,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,02,00,00,01,01,\
00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NVENET\Enum]
"0"="PCI\\VEN_10DE&DEV_0066&SUBSYS_80A71043&REV_A1\\3&13c0b0c5&0&20"
"Count"=dword:00000001
"NextInstance"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\nvnforce]
"Type"=dword:00000001
"Start"=dword:00000003
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):73,79,73,74,65,6d,33,32,5c,64,72,69,76,65,72,73,5c,6e,76,61,\
70,75,2e,73,79,73,00
"DisplayName"="Service for NVIDIA(R) nForce(TM) Audio"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\nvnforce\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,60,00,04,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,\
05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,\
00,18,00,fd,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,02,00,00,01,01,\
00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\nvnforce\Enum]
"0"="NVAX\\NFORCE_VAD\\4&30255a3&0&0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NwlnkFlt]
"Type"=dword:00000001
"Start"=dword:00000003
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):73,79,73,74,65,6d,33,32,5c,44,52,49,56,45,52,53,5c,6e,77,6c,\
6e,6b,66,6c,74,2e,73,79,73,00
"DisplayName"="IPX Traffic Filter Driver"
"DependOnService"=hex(7):4e,77,6c,6e,6b,46,77,64,00,00
"DependOnGroup"=hex(7):00
"Description"="IPX Traffic Filter Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NwlnkFlt\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,60,00,04,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,\
05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,\
00,18,00,fd,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,02,00,00,01,01,\
00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NwlnkFwd]
"Type"=dword:00000001
"Start"=dword:00000003
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):73,79,73,74,65,6d,33,32,5c,44,52,49,56,45,52,53,5c,6e,77,6c,\
6e,6b,66,77,64,2e,73,79,73,00
"DisplayName"="IPX Traffic Forwarder Driver"
"Description"="IPX Traffic Forwarder Driver"
brispie
2007-05-24, 00:06
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NwlnkFwd\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,60,00,04,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,\
05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,\
00,18,00,fd,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,02,00,00,01,01,\
00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Parport]
"ErrorControl"=dword:00000001
"Group"="Parallel arbitrator"
"Start"=dword:00000003
"Tag"=dword:00000001
"Type"=dword:00000001
"DisplayName"="Parallel port driver"
"ImagePath"=hex(2):73,79,73,74,65,6d,33,32,5c,44,52,49,56,45,52,53,5c,70,61,72,\
70,6f,72,74,2e,73,79,73,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Parport\Enum]
"0"="ACPI\\PNP0401\\3&13c0b0c5&0"
"Count"=dword:00000001
"NextInstance"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PartMgr]
"ErrorControl"=dword:00000001
"Group"="System Bus Extender"
"Start"=dword:00000000
"Tag"=dword:00000005
"Type"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PartMgr\Enum]
"0"="Root\\LEGACY_PARTMGR\\0000"
"Count"=dword:00000002
"NextInstance"=dword:00000002
"1"="IDE\\DiskMaxtor_6E040L0__________________________NAR61HA0\\394536324d504548202020202020202020202020"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ParVdm]
"DependOnGroup"=hex(7):50,61,72,61,6c,6c,65,6c,20,61,72,62,69,74,72,61,74,6f,\
72,00,00
"DependOnService"=hex(7):50,61,72,70,6f,72,74,00,00
"ErrorControl"=dword:00000000
"Group"="Extended base"
"Start"=dword:00000002
"Tag"=dword:00000002
"Type"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ParVdm\Parameters]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ParVdm\Enum]
"0"="Root\\LEGACY_PARVDM\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PCI]
"ErrorControl"=dword:00000003
"Group"="Boot Bus Extender"
"Start"=dword:00000000
"Tag"=dword:00000002
"Type"=dword:00000001
"DisplayName"="PCI Bus Driver"
"ImagePath"=hex(2):73,79,73,74,65,6d,33,32,5c,44,52,49,56,45,52,53,5c,70,63,69,\
2e,73,79,73,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PCI\Parameters]
"1045C621"=hex:04,00,00,00,00,00,00,00
"10950640"=hex:04,00,00,00,00,00,00,00
"80861230"=hex:04,00,00,00,00,00,00,00
"80867010"=hex:04,00,00,00,00,00,00,00
"104B0140"=hex:08,00,00,00,00,00,00,00
"11790603"=hex:08,00,00,00,00,00,00,00
"80867113"=hex:08,00,00,00,00,00,00,00
"497884C5"=hex:08,00,00,00,00,00,00,00
"11063040"=hex:08,00,00,00,00,00,00,00
"0E111000"=hex:10,00,00,00,00,00,00,00
"0E112000"=hex:10,00,00,00,00,00,00,00
"10390406"=hex:10,00,00,00,00,00,00,00
"80860482"=hex:00,40,00,00,00,00,00,00
"80860008"=hex:10,00,00,00,00,00,00,00
"10140002"=hex:10,00,00,00,00,00,00,00
"10800600"=hex:20,00,00,00,00,00,00,00
"10131100"=hex:40,00,00,00,00,00,00,00
"10B95219"=hex:80,00,00,00,00,00,00,00
"1C1C0001"=hex:00,01,00,00,00,00,00,00
"10970038"=hex:00,01,00,00,00,00,00,00
"100BD001"=hex:00,04,00,00,00,00,00,00
"808604A3"=hex:00,08,00,00,00,00,00,00
"10AA0000"=hex:00,08,00,00,00,00,00,00
"533388D1"=hex:00,00,00,00,01,00,00,00
"11790605"=hex:00,10,00,00,00,00,00,00
"10131110"=hex:00,20,00,00,00,00,00,00
"11800478"=hex:00,20,00,00,00,00,00,00
"11800475"=hex:00,20,00,00,00,00,00,00
"11800476"=hex:00,20,00,00,00,00,00,00
"10040101"=hex:00,40,00,00,00,00,00,00
"10421000"=hex:00,40,00,00,00,00,00,00
"104CAC12"=hex:00,00,01,00,00,00,00,00
"11800466"=hex:00,00,01,00,00,00,00,00
"10140095"=hex:00,00,04,00,00,00,00,00
"80862418"=hex:00,00,04,00,00,00,00,00
"80862428"=hex:00,00,04,00,00,00,00,00
"8086244E"=hex:00,00,04,00,00,00,00,00
"80862448"=hex:00,00,04,00,00,00,00,00
"8086122E"=hex:00,00,08,00,00,00,00,00
"80867000"=hex:00,00,08,00,00,00,00,00
"80867110"=hex:00,00,08,00,00,00,00,00
"80867600"=hex:00,00,08,00,00,00,00,00
"10024747"=hex:00,00,40,00,00,00,00,00
"10024754"=hex:00,00,00,00,01,00,00,00
"53338901"=hex:00,00,00,00,01,00,00,00
"101300D6"=hex:00,00,40,00,00,00,00,00
"104CAC15"=hex:00,00,40,00,00,00,00,00
"110B0004"=hex:00,00,40,00,00,00,00,00
"1000000F"=hex:00,00,40,00,00,00,00,00
"104CAC17"=hex:00,00,40,00,00,00,00,00
"10239397"=hex:00,00,40,00,00,00,00,00
"10024742"=hex:00,00,40,00,00,00,00,00
"10024744"=hex:00,00,40,00,00,00,00,00
"10024749"=hex:00,00,40,00,00,00,00,00
"10024750"=hex:00,00,40,00,00,00,00,00
"10024751"=hex:00,00,40,00,00,00,00,00
"10024755"=hex:00,00,40,00,00,00,00,00
"10024757"=hex:00,00,40,20,00,00,00,00
"10024759"=hex:00,00,40,20,00,00,00,00
"10024C42"=hex:00,00,40,00,00,00,00,00
"10024C44"=hex:00,00,40,00,00,00,00,00
"10024C47"=hex:00,00,40,00,00,00,00,00
"10024C49"=hex:00,00,40,00,00,00,00,00
"10024C50"=hex:00,00,40,00,00,00,00,00
"10024C51"=hex:00,00,40,00,00,00,00,00
"10025654"=hex:00,00,00,00,01,00,00,00
"10025655"=hex:00,00,40,00,00,00,00,00
"10025656"=hex:00,00,40,00,00,00,00,00
"121A0003"=hex:00,00,40,00,00,00,00,00
"1045C861107B9300"=hex:00,00,40,00,00,00,00,00
"1045C8611045C861"=hex:00,00,40,00,00,00,00,00
"80861231"=hex:00,00,00,01,00,00,00,00
"12730002"=hex:00,00,00,01,00,00,00,00
"1014007D"=hex:00,00,00,01,00,00,00,00
"12850100"=hex:00,00,00,01,00,00,00,00
"12176836"=hex:00,00,00,08,00,00,00,00
"12176832"=hex:00,00,00,08,00,00,00,00
"109107A0"=hex:00,00,00,20,00,00,00,00
"80867800"=hex:00,00,00,20,00,00,00,00
"10c88005"=hex:00,00,00,20,00,00,00,00
"10c88006"=hex:00,00,00,20,00,00,00,00
"10c80005"=hex:00,00,00,20,00,00,00,00
"10c80006"=hex:00,00,00,20,00,00,00,00
"102B1001"=hex:00,00,00,80,00,00,00,00
"10DD0100"=hex:00,00,00,20,00,00,00,00
"10950646"=hex:00,00,00,20,00,00,00,00
"10950670"=hex:00,00,00,20,00,00,00,00
"10950648"=hex:00,00,00,20,00,00,00,00
"10110026"=hex:00,00,00,20,00,00,00,00
"8086B154"=hex:00,00,00,20,00,00,00,00
"53338904"=hex:00,00,00,20,00,00,00,00
"11068598"=hex:00,00,00,20,00,00,00,00
"11068605"=hex:00,00,00,20,00,00,00,00
"11790609"=hex:00,00,00,40,00,00,00,00
"10140047"=hex:00,00,00,40,00,00,00,00
"102B051B"=hex:00,00,00,80,00,00,00,00
"102B0520"=hex:00,00,00,80,00,00,00,00
"102B0521"=hex:00,00,00,80,00,00,00,00
"102B1025"=hex:00,00,00,80,00,00,00,00
"102B0525"=hex:00,00,00,80,00,00,00,00
"80867121"=hex:00,00,00,80,00,00,00,00
"80867123"=hex:00,00,00,80,00,00,00,00
"80867125"=hex:00,00,00,80,00,00,00,00
"80861132"=hex:00,00,00,80,00,00,00,00
"90050050"=hex:00,00,00,80,00,00,00,00
"9005005F"=hex:00,00,00,80,00,00,00,00
"10024752"=hex:00,00,00,80,00,00,00,00
"1002474F"=hex:00,00,00,80,00,00,00,00
"1002474D"=hex:00,00,00,80,00,00,00,00
"10024753"=hex:00,00,00,80,00,00,00,00
"1002474C"=hex:00,00,00,80,00,00,00,00
"1002474E"=hex:00,00,00,80,00,00,00,00
"10024C4D"=hex:00,00,00,80,00,00,00,00
"10024C4E"=hex:00,00,00,80,00,00,00,00
"10024C52"=hex:00,00,00,80,00,00,00,00
"10024C53"=hex:00,00,00,80,00,00,00,00
"10239880"=hex:00,00,00,80,00,00,00,00
"10DE00A0"=hex:00,00,00,80,00,00,00,00
"10DE00A1"=hex:00,00,00,80,00,00,00,00
"10DE00A3"=hex:00,00,00,80,00,00,00,00
"10DE00B0"=hex:00,00,00,80,00,00,00,00
"10DE00B1"=hex:00,00,00,80,00,00,00,00
"10DE00B3"=hex:00,00,00,80,00,00,00,00
"10DE0100"=hex:00,00,00,80,00,00,00,00
"10DE0101"=hex:00,00,00,80,00,00,00,00
"10DE0102"=hex:00,00,00,80,00,00,00,00
"10DE0103"=hex:00,00,00,80,00,00,00,00
"10DE0120"=hex:00,00,00,80,00,00,00,00
"10DE0121"=hex:00,00,00,80,00,00,00,00
"10DE0122"=hex:00,00,00,80,00,00,00,00
"10DE0123"=hex:00,00,00,80,00,00,00,00
"10DE0150"=hex:00,00,00,80,00,00,00,00
"10DE0151"=hex:00,00,00,80,00,00,00,00
"10DE0152"=hex:00,00,00,80,00,00,00,00
"10DE0153"=hex:00,00,00,80,00,00,00,00
"10DE0200"=hex:00,00,00,80,00,00,00,00
"10DE0201"=hex:00,00,00,80,00,00,00,00
"10DE0202"=hex:00,00,00,80,00,00,00,00
"10DE0203"=hex:00,00,00,80,00,00,00,00
"12D20018"=hex:00,00,00,80,00,00,00,00
"12D20019"=hex:00,00,00,80,00,00,00,00
"10136003"=hex:00,00,00,80,00,00,00,00
"3D3D000A"=hex:00,00,00,80,00,00,00,00
"10024158"=hex:00,00,00,00,01,00,00,00
"10024354"=hex:00,00,00,00,01,00,00,00
"10024358"=hex:00,00,00,00,01,00,00,00
"10024554"=hex:00,00,00,00,01,00,00,00
"10024758"=hex:00,00,00,00,01,00,00,00
"10024C54"=hex:00,00,00,00,01,00,00,00
"53338810"=hex:00,00,00,00,01,00,00,00
"53338811"=hex:00,00,00,00,01,00,00,00
"53338812"=hex:00,00,00,00,01,00,00,00
"53338814"=hex:00,00,00,00,01,00,00,00
"53338880"=hex:00,00,00,00,01,00,00,00
"533388B0"=hex:00,00,00,00,01,00,00,00
"533388C0"=hex:00,00,00,00,01,00,00,00
"533388C1"=hex:00,00,00,00,01,00,00,00
"533388D0"=hex:00,00,00,00,01,00,00,00
"533388F0"=hex:00,00,00,00,01,00,00,00
"53338902"=hex:00,00,00,00,01,00,00,00
"0E11B109"=hex:00,00,00,00,02,00,00,00
"10024342"=hex:00,00,00,00,80,00,00,00
"10024362"=hex:00,00,00,00,80,00,00,00
"10024371"=hex:00,00,00,00,80,00,00,00
"100C3202"=hex:00,8a,00,00,00,00,00,00
"10668002"=hex:00,00,30,00,00,00,00,00
"10660002"=hex:00,00,30,00,00,00,00,00
"10040102"=hex:00,40,00,02,00,00,00,00
"1045C814"=hex:00,00,40,20,00,00,00,00
"10024756"=hex:00,00,40,20,00,00,00,00
"1002475A"=hex:00,00,40,20,00,00,00,00
"80861161"=hex:00,00,00,40,10,00,00,00
"80861461"=hex:00,00,00,40,10,00,00,00
"1000000B"=hex:00,00,00,a0,00,00,00,00
"10DE0020"=hex:00,00,00,a0,00,00,00,00
"10DE0028"=hex:00,00,00,a0,00,00,00,00
"10DE0029"=hex:00,00,00,a0,00,00,00,00
"10DE002A"=hex:00,00,00,a0,00,00,00,00
"10DE002B"=hex:00,00,00,a0,00,00,00,00
"10DE002C"=hex:00,00,00,a0,00,00,00,00
"10DE002D"=hex:00,00,00,a0,00,00,00,00
"10DE002E"=hex:00,00,00,a0,00,00,00,00
"10DE002F"=hex:00,00,00,a0,00,00,00,00
"101300D6101880D6"=hex:00,00,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PCI\Enum]
"0"="ACPI\\PNP0A03\\1"
"Count"=dword:00000003
"NextInstance"=dword:00000003
"1"="PCI\\VEN_10DE&DEV_006C&SUBSYS_00000000&REV_A3\\3&13c0b0c5&0&40"
"2"="PCI\\VEN_10DE&DEV_01E8&SUBSYS_00000000&REV_C1\\3&13c0b0c5&0&F0"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PCIDump]
"ErrorControl"=dword:00000000
"Group"="PCI Configuration"
"Start"=dword:00000001
"Tag"=dword:00000001
"Type"=dword:00000001
brispie
2007-05-24, 00:07
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PCIIde]
"ErrorControl"=dword:00000001
"Group"="System Bus Extender"
"Start"=dword:00000000
"Tag"=dword:00000003
"Type"=dword:00000001
"ImagePath"=hex(2):73,79,73,74,65,6d,33,32,5c,44,52,49,56,45,52,53,5c,70,63,69,\
69,64,65,2e,73,79,73,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PCIIde\Enum]
"0"="PCI\\VEN_10DE&DEV_0065&SUBSYS_0C111043&REV_A2\\3&13c0b0c5&0&48"
"Count"=dword:00000001
"NextInstance"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Pcmcia]
"ErrorControl"=dword:00000001
"Group"="System Bus Extender"
"Start"=dword:00000004
"Tag"=dword:00000001
"Type"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Pcmcia\Parameters]
"SoundsEnabled"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PDCOMP]
"ErrorControl"=dword:00000000
"Start"=dword:00000003
"Type"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PDFRAME]
"ErrorControl"=dword:00000000
"Start"=dword:00000003
"Type"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PDRELI]
"ErrorControl"=dword:00000000
"Start"=dword:00000003
"Type"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PDRFRAME]
"ErrorControl"=dword:00000000
"Start"=dword:00000003
"Type"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\perc2]
"ErrorControl"=dword:00000001
"Group"="SCSI miniport"
"Start"=dword:00000004
"Type"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\perc2\Parameters]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\perc2\Parameters\PnpInterface]
"5"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\perc2hib]
"ErrorControl"=dword:00000001
"Group"="Filter"
"Start"=dword:00000004
"Type"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PerfDisk]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PerfDisk\Performance]
"Close"="CloseDiskObject"
"Collect"="CollectDiskObjectData"
"Collect Timeout"=dword:000007d0
"Library"="perfdisk.dll"
"Object List"="234 236"
"Open"="OpenDiskObject"
"Open Timeout"=dword:00001388
"WbemAdapFileSignature"=hex:ba,86,8a,32,eb,6e,b8,eb,d2,ff,0d,86,79,80,1d,ef
"WbemAdapFileTime"=hex:00,5b,4e,ea,bd,79,c4,01
"WbemAdapFileSize"=dword:00006800
"WbemAdapStatus"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PerfNet]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PerfNet\Performance]
"Close"="CloseNetSvcsObject"
"Collect"="CollectNetSvcsObjectData"
"Collect Timeout"=dword:00001388
"Library"="perfnet.dll"
"Object List"="52 262 330 1300"
"Open"="OpenNetSvcsObject"
"Open Timeout"=dword:00001f40
"WbemAdapFileSignature"=hex:63,6a,03,aa,52,09,fc,2e,84,16,a7,46,b1,98,61,55
"WbemAdapFileTime"=hex:00,20,7c,22,cb,2b,c1,01
"WbemAdapFileSize"=dword:00004200
"WbemAdapStatus"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PerfOS]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PerfOS\Performance]
"Close"="CloseOSObject"
"Collect"="CollectOSObjectData"
"Collect Timeout"=dword:000007d0
"Library"="perfos.dll"
"Object List"="2 4 86 238 260 700"
"Open"="OpenOSObject"
"Open Timeout"=dword:00001388
"WbemAdapFileSignature"=hex:fc,77,c6,3c,47,ae,2d,0d,8b,05,da,6e,c1,78,5c,0f
"WbemAdapFileTime"=hex:00,5b,4e,ea,bd,79,c4,01
"WbemAdapFileSize"=dword:00006200
"WbemAdapStatus"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PerfProc]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PerfProc\Performance]
"Close"="CloseSysProcessObject"
"Collect"="CollectSysProcessObjectData"
"Collect Timeout"=dword:00001f40
"Library"="perfproc.dll"
"Object List"="230 232 786 740 816 1408 1500 1548 1760"
"Open"="OpenSysProcessObject"
"Open Timeout"=dword:00002710
"WbemAdapFileSignature"=hex:26,04,41,1d,b3,62,f3,c7,d4,6b,ab,31,36,2f,0b,55
"WbemAdapFileTime"=hex:00,5b,4e,ea,bd,79,c4,01
"WbemAdapFileSize"=dword:00008800
"WbemAdapStatus"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PlugPlay]
"Description"="Enables a computer to recognize and adapt to hardware changes with little or no user input. Stopping or disabling this service will result in system instability."
"DisplayName"="Plug and Play"
"ErrorControl"=dword:00000001
"Group"="PlugPlay"
"ImagePath"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,6d,33,\
32,5c,73,65,72,76,69,63,65,73,2e,65,78,65,00
"ObjectName"="LocalSystem"
"PlugPlayServiceType"=dword:00000003
"Start"=dword:00000002
"Type"=dword:00000020

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PlugPlay\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,60,00,04,00,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,\
05,0b,00,00,00,00,00,18,00,9d,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,\
23,02,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,20,\
02,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,05,12,00,00,00,01,01,\
00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PolicyAgent]
"Type"=dword:00000020
"Start"=dword:00000002
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,6d,33,\
32,5c,6c,73,61,73,73,2e,65,78,65,00
"DisplayName"="IPSEC Services"
"DependOnService"=hex(7):52,50,43,53,53,00,54,63,70,69,70,00,49,50,53,65,63,00,\
00
"DependOnGroup"=hex(7):00
"ObjectName"="LocalSystem"
"Description"="Manages IP security policy and starts the ISAKMP/Oakley (IKE) and the IP security driver."
"PolstoreDllRegisterVersion"=dword:00000002

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PolicyAgent\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,60,00,04,00,00,00,00,00,14,00,8d,00,02,00,01,01,00,00,00,00,00,\
05,0b,00,00,00,00,00,18,00,9d,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,\
23,02,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,20,\
02,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,05,12,00,00,00,01,01,\
00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PolicyAgent\Enum]
"0"="Root\\LEGACY_POLICYAGENT\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PptpMiniport]
"Type"=dword:00000001
"Start"=dword:00000003
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):73,79,73,74,65,6d,33,32,5c,44,52,49,56,45,52,53,5c,72,61,73,\
70,70,74,70,2e,73,79,73,00
"DisplayName"="WAN Miniport (PPTP)"
"Description"="WAN Miniport (PPTP)"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PptpMiniport\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,60,00,04,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,\
05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,\
00,18,00,fd,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,02,00,00,01,01,\
00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PptpMiniport\Enum]
"0"="Root\\MS_PPTPMINIPORT\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ProtectedStorage]
"DependOnService"=hex(7):52,70,63,53,73,00,00
"Description"="Provides protected storage for sensitive data, such as private keys, to prevent access by unauthorized services, processes, or users."
"DisplayName"="Protected Storage"
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,6d,33,\
32,5c,6c,73,61,73,73,2e,65,78,65,00
"ObjectName"="LocalSystem"
"Start"=dword:00000002
"Type"=dword:00000120

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ProtectedStorage\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,60,00,04,00,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,\
05,0b,00,00,00,00,00,18,00,9d,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,\
23,02,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,20,\
02,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,05,12,00,00,00,01,01,\
00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ProtectedStorage\Enum]
"0"="Root\\LEGACY_PROTECTEDSTORAGE\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PSched]
"Type"=dword:00000001
"Start"=dword:00000003
"ErrorControl"=dword:00000001
"Tag"=dword:00000007
"ImagePath"=hex(2):73,79,73,74,65,6d,33,32,5c,44,52,49,56,45,52,53,5c,70,73,63,\
68,65,64,2e,73,79,73,00
"DisplayName"="QoS Packet Scheduler"
"Group"="PNP_TDI"
"DependOnService"=hex(7):47,70,63,00,00
"DependOnGroup"=hex(7):00
"Description"="QoS Packet Scheduler"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PSched\Parameters]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PSched\Parameters\Adapters]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PSched\Parameters\Adapters\NdisWanIp]
"UpperBindings"="\\Device\\{D863D632-44F0-407B-8563-B29977806B55}"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PSched\Parameters\Adapters\{AEC81411-BE1E-4DE1-BB79-D79261782333}]
"UpperBindings"="\\Device\\{2C05508E-B18D-48A6-950F-748981087CB0}"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PSched\Parameters\Adapters\{CE5FA0D0-384D-4387-9E47-D25184030D99}]
"UpperBindings"="\\Device\\{FAD1C0FD-F8E9-4E88-AEA6-FE853F2398E1}"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PSched\Performance]
"Library"="pschdprf.dll"
"Open"="OpenPschedPerformanceData"
"Close"="ClosePschedPerformanceData"
"Collect"="CollectPschedPerformanceData"
"Last Counter"=dword:000007dc
"Last Help"=dword:000007dd
"First Counter"=dword:00000790
"First Help"=dword:00000791
"WbemAdapFileSignature"=hex:b4,45,9d,13,47,3d,07,fc,b4,33,65,c0,27,32,de,16
"WbemAdapFileTime"=hex:00,20,7c,22,cb,2b,c1,01
"WbemAdapFileSize"=dword:00002a00
"WbemAdapStatus"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PSched\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,60,00,04,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,\
05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,\
00,18,00,fd,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,02,00,00,01,01,\
00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PSched\Enum]
"0"="Root\\MS_PSCHEDMP\\0000"
"Count"=dword:00000003
"NextInstance"=dword:00000003
"1"="Root\\MS_PSCHEDMP\\0001"
"2"="Root\\MS_PSCHEDMP\\0002"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Ptilink]
"Type"=dword:00000001
"Start"=dword:00000003
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):73,79,73,74,65,6d,33,32,5c,44,52,49,56,45,52,53,5c,70,74,69,\
6c,69,6e,6b,2e,73,79,73,00
"DisplayName"="Direct Parallel Link Driver"
"Description"="Direct Parallel Link Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Ptilink\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,60,00,04,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,\
05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,\
00,18,00,fd,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,02,00,00,01,01,\
00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Ptilink\Enum]
"0"="Root\\MS_PTIMINIPORT\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PxHelp20]
"Type"=dword:00000001
"Start"=dword:00000000
"ErrorControl"=dword:00000001
"Tag"=dword:00000007
"ImagePath"=hex(2):73,79,73,74,65,6d,33,32,5c,44,52,49,56,45,52,53,5c,50,78,48,\
65,6c,70,32,30,2e,73,79,73,00
"Group"="Filter"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PxHelp20\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,60,00,04,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,\
05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,\
00,18,00,fd,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,02,00,00,01,01,\
00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PxHelp20\Enum]
"0"="IDE\\CdRomSONY_CD-RW__CRX320EE____________________RYK3____\\3032353030313630303030303533383520202020"
"Count"=dword:00000001
"NextInstance"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ql1080]
"ErrorControl"=dword:00000001
"Group"="SCSI miniport"
"Start"=dword:00000004
"Tag"=dword:0000003d
"Type"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ql1080\Parameters]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ql1080\Parameters\PnpInterface]
"5"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Ql10wnt]
"ErrorControl"=dword:00000001
"Group"="SCSI miniport"
"Start"=dword:00000004
"Tag"=dword:00000023
"Type"=dword:00000001
brispie
2007-05-24, 00:07
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Ql10wnt\Parameters]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Ql10wnt\Parameters\PnpInterface]
"5"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ql12160]
"ErrorControl"=dword:00000001
"Group"="SCSI miniport"
"Start"=dword:00000004
"Tag"=dword:0000003f
"Type"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ql12160\Parameters]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ql12160\Parameters\PnpInterface]
"5"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ql1240]
"ErrorControl"=dword:00000001
"Group"="SCSI miniport"
"Start"=dword:00000004
"Tag"=dword:00000031
"Type"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ql1240\Parameters]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ql1240\Parameters\PnpInterface]
"5"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ql1280]
"ErrorControl"=dword:00000001
"Group"="SCSI miniport"
"Start"=dword:00000004
"Tag"=dword:0000003f
"Type"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ql1280\Parameters]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ql1280\Parameters\PnpInterface]
"5"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RasAcd]
"Type"=dword:00000001
"Start"=dword:00000001
"ErrorControl"=dword:00000001
"Tag"=dword:00000001
"ImagePath"=hex(2):73,79,73,74,65,6d,33,32,5c,44,52,49,56,45,52,53,5c,72,61,73,\
61,63,64,2e,73,79,73,00
"DisplayName"="Remote Access Auto Connection Driver"
"Group"="Streams Drivers"
"Description"="Remote Access Auto Connection Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RasAcd\Parameters]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RasAcd\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,60,00,04,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,\
05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,\
00,18,00,fd,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,02,00,00,01,01,\
00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RasAcd\Enum]
"0"="Root\\LEGACY_RASACD\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RasAuto]
"Type"=dword:00000020
"Start"=dword:00000003
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,6d,33,\
32,5c,73,76,63,68,6f,73,74,2e,65,78,65,20,2d,6b,20,6e,65,74,73,76,63,73,00
"DisplayName"="Remote Access Auto Connection Manager"
"DependOnService"=hex(7):52,61,73,4d,61,6e,00,54,61,70,69,73,72,76,00,00
"DependOnGroup"=hex(7):00
"ObjectName"="LocalSystem"
"Description"="Creates a connection to a remote network whenever a program references a remote DNS or NetBIOS name or address."

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RasAuto\Parameters]
"ServiceDll"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,65,6d,\
33,32,5c,72,61,73,61,75,74,6f,2e,64,6c,6c,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RasAuto\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,60,00,04,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,\
05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,\
00,18,00,fd,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,02,00,00,01,01,\
00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Rasl2tp]
"Type"=dword:00000001
"Start"=dword:00000003
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):73,79,73,74,65,6d,33,32,5c,44,52,49,56,45,52,53,5c,72,61,73,\
6c,32,74,70,2e,73,79,73,00
"DisplayName"="WAN Miniport (L2TP)"
"Description"="WAN Miniport (L2TP)"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Rasl2tp\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,60,00,04,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,\
05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,\
00,18,00,fd,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,02,00,00,01,01,\
00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Rasl2tp\Enum]
"0"="Root\\MS_L2TPMINIPORT\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RasMan]
"Type"=dword:00000020
"Start"=dword:00000003
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,6d,33,\
32,5c,73,76,63,68,6f,73,74,2e,65,78,65,20,2d,6b,20,6e,65,74,73,76,63,73,00
"DisplayName"="Remote Access Connection Manager"
"DependOnService"=hex(7):54,61,70,69,73,72,76,00,00
"DependOnGroup"=hex(7):00
"ObjectName"="LocalSystem"
"Description"="Creates a network connection."

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RasMan\Parameters]
"Medias"=hex(7):72,61,73,74,61,70,69,00,00
"ServiceDll"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,65,6d,\
33,32,5c,72,61,73,6d,61,6e,73,2e,64,6c,6c,00
"IpOutLowWatermark"=dword:00000001
"IpOutHighWatermark"=dword:00000005

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RasMan\PPP]
"MaxConfigure"=dword:0000000a
"MaxFailure"=dword:0000000a
"MaxReject"=dword:00000005
"MaxTerminate"=dword:00000002
"Multilink"=dword:00000000
"NegotiateTime"=dword:00000096
"RestartTimer"=dword:00000003

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RasMan\PPP\ControlProtocols]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RasMan\PPP\ControlProtocols\BuiltIn]
"Path"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,65,6d,33,32,\
5c,72,61,73,70,70,70,2e,64,6c,6c,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RasMan\PPP\ControlProtocols\Chap]
"Path"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,65,6d,33,32,\
5c,72,61,73,63,68,61,70,2e,64,6c,6c,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RasMan\PPP\EAP]
"Path"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,65,6d,33,32,\
5c,72,61,73,70,70,70,2e,64,6c,6c,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RasMan\PPP\EAP\13]
"RolesSupported"=dword:00000002
"FriendlyName"="Smart Card or other Certificate"
"Path"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,65,6d,33,32,\
5c,72,61,73,74,6c,73,2e,64,6c,6c,00
"ConfigUiPath"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,65,6d,\
33,32,5c,72,61,73,74,6c,73,2e,64,6c,6c,00
"IdentityPath"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,65,6d,\
33,32,5c,72,61,73,74,6c,73,2e,64,6c,6c,00
"InteractiveUIPath"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,72,61,73,74,6c,73,2e,64,6c,6c,00
"InvokeUsernameDialog"=dword:00000000
"InvokePasswordDialog"=dword:00000000
"MPPEEncryptionSupported"=dword:00000001
"ConfigCLSID"="{58AB2366-D597-11d1-B90E-00C04FC9B263}"
"StandaloneSupported"=dword:00000000
"NoRootRevocationCheck"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RasMan\PPP\EAP\25]
"FriendlyName"="Protected EAP (PEAP)"
"Path"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,65,6d,33,32,\
5c,72,61,73,74,6c,73,2e,64,6c,6c,00
"ConfigUiPath"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,65,6d,\
33,32,5c,72,61,73,74,6c,73,2e,64,6c,6c,00
"IdentityPath"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,65,6d,\
33,32,5c,72,61,73,74,6c,73,2e,64,6c,6c,00
"InteractiveUIPath"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,72,61,73,74,6c,73,2e,64,6c,6c,00
"InvokeUsernameDialog"=dword:00000000
"InvokePasswordDialog"=dword:00000000
"MPPEEncryptionSupported"=dword:00000001
"ConfigCLSID"="{58AB2366-D597-11d1-B90E-00C04FC9B263}"
"StandaloneSupported"=dword:00000001
"NoRootRevocationCheck"=dword:00000001
"RolesSupported"=dword:0000001a

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RasMan\PPP\EAP\26]
"FriendlyName"="Secured password (EAP-MSCHAP v2)"
"Path"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,65,6d,33,32,\
5c,72,61,73,63,68,61,70,2e,64,6c,6c,00
"ConfigUiPath"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,65,6d,\
33,32,5c,72,61,73,63,68,61,70,2e,64,6c,6c,00
"IdentityPath"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,65,6d,\
33,32,5c,72,61,73,63,68,61,70,2e,64,6c,6c,00
"InteractiveUIPath"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,72,61,73,63,68,61,70,2e,64,6c,6c,00
"InvokeUsernameDialog"=dword:00000000
"InvokePasswordDialog"=dword:00000000
"MPPEEncryptionSupported"=dword:00000001
"ConfigCLSID"="{2af6bcaa-f526-4803-aeb8-5777ce386647}"
"StandaloneSupported"=dword:00000001
"RolesSupported"=dword:00000004

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RasMan\PPP\EAP\4]
"RolesSupported"=dword:0000000a
"FriendlyName"="MD5-Challenge"
"Path"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,65,6d,33,32,\
5c,72,61,73,63,68,61,70,2e,64,6c,6c,00
"InvokeUsernameDialog"=dword:00000001
"InvokePasswordDialog"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RasMan\Security]
"Security"=hex:01,00,14,80,7c,00,00,00,88,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,4c,00,03,00,00,00,00,00,14,00,9d,01,02,00,01,01,00,00,00,00,00,\
05,0b,00,00,00,00,00,18,00,fd,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,\
23,02,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,20,\
02,00,00,01,01,00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,\
00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RasMan\Enum]
"0"="Root\\LEGACY_RASMAN\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RasPppoe]
"Type"=dword:00000001
"Start"=dword:00000003
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):73,79,73,74,65,6d,33,32,5c,44,52,49,56,45,52,53,5c,72,61,73,\
70,70,70,6f,65,2e,73,79,73,00
"DisplayName"="Remote Access PPPOE Driver"
"Description"="Remote Access PPPOE Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RasPppoe\Linkage]
"Bind"=hex(7):5c,44,65,76,69,63,65,5c,7b,43,45,35,46,41,30,44,30,2d,33,38,34,\
44,2d,34,33,38,37,2d,39,45,34,37,2d,44,32,35,31,38,34,30,33,30,44,39,39,7d,\
00,5c,44,65,76,69,63,65,5c,7b,41,45,43,38,31,34,31,31,2d,42,45,31,45,2d,34,\
44,45,31,2d,42,42,37,39,2d,44,37,39,32,36,31,37,38,32,33,33,33,7d,00,00
"Route"=hex(7):22,7b,43,45,35,46,41,30,44,30,2d,33,38,34,44,2d,34,33,38,37,2d,\
39,45,34,37,2d,44,32,35,31,38,34,30,33,30,44,39,39,7d,22,00,22,7b,41,45,43,\
38,31,34,31,31,2d,42,45,31,45,2d,34,44,45,31,2d,42,42,37,39,2d,44,37,39,32,\
36,31,37,38,32,33,33,33,7d,22,00,00
"Export"=hex(7):5c,44,65,76,69,63,65,5c,52,61,73,50,70,70,6f,65,5f,7b,43,45,35,\
46,41,30,44,30,2d,33,38,34,44,2d,34,33,38,37,2d,39,45,34,37,2d,44,32,35,31,\
38,34,30,33,30,44,39,39,7d,00,5c,44,65,76,69,63,65,5c,52,61,73,50,70,70,6f,\
65,5f,7b,41,45,43,38,31,34,31,31,2d,42,45,31,45,2d,34,44,45,31,2d,42,42,37,\
39,2d,44,37,39,32,36,31,37,38,32,33,33,33,7d,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RasPppoe\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,60,00,04,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,\
05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,\
00,18,00,fd,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,02,00,00,01,01,\
00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RasPppoe\Enum]
"0"="Root\\MS_PPPOEMINIPORT\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Raspti]
"Type"=dword:00000001
"Start"=dword:00000003
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):73,79,73,74,65,6d,33,32,5c,44,52,49,56,45,52,53,5c,72,61,73,\
70,74,69,2e,73,79,73,00
"DisplayName"="Direct Parallel"
"Description"="Direct Parallel"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Raspti\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,60,00,04,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,\
05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,\
00,18,00,fd,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,02,00,00,01,01,\
00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Raspti\Enum]
"0"="Root\\MS_PTIMINIPORT\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Rdbss]
"Type"=dword:00000002
"Start"=dword:00000001
"ErrorControl"=dword:00000001
"Tag"=dword:00000004
"ImagePath"=hex(2):73,79,73,74,65,6d,33,32,5c,44,52,49,56,45,52,53,5c,72,64,62,\
73,73,2e,73,79,73,00
"DisplayName"="Rdbss"
"Group"="Network"
"Description"="Rdbss"
brispie
2007-05-24, 00:08
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Rdbss\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,60,00,04,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,\
05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,\
00,18,00,fd,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,02,00,00,01,01,\
00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Rdbss\Enum]
"0"="Root\\LEGACY_RDBSS\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RDPCDD]
"ErrorControl"=dword:00000000
"Group"="Video Save"
"ImagePath"="System32\\DRIVERS\\RDPCDD.sys"
"Start"=dword:00000001
"Type"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RDPCDD\Device0]
"Device Description"="RDPDD Chained DD"
"InstalledDisplayDrivers"=hex(7):52,44,50,44,44,00,00
"MirrorDriver"=dword:00000001
"VgaCompatible"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RDPCDD\Video]
"VideoID"="{DEB039CC-B704-4F53-B43E-9DD4432FA2E9}"
"Service"="RDPCDD"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RDPCDD\Enum]
"0"="Root\\LEGACY_RDPCDD\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RDPDD]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RDPDD\Device0]
"InstalledDisplayDrivers"=hex(7):52,44,50,44,44,00,00
"VgaCompatible"=dword:00000000
"Attach.RelativeX"=dword:00000000
"Attach.RelativeY"=dword:00000000
"Attach.ToDesktop"=dword:00000001
"DefaultSettings.XResolution"=dword:00000320
"DefaultSettings.YResolution"=dword:00000258

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\rdpdr]
"Type"=dword:00000001
"Start"=dword:00000003
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):73,79,73,74,65,6d,33,32,5c,44,52,49,56,45,52,53,5c,72,64,70,\
64,72,2e,73,79,73,00
"DisplayName"="Terminal Server Device Redirector Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\rdpdr\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,60,00,04,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,\
05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,\
00,18,00,fd,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,02,00,00,01,01,\
00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\rdpdr\Enum]
"0"="Root\\RDPDR\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RDPNP]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RDPNP\NetworkProvider]
"DeviceName"="\\Device\\RdpDr"
"Name"="Microsoft Terminal Services"
"ProviderPath"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,65,6d,\
33,32,5c,64,72,70,72,6f,76,2e,64,6c,6c,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RDPNP\Enum]
"0"="Root\\LEGACY_RDPNP\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RDPWD]
"ErrorControl"=dword:00000000
"Start"=dword:00000003
"Type"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RDSessMgr]
"Type"=dword:00000010
"Start"=dword:00000003
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,73,79,73,74,65,6d,33,32,5c,\
73,65,73,73,6d,67,72,2e,65,78,65,00
"DisplayName"="Remote Desktop Help Session Manager"
"DependOnService"=hex(7):52,50,43,53,53,00,00
"DependOnGroup"=hex(7):00
"ObjectName"="LocalSystem"
"Description"="Manages and controls Remote Assistance. If this service is stopped, Remote Assistance will be unavailable. Before stopping this service, see the Dependencies tab of the Properties dialog box."

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RDSessMgr\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,60,00,04,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,\
05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,\
00,18,00,fd,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,02,00,00,01,01,\
00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\redbook]
"Type"=dword:00000001
"Start"=dword:00000001
"ErrorControl"=dword:00000001
"Tag"=dword:00000003
"ImagePath"=hex(2):73,79,73,74,65,6d,33,32,5c,44,52,49,56,45,52,53,5c,72,65,64,\
62,6f,6f,6b,2e,73,79,73,00
"DisplayName"="Digital CD Audio Playback Filter Driver"
"Group"="Pnp Filter"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\redbook\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,60,00,04,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,\
05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,\
00,18,00,fd,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,02,00,00,01,01,\
00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\redbook\Enum]
"0"="IDE\\CdRomSONY_CD-RW__CRX320EE____________________RYK3____\\3032353030313630303030303533383520202020"
"Count"=dword:00000001
"NextInstance"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RemoteAccess]
"Type"=dword:00000020
"Start"=dword:00000004
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,6d,33,\
32,5c,73,76,63,68,6f,73,74,2e,65,78,65,20,2d,6b,20,6e,65,74,73,76,63,73,00
"DisplayName"="Routing and Remote Access"
"DependOnService"=hex(7):52,70,63,53,53,00,00
"DependOnGroup"=hex(7):4e,65,74,42,49,4f,53,47,72,6f,75,70,00,00
"ObjectName"="LocalSystem"
"Description"="Offers routing services to businesses in local area and wide area network environments."
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RemoteAccess\Accounting]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RemoteAccess\Accounting\Providers]
"ActiveProvider"="{1AA7F846-C7F5-11D0-A376-00C04FC9DA04}"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RemoteAccess\Accounting\Providers\{1AA7F840-C7F5-11D0-A376-00C04FC9DA04}]
"ConfigClsid"="{1AA7F840-C7F5-11D0-A376-00C04FC9DA04}"
"DisplayName"="RADIUS Accounting"
"Path"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,65,6d,33,32,\
5c,72,61,73,72,61,64,2e,64,6c,6c,00
"ProviderTypeGUID"="{76560D80-2BFD-11d2-9539-3078302C2030}"
"VendorName"="Microsoft"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RemoteAccess\Accounting\Providers\{1AA7F846-C7F5-11D0-A376-00C04FC9DA04}]
"ConfigClsid"=""
"DisplayName"="Windows Accounting"
"Path"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,65,6d,33,32,\
5c,6d,70,72,64,64,6d,2e,64,6c,6c,00
"ProviderTypeGUID"="{76560D81-2BFD-11d2-9539-3078302C2030}"
"VendorName"="Microsoft"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RemoteAccess\Authentication]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RemoteAccess\Authentication\Providers]
"ActiveProvider"="{1AA7F841-C7F5-11D0-A376-00C04FC9DA04}"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RemoteAccess\Authentication\Providers\{1AA7F83F-C7F5-11D0-A376-00C04FC9DA04}]
"ConfigClsid"="{1AA7F83F-C7F5-11D0-A376-00C04FC9DA04}"
"DisplayName"="RADIUS Authentication"
"Path"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,65,6d,33,32,\
5c,72,61,73,72,61,64,2e,64,6c,6c,00
"VendorName"="Microsoft"
"ProviderTypeGUID"="{76560D00-2BFD-11d2-9539-3078302C2030}"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RemoteAccess\Authentication\Providers\{1AA7F841-C7F5-11D0-A376-00C04FC9DA04}]
"ConfigClsid"=""
"DisplayName"="Windows Authentication"
"Path"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,65,6d,33,32,\
5c,6d,70,72,64,64,6d,2e,64,6c,6c,00
"VendorName"="Microsoft"
"ProviderTypeGUID"="{76560D01-2BFD-11d2-9539-3078302C2030}"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RemoteAccess\DemandDialManager]
"DllPath"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,65,6d,33,\
32,5c,6d,70,72,64,64,6d,2e,64,6c,6c,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RemoteAccess\Interfaces]
"Stamp"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RemoteAccess\Interfaces\0]
"InterfaceName"="Loopback"
"Type"=dword:00000005
"Enabled"=dword:00000001
"Stamp"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RemoteAccess\Interfaces\0\Ip]
"ProtocolId"=dword:00000021
"InterfaceInfo"=hex:01,00,00,00,68,00,00,00,03,00,00,00,05,00,ff,ff,38,00,00,\
00,00,00,00,00,40,00,00,00,04,00,ff,ff,04,00,00,00,01,00,00,00,40,00,00,00,\
07,00,ff,ff,10,00,00,00,01,00,00,00,48,00,00,00,00,00,00,00,01,00,00,00,00,\
00,00,00,58,02,c2,01,08,07,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RemoteAccess\Interfaces\1]
"InterfaceName"="Internal"
"Type"=dword:00000004
"Enabled"=dword:00000001
"Stamp"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RemoteAccess\Interfaces\1\Ip]
"ProtocolId"=dword:00000021
"InterfaceInfo"=hex:01,00,00,00,68,00,00,00,03,00,00,00,05,00,ff,ff,38,00,00,\
00,00,00,00,00,40,00,00,00,04,00,ff,ff,04,00,00,00,01,00,00,00,40,00,00,00,\
07,00,ff,ff,10,00,00,00,01,00,00,00,48,00,00,00,00,00,00,00,01,00,00,00,00,\
00,00,00,58,02,c2,01,08,07,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RemoteAccess\Interfaces\2]
"InterfaceName"="{AEC81411-BE1E-4DE1-BB79-D79261782333}"
"Type"=dword:00000003
"Enabled"=dword:00000001
"Stamp"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RemoteAccess\Interfaces\2\Ip]
"ProtocolId"=dword:00000021
"InterfaceInfo"=hex:01,00,00,00,68,00,00,00,03,00,00,00,05,00,ff,ff,38,00,00,\
00,00,00,00,00,40,00,00,00,04,00,ff,ff,04,00,00,00,01,00,00,00,40,00,00,00,\
07,00,ff,ff,10,00,00,00,01,00,00,00,48,00,00,00,00,00,00,00,01,00,00,00,00,\
00,00,00,58,02,c2,01,08,07,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RemoteAccess\Interfaces\3]
"InterfaceName"="{CE5FA0D0-384D-4387-9E47-D25184030D99}"
"Type"=dword:00000003
"Enabled"=dword:00000001
"Stamp"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RemoteAccess\Interfaces\3\Ip]
"ProtocolId"=dword:00000021
"InterfaceInfo"=hex:01,00,00,00,68,00,00,00,03,00,00,00,05,00,ff,ff,38,00,00,\
00,00,00,00,00,40,00,00,00,04,00,ff,ff,04,00,00,00,01,00,00,00,40,00,00,00,\
07,00,ff,ff,10,00,00,00,01,00,00,00,48,00,00,00,00,00,00,00,01,00,00,00,00,\
00,00,00,58,02,c2,01,08,07,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RemoteAccess\Parameters]
"RouterType"=dword:00000001
"ServerFlags"=dword:00002702
"ServiceDll"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,65,6d,\
33,32,5c,6d,70,72,64,69,6d,2e,64,6c,6c,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RemoteAccess\Parameters\AppleTalk]
"EnableIn"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RemoteAccess\Parameters\Ip]
"AllowClientIpAddresses"=dword:00000000
"AllowNetworkAccess"=dword:00000001
"EnableIn"=dword:00000001
"IpAddress"="0.0.0.0"
"IpMask"="0.0.0.0"
"UseDhcpAddressing"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RemoteAccess\Parameters\Ipx]
"EnableIn"=dword:00000001
"AcceptRemoteNodeNumber"=dword:00000001
"AllowNetworkAccess"=dword:00000001
"AutoWanNetAllocation"=dword:00000001
"FirstWanNet"=dword:00000000
"GlobalWanNet"=dword:00000001
"LastWanNet"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RemoteAccess\Parameters\Nbf]
"EnableIn"=dword:00000001
"AllowNetworkAccess"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RemoteAccess\Performance]
"Open"="OpenRasPerformanceData"
"Close"="CloseRasPerformanceData"
"Collect"="CollectRasPerformanceData"
"Library"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,65,6d,33,\
32,5c,72,61,73,63,74,72,73,2e,64,6c,6c,00
"Last Counter"=dword:00000804
"Last Help"=dword:00000805
"First Counter"=dword:000007de
"First Help"=dword:000007df
"WbemAdapFileSignature"=hex:b0,b0,d7,90,5a,c7,1b,c2,78,f1,7f,45,5e,18,26,11
"WbemAdapFileTime"=hex:00,20,7c,22,cb,2b,c1,01
"WbemAdapFileSize"=dword:00002e00
"WbemAdapStatus"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RemoteAccess\Policy]
"ProductDir"="C:\\WINDOWS\\system32\\IAS"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RemoteAccess\Policy\Pipeline]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RemoteAccess\Policy\Pipeline\01]
@="IAS.ProxyPolicyEnforcer"
"Requests"="0 1 2"
"Responses"="0 1 2 3 4"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RemoteAccess\Policy\Pipeline\02]
@="IAS.NTSamNames"
"Providers"="1"
"Requests"="0"
"Responses"="0 1 3"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RemoteAccess\Policy\Pipeline\03]
@="IAS.BaseCampHost"
"Requests"="0 1"
"Responses"="0 1 2 4"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RemoteAccess\Policy\Pipeline\04]
@="IAS.RadiusProxy"
"Providers"="2"
"Responses"="0"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RemoteAccess\Policy\Pipeline\05]
@="IAS.NTSamAuthentication"
"Providers"="1"
"Requests"="0"
"Responses"="0"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RemoteAccess\Policy\Pipeline\06]
@="IAS.AccountValidation"
"Providers"="1"
"Requests"="0"
"Responses"="0 1"
"Reasons"="33"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RemoteAccess\Policy\Pipeline\07]
@="IAS.PolicyEnforcer"
"Providers"="1"
"Requests"="0"
"Responses"="0 1 3"
"Reasons"="33"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RemoteAccess\Policy\Pipeline\08]
@="IAS.NTSamPerUser"
"Providers"="1"
"Requests"="0"
"Responses"="0 1 3"
"Reasons"="33"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RemoteAccess\Policy\Pipeline\09]
@="IAS.EAP"
"Providers"="1"
"Requests"="0 2"
"Responses"="0"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RemoteAccess\Policy\Pipeline\10]
@="IAS.URHandler"
"Providers"="0 1"
"Requests"="0 2"
"Responses"="0 1"
"Reasons"="33"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RemoteAccess\Policy\Pipeline\11]
@="IAS.ChangePassword"
"Providers"="1"
"Requests"="0"
"Responses"="0 1"
brispie
2007-05-24, 00:09
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RemoteAccess\Policy\Pipeline\12]
@="IAS.AuthorizationHost"
"Requests"="0 1 2"
"Responses"="0 1 2 4"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RemoteAccess\Policy\Pipeline\13]
@="IAS.Accounting"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RemoteAccess\Policy\Pipeline\14]
@="IAS.MSChapErrorReporter"
"Providers"="0 1"
"Requests"="0"
"Responses"="2"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RemoteAccess\RouterManagers]
"Stamp"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RemoteAccess\RouterManagers\Ip]
"ProtocolId"=dword:00000021
"GlobalInfo"=hex:01,00,00,00,80,00,00,00,02,00,00,00,03,00,ff,ff,08,00,00,00,\
01,00,00,00,30,00,00,00,06,00,ff,ff,3c,00,00,00,01,00,00,00,38,00,00,00,00,\
00,00,00,00,00,00,00,01,00,00,00,07,00,00,00,02,00,00,00,01,00,00,00,03,00,\
00,00,0a,00,00,00,16,27,00,00,03,00,00,00,17,27,00,00,05,00,00,00,12,27,00,\
00,07,00,00,00,0d,00,00,00,6e,00,00,00,08,00,00,00,78,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00
"DLLPath"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,65,6d,33,\
32,5c,69,70,72,74,72,6d,67,72,2e,64,6c,6c,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RemoteAccess\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,60,00,04,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,\
05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,\
00,18,00,fd,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,02,00,00,01,01,\
00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RemoteRegistry]
"Description"="Enables remote users to modify registry settings on this computer. If this service is stopped, the registry can be modified only by users on this computer. If this service is disabled, any services that explicitly depend on it will fail to start."
"DependOnService"=hex(7):52,50,43,53,53,00,00
"DisplayName"="Remote Registry"
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,6d,33,\
32,5c,73,76,63,68,6f,73,74,2e,65,78,65,20,2d,6b,20,4c,6f,63,61,6c,53,65,72,\
76,69,63,65,00
"ObjectName"="NT AUTHORITY\\LocalService"
"Group"=""
"Start"=dword:00000002
"Type"=dword:00000020
"FailureActions"=hex:00,00,00,00,00,00,00,00,00,00,00,00,01,00,00,00,e0,ad,08,\
00,01,00,00,00,e8,03,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RemoteRegistry\Parameters]
"ServiceDll"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,6d,\
33,32,5c,72,65,67,73,76,63,2e,64,6c,6c,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RemoteRegistry\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,60,00,04,00,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,\
05,0b,00,00,00,00,00,18,00,9d,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,\
23,02,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,20,\
02,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,05,12,00,00,00,01,01,\
00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RemoteRegistry\Enum]
"0"="Root\\LEGACY_REMOTEREGISTRY\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RpcLocator]
"Type"=dword:00000010
"Start"=dword:00000003
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,6d,33,\
32,5c,6c,6f,63,61,74,6f,72,2e,65,78,65,00
"DisplayName"="Remote Procedure Call (RPC) Locator"
"DependOnService"=hex(7):4c,61,6e,6d,61,6e,57,6f,72,6b,73,74,61,74,69,6f,6e,00,\
00
"DependOnGroup"=hex(7):00
"ObjectName"="NT AUTHORITY\\NetworkService"
"Description"="Manages the RPC name service database."

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RpcLocator\Parameters]
"ExpirationAge"=dword:00000e10

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RpcLocator\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,60,00,04,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,\
05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,\
00,18,00,fd,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,02,00,00,01,01,\
00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RpcSs]
"Description"="Provides the endpoint mapper and other miscellaneous RPC services."
"DisplayName"="Remote Procedure Call (RPC)"
"ErrorControl"=dword:00000001
"Group"="COM Infrastructure"
"ImagePath"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,6d,33,\
32,5c,73,76,63,68,6f,73,74,20,2d,6b,20,72,70,63,73,73,00
"ObjectName"="NT AUTHORITY\\NetworkService"
"Start"=dword:00000002
"Type"=dword:00000020
"FailureActions"=hex:00,00,00,00,00,00,00,00,00,00,00,00,01,00,00,00,00,00,00,\
00,02,00,00,00,60,ea,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RpcSs\Parameters]
"ServiceDll"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,6d,\
33,32,5c,72,70,63,73,73,2e,64,6c,6c,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RpcSs\Security]
"Security"=hex:01,00,14,80,a8,00,00,00,b4,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,78,00,05,00,00,00,00,00,14,00,8d,00,02,00,01,01,00,00,00,00,00,\
05,0b,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
20,02,00,00,00,00,18,00,8d,00,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,\
02,00,00,00,00,14,00,9d,00,00,00,01,01,00,00,00,00,00,05,04,00,00,00,00,00,\
18,00,9d,00,00,00,01,02,00,00,00,00,00,05,20,00,00,00,21,02,00,00,01,01,00,\
00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RpcSs\Enum]
"0"="Root\\LEGACY_RPCSS\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RSVP]
"Type"=dword:00000010
"Start"=dword:00000003
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,6d,33,\
32,5c,72,73,76,70,2e,65,78,65,00
"DisplayName"="QoS RSVP"
"DependOnService"=hex(7):54,63,70,49,70,00,41,66,64,00,52,70,63,53,73,00,00
"DependOnGroup"=hex(7):00
"ObjectName"="LocalSystem"
"Description"="Provides network signaling and local traffic control setup functionality for QoS-aware programs and control applets."

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RSVP\Parameters]
"StartBlocker"=""
"Requests"=""
"Upcalls"=""

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RSVP\Performance]
"Open"="OpenRsvpPerformanceData"
"Close"="CloseRsvpPerformanceData"
"Collect"="CollectRsvpPerformanceData"
"Library"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,65,6d,33,\
32,5c,72,73,76,70,70,65,72,66,2e,64,6c,6c,00
"Last Counter"=dword:0000078e
"Last Help"=dword:0000078f
"First Counter"=dword:00000738
"First Help"=dword:00000739
"WbemAdapFileSignature"=hex:f9,dd,79,9e,07,ed,50,28,db,2f,1f,fe,a7,2c,93,57
"WbemAdapFileTime"=hex:00,20,7c,22,cb,2b,c1,01
"WbemAdapFileSize"=dword:00002600
"WbemAdapStatus"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RSVP\Security]
"Security"=hex:01,00,14,80,7c,00,00,00,88,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,4c,00,03,00,00,00,00,00,14,00,9d,01,02,00,01,01,00,00,00,00,00,\
05,0b,00,00,00,00,00,18,00,fd,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,\
23,02,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,20,\
02,00,00,01,01,00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,\
00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\rtl8139]
"Type"=dword:00000001
"Start"=dword:00000003
"ErrorControl"=dword:00000001
"Tag"=dword:0000000d
"ImagePath"=hex(2):73,79,73,74,65,6d,33,32,5c,44,52,49,56,45,52,53,5c,52,54,4c,\
38,31,33,39,2e,53,59,53,00
"DisplayName"="Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver"
"Group"="NDIS"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\rtl8139\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,60,00,04,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,\
05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,\
00,18,00,fd,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,02,00,00,01,01,\
00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\rtl8139\Enum]
"0"="PCI\\VEN_10EC&DEV_8139&SUBSYS_813910EC&REV_10\\4&3b1d9ab8&0&4840"
"Count"=dword:00000001
"NextInstance"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SamSs]
"Description"="Stores security information for local user accounts."
"DisplayName"="Security Accounts Manager"
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,6d,33,\
32,5c,6c,73,61,73,73,2e,65,78,65,00
"ObjectName"="LocalSystem"
"Start"=dword:00000002
"Type"=dword:00000020
"Group"="LocalValidation"
"DependOnService"=hex(7):52,50,43,53,53,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SamSs\Security]
"Security"=hex:01,00,14,80,a8,00,00,00,b4,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,78,00,05,00,00,00,00,00,14,00,8d,00,02,00,01,01,00,00,00,00,00,\
05,0b,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
20,02,00,00,00,00,18,00,8d,00,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,\
02,00,00,00,00,14,00,9d,00,00,00,01,01,00,00,00,00,00,05,04,00,00,00,00,00,\
18,00,9d,00,00,00,01,02,00,00,00,00,00,05,20,00,00,00,21,02,00,00,01,01,00,\
00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SamSs\Enum]
"0"="Root\\LEGACY_SAMSS\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SCardSvr]
"Type"=dword:00000020
"Start"=dword:00000003
"ErrorControl"=dword:00000000
"ImagePath"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,65,6d,33,\
32,5c,53,43,61,72,64,53,76,72,2e,65,78,65,00
"Description"="Manages access to smart cards read by this computer. If this service is stopped, this computer will be unable to read smart cards. If this service is disabled, any services that explicitly depend on it will fail to start."
"DisplayName"="Smart Card"
"DependOnService"=hex(7):50,6c,75,67,50,6c,61,79,00,00
"ObjectName"="NT AUTHORITY\\LocalService"
"Group"="SmartCardGroup"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SCardSvr\Security]
"Security"=hex:01,00,04,80,88,00,00,00,94,00,00,00,00,00,00,00,14,00,00,00,02,\
00,74,00,05,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,05,12,00,\
00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,05,13,00,00,00,00,00,18,\
00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,20,02,00,00,00,00,18,00,\
ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,25,02,00,00,00,00,14,00,9d,\
01,02,00,01,01,00,00,00,00,00,02,00,00,00,00,01,01,00,00,00,00,00,05,12,00,\
00,00,01,01,00,00,00,00,00,05,12,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Schedule]
"Description"="Enables a user to configure and schedule automated tasks on this computer. If this service is stopped, these tasks will not be run at their scheduled times. If this service is disabled, any services that explicitly depend on it will fail to start."
"Type"=dword:00000020
"Start"=dword:00000002
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,65,6d,33,\
32,5c,73,76,63,68,6f,73,74,2e,65,78,65,20,2d,6b,20,6e,65,74,73,76,63,73,00
"DisplayName"="Task Scheduler"
"Group"="SchedulerGroup"
"DependOnService"=hex(7):52,70,63,53,73,00,00
"DependOnGroup"=hex(7):00
"ObjectName"="LocalSystem"
"FailureActions"=hex:80,51,01,00,00,00,00,00,00,00,00,00,03,00,00,00,05,00,03,\
00,01,00,00,00,70,17,00,00,01,00,00,00,60,ea,00,00,00,00,00,00,00,00,00,00
"NextAtJobId"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Schedule\Parameters]
"ServiceDll"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,6d,\
33,32,5c,73,63,68,65,64,73,76,63,2e,64,6c,6c,00
"ServiceMain"="SchedServiceMain"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Schedule\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,60,00,04,00,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,\
05,0b,00,00,00,00,00,18,00,9d,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,\
23,02,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,20,\
02,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,05,12,00,00,00,01,01,\
00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Schedule\Enum]
"0"="Root\\LEGACY_SCHEDULE\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Secdrv]
"Type"=dword:00000001
"Start"=dword:00000002
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):73,79,73,74,65,6d,33,32,5c,44,52,49,56,45,52,53,5c,73,65,63,\
64,72,76,2e,73,79,73,00
"DisplayName"="Secdrv"
"Description"="SafeDisc driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Secdrv\Security]
"Security"=hex:01,00,14,80,8c,00,00,00,98,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,5c,00,04,00,00,00,00,00,14,00,9d,01,02,00,01,01,00,00,00,00,00,\
05,0b,00,00,00,00,00,14,00,9d,01,02,00,01,01,00,00,00,00,00,05,04,00,00,00,\
00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,20,02,00,00,00,\
00,14,00,fd,01,02,00,01,01,00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,\
00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Secdrv\Enum]
"0"="Root\\LEGACY_SECDRV\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\seclogon]
"Description"="Enables starting processes under alternate credentials. If this service is stopped, this type of logon access will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start."
"DisplayName"="Secondary Logon"
"ErrorControl"=dword:00000000
"ImagePath"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,65,6d,33,\
32,5c,73,76,63,68,6f,73,74,2e,65,78,65,20,2d,6b,20,6e,65,74,73,76,63,73,00
"Objectname"="LocalSystem"
"Start"=dword:00000002
"Type"=dword:00000120
brispie
2007-05-24, 00:10
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\seclogon\Parameters]
"ServiceDll"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,65,6d,\
33,32,5c,73,65,63,6c,6f,67,6f,6e,2e,64,6c,6c,00
"ServiceMain"="SvcEntry_Seclogon"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\seclogon\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,60,00,04,00,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,\
05,0b,00,00,00,00,00,18,00,9d,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,\
23,02,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,20,\
02,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,05,12,00,00,00,01,01,\
00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\seclogon\Enum]
"0"="Root\\LEGACY_SECLOGON\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SENS]
"DependOnService"=hex(7):45,76,65,6e,74,53,79,73,74,65,6d,00,00
"Description"="Tracks system events such as Windows logon, network, and power events. Notifies COM+ Event System subscribers of these events."
"DisplayName"="System Event Notification"
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,6d,33,\
32,5c,73,76,63,68,6f,73,74,2e,65,78,65,20,2d,6b,20,6e,65,74,73,76,63,73,00
"ObjectName"="LocalSystem"
"Group"="Network"
"Start"=dword:00000002
"Type"=dword:00000020

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SENS\Parameters]
"ServiceDll"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,6d,\
33,32,5c,73,65,6e,73,2e,64,6c,6c,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SENS\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,60,00,04,00,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,\
05,0b,00,00,00,00,00,18,00,9d,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,\
23,02,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,20,\
02,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,05,12,00,00,00,01,01,\
00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SENS\Enum]
"0"="Root\\LEGACY_SENS\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\serenum]
"Type"=dword:00000001
"Start"=dword:00000003
"ErrorControl"=dword:00000001
"DisplayName"="Serenum Filter Driver"
"ImagePath"=hex(2):73,79,73,74,65,6d,33,32,5c,44,52,49,56,45,52,53,5c,73,65,72,\
65,6e,75,6d,2e,73,79,73,00
"Group"="PNP Filter"
"Tag"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\serenum\Enum]
"0"="ACPI\\PNP0501\\1"
"Count"=dword:00000002
"NextInstance"=dword:00000002
"1"="ACPI\\PNP0501\\2"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Serial]
"ErrorControl"=dword:00000000
"Group"="Extended base"
"Start"=dword:00000001
"Tag"=dword:00000001
"Type"=dword:00000001
"ForceFifoEnable"=dword:00000001
"RxFIFO"=dword:00000008
"TxFIFO"=dword:0000000e
"PermitShare"=dword:00000000
"LogFifo"=dword:00000000
"DisplayName"="Serial port driver"
"ImagePath"=hex(2):73,79,73,74,65,6d,33,32,5c,44,52,49,56,45,52,53,5c,73,65,72,\
69,61,6c,2e,73,79,73,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Serial\Parameters]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Serial\Enum]
"0"="ACPI\\PNP0501\\1"
"Count"=dword:00000002
"NextInstance"=dword:00000002
"1"="ACPI\\PNP0501\\2"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Sfloppy]
"DependOnGroup"=hex(7):53,43,53,49,20,6d,69,6e,69,70,6f,72,74,00,00
"ErrorControl"=dword:00000000
"Group"="Primary disk"
"Start"=dword:00000001
"Tag"=dword:00000004
"Type"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Sfloppy\Enum]
"Count"=dword:00000000
"NextInstance"=dword:00000000
"INITSTARTFAILED"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess]
"DependOnGroup"=hex(7):00
"DependOnService"=hex(7):4e,65,74,6d,61,6e,00,57,69,6e,4d,67,6d,74,00,00
"Description"="Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network."
"DisplayName"="Windows Firewall/Internet Connection Sharing (ICS)"
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,6d,33,\
32,5c,73,76,63,68,6f,73,74,2e,65,78,65,20,2d,6b,20,6e,65,74,73,76,63,73,00
"ObjectName"="LocalSystem"
"Start"=dword:00000002
"Type"=dword:00000020

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Epoch]
"Epoch"=dword:000041eb

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters]
"ServiceDll"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,65,6d,\
33,32,5c,69,70,6e,61,74,68,6c,70,2e,64,6c,6c,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=dword:00000001
"DoNotAllowExceptions"=dword:00000000
"DisableNotifications"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"D:\\Limewire Downloaded Files\\LimeWire\\LimeWire.exe"="D:\\Limewire Downloaded Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Championship Manager 00-01\\cm0001.exe"="C:\\Program Files\\Championship Manager 00-01\\cm0001.exe:*:Enabled:cm0001"
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG7\\avginet.exe:*:Enabled:avginet.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe:*:Enabled:avgcc.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe:*:Enabled:avgemc.exe"
"C:\\Program Files\\Real player\\realplay.exe"="C:\\Program Files\\Real player\\realplay.exe:*:Disabled:RealPlayer"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Setup]
"ServiceUpgrade"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate]
"All"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Enum]
"0"="Root\\LEGACY_SHAREDACCESS\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ShellHWDetection]
"Type"=dword:00000020
"Start"=dword:00000002
"ErrorControl"=dword:00000000
"ImagePath"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,65,6d,33,\
32,5c,73,76,63,68,6f,73,74,2e,65,78,65,20,2d,6b,20,6e,65,74,73,76,63,73,00
"DisplayName"="Shell Hardware Detection"
"Group"="ShellSvcGroup"
"DependOnService"=hex(7):52,70,63,53,73,00,00
"DependOnGroup"=hex(7):00
"ObjectName"="LocalSystem"
"Description"="Provides notifications for AutoPlay hardware events."

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ShellHWDetection\Parameters]
"ServiceDll"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,65,6d,\
33,32,5c,73,68,73,76,63,73,2e,64,6c,6c,00
"ServiceMain"="HardwareDetectionServiceMain"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ShellHWDetection\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,60,00,04,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,\
05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,\
00,18,00,fd,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,02,00,00,01,01,\
00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ShellHWDetection\Enum]
"0"="Root\\LEGACY_SHELLHWDETECTION\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Simbad]
"ErrorControl"=dword:00000001
"Group"="Filter"
"Start"=dword:00000004
"Tag"=dword:00000001
"Type"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SocketLock]
"Type"=dword:00000001
"Start"=dword:00000002
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):5c,3f,3f,5c,43,3a,5c,57,49,4e,44,4f,57,53,5c,73,79,73,74,65,\
6d,33,32,5c,73,6f,63,6b,65,74,6c,6f,63,6b,2e,73,79,73,00
"DisplayName"="Raw Socket Lock Driver"
"Group"="PNP_TDI"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SocketLock\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,60,00,04,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,\
05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,\
00,18,00,fd,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,02,00,00,01,01,\
00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SocketLock\Enum]
"0"="Root\\LEGACY_SOCKETLOCK\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Sparrow]
"ErrorControl"=dword:00000001
"Group"="SCSI miniport"
"Start"=dword:00000004
"Tag"=dword:00000007
"Type"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Sparrow\Parameters]
"LegacyAdapterDetection"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Sparrow\Parameters\PnpInterface]
"1"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\splitter]
"Type"=dword:00000001
"Start"=dword:00000003
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):73,79,73,74,65,6d,33,32,5c,64,72,69,76,65,72,73,5c,73,70,6c,\
69,74,74,65,72,2e,73,79,73,00
"DisplayName"="Microsoft Kernel Audio Splitter"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\splitter\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,60,00,04,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,\
05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,\
00,18,00,fd,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,02,00,00,01,01,\
00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\splitter\Enum]
"Count"=dword:00000000
"NextInstance"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Spooler]
"DependOnService"=hex(7):52,50,43,53,53,00,00
"Description"="Loads files to memory for later printing."
"DisplayName"="Print Spooler"
"ErrorControl"=dword:00000001
"FailureActions"=hex:80,51,01,00,00,00,00,00,00,00,00,00,03,00,00,00,e8,47,0c,\
00,01,00,00,00,60,ea,00,00,01,00,00,00,60,ea,00,00,00,00,00,00,00,00,00,00
"Group"="SpoolerGroup"
"ImagePath"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,6d,33,\
32,5c,73,70,6f,6f,6c,73,76,2e,65,78,65,00
"ObjectName"="LocalSystem"
"Start"=dword:00000002
"Type"=dword:00000110

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Spooler\Parameters]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Spooler\Performance]
"Close"="PerfClose"
"Collect"="PerfCollect"
"Collect Timeout"=dword:000007d0
"Library"="winspool.drv"
"Object List"="1450"
"Open"="PerfOpen"
"Open Timeout"=dword:00000fa0
"WbemAdapFileSignature"=hex:77,7e,b2,9d,01,35,d8,1a,d9,82,8a,2b,05,44,34,96
"WbemAdapFileTime"=hex:00,69,75,f1,bd,79,c4,01
"WbemAdapFileSize"=dword:00023c00
"WbemAdapStatus"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Spooler\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,60,00,04,00,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,\
05,0b,00,00,00,00,00,18,00,9d,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,\
23,02,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,20,\
02,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,05,12,00,00,00,01,01,\
00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Spooler\Enum]
"0"="Root\\LEGACY_SPOOLER\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\spupdsvc]
"Type"=dword:00000010
"Start"=dword:00000004
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,73,79,73,74,65,6d,33,32,5c,\
73,70,75,70,64,73,76,63,2e,65,78,65,00
"DisplayName"="Windows Service Pack Installer update service"
"DependOnService"=hex(7):53,61,6d,53,73,00,00
"DependOnGroup"=hex(7):00
"ObjectName"="LocalSystem"
"Description"="Enables Installer to complete its scheduled post-reboot tasks"
"InstallTimestamp"=hex(b):6e,16,b1,a0,8c,83,c7,01

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\spupdsvc\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,60,00,04,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,\
05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,\
00,18,00,fd,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,02,00,00,01,01,\
00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sr]
"Type"=dword:00000002
"Start"=dword:00000000
"ErrorControl"=dword:00000001
"Tag"=dword:00000004
"ImagePath"=hex(2):73,79,73,74,65,6d,33,32,5c,44,52,49,56,45,52,53,5c,73,72,2e,\
73,79,73,00
"DisplayName"="System Restore Filter Driver"
"Group"="FSFilter System Recovery"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sr\Parameters]
"FirstRun"=dword:00000000
"DontBackup"=dword:00000000
"MachineGuid"="{968C9190-6233-4ABD-951B-A494B8B2E236}"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sr\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,60,00,04,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,\
05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,\
00,18,00,fd,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,02,00,00,01,01,\
00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sr\Enum]
"0"="Root\\LEGACY_SR\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\srservice]
"Type"=dword:00000020
"Start"=dword:00000002
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,6d,33,\
32,5c,73,76,63,68,6f,73,74,2e,65,78,65,20,2d,6b,20,6e,65,74,73,76,63,73,00
"DisplayName"="System Restore Service"
"DependOnService"=hex(7):52,70,63,53,73,00,00
"DependOnGroup"=hex(7):00
"ObjectName"="LocalSystem"
"Description"="Performs system restore functions. To stop service, turn off System Restore from the System Restore tab in My Computer->Properties"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\srservice\Parameters]
"ServiceDll"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,73,79,73,74,65,6d,33,32,\
5c,73,72,73,76,63,2e,64,6c,6c,00
brispie
2007-05-24, 00:11
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\srservice\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,60,00,04,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,\
05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,\
00,18,00,fd,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,02,00,00,01,01,\
00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\srservice\Enum]
"0"="Root\\LEGACY_SRSERVICE\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Srv]
"Type"=dword:00000002
"Start"=dword:00000003
"ErrorControl"=dword:00000001
"Tag"=dword:00000006
"ImagePath"=hex(2):73,79,73,74,65,6d,33,32,5c,44,52,49,56,45,52,53,5c,73,72,76,\
2e,73,79,73,00
"DisplayName"="Srv"
"Group"="Network"
"Description"="Srv"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Srv\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,60,00,04,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,\
05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,\
00,18,00,fd,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,02,00,00,01,01,\
00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Srv\Enum]
"0"="Root\\LEGACY_SRV\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SSDPSRV]
"Type"=dword:00000020
"Start"=dword:00000004
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,6d,33,\
32,5c,73,76,63,68,6f,73,74,2e,65,78,65,20,2d,6b,20,4c,6f,63,61,6c,53,65,72,\
76,69,63,65,00
"DisplayName"="SSDP Discovery Service"
"DependOnService"=hex(7):48,54,54,50,00,00
"DependOnGroup"=hex(7):00
"ObjectName"="NT AUTHORITY\\LocalService"
"Description"="Enables discovery of UPnP devices on your home network."

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SSDPSRV\Parameters]
"ServiceDll"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,65,6d,\
33,32,5c,73,73,64,70,73,72,76,2e,64,6c,6c,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SSDPSRV\Security]
"Security"=hex:01,00,14,80,bc,00,00,00,c8,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,8c,00,06,00,00,00,00,00,14,00,ff,01,0f,00,01,01,00,00,00,00,00,\
05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
20,02,00,00,00,00,18,00,fd,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,\
02,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,25,02,\
00,00,00,00,14,00,9d,00,02,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,00,14,\
00,70,00,02,00,01,01,00,00,00,00,00,05,13,00,00,00,01,01,00,00,00,00,00,05,\
12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SSDPSRV\Enum]
"0"="Root\\LEGACY_SSDPSRV\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\STEC3]
"Type"=dword:00000001
"Start"=dword:00000002
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):5c,3f,3f,5c,43,3a,5c,57,49,4e,44,4f,57,53,5c,73,79,73,74,65,\
6d,33,32,5c,53,54,45,43,33,2e,73,79,73,00
"DisplayName"="STEC3"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\STEC3\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,60,00,04,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,\
05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,\
00,18,00,fd,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,02,00,00,01,01,\
00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\STEC3\Enum]
"0"="Root\\LEGACY_STEC3\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\stisvc]
"Type"=dword:00000020
"Start"=dword:00000003
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,6d,33,\
32,5c,73,76,63,68,6f,73,74,2e,65,78,65,20,2d,6b,20,69,6d,67,73,76,63,00
"DisplayName"="Windows Image Acquisition (WIA)"
"DependOnService"=hex(7):52,70,63,53,73,00,00
"DependOnGroup"=hex(7):00
"ObjectName"="LocalSystem"
"Description"="Provides image acquisition services for scanners and cameras."

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\stisvc\Parameters]
"ServiceDll"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,6d,\
33,32,5c,77,69,61,73,65,72,76,63,2e,64,6c,6c,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\stisvc\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,60,00,04,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,\
05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,\
00,18,00,fd,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,02,00,00,01,01,\
00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\stisvc\Enum]
"0"="Root\\LEGACY_STISVC\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\swenum]
"ErrorControl"=dword:00000001
"Start"=dword:00000003
"Type"=dword:00000001
"DisplayName"="Software Bus Driver"
"ImagePath"=hex(2):73,79,73,74,65,6d,33,32,5c,44,52,49,56,45,52,53,5c,73,77,65,\
6e,75,6d,2e,73,79,73,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\swenum\Devices]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\swenum\Devices\{2f412ab5-ed3a-4590-ab24-b0ce2aa77d3c}]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\swenum\Devices\{2f412ab5-ed3a-4590-ab24-b0ce2aa77d3c}\{9B365890-165F-11D0-A195-0020AFD156E4}]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\swenum\Devices\{2f412ab5-ed3a-4590-ab24-b0ce2aa77d3c}\{9B365890-165F-11D0-A195-0020AFD156E4}\{6994ad04-93ef-11d0-a3cc-00a0c9223196}]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\swenum\Devices\{2f412ab5-ed3a-4590-ab24-b0ce2aa77d3c}\{9B365890-165F-11D0-A195-0020AFD156E4}\{9ea331fa-b91b-45f8-9285-bd2bc77afcde}]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\swenum\Devices\{4245ff73-1db4-11d2-86e4-98ae20524153}]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\swenum\Devices\{4245ff73-1db4-11d2-86e4-98ae20524153}\{9B365890-165F-11D0-A195-0020AFD156E4}]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\swenum\Devices\{4245ff73-1db4-11d2-86e4-98ae20524153}\{9B365890-165F-11D0-A195-0020AFD156E4}\{2eb07ea0-7e70-11d0-a5d6-28db04c10000}]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\swenum\Devices\{4245ff73-1db4-11d2-86e4-98ae20524153}\{9B365890-165F-11D0-A195-0020AFD156E4}\{6994ad04-93ef-11d0-a3cc-00a0c9223196}]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\swenum\Devices\{4245ff73-1db4-11d2-86e4-98ae20524153}\{9B365890-165F-11D0-A195-0020AFD156E4}\{bf963d80-c559-11d0-8a2b-00a0c9255ac1}]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\swenum\Devices\{6c1b9f60-c0a9-11d0-96d8-00aa0051e51d}]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\swenum\Devices\{6c1b9f60-c0a9-11d0-96d8-00aa0051e51d}\{9B365890-165F-11D0-A195-0020AFD156E4}]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\swenum\Devices\{6c1b9f60-c0a9-11d0-96d8-00aa0051e51d}\{9B365890-165F-11D0-A195-0020AFD156E4}\{2eb07ea0-7e70-11d0-a5d6-28db04c10000}]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\swenum\Devices\{6c1b9f60-c0a9-11d0-96d8-00aa0051e51d}\{9B365890-165F-11D0-A195-0020AFD156E4}\{6994ad04-93ef-11d0-a3cc-00a0c9223196}]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\swenum\Devices\{6c1b9f60-c0a9-11d0-96d8-00aa0051e51d}\{9B365890-165F-11D0-A195-0020AFD156E4}\{dff220f3-f70f-11d0-b917-00a0c9223196}]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\swenum\Devices\{8c07dd50-7a8d-11d2-8f8c-00c04fbf8fef}]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\swenum\Devices\{8c07dd50-7a8d-11d2-8f8c-00c04fbf8fef}\dmusic]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\swenum\Devices\{8c07dd50-7a8d-11d2-8f8c-00c04fbf8fef}\dmusic\{2eb07ea0-7e70-11d0-a5d6-28db04c10000}]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\swenum\Devices\{8c07dd50-7a8d-11d2-8f8c-00c04fbf8fef}\dmusic\{6994ad04-93ef-11d0-a3cc-00a0c9223196}]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\swenum\Devices\{8c07dd50-7a8d-11d2-8f8c-00c04fbf8fef}\dmusic\{dff220f3-f70f-11d0-b917-00a0c9223196}]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\swenum\Devices\{96e080c7-143c-11d1-b40f-00a0c9223196}]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\swenum\Devices\{96e080c7-143c-11d1-b40f-00a0c9223196}\{3C0D501A-140B-11D1-B40F-00A0C9223196}]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\swenum\Devices\{96e080c7-143c-11d1-b40f-00a0c9223196}\{3C0D501A-140B-11D1-B40F-00A0C9223196}\{3c0d501a-140b-11d1-b40f-00a0c9223196}]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\swenum\Devices\{97ebaacc-95bd-11d0-a3ea-00a0c9223196}]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\swenum\Devices\{97ebaacc-95bd-11d0-a3ea-00a0c9223196}\{53172480-4791-11D0-A5D6-28DB04C10000}]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\swenum\Devices\{97ebaacc-95bd-11d0-a3ea-00a0c9223196}\{53172480-4791-11D0-A5D6-28DB04C10000}\{53172480-4791-11d0-a5d6-28db04c10000}]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\swenum\Devices\{a7c7a5b0-5af3-11d1-9ced-00a024bf0407}]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\swenum\Devices\{a7c7a5b0-5af3-11d1-9ced-00a024bf0407}\{9B365890-165F-11D0-A195-0020AFD156E4}]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\swenum\Devices\{a7c7a5b0-5af3-11d1-9ced-00a024bf0407}\{9B365890-165F-11D0-A195-0020AFD156E4}\{a7c7a5b1-5af3-11d1-9ced-00a024bf0407}]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\swenum\Devices\{b7eafdc0-a680-11d0-96d8-00aa0051e51d}]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\swenum\Devices\{b7eafdc0-a680-11d0-96d8-00aa0051e51d}\{9B365890-165F-11D0-A195-0020AFD156E4}]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\swenum\Devices\{b7eafdc0-a680-11d0-96d8-00aa0051e51d}\{9B365890-165F-11D0-A195-0020AFD156E4}\{6994ad04-93ef-11d0-a3cc-00a0c9223196}]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\swenum\Devices\{b7eafdc0-a680-11d0-96d8-00aa0051e51d}\{9B365890-165F-11D0-A195-0020AFD156E4}\{ad809c00-7b88-11d0-a5d6-28db04c10000}]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\swenum\Devices\{cd171de3-69e5-11d2-b56d-0000f8754380}]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\swenum\Devices\{cd171de3-69e5-11d2-b56d-0000f8754380}\{9B365890-165F-11D0-A195-0020AFD156E4}]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\swenum\Devices\{cd171de3-69e5-11d2-b56d-0000f8754380}\{9B365890-165F-11D0-A195-0020AFD156E4}\{3e227e76-690d-11d2-8161-0000f8775bf1}]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\swenum\Devices\{ddf4358e-bb2c-11d0-a42f-00a0c9223196}]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\swenum\Devices\{ddf4358e-bb2c-11d0-a42f-00a0c9223196}\{97EBAACB-95BD-11D0-A3EA-00A0C9223196}]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\swenum\Devices\{ddf4358e-bb2c-11d0-a42f-00a0c9223196}\{97EBAACB-95BD-11D0-A3EA-00A0C9223196}\{97ebaacb-95bd-11d0-a3ea-00a0c9223196}]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\swenum\Devices\{eeab7790-c514-11d1-b42b-00805fc1270e}]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\swenum\Devices\{eeab7790-c514-11d1-b42b-00805fc1270e}\asyncmac]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\swenum\Devices\{eeab7790-c514-11d1-b42b-00805fc1270e}\asyncmac\{ad498944-762f-11d0-8dcb-00c04fc3358c}]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\swenum\Devices\{eec12db6-ad9c-4168-8658-b03daef417fe}]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\swenum\Devices\{eec12db6-ad9c-4168-8658-b03daef417fe}\{ABD61E00-9350-47e2-A632-4438B90C6641}]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\swenum\Devices\{eec12db6-ad9c-4168-8658-b03daef417fe}\{ABD61E00-9350-47e2-A632-4438B90C6641}\{2eb07ea0-7e70-11d0-a5d6-28db04c10000}]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\swenum\Devices\{eec12db6-ad9c-4168-8658-b03daef417fe}\{ABD61E00-9350-47e2-A632-4438B90C6641}\{6994ad04-93ef-11d0-a3cc-00a0c9223196}]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\swenum\Devices\{eec12db6-ad9c-4168-8658-b03daef417fe}\{ABD61E00-9350-47e2-A632-4438B90C6641}\{ffbb6e3f-ccfe-4d84-90d9-421418b03a8e}]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\swenum\Enum]
"0"="Root\\SYSTEM\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\swmidi]
"Type"=dword:00000001
"Start"=dword:00000003
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):73,79,73,74,65,6d,33,32,5c,64,72,69,76,65,72,73,5c,73,77,6d,\
69,64,69,2e,73,79,73,00
"DisplayName"="Microsoft Kernel GS Wavetable Synthesizer"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\swmidi\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,60,00,04,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,\
05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,\
00,18,00,fd,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,02,00,00,01,01,\
00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\swmidi\Enum]
"Count"=dword:00000000
"NextInstance"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SwPrv]
"Type"=dword:00000010
"Start"=dword:00000003
"ErrorControl"=dword:00000000
"ImagePath"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,73,79,73,74,65,6d,33,32,5c,\
64,6c,6c,68,6f,73,74,2e,65,78,65,20,2f,50,72,6f,63,65,73,73,69,64,3a,7b,38,\
45,46,35,42,30,32,38,2d,44,46,33,33,2d,34,34,32,39,2d,38,45,37,43,2d,45,43,\
35,38,34,33,32,45,31,35,37,45,7d,00
"DisplayName"="MS Software Shadow Copy Provider"
"DependOnService"=hex(7):72,70,63,73,73,00,00
"DependOnGroup"=hex(7):00
"ObjectName"="LocalSystem"
"Description"="Manages software-based volume shadow copies taken by the Volume Shadow Copy service. If this service is stopped, software-based volume shadow copies cannot be managed. If this service is disabled, any services that explicitly depend on it will fail to start."

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SwPrv\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,60,00,04,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,\
05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,\
00,18,00,fd,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,02,00,00,01,01,\
00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Symantec Core LC]
"Type"=dword:00000110
"Start"=dword:00000002
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):22,43,3a,5c,50,72,6f,67,72,61,6d,20,46,69,6c,65,73,5c,43,6f,\
6d,6d,6f,6e,20,46,69,6c,65,73,5c,53,79,6d,61,6e,74,65,63,20,53,68,61,72,65,\
64,5c,43,43,50,44,2d,4c,43,5c,73,79,6d,6c,63,73,76,63,2e,65,78,65,22,00
"DisplayName"="Symantec Core LC"
"DependOnService"=hex(7):52,50,43,53,53,00,00
"DependOnGroup"=hex(7):00
"ObjectName"="LocalSystem"
"Description"="Symantec Core LC"
"Group"="Symantec Services"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Symantec Core LC\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,60,00,04,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,\
05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,\
00,18,00,fd,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,02,00,00,01,01,\
00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Symantec Core LC\Enum]
"0"="Root\\LEGACY_SYMANTEC_CORE_LC\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\symc810]
"ErrorControl"=dword:00000001
"Group"="SCSI miniport"
"Start"=dword:00000004
"Tag"=dword:0000001a
"Type"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\symc810\Parameters]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\symc810\Parameters\PnpInterface]
"5"=dword:00000001
brispie
2007-05-24, 00:12
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\symc8xx]
"ErrorControl"=dword:00000001
"Group"="SCSI miniport"
"Start"=dword:00000004
"Type"=dword:00000001
"Tag"=dword:00000036

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\symc8xx\Parameters]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\symc8xx\Parameters\PnpInterface]
"5"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\symlcbrd]
"Type"=dword:00000001
"Start"=dword:00000002
"ErrorControl"=dword:00000000
"ImagePath"=hex(2):5c,3f,3f,5c,43,3a,5c,57,49,4e,44,4f,57,53,5c,73,79,73,74,65,\
6d,33,32,5c,64,72,69,76,65,72,73,5c,73,79,6d,6c,63,62,72,64,2e,73,79,73,00
"DisplayName"="symlcbrd"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\symlcbrd\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,60,00,04,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,\
05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,\
00,18,00,fd,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,02,00,00,01,01,\
00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\symlcbrd\Enum]
"0"="Root\\LEGACY_SYMLCBRD\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sym_hi]
"ErrorControl"=dword:00000001
"Group"="SCSI miniport"
"Start"=dword:00000004
"Type"=dword:00000001
"Tag"=dword:00000037

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sym_hi\Parameters]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sym_hi\Parameters\PnpInterface]
"5"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sym_u3]
"ErrorControl"=dword:00000001
"Group"="SCSI miniport"
"Start"=dword:00000004
"Type"=dword:00000001
"Tag"=dword:00000037

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sym_u3\Parameters]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sym_u3\Parameters\PnpInterface]
"5"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sysaudio]
"Type"=dword:00000001
"Start"=dword:00000003
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):73,79,73,74,65,6d,33,32,5c,64,72,69,76,65,72,73,5c,73,79,73,\
61,75,64,69,6f,2e,73,79,73,00
"DisplayName"="Microsoft Kernel System Audio Device"








[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sysaudio\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,60,00,04,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,\
05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,\
00,18,00,fd,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,02,00,00,01,01,\
00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sysaudio\Enum]
"0"="SW\\{a7c7a5b0-5af3-11d1-9ced-00a024bf0407}\\{9B365890-165F-11D0-A195-0020AFD156E4}"
"Count"=dword:00000001
"NextInstance"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SysmonLog]
"Description"="Collects performance data from local or remote computers based on preconfigured schedule parameters, then writes the data to a log or triggers an alert. If this service is stopped, performance information will not be collected. If this service is disabled, any services that explicitly depend on it will fail to start."
"DisplayName"="Performance Logs and Alerts"
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,6d,33,\
32,5c,73,6d,6c,6f,67,73,76,63,2e,65,78,65,00
"ObjectName"="NT Authority\\NetworkService"
"Start"=dword:00000003
"Type"=dword:00000010
"DefaultLogFileFolder"=hex(2):25,53,79,73,74,65,6d,44,72,69,76,65,25,5c,50,65,\
72,66,4c,6f,67,73,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SysmonLog\Log Queries]
"Defaults Installed"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\TapiSrv]
"DependOnService"=hex(7):50,6c,75,67,50,6c,61,79,00,52,70,63,53,73,00,00
"Description"="Provides Telephony API (TAPI) support for programs that control telephony devices and IP based voice connections on the local computer and, through the LAN, on servers that are also running the service."
"DisplayName"="Telephony"
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,65,6d,33,\
32,5c,73,76,63,68,6f,73,74,2e,65,78,65,20,2d,6b,20,6e,65,74,73,76,63,73,00
"ObjectName"="LocalSystem"
"Start"=dword:00000003
"Type"=dword:00000020

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\TapiSrv\Parameters]
"ServiceDll"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,65,6d,\
33,32,5c,74,61,70,69,73,72,76,2e,64,6c,6c,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\TapiSrv\Performance]
"Close"="CloseTapiPerformanceData"
"Collect"="CollectTapiPerformanceData"
"Library"="tapiperf.dll"
"ObjectList"="1150"
"Open"="OpenTapiPerformanceData"
"WbemAdapFileSignature"=hex:69,51,b8,9b,4f,59,1a,a6,94,04,8a,6c,d0,e5,22,4a
"WbemAdapFileTime"=hex:00,20,7c,22,cb,2b,c1,01
"WbemAdapFileSize"=dword:00001600
"WbemAdapStatus"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\TapiSrv\Security]
"Security"=hex:01,00,14,80,6c,00,00,00,78,00,00,00,14,00,00,00,34,00,00,00,02,\
00,20,00,01,00,00,00,02,80,18,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,20,02,00,00,02,00,38,00,02,00,00,00,00,03,18,00,ff,01,0f,00,01,02,00,\
00,00,00,00,05,20,00,00,00,20,02,00,00,00,03,18,00,9d,00,00,00,01,02,00,00,\
00,00,00,05,20,00,00,00,21,02,00,00,01,01,00,00,00,00,00,05,12,00,00,00,01,\
01,00,00,00,00,00,05,12,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\TapiSrv\Enum]
"0"="Root\\LEGACY_TAPISRV\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip]
"Type"=dword:00000001
"Start"=dword:00000001
"ErrorControl"=dword:00000001
"Tag"=dword:00000004
"ImagePath"=hex(2):73,79,73,74,65,6d,33,32,5c,44,52,49,56,45,52,53,5c,74,63,70,\
69,70,2e,73,79,73,00
"DisplayName"="TCP/IP Protocol Driver"
"Group"="PNP_TDI"
"DependOnService"=hex(7):49,50,53,65,63,00,00
"DependOnGroup"=hex(7):00
"Description"="TCP/IP Protocol Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Linkage]
"Bind"=hex(7):5c,44,65,76,69,63,65,5c,7b,43,45,35,46,41,30,44,30,2d,33,38,34,\
44,2d,34,33,38,37,2d,39,45,34,37,2d,44,32,35,31,38,34,30,33,30,44,39,39,7d,\
00,5c,44,65,76,69,63,65,5c,7b,41,45,43,38,31,34,31,31,2d,42,45,31,45,2d,34,\
44,45,31,2d,42,42,37,39,2d,44,37,39,32,36,31,37,38,32,33,33,33,7d,00,5c,44,\
65,76,69,63,65,5c,4e,64,69,73,57,61,6e,49,70,00,00
"Route"=hex(7):22,7b,43,45,35,46,41,30,44,30,2d,33,38,34,44,2d,34,33,38,37,2d,\
39,45,34,37,2d,44,32,35,31,38,34,30,33,30,44,39,39,7d,22,00,22,7b,41,45,43,\
38,31,34,31,31,2d,42,45,31,45,2d,34,44,45,31,2d,42,42,37,39,2d,44,37,39,32,\
36,31,37,38,32,33,33,33,7d,22,00,22,4e,64,69,73,57,61,6e,49,70,22,00,00
"Export"=hex(7):5c,44,65,76,69,63,65,5c,54,63,70,69,70,5f,7b,43,45,35,46,41,30,\
44,30,2d,33,38,34,44,2d,34,33,38,37,2d,39,45,34,37,2d,44,32,35,31,38,34,30,\
33,30,44,39,39,7d,00,5c,44,65,76,69,63,65,5c,54,63,70,69,70,5f,7b,41,45,43,\
38,31,34,31,31,2d,42,45,31,45,2d,34,44,45,31,2d,42,42,37,39,2d,44,37,39,32,\
36,31,37,38,32,33,33,33,7d,00,5c,44,65,76,69,63,65,5c,54,63,70,69,70,5f,7b,\
45,46,41,41,31,41,32,30,2d,31,31,33,36,2d,34,41,31,33,2d,41,35,33,43,2d,42,\
31,45,34,45,34,43,35,32,43,42,45,7d,00,5c,44,65,76,69,63,65,5c,54,63,70,69,\
70,5f,7b,39,35,42,42,43,34,35,35,2d,30,43,42,41,2d,34,45,44,33,2d,42,39,44,\
38,2d,32,41,46,43,45,31,38,43,34,39,45,37,7d,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters]
"NV Hostname"="Phil"
"DataBasePath"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,65,6d,\
33,32,5c,64,72,69,76,65,72,73,5c,65,74,63,00
"NameServer"=""
"ForwardBroadcasts"=dword:00000000
"IPEnableRouter"=dword:00000000
"Domain"=""
"Hostname"="Phil"
"SearchList"=""
"UseDomainNameDevolution"=dword:00000001
"EnableICMPRedirect"=dword:00000001
"DeadGWDetectDefault"=dword:00000001
"DontAddDefaultGatewayDefault"=dword:00000000
"EnableSecurityFilters"=dword:00000000
"DhcpNameServer"="62.31.176.39 194.117.134.19 195.188.53.175"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Adapters]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Adapters\NdisWanIp]
"LLInterface"="WANARP"
"IpConfig"=hex(7):54,63,70,69,70,5c,50,61,72,61,6d,65,74,65,72,73,5c,49,6e,74,\
65,72,66,61,63,65,73,5c,7b,45,46,41,41,31,41,32,30,2d,31,31,33,36,2d,34,41,\
31,33,2d,41,35,33,43,2d,42,31,45,34,45,34,43,35,32,43,42,45,7d,00,54,63,70,\
69,70,5c,50,61,72,61,6d,65,74,65,72,73,5c,49,6e,74,65,72,66,61,63,65,73,5c,\
7b,39,35,42,42,43,34,35,35,2d,30,43,42,41,2d,34,45,44,33,2d,42,39,44,38,2d,\
32,41,46,43,45,31,38,43,34,39,45,37,7d,00,00
"NumInterfaces"=dword:00000002
"IpInterfaces"=hex:20,1a,aa,ef,36,11,13,4a,a5,3c,b1,e4,e4,c5,2c,be,55,c4,bb,95,\
ba,0c,d3,4e,b9,d8,2a,fc,e1,8c,49,e7

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Adapters\{AEC81411-BE1E-4DE1-BB79-D79261782333}]
"LLInterface"=""
"IpConfig"=hex(7):54,63,70,69,70,5c,50,61,72,61,6d,65,74,65,72,73,5c,49,6e,74,\
65,72,66,61,63,65,73,5c,7b,41,45,43,38,31,34,31,31,2d,42,45,31,45,2d,34,44,\
45,31,2d,42,42,37,39,2d,44,37,39,32,36,31,37,38,32,33,33,33,7d,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Adapters\{CE5FA0D0-384D-4387-9E47-D25184030D99}]
"LLInterface"=""
"IpConfig"=hex(7):54,63,70,69,70,5c,50,61,72,61,6d,65,74,65,72,73,5c,49,6e,74,\
65,72,66,61,63,65,73,5c,7b,43,45,35,46,41,30,44,30,2d,33,38,34,44,2d,34,33,\
38,37,2d,39,45,34,37,2d,44,32,35,31,38,34,30,33,30,44,39,39,7d,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\DNSRegisteredAdapters]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{95BBC455-0CBA-4ED3-B9D8-2AFCE18C49E7}]
"UseZeroBroadcast"=dword:00000000
"EnableDHCP"=dword:00000000
"IPAddress"=hex(7):30,2e,30,2e,30,2e,30,00,00
"SubnetMask"=hex(7):30,2e,30,2e,30,2e,30,00,00
"DefaultGateway"=hex(7):00
"EnableDeadGWDetect"=dword:00000001
"DontAddDefaultGateway"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{AEC81411-BE1E-4DE1-BB79-D79261782333}]
"UseZeroBroadcast"=dword:00000000
"EnableDeadGWDetect"=dword:00000001
"EnableDHCP"=dword:00000001
"IPAddress"=hex(7):30,2e,30,2e,30,2e,30,00,00
"SubnetMask"=hex(7):30,2e,30,2e,30,2e,30,00,00
"DefaultGateway"=hex(7):00
"DefaultGatewayMetric"=hex(7):00
"Domain"=""
"RegistrationEnabled"=dword:00000001
"RegisterAdapterName"=dword:00000000
"TCPAllowedPorts"=hex(7):30,00,00
"UDPAllowedPorts"=hex(7):30,00,00
"RawIPAllowedProtocols"=hex(7):30,00,00
"NTEContextList"=hex(7):00
"DhcpClassIdBin"=hex:
"DhcpIPAddress"="192.168.0.73"
"DhcpSubnetMask"="255.255.255.0"
"DhcpServer"="192.168.0.1"
"Lease"=dword:00093a80
"LeaseObtainedTime"=dword:422dfc27
"T1"=dword:422dfd53
"T2"=dword:4234e807
"LeaseTerminatesTime"=dword:423736a7
"IPAutoconfigurationAddress"="0.0.0.0"
"IPAutoconfigurationMask"="255.255.0.0"
"IPAutoconfigurationSeed"=dword:00000000
"AddressType"=dword:00000000
"MTU"=dword:000005ae
"MTU_OLD"=dword:000005ae
brispie
2007-05-24, 00:13
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{CE5FA0D0-384D-4387-9E47-D25184030D99}]
"UseZeroBroadcast"=dword:00000000
"EnableDeadGWDetect"=dword:00000001
"EnableDHCP"=dword:00000001
"IPAddress"=hex(7):30,2e,30,2e,30,2e,30,00,00
"SubnetMask"=hex(7):30,2e,30,2e,30,2e,30,00,00
"DefaultGateway"=hex(7):00
"DefaultGatewayMetric"=hex(7):00
"Domain"=""
"RegistrationEnabled"=dword:00000001
"RegisterAdapterName"=dword:00000000
"TCPAllowedPorts"=hex(7):30,00,00
"UDPAllowedPorts"=hex(7):30,00,00
"RawIPAllowedProtocols"=hex(7):30,00,00
"NTEContextList"=hex(7):30,78,30,30,30,30,30,30,30,32,00,00
"DhcpClassIdBin"=hex:
"DhcpIPAddress"="82.32.104.229"
"DhcpSubnetMask"="255.255.248.0"
"DhcpServer"="62.30.64.114"
"Lease"=dword:00015180
"LeaseObtainedTime"=dword:46548214
"T1"=dword:46552ad4
"T2"=dword:4655a964
"LeaseTerminatesTime"=dword:4655d394
"IPAutoconfigurationAddress"="0.0.0.0"
"IPAutoconfigurationMask"="255.255.0.0"
"IPAutoconfigurationSeed"=dword:00000000
"AddressType"=dword:00000000
"MTU"=dword:000005ae
"MTU_OLD"=dword:000005ae
"DhcpRetryTime"=dword:0000a8c0
"DhcpRetryStatus"=dword:00000000
"DhcpNameServer"="62.31.176.39 194.117.134.19 195.188.53.175"
"DhcpDefaultGateway"=hex(7):38,32,2e,33,32,2e,31,30,34,2e,31,00,00
"DhcpSubnetMaskOpt"=hex(7):32,35,35,2e,32,35,35,2e,32,34,38,2e,30,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{EFAA1A20-1136-4A13-A53C-B1E4E4C52CBE}]
"UseZeroBroadcast"=dword:00000000
"EnableDHCP"=dword:00000000
"IPAddress"=hex(7):30,2e,30,2e,30,2e,30,00,00
"SubnetMask"=hex(7):30,2e,30,2e,30,2e,30,00,00
"DefaultGateway"=hex(7):00
"EnableDeadGWDetect"=dword:00000001
"DontAddDefaultGateway"=dword:00000000
"NameServer"=""
"Domain"=""

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\PersistentRoutes]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Winsock]
"UseDelayedAcceptance"=dword:00000000
"HelperDllName"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,65,\
6d,33,32,5c,77,73,68,74,63,70,69,70,2e,64,6c,6c,00
"MaxSockAddrLength"=dword:00000010
"MinSockAddrLength"=dword:00000010
"Mapping"=hex:0b,00,00,00,03,00,00,00,02,00,00,00,01,00,00,00,06,00,00,00,02,\
00,00,00,01,00,00,00,00,00,00,00,02,00,00,00,00,00,00,00,06,00,00,00,00,00,\
00,00,00,00,00,00,06,00,00,00,00,00,00,00,01,00,00,00,06,00,00,00,02,00,00,\
00,02,00,00,00,11,00,00,00,02,00,00,00,02,00,00,00,00,00,00,00,02,00,00,00,\
00,00,00,00,11,00,00,00,00,00,00,00,00,00,00,00,11,00,00,00,00,00,00,00,02,\
00,00,00,11,00,00,00,02,00,00,00,03,00,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Performance]
"Close"="CloseTcpIpPerformanceData"
"Collect"="CollectTcpIpPerformanceData"
"Library"="Perfctrs.dll"
"Open"="OpenTcpIpPerformanceData"
"Object List"="502 510 546 582 638 658"
"WbemAdapFileSignature"=hex:96,49,2c,72,1c,6e,a5,17,e2,bf,d5,38,1f,ef,55,e3
"WbemAdapFileTime"=hex:00,5b,4e,ea,bd,79,c4,01
"WbemAdapFileSize"=dword:00009c00
"WbemAdapStatus"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,60,00,04,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,\
05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,\
00,18,00,fd,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,02,00,00,01,01,\
00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\ServiceProvider]
"Class"=dword:00000008
"DnsPriority"=dword:000007d0
"HostsPriority"=dword:000001f4
"LocalPriority"=dword:000001f3
"ProviderPath"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,65,6d,\
33,32,5c,77,73,6f,63,6b,33,32,2e,64,6c,6c,00
"NetbtPriority"=dword:000007d1
"Name"="TCP/IP"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Enum]
"0"="Root\\LEGACY_TCPIP\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\TDPIPE]
"ErrorControl"=dword:00000000
"Start"=dword:00000003
"Type"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\TDTCP]
"ErrorControl"=dword:00000000
"Start"=dword:00000003
"Type"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\TermDD]
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):73,79,73,74,65,6d,33,32,5c,44,52,49,56,45,52,53,5c,74,65,72,\
6d,64,64,2e,73,79,73,00
"Start"=dword:00000001
"Type"=dword:00000001
"DisplayName"="Terminal Device Driver"
"PortDriverEnable"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\TermDD\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,60,00,04,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,\
05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,\
00,18,00,fd,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,02,00,00,01,01,\
00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\TermDD\Enum]
"0"="Root\\RDP_KBD\\0000"
"Count"=dword:00000002
"NextInstance"=dword:00000002
"1"="Root\\RDP_MOU\\0000"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\TermService]
"ErrorControl"=dword:00000001
"ObjectName"="LocalSystem"
"Start"=dword:00000003
"Description"="Allows multiple users to be connected interactively to a machine as well as the display of desktops and applications to remote computers. The underpinning of Remote Desktop (including RD for Administrators), Fast User Switching, Remote Assistance, and Terminal Server."
"DisplayName"="Terminal Services"
"DependOnService"=hex(7):52,50,43,53,53,00,00
"Type"=dword:00000020
"ImagePath"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,65,6d,33,\
32,5c,73,76,63,68,6f,73,74,20,2d,6b,20,44,43,6f,6d,4c,61,75,6e,63,68,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\TermService\Parameters]
"ServiceDll"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,65,6d,\
33,32,5c,74,65,72,6d,73,72,76,2e,64,6c,6c,00
"Certificate"=hex:01,00,00,00,01,00,00,00,01,00,00,00,06,00,5c,00,52,53,41,31,\
48,00,00,00,00,02,00,00,3f,00,00,00,01,00,01,00,b9,30,27,0c,01,f8,67,6e,53,\
4f,3c,fb,92,eb,85,6b,45,72,18,51,b7,f4,19,1a,18,b6,fe,cf,98,65,87,bf,4e,46,\
e2,ff,fa,55,bf,6d,11,5d,38,7e,8a,27,11,44,bf,67,d6,60,2e,0e,1e,aa,a4,f8,84,\
62,d7,52,9a,b4,00,00,00,00,00,00,00,00,08,00,48,00,60,37,93,7c,d0,2d,6c,d3,\
d0,ae,a0,9e,81,a4,ec,72,0a,7f,50,d9,6a,d6,a8,e1,be,99,a2,43,64,ee,98,1a,eb,\
a5,2f,0b,ad,a5,4c,bf,72,08,bf,39,b4,b5,e6,a7,31,2b,6f,e0,11,d6,29,2d,6d,e1,\
0c,d1,04,28,a0,77,00,00,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\TermService\Performance]
"Close"="CloseTSObject"
"Collect Timeout"=dword:000003e8
"Collect"="CollectTSObjectData"
"Open Timeout"=dword:000003e8
"Open"="OpenTSObject"
"Library"="perfts.dll"
"Last Counter"=dword:00000886
"Last Help"=dword:00000887
"First Counter"=dword:00000806
"First Help"=dword:00000807
"Object List"="2054 2176"
"Library Validation Code"=hex:00,20,7c,22,cb,2b,c1,01,00,30,00,00,00,00,00,00
"WbemAdapFileSignature"=hex:7e,fd,21,14,ea,d1,ac,72,34,26,10,d7,19,2b,fb,32
"WbemAdapFileTime"=hex:00,20,7c,22,cb,2b,c1,01
"WbemAdapFileSize"=dword:00003000
"WbemAdapStatus"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\TermService\Enum]
"0"="Root\\LEGACY_TERMSERVICE\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Themes]
"Type"=dword:00000020
"Start"=dword:00000002
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,65,6d,33,\
32,5c,73,76,63,68,6f,73,74,2e,65,78,65,20,2d,6b,20,6e,65,74,73,76,63,73,00
"DisplayName"="Themes"
"Group"="UIGroup"
"ObjectName"="LocalSystem"
"FailureActions"=hex:80,51,01,00,00,00,00,00,00,00,00,00,03,00,00,00,4d,00,41,\
00,01,00,00,00,60,ea,00,00,01,00,00,00,60,ea,00,00,00,00,00,00,00,00,00,00
"Description"="Provides user experience theme management."

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Themes\Parameters]
"ServiceDll"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,65,6d,\
33,32,5c,73,68,73,76,63,73,2e,64,6c,6c,00
"ServiceMain"="ThemeServiceMain"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Themes\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,60,00,04,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,\
05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,\
00,18,00,fd,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,02,00,00,01,01,\
00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Themes\Enum]
"0"="Root\\LEGACY_THEMES\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\TlntSvr]
"Type"=dword:00000010
"Start"=dword:00000004
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,73,79,73,74,65,6d,33,32,5c,\
74,6c,6e,74,73,76,72,2e,65,78,65,00
"DisplayName"="Telnet"
"DependOnService"=hex(7):52,50,43,53,53,00,54,43,50,49,50,00,4e,54,4c,4d,53,53,\
50,00,00
"DependOnGroup"=hex(7):00
"ObjectName"="LocalSystem"
"Description"=hex(2):45,6e,61,62,6c,65,73,20,61,20,72,65,6d,6f,74,65,20,75,73,\
65,72,20,74,6f,20,6c,6f,67,20,6f,6e,20,74,6f,20,74,68,69,73,20,63,6f,6d,70,\
75,74,65,72,20,61,6e,64,20,72,75,6e,20,70,72,6f,67,72,61,6d,73,2c,20,61,6e,\
64,20,73,75,70,70,6f,72,74,73,20,76,61,72,69,6f,75,73,20,54,43,50,2f,49,50,\
20,54,65,6c,6e,65,74,20,63,6c,69,65,6e,74,73,2c,20,69,6e,63,6c,75,64,69,6e,\
67,20,55,4e,49,58,2d,62,61,73,65,64,20,61,6e,64,20,57,69,6e,64,6f,77,73,2d,\
62,61,73,65,64,20,63,6f,6d,70,75,74,65,72,73,2e,20,49,66,20,74,68,69,73,20,\
73,65,72,76,69,63,65,20,69,73,20,73,74,6f,70,70,65,64,2c,20,72,65,6d,6f,74,\
65,20,75,73,65,72,20,61,63,63,65,73,73,20,74,6f,20,70,72,6f,67,72,61,6d,73,\
20,6d,69,67,68,74,20,62,65,20,75,6e,61,76,61,69,6c,61,62,6c,65,2e,20,49,66,\
20,74,68,69,73,20,73,65,72,76,69,63,65,20,69,73,20,64,69,73,61,62,6c,65,64,\
2c,20,61,6e,79,20,73,65,72,76,69,63,65,73,20,74,68,61,74,20,65,78,70,6c,69,\
63,69,74,6c,79,20,64,65,70,65,6e,64,20,6f,6e,20,69,74,20,77,69,6c,6c,20,66,\
61,69,6c,20,74,6f,20,73,74,61,72,74,2e,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\TlntSvr\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,60,00,04,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,\
05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,\
00,18,00,fd,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,02,00,00,01,01,\
00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\TosIde]
"ErrorControl"=dword:00000001
"Group"="System Bus Extender"
"Start"=dword:00000004
"Tag"=dword:00000004
"Type"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\TrkWks]
"Description"="Maintains links between NTFS files within a computer or across computers in a network domain."
"DisplayName"="Distributed Link Tracking Client"
"DependOnService"=hex(7):52,70,63,53,73,00,00
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,6d,33,\
32,5c,73,76,63,68,6f,73,74,2e,65,78,65,20,2d,6b,20,6e,65,74,73,76,63,73,00
"ObjectName"="LocalSystem"
"Start"=dword:00000002
"Type"=dword:00000020

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\TrkWks\Parameters]
"ServiceDll"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,6d,\
33,32,5c,74,72,6b,77,6b,73,2e,64,6c,6c,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\TrkWks\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,60,00,04,00,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,\
05,0b,00,00,00,00,00,18,00,9d,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,\
23,02,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,20,\
02,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,05,12,00,00,00,01,01,\
00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\TrkWks\Enum]
"0"="Root\\LEGACY_TRKWKS\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\TSDDD]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\TSDDD\Device0]
"InstalledDisplayDrivers"=hex(7):54,53,44,44,44,00,00
"VgaCompatible"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Udfs]
"ErrorControl"=dword:00000001
"Group"="File system"
"Start"=dword:00000004
"Type"=dword:00000002

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Udfs\Enum]
"0"="Root\\LEGACY_UDFS\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ultra]
"ErrorControl"=dword:00000001
"Group"="SCSI miniport"
"Start"=dword:00000004
"Tag"=dword:0000003b
"Type"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ultra\Parameters]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ultra\Parameters\PnpInterface]
"5"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\UMWdf]
"Description"="Enables Windows user mode drivers."
"DisplayName"="Windows User Mode Driver Framework"
"DependOnService"=hex(7):52,70,63,53,73,00,00
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,73,79,73,74,65,6d,33,32,5c,\
77,64,66,6d,67,72,2e,65,78,65,00
"ObjectName"="NT AUTHORITY\\LocalService"
"Start"=dword:00000004
"Type"=dword:00000010
"DependOnGroup"=hex(7):00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\UMWdf\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,60,00,04,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,\
05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,\
00,18,00,fd,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,02,00,00,01,01,\
00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Update]
"ErrorControl"=dword:00000001
"Start"=dword:00000003
"Type"=dword:00000001
"DisplayName"="Microcode Update Driver"
"ImagePath"=hex(2):73,79,73,74,65,6d,33,32,5c,44,52,49,56,45,52,53,5c,75,70,64,\
61,74,65,2e,73,79,73,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Update\Devices]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Update\Enum]
"0"="Root\\SYSTEM\\0001"
"Count"=dword:00000001
"NextInstance"=dword:00000001
brispie
2007-05-24, 00:14
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\upnphost]
"Type"=dword:00000020
"Start"=dword:00000004
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,6d,33,\
32,5c,73,76,63,68,6f,73,74,2e,65,78,65,20,2d,6b,20,4c,6f,63,61,6c,53,65,72,\
76,69,63,65,00
"DisplayName"="Universal Plug and Play Device Host"
"DependOnService"=hex(7):53,53,44,50,53,52,56,00,48,54,54,50,00,00
"DependOnGroup"=hex(7):00
"ObjectName"="NT AUTHORITY\\LocalService"
"Description"="Provides support to host Universal Plug and Play devices."
"FailureActions"=hex:ff,ff,ff,ff,00,00,00,00,00,00,00,00,01,00,00,00,41,00,4d,\
00,01,00,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\upnphost\Parameters]
"ServiceDll"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,65,6d,\
33,32,5c,75,70,6e,70,68,6f,73,74,2e,64,6c,6c,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\upnphost\Security]
"Security"=hex:01,00,14,80,bc,00,00,00,c8,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,8c,00,06,00,00,00,00,00,14,00,ff,01,0f,00,01,01,00,00,00,00,00,\
05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
20,02,00,00,00,00,18,00,fd,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,\
02,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,25,02,\
00,00,00,00,14,00,9d,00,02,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,00,14,\
00,8f,01,02,00,01,01,00,00,00,00,00,05,13,00,00,00,01,01,00,00,00,00,00,05,\
12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\UPS]
"Description"="Manages an uninterruptible power supply (UPS) connected to the computer."
"DisplayName"="Uninterruptible Power Supply"
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,65,6d,33,\
32,5c,75,70,73,2e,65,78,65,00
"ObjectName"=hex(2):4c,6f,63,61,6c,53,79,73,74,65,6d,00
"Start"=dword:00000003
"Type"=dword:00000010
"Port"="COM1"
"Options"=dword:0000007e
"FirstMessageDelay"=dword:00000005
"MessageInterval"=dword:00000078

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\UPS\Config]
"Upgrade"=dword:00000000
"Vendor"="(None)"
"Model"=""
"ServiceProviderDLL"=""
"NotifyEnable"=dword:00000001
"ShutdownOnBatteryEnable"=dword:00000000
"ShutdownOnBatteryWait"=dword:00000002
"RunTaskEnable"=dword:00000000
"TaskName"=""
"TurnUPSOffEnable"=dword:00000001
"CustomOptions"=dword:0000007f
"CriticalPowerAction"=dword:00000000
"TurnUPSOffWait"=dword:000000b4

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\UPS\ServiceProviders]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\UPS\ServiceProviders\American Power Conversion]
"Back-UPS"="0x77;"
"Back-UPS Pro"="0x7F;apcups.dll"
"Basic Port on Communications Accessory"="0x77;"
"Basic signaling to any APC UPS"="0x77;"
"Matrix-UPS"="0x7F;apcups.dll"
"PowerStack"="0x7F;apcups.dll"
"Smart-UPS"="0x7F;apcups.dll"
"Smart signaling to any APC UPS"="0x7F;apcups.dll"
"Symmetra Power Array"="0x7F;apcups.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\UPS\Status]
"SerialNumber"=""
"FirmwareRev"=""
"UtilityPowerStatus"=dword:00000000
"TotalUPSRuntime"=dword:00000000
"BatteryStatus"=dword:00000000
"BatteryCapacity"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\usbehci]
"Type"=dword:00000001
"Start"=dword:00000003
"ErrorControl"=dword:00000001
"DisplayName"="Microsoft USB 2.0 Enhanced Host Controller Miniport Driver"
"ImagePath"=hex(2):73,79,73,74,65,6d,33,32,5c,44,52,49,56,45,52,53,5c,75,73,62,\
65,68,63,69,2e,73,79,73,00
"Group"="Base"
"Tag"=dword:0000000f

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\usbehci\Enum]
"0"="PCI\\VEN_10DE&DEV_0068&SUBSYS_0C111043&REV_A4\\3&13c0b0c5&0&12"
"Count"=dword:00000001
"NextInstance"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\usbhub]
"Type"=dword:00000001
"Start"=dword:00000003
"ErrorControl"=dword:00000001
"DisplayName"="USB2 Enabled Hub"
"ImagePath"=hex(2):73,79,73,74,65,6d,33,32,5c,44,52,49,56,45,52,53,5c,75,73,62,\
68,75,62,2e,73,79,73,00
"Group"="Base"
"Tag"=dword:00000011

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\usbhub\Enum]
"0"="USB\\ROOT_HUB\\4&36ce346&0"
"Count"=dword:00000003
"NextInstance"=dword:00000003
"1"="USB\\ROOT_HUB\\4&37090e00&0"
"2"="USB\\ROOT_HUB20\\4&b74b78&0"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\usbohci]
"Type"=dword:00000001
"Start"=dword:00000003
"ErrorControl"=dword:00000001
"DisplayName"="Microsoft USB Open Host Controller Miniport Driver"
"ImagePath"=hex(2):73,79,73,74,65,6d,33,32,5c,44,52,49,56,45,52,53,5c,75,73,62,\
6f,68,63,69,2e,73,79,73,00
"Group"="Base"
"Tag"=dword:00000010

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\usbohci\Enum]
"0"="PCI\\VEN_10DE&DEV_0067&SUBSYS_0C111043&REV_A4\\3&13c0b0c5&0&10"
"Count"=dword:00000002
"NextInstance"=dword:00000002
"1"="PCI\\VEN_10DE&DEV_0067&SUBSYS_0C111043&REV_A4\\3&13c0b0c5&0&11"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\USBSTOR]
"Type"=dword:00000001
"Start"=dword:00000003
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):73,79,73,74,65,6d,33,32,5c,44,52,49,56,45,52,53,5c,55,53,42,\
53,54,4f,52,2e,53,59,53,00
"DisplayName"="USB Mass Storage Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\USBSTOR\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,60,00,04,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,\
05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,\
00,18,00,fd,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,02,00,00,01,01,\
00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VgaSave]
"ErrorControl"=dword:00000000
"Group"="Video Save"
"ImagePath"=hex(2):5c,53,79,73,74,65,6d,52,6f,6f,74,5c,53,79,73,74,65,6d,33,32,\
5c,64,72,69,76,65,72,73,5c,76,67,61,2e,73,79,73,00
"Start"=dword:00000001
"Tag"=dword:00000001
"Type"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VgaSave\Device0]
"InstalledDisplayDrivers"=hex(7):76,67,61,00,66,72,61,6d,65,62,75,66,00,76,67,\
61,32,35,36,00,76,67,61,36,34,6b,00,00
"VgaCompatible"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VgaSave\Video]
"VideoID"="{23A77BF7-ED96-40EC-AF06-9B1F4867732A}"
"Service"="VgaSave"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VgaSave\Enum]
"0"="Root\\LEGACY_VGASAVE\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ViaIde]
"ErrorControl"=dword:00000001
"Group"="System Bus Extender"
"Start"=dword:00000004
"Tag"=dword:00000004
"Type"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VolSnap]
"ErrorControl"=dword:00000001
"Group"="System Bus Extender"
"Start"=dword:00000000
"Type"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VolSnap\Enum]
"0"="Root\\LEGACY_VOLSNAP\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS]
"DependOnService"=hex(7):52,50,43,53,53,00,00
"Description"="Manages and implements Volume Shadow Copies used for backup and other purposes. If this service is stopped, shadow copies will be unavailable for backup and the backup may fail. If this service is disabled, any services that explicitly depend on it will fail to start."
"DisplayName"="Volume Shadow Copy"
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,65,6d,33,\
32,5c,76,73,73,76,63,2e,65,78,65,00
"ObjectName"="LocalSystem"
"Start"=dword:00000003
"Type"=dword:00000010

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Providers]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Providers\{b5946137-7b9f-4925-af80-51abd60b20d5}]
@="MS Software Shadow Copy provider 1.0"
"Type"=dword:00000001
"Version"="1.0.0.7"
"VersionId"="{00000001-0000-0000-0007-000000000001}"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Providers\{b5946137-7b9f-4925-af80-51abd60b20d5}\CLSID]
@="{65EE1DBA-8FF4-4a58-AC1C-3470EE2F376A}"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VXD]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VXD\JAVASUP]
"Start"=hex:00
"StaticVxD"="JAVASUP.VXD"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\W32Time]
"Description"="Maintains date and time synchronization on all clients and servers in the network. If this service is stopped, date and time synchronization will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.

"
"DisplayName"="Windows Time"
"ErrorControl"=dword:00000001
"Group"=""
"ImagePath"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,65,6d,33,\
32,5c,73,76,63,68,6f,73,74,2e,65,78,65,20,2d,6b,20,6e,65,74,73,76,63,73,00
"Objectname"="LocalSystem"
"Start"=dword:00000002
"Type"=dword:00000020

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\W32Time\Config]
"LastClockRate"=dword:0002625a
"MinClockRate"=dword:000260d4
"MaxClockRate"=dword:000263e0
"FrequencyCorrectRate"=dword:00000004
"PollAdjustFactor"=dword:00000005
"LargePhaseOffset"=dword:00138800
"SpikeWatchPeriod"=dword:0000005a
"HoldPeriod"=dword:00000005
"MaxPollInterval"=dword:0000000f
"LocalClockDispersion"=dword:0000000a
"EventLogFlags"=dword:00000002
"PhaseCorrectRate"=dword:00000001
"MinPollInterval"=dword:0000000a
"UpdateInterval"=dword:00057e40
"MaxNegPhaseCorrection"=dword:0000d2f0
"MaxPosPhaseCorrection"=dword:0000d2f0
"AnnounceFlags"=dword:0000000a
"MaxAllowedPhaseOffset"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\W32Time\Parameters]
"ServiceMain"="SvchostEntry_W32Time"
"ServiceDll"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,73,79,73,74,65,6d,33,32,\
5c,77,33,32,74,69,6d,65,2e,64,6c,6c,00
"NtpServer"="time.windows.com,0x1"
"Type"="NTP"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\W32Time\Security]
"Security"=hex:01,00,14,80,a8,00,00,00,b4,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,78,00,05,00,00,00,00,00,14,00,8d,00,02,00,01,01,00,00,00,00,00,\
05,0b,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
20,02,00,00,00,00,18,00,8d,00,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,\
02,00,00,00,00,14,00,9d,00,00,00,01,01,00,00,00,00,00,05,04,00,00,00,00,00,\
18,00,9d,00,00,00,01,02,00,00,00,00,00,05,20,00,00,00,21,02,00,00,01,01,00,\
00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\W32Time\TimeProviders]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\W32Time\TimeProviders\NtpClient]
"Enabled"=dword:00000001
"InputProvider"=dword:00000001
"AllowNonstandardModeCombinations"=dword:00000001
"CrossSiteSyncFlags"=dword:00000002
"ResolvePeerBackoffMinutes"=dword:0000000f
"ResolvePeerBackoffMaxTimes"=dword:00000007
"CompatibilityFlags"=dword:80000000
"EventLogFlags"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\w32time.dll"
"SpecialPollTimeRemaining"=hex(7):74,69,6d,65,2e,77,69,6e,64,6f,77,73,2e,63,6f,\
6d,2c,37,61,34,63,66,39,35,00,00,00,00,00,00,00,00,00,00,00,00
"SpecialPollInterval"=dword:00093a80

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\W32Time\TimeProviders\NtpServer]
"Enabled"=dword:00000001
"InputProvider"=dword:00000000
"AllowNonstandardModeCombinations"=dword:00000001
"DllName"="C:\\WINDOWS\\system32\\w32time.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\W32Time\Enum]
"0"="Root\\LEGACY_W32TIME\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\W3SVC]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\W3SVC\Parameters]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\W3SVC\Parameters\ADCLaunch]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\W3SVC\Parameters\ADCLaunch\AdvancedDataFactory]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\W3SVC\Parameters\ADCLaunch\RDSServer.DataFactory]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Wanarp]
"Type"=dword:00000001
"Start"=dword:00000003
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):73,79,73,74,65,6d,33,32,5c,44,52,49,56,45,52,53,5c,77,61,6e,\
61,72,70,2e,73,79,73,00
"DisplayName"="Remote Access IP ARP Driver"
"Description"="Remote Access IP ARP Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Wanarp\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,60,00,04,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,\
05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,\
00,18,00,fd,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,02,00,00,01,01,\
00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Wanarp\Enum]
"0"="Root\\LEGACY_WANARP\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WDICA]
"ErrorControl"=dword:00000000
"Start"=dword:00000003
"Type"=dword:00000001
brispie
2007-05-24, 00:15
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\wdmaud]
"Type"=dword:00000001
"Start"=dword:00000003
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):73,79,73,74,65,6d,33,32,5c,64,72,69,76,65,72,73,5c,77,64,6d,\
61,75,64,2e,73,79,73,00
"DisplayName"="Microsoft WINMM WDM Audio Compatibility Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\wdmaud\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,60,00,04,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,\
05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,\
00,18,00,fd,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,02,00,00,01,01,\
00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\wdmaud\Enum]
"0"="SW\\{cd171de3-69e5-11d2-b56d-0000f8754380}\\{9B365890-165F-11D0-A195-0020AFD156E4}"
"Count"=dword:00000001
"NextInstance"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WebClient]
"Type"=dword:00000020
"Start"=dword:00000002
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,6d,33,\
32,5c,73,76,63,68,6f,73,74,2e,65,78,65,20,2d,6b,20,4c,6f,63,61,6c,53,65,72,\
76,69,63,65,00
"DisplayName"="WebClient"
"Group"="NetworkProvider"
"DependOnService"=hex(7):4d,52,78,44,41,56,00,00
"DependOnGroup"=hex(7):00
"ObjectName"="NT AUTHORITY\\LocalService"
"Description"="Enables Windows-based programs to create, access, and modify Internet-based files. If this service is stopped, these functions will not be available. If this service is disabled, any services that explicitly depend on it will fail to start."

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WebClient\NetworkProvider]
"Name"="Web Client Network"
"ProviderPath"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,65,6d,\
33,32,5c,64,61,76,63,6c,6e,74,2e,64,6c,6c,00
"DeviceName"="\\Device\\WebDavRedirector"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WebClient\Parameters]
"ServiceDll"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,65,6d,\
33,32,5c,77,65,62,63,6c,6e,74,2e,64,6c,6c,00
"ServerNotFoundCacheLifeTimeInSec"=dword:0000003c
"AcceptOfficeAndTahoeServers"=dword:00000000
"ServiceDebug"=dword:00000000
"ClientDebug"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WebClient\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,60,00,04,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,\
05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,\
00,18,00,fd,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,02,00,00,01,01,\
00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WebClient\Enum]
"0"="Root\\LEGACY_WEBCLIENT\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\winmgmt]
"Type"=dword:00000020
"Start"=dword:00000002
"ErrorControl"=dword:00000000
"ImagePath"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,65,6d,33,\
32,5c,73,76,63,68,6f,73,74,2e,65,78,65,20,2d,6b,20,6e,65,74,73,76,63,73,00
"DisplayName"="Windows Management Instrumentation"
"DependOnService"=hex(7):52,50,43,53,53,00,00
"DependOnGroup"=hex(7):00
"ObjectName"="LocalSystem"
"FailureActions"=hex:80,51,01,00,00,00,00,00,00,00,00,00,02,00,00,00,41,00,4d,\
00,01,00,00,00,60,ea,00,00,01,00,00,00,60,ea,00,00
"Description"="Provides a common interface and object model to access management information about operating system, devices, applications and services. If this service is stopped, most Windows-based software will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start."

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\winmgmt\Parameters]
"ServiceDll"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,6d,\
33,32,5c,77,62,65,6d,5c,57,4d,49,73,76,63,2e,64,6c,6c,00
"ServiceMain"="ServiceMain"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\winmgmt\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,60,00,04,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,\
05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,\
00,18,00,fd,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,02,00,00,01,01,\
00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\winmgmt\Enum]
"0"="Root\\LEGACY_WINMGMT\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Winsock]
"ErrorControl"=dword:00000001
"Start"=dword:00000003
"Type"=dword:00000004

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Winsock\Parameters]
"Transports"=hex(7):54,63,70,69,70,00,4e,65,74,42,49,4f,53,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Winsock\Setup Migration]
"Setup Version"=dword:00001009
"Provider List"=hex(7):54,63,70,69,70,00,4e,65,74,42,49,4f,53,00,00
"Known Static Providers"=hex(7):54,63,70,69,70,00,4e,77,6c,6e,6b,49,70,78,00,\
4e,77,6c,6e,6b,53,70,78,00,41,70,70,6c,65,54,61,6c,6b,00,49,73,6f,54,70,00,\
00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Winsock\Setup Migration\Providers]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Winsock\Setup Migration\Providers\NetBIOS]
"WinSock 1.1 Provider Data"=hex:0e,10,00,00,11,00,00,00,14,00,00,00,14,00,00,\
00,05,00,00,00,fd,ff,ff,ff,00,fa,00,00,3a,04,00,00,09,12,00,00,11,00,00,00,\
14,00,00,00,14,00,00,00,02,00,00,00,fd,ff,ff,ff,00,fa,00,00,c4,03,00,00,0e,\
10,00,00,11,00,00,00,14,00,00,00,14,00,00,00,05,00,00,00,00,00,00,80,00,fa,\
00,00,4e,03,00,00,09,12,00,00,11,00,00,00,14,00,00,00,14,00,00,00,02,00,00,\
00,00,00,00,80,00,fa,00,00,d8,02,00,00,0e,10,00,00,11,00,00,00,14,00,00,00,\
14,00,00,00,05,00,00,00,ff,ff,ff,ff,00,fa,00,00,62,02,00,00,09,12,00,00,11,\
00,00,00,14,00,00,00,14,00,00,00,02,00,00,00,ff,ff,ff,ff,00,fa,00,00,ec,01,\
00,00,0e,10,00,00,11,00,00,00,14,00,00,00,14,00,00,00,05,00,00,00,fe,ff,ff,\
ff,00,fa,00,00,76,01,00,00,09,12,00,00,11,00,00,00,14,00,00,00,14,00,00,00,\
02,00,00,00,fe,ff,ff,ff,00,fa,00,00,00,01,00,00,5c,00,44,00,65,00,76,00,69,\
00,63,00,65,00,5c,00,4e,00,65,00,74,00,42,00,54,00,5f,00,54,00,63,00,70,00,\
69,00,70,00,5f,00,7b,00,39,00,35,00,42,00,42,00,43,00,34,00,35,00,35,00,2d,\
00,30,00,43,00,42,00,41,00,2d,00,34,00,45,00,44,00,33,00,2d,00,42,00,39,00,\
44,00,38,00,2d,00,32,00,41,00,46,00,43,00,45,00,31,00,38,00,43,00,34,00,39,\
00,45,00,37,00,7d,00,00,00,5c,00,44,00,65,00,76,00,69,00,63,00,65,00,5c,00,\
4e,00,65,00,74,00,42,00,54,00,5f,00,54,00,63,00,70,00,69,00,70,00,5f,00,7b,\
00,39,00,35,00,42,00,42,00,43,00,34,00,35,00,35,00,2d,00,30,00,43,00,42,00,\
41,00,2d,00,34,00,45,00,44,00,33,00,2d,00,42,00,39,00,44,00,38,00,2d,00,32,\
00,41,00,46,00,43,00,45,00,31,00,38,00,43,00,34,00,39,00,45,00,37,00,7d,00,\
00,00,5c,00,44,00,65,00,76,00,69,00,63,00,65,00,5c,00,4e,00,65,00,74,00,42,\
00,54,00,5f,00,54,00,63,00,70,00,69,00,70,00,5f,00,7b,00,45,00,46,00,41,00,\
41,00,31,00,41,00,32,00,30,00,2d,00,31,00,31,00,33,00,36,00,2d,00,34,00,41,\
00,31,00,33,00,2d,00,41,00,35,00,33,00,43,00,2d,00,42,00,31,00,45,00,34,00,\
45,00,34,00,43,00,35,00,32,00,43,00,42,00,45,00,7d,00,00,00,5c,00,44,00,65,\
00,76,00,69,00,63,00,65,00,5c,00,4e,00,65,00,74,00,42,00,54,00,5f,00,54,00,\
63,00,70,00,69,00,70,00,5f,00,7b,00,45,00,46,00,41,00,41,00,31,00,41,00,32,\
00,30,00,2d,00,31,00,31,00,33,00,36,00,2d,00,34,00,41,00,31,00,33,00,2d,00,\
41,00,35,00,33,00,43,00,2d,00,42,00,31,00,45,00,34,00,45,00,34,00,43,00,35,\
00,32,00,43,00,42,00,45,00,7d,00,00,00,5c,00,44,00,65,00,76,00,69,00,63,00,\
65,00,5c,00,4e,00,65,00,74,00,42,00,54,00,5f,00,54,00,63,00,70,00,69,00,70,\
00,5f,00,7b,00,41,00,45,00,43,00,38,00,31,00,34,00,31,00,31,00,2d,00,42,00,\
45,00,31,00,45,00,2d,00,34,00,44,00,45,00,31,00,2d,00,42,00,42,00,37,00,39,\
00,2d,00,44,00,37,00,39,00,32,00,36,00,31,00,37,00,38,00,32,00,33,00,33,00,\
33,00,7d,00,00,00,5c,00,44,00,65,00,76,00,69,00,63,00,65,00,5c,00,4e,00,65,\
00,74,00,42,00,54,00,5f,00,54,00,63,00,70,00,69,00,70,00,5f,00,7b,00,41,00,\
45,00,43,00,38,00,31,00,34,00,31,00,31,00,2d,00,42,00,45,00,31,00,45,00,2d,\
00,34,00,44,00,45,00,31,00,2d,00,42,00,42,00,37,00,39,00,2d,00,44,00,37,00,\
39,00,32,00,36,00,31,00,37,00,38,00,32,00,33,00,33,00,33,00,7d,00,00,00,5c,\
00,44,00,65,00,76,00,69,00,63,00,65,00,5c,00,4e,00,65,00,74,00,42,00,54,00,\
5f,00,54,00,63,00,70,00,69,00,70,00,5f,00,7b,00,43,00,45,00,35,00,46,00,41,\
00,30,00,44,00,30,00,2d,00,33,00,38,00,34,00,44,00,2d,00,34,00,33,00,38,00,\
37,00,2d,00,39,00,45,00,34,00,37,00,2d,00,44,00,32,00,35,00,31,00,38,00,34,\
00,30,00,33,00,30,00,44,00,39,00,39,00,7d,00,00,00,5c,00,44,00,65,00,76,00,\
69,00,63,00,65,00,5c,00,4e,00,65,00,74,00,42,00,54,00,5f,00,54,00,63,00,70,\
00,69,00,70,00,5f,00,7b,00,43,00,45,00,35,00,46,00,41,00,30,00,44,00,30,00,\
2d,00,33,00,38,00,34,00,44,00,2d,00,34,00,33,00,38,00,37,00,2d,00,39,00,45,\
00,34,00,37,00,2d,00,44,00,32,00,35,00,31,00,38,00,34,00,30,00,33,00,30,00,\
44,00,39,00,39,00,7d,00,00,00
"WinSock 2.0 Provider ID"=hex:30,18,5f,8d,73,c2,cf,11,95,c8,00,80,5f,48,a1,92

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Winsock\Setup Migration\Providers\Tcpip]
"WinSock 2.0 Provider ID"=hex:a0,1a,0f,e7,8b,ab,cf,11,8c,a3,00,80,5f,48,a1,92

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Winsock\Setup Migration\Well Known Guids]
"IsoTp"=hex:b0,cb,e4,89,c1,b9,cf,11,95,c8,00,80,5f,48,a1,92
"McsXns"=hex:b1,cb,e4,89,c1,b9,cf,11,95,c8,00,80,5f,48,a1,92
"AppleTalk"=hex:a0,17,3b,2c,df,c6,cf,11,95,c8,00,80,5f,48,a1,92

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Winsock - Google Desktop Search Backup Before First Install]
"ErrorControl"=dword:00000001
"Start"=dword:00000003
"Type"=dword:00000004

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Winsock - Google Desktop Search Backup Before First Install\Parameters]
"Transports"=hex(7):54,63,70,69,70,00,4e,65,74,42,49,4f,53,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Winsock - Google Desktop Search Backup Before First Install\Setup Migration]
"Setup Version"=dword:00001009
"Provider List"=hex(7):54,63,70,69,70,00,4e,65,74,42,49,4f,53,00,00
"Known Static Providers"=hex(7):54,63,70,69,70,00,4e,77,6c,6e,6b,49,70,78,00,\
4e,77,6c,6e,6b,53,70,78,00,41,70,70,6c,65,54,61,6c,6b,00,49,73,6f,54,70,00,\
00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Winsock - Google Desktop Search Backup Before First Install\Setup Migration\Providers]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Winsock - Google Desktop Search Backup Before First Install\Setup Migration\Providers\NetBIOS]
"WinSock 1.1 Provider Data"=hex:0e,10,00,00,11,00,00,00,14,00,00,00,14,00,00,\
00,05,00,00,00,fd,ff,ff,ff,00,fa,00,00,3a,04,00,00,09,12,00,00,11,00,00,00,\
14,00,00,00,14,00,00,00,02,00,00,00,fd,ff,ff,ff,00,fa,00,00,c4,03,00,00,0e,\
10,00,00,11,00,00,00,14,00,00,00,14,00,00,00,05,00,00,00,00,00,00,80,00,fa,\
00,00,4e,03,00,00,09,12,00,00,11,00,00,00,14,00,00,00,14,00,00,00,02,00,00,\
00,00,00,00,80,00,fa,00,00,d8,02,00,00,0e,10,00,00,11,00,00,00,14,00,00,00,\
14,00,00,00,05,00,00,00,ff,ff,ff,ff,00,fa,00,00,62,02,00,00,09,12,00,00,11,\
00,00,00,14,00,00,00,14,00,00,00,02,00,00,00,ff,ff,ff,ff,00,fa,00,00,ec,01,\
00,00,0e,10,00,00,11,00,00,00,14,00,00,00,14,00,00,00,05,00,00,00,fe,ff,ff,\
ff,00,fa,00,00,76,01,00,00,09,12,00,00,11,00,00,00,14,00,00,00,14,00,00,00,\
02,00,00,00,fe,ff,ff,ff,00,fa,00,00,00,01,00,00,5c,00,44,00,65,00,76,00,69,\
00,63,00,65,00,5c,00,4e,00,65,00,74,00,42,00,54,00,5f,00,54,00,63,00,70,00,\
69,00,70,00,5f,00,7b,00,39,00,35,00,42,00,42,00,43,00,34,00,35,00,35,00,2d,\
00,30,00,43,00,42,00,41,00,2d,00,34,00,45,00,44,00,33,00,2d,00,42,00,39,00,\
44,00,38,00,2d,00,32,00,41,00,46,00,43,00,45,00,31,00,38,00,43,00,34,00,39,\
00,45,00,37,00,7d,00,00,00,5c,00,44,00,65,00,76,00,69,00,63,00,65,00,5c,00,\
4e,00,65,00,74,00,42,00,54,00,5f,00,54,00,63,00,70,00,69,00,70,00,5f,00,7b,\
00,39,00,35,00,42,00,42,00,43,00,34,00,35,00,35,00,2d,00,30,00,43,00,42,00,\
41,00,2d,00,34,00,45,00,44,00,33,00,2d,00,42,00,39,00,44,00,38,00,2d,00,32,\
00,41,00,46,00,43,00,45,00,31,00,38,00,43,00,34,00,39,00,45,00,37,00,7d,00,\
00,00,5c,00,44,00,65,00,76,00,69,00,63,00,65,00,5c,00,4e,00,65,00,74,00,42,\
00,54,00,5f,00,54,00,63,00,70,00,69,00,70,00,5f,00,7b,00,45,00,46,00,41,00,\
41,00,31,00,41,00,32,00,30,00,2d,00,31,00,31,00,33,00,36,00,2d,00,34,00,41,\
brispie
2007-05-24, 00:16
00,31,00,33,00,2d,00,41,00,35,00,33,00,43,00,2d,00,42,00,31,00,45,00,34,00,\
45,00,34,00,43,00,35,00,32,00,43,00,42,00,45,00,7d,00,00,00,5c,00,44,00,65,\
00,76,00,69,00,63,00,65,00,5c,00,4e,00,65,00,74,00,42,00,54,00,5f,00,54,00,\
63,00,70,00,69,00,70,00,5f,00,7b,00,45,00,46,00,41,00,41,00,31,00,41,00,32,\
00,30,00,2d,00,31,00,31,00,33,00,36,00,2d,00,34,00,41,00,31,00,33,00,2d,00,\
41,00,35,00,33,00,43,00,2d,00,42,00,31,00,45,00,34,00,45,00,34,00,43,00,35,\
00,32,00,43,00,42,00,45,00,7d,00,00,00,5c,00,44,00,65,00,76,00,69,00,63,00,\
65,00,5c,00,4e,00,65,00,74,00,42,00,54,00,5f,00,54,00,63,00,70,00,69,00,70,\
00,5f,00,7b,00,41,00,45,00,43,00,38,00,31,00,34,00,31,00,31,00,2d,00,42,00,\
45,00,31,00,45,00,2d,00,34,00,44,00,45,00,31,00,2d,00,42,00,42,00,37,00,39,\
00,2d,00,44,00,37,00,39,00,32,00,36,00,31,00,37,00,38,00,32,00,33,00,33,00,\
33,00,7d,00,00,00,5c,00,44,00,65,00,76,00,69,00,63,00,65,00,5c,00,4e,00,65,\
00,74,00,42,00,54,00,5f,00,54,00,63,00,70,00,69,00,70,00,5f,00,7b,00,41,00,\
45,00,43,00,38,00,31,00,34,00,31,00,31,00,2d,00,42,00,45,00,31,00,45,00,2d,\
00,34,00,44,00,45,00,31,00,2d,00,42,00,42,00,37,00,39,00,2d,00,44,00,37,00,\
39,00,32,00,36,00,31,00,37,00,38,00,32,00,33,00,33,00,33,00,7d,00,00,00,5c,\
00,44,00,65,00,76,00,69,00,63,00,65,00,5c,00,4e,00,65,00,74,00,42,00,54,00,\
5f,00,54,00,63,00,70,00,69,00,70,00,5f,00,7b,00,43,00,45,00,35,00,46,00,41,\
00,30,00,44,00,30,00,2d,00,33,00,38,00,34,00,44,00,2d,00,34,00,33,00,38,00,\
37,00,2d,00,39,00,45,00,34,00,37,00,2d,00,44,00,32,00,35,00,31,00,38,00,34,\
00,30,00,33,00,30,00,44,00,39,00,39,00,7d,00,00,00,5c,00,44,00,65,00,76,00,\
69,00,63,00,65,00,5c,00,4e,00,65,00,74,00,42,00,54,00,5f,00,54,00,63,00,70,\
00,69,00,70,00,5f,00,7b,00,43,00,45,00,35,00,46,00,41,00,30,00,44,00,30,00,\
2d,00,33,00,38,00,34,00,44,00,2d,00,34,00,33,00,38,00,37,00,2d,00,39,00,45,\
00,34,00,37,00,2d,00,44,00,32,00,35,00,31,00,38,00,34,00,30,00,33,00,30,00,\
44,00,39,00,39,00,7d,00,00,00
"WinSock 2.0 Provider ID"=hex:30,18,5f,8d,73,c2,cf,11,95,c8,00,80,5f,48,a1,92

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Winsock - Google Desktop Search Backup Before First Install\Setup Migration\Providers\Tcpip]
"WinSock 2.0 Provider ID"=hex:a0,1a,0f,e7,8b,ab,cf,11,8c,a3,00,80,5f,48,a1,92

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Winsock - Google Desktop Search Backup Before First Install\Setup Migration\Well Known Guids]
"IsoTp"=hex:b0,cb,e4,89,c1,b9,cf,11,95,c8,00,80,5f,48,a1,92
"McsXns"=hex:b1,cb,e4,89,c1,b9,cf,11,95,c8,00,80,5f,48,a1,92
"AppleTalk"=hex:a0,17,3b,2c,df,c6,cf,11,95,c8,00,80,5f,48,a1,92

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Winsock - Google Desktop Search Backup Before Last Install]
"ErrorControl"=dword:00000001
"Start"=dword:00000003
"Type"=dword:00000004

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Winsock - Google Desktop Search Backup Before Last Install\Parameters]
"Transports"=hex(7):54,63,70,69,70,00,4e,65,74,42,49,4f,53,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Winsock - Google Desktop Search Backup Before Last Install\Setup Migration]
"Setup Version"=dword:00001009
"Provider List"=hex(7):54,63,70,69,70,00,4e,65,74,42,49,4f,53,00,00
"Known Static Providers"=hex(7):54,63,70,69,70,00,4e,77,6c,6e,6b,49,70,78,00,\
4e,77,6c,6e,6b,53,70,78,00,41,70,70,6c,65,54,61,6c,6b,00,49,73,6f,54,70,00,\
00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Winsock - Google Desktop Search Backup Before Last Install\Setup Migration\Providers]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Winsock - Google Desktop Search Backup Before Last Install\Setup Migration\Providers\NetBIOS]
"WinSock 1.1 Provider Data"=hex:0e,10,00,00,11,00,00,00,14,00,00,00,14,00,00,\
00,05,00,00,00,fd,ff,ff,ff,00,fa,00,00,3a,04,00,00,09,12,00,00,11,00,00,00,\
14,00,00,00,14,00,00,00,02,00,00,00,fd,ff,ff,ff,00,fa,00,00,c4,03,00,00,0e,\
10,00,00,11,00,00,00,14,00,00,00,14,00,00,00,05,00,00,00,00,00,00,80,00,fa,\
00,00,4e,03,00,00,09,12,00,00,11,00,00,00,14,00,00,00,14,00,00,00,02,00,00,\
00,00,00,00,80,00,fa,00,00,d8,02,00,00,0e,10,00,00,11,00,00,00,14,00,00,00,\
14,00,00,00,05,00,00,00,ff,ff,ff,ff,00,fa,00,00,62,02,00,00,09,12,00,00,11,\
00,00,00,14,00,00,00,14,00,00,00,02,00,00,00,ff,ff,ff,ff,00,fa,00,00,ec,01,\
00,00,0e,10,00,00,11,00,00,00,14,00,00,00,14,00,00,00,05,00,00,00,fe,ff,ff,\
ff,00,fa,00,00,76,01,00,00,09,12,00,00,11,00,00,00,14,00,00,00,14,00,00,00,\
02,00,00,00,fe,ff,ff,ff,00,fa,00,00,00,01,00,00,5c,00,44,00,65,00,76,00,69,\
00,63,00,65,00,5c,00,4e,00,65,00,74,00,42,00,54,00,5f,00,54,00,63,00,70,00,\
69,00,70,00,5f,00,7b,00,39,00,35,00,42,00,42,00,43,00,34,00,35,00,35,00,2d,\
00,30,00,43,00,42,00,41,00,2d,00,34,00,45,00,44,00,33,00,2d,00,42,00,39,00,\
44,00,38,00,2d,00,32,00,41,00,46,00,43,00,45,00,31,00,38,00,43,00,34,00,39,\
00,45,00,37,00,7d,00,00,00,5c,00,44,00,65,00,76,00,69,00,63,00,65,00,5c,00,\
4e,00,65,00,74,00,42,00,54,00,5f,00,54,00,63,00,70,00,69,00,70,00,5f,00,7b,\
00,39,00,35,00,42,00,42,00,43,00,34,00,35,00,35,00,2d,00,30,00,43,00,42,00,\
41,00,2d,00,34,00,45,00,44,00,33,00,2d,00,42,00,39,00,44,00,38,00,2d,00,32,\
00,41,00,46,00,43,00,45,00,31,00,38,00,43,00,34,00,39,00,45,00,37,00,7d,00,\
00,00,5c,00,44,00,65,00,76,00,69,00,63,00,65,00,5c,00,4e,00,65,00,74,00,42,\
00,54,00,5f,00,54,00,63,00,70,00,69,00,70,00,5f,00,7b,00,45,00,46,00,41,00,\
41,00,31,00,41,00,32,00,30,00,2d,00,31,00,31,00,33,00,36,00,2d,00,34,00,41,\
00,31,00,33,00,2d,00,41,00,35,00,33,00,43,00,2d,00,42,00,31,00,45,00,34,00,\
45,00,34,00,43,00,35,00,32,00,43,00,42,00,45,00,7d,00,00,00,5c,00,44,00,65,\
00,76,00,69,00,63,00,65,00,5c,00,4e,00,65,00,74,00,42,00,54,00,5f,00,54,00,\
63,00,70,00,69,00,70,00,5f,00,7b,00,45,00,46,00,41,00,41,00,31,00,41,00,32,\
00,30,00,2d,00,31,00,31,00,33,00,36,00,2d,00,34,00,41,00,31,00,33,00,2d,00,\
41,00,35,00,33,00,43,00,2d,00,42,00,31,00,45,00,34,00,45,00,34,00,43,00,35,\
00,32,00,43,00,42,00,45,00,7d,00,00,00,5c,00,44,00,65,00,76,00,69,00,63,00,\
65,00,5c,00,4e,00,65,00,74,00,42,00,54,00,5f,00,54,00,63,00,70,00,69,00,70,\
00,5f,00,7b,00,41,00,45,00,43,00,38,00,31,00,34,00,31,00,31,00,2d,00,42,00,\
45,00,31,00,45,00,2d,00,34,00,44,00,45,00,31,00,2d,00,42,00,42,00,37,00,39,\
00,2d,00,44,00,37,00,39,00,32,00,36,00,31,00,37,00,38,00,32,00,33,00,33,00,\
33,00,7d,00,00,00,5c,00,44,00,65,00,76,00,69,00,63,00,65,00,5c,00,4e,00,65,\
00,74,00,42,00,54,00,5f,00,54,00,63,00,70,00,69,00,70,00,5f,00,7b,00,41,00,\
45,00,43,00,38,00,31,00,34,00,31,00,31,00,2d,00,42,00,45,00,31,00,45,00,2d,\
00,34,00,44,00,45,00,31,00,2d,00,42,00,42,00,37,00,39,00,2d,00,44,00,37,00,\
39,00,32,00,36,00,31,00,37,00,38,00,32,00,33,00,33,00,33,00,7d,00,00,00,5c,\
00,44,00,65,00,76,00,69,00,63,00,65,00,5c,00,4e,00,65,00,74,00,42,00,54,00,\
5f,00,54,00,63,00,70,00,69,00,70,00,5f,00,7b,00,43,00,45,00,35,00,46,00,41,\
00,30,00,44,00,30,00,2d,00,33,00,38,00,34,00,44,00,2d,00,34,00,33,00,38,00,\
37,00,2d,00,39,00,45,00,34,00,37,00,2d,00,44,00,32,00,35,00,31,00,38,00,34,\
00,30,00,33,00,30,00,44,00,39,00,39,00,7d,00,00,00,5c,00,44,00,65,00,76,00,\
69,00,63,00,65,00,5c,00,4e,00,65,00,74,00,42,00,54,00,5f,00,54,00,63,00,70,\
00,69,00,70,00,5f,00,7b,00,43,00,45,00,35,00,46,00,41,00,30,00,44,00,30,00,\
2d,00,33,00,38,00,34,00,44,00,2d,00,34,00,33,00,38,00,37,00,2d,00,39,00,45,\
00,34,00,37,00,2d,00,44,00,32,00,35,00,31,00,38,00,34,00,30,00,33,00,30,00,\
44,00,39,00,39,00,7d,00,00,00
"WinSock 2.0 Provider ID"=hex:30,18,5f,8d,73,c2,cf,11,95,c8,00,80,5f,48,a1,92












[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Winsock - Google Desktop Search Backup Before Last Install\Setup Migration\Providers\Tcpip]
"WinSock 2.0 Provider ID"=hex:a0,1a,0f,e7,8b,ab,cf,11,8c,a3,00,80,5f,48,a1,92

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Winsock - Google Desktop Search Backup Before Last Install\Setup Migration\Well Known Guids]
"IsoTp"=hex:b0,cb,e4,89,c1,b9,cf,11,95,c8,00,80,5f,48,a1,92
"McsXns"=hex:b1,cb,e4,89,c1,b9,cf,11,95,c8,00,80,5f,48,a1,92
"AppleTalk"=hex:a0,17,3b,2c,df,c6,cf,11,95,c8,00,80,5f,48,a1,92

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters]
"WinSock_Registry_Version"="2.0"
"Current_NameSpace_Catalog"="NameSpace_Catalog5"
"Current_Protocol_Catalog"="Protocol_Catalog9"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\NameSpace_Catalog5]
"Num_Catalog_Entries"=dword:00000003
"Serial_Access_Num"=dword:00000004

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001]
"LibraryPath"="%SystemRoot%\\System32\\mswsock.dll"
"DisplayString"="Tcpip"
"ProviderId"=hex:40,9d,05,22,9e,7e,cf,11,ae,5a,00,aa,00,a7,11,2b
"SupportedNameSpace"=dword:0000000c
"Enabled"=dword:00000001
"Version"=dword:00000000
"StoresServiceClassInfo"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002]
"LibraryPath"="%SystemRoot%\\System32\\winrnr.dll"
"DisplayString"="NTDS"
"ProviderId"=hex:ee,37,26,3b,80,e5,cf,11,a5,55,00,c0,4f,d8,d4,ac
"SupportedNameSpace"=dword:00000020
"Enabled"=dword:00000001
"Version"=dword:00000000
"StoresServiceClassInfo"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003]
"LibraryPath"="%SystemRoot%\\System32\\mswsock.dll"
"DisplayString"="Network Location Awareness (NLA) Namespace"
"ProviderId"=hex:3a,24,42,66,a8,3b,a6,4a,ba,a5,2e,0b,d7,1f,dd,83
"SupportedNameSpace"=dword:0000000f
"Enabled"=dword:00000001
"Version"=dword:00000000
"StoresServiceClassInfo"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9]
"Num_Catalog_Entries"=dword:0000000d
"Next_Catalog_Entry_ID"=dword:00000400
"Serial_Access_Num"=dword:00000008

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000001]
"PackedCatalogItem"=hex:25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,\
6d,33,32,5c,6d,73,77,73,6f,63,6b,2e,64,6c,6c,00,09,2a,86,48,86,f7,0d,01,01,\
05,05,00,30,81,8b,31,0b,30,09,06,03,55,04,06,13,02,5a,41,31,15,30,13,06,03,\
55,04,08,13,0c,57,65,73,74,65,72,6e,20,43,61,70,65,31,14,30,12,06,03,55,04,\
07,13,0b,44,75,72,62,61,6e,76,69,6c,6c,65,31,0f,30,0d,06,03,55,04,0a,13,06,\
54,68,61,77,74,65,31,1d,30,1b,06,03,55,04,0b,13,14,54,68,61,77,74,65,20,43,\
65,72,74,69,66,69,63,61,74,69,6f,6e,31,1f,30,1d,06,03,55,04,03,13,16,54,68,\
61,77,74,65,20,54,69,6d,65,73,74,61,6d,70,69,6e,67,20,43,41,30,1e,17,0d,30,\
33,31,32,30,34,30,30,30,30,30,30,5a,17,0d,31,33,31,32,30,33,32,33,35,39,35,\
39,5a,30,53,31,0b,30,09,06,03,55,04,06,13,02,55,53,31,17,30,15,06,03,55,04,\
0a,13,0e,56,65,72,69,53,69,67,6e,2c,20,49,6e,63,2e,66,00,02,00,00,00,00,00,\
00,00,00,00,00,00,00,00,08,00,00,00,a0,1a,0f,e7,8b,ab,cf,11,8c,a3,00,80,5f,\
48,a1,92,e9,03,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,02,00,00,00,02,00,00,00,10,00,00,\
00,10,00,00,00,01,00,00,00,06,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,4d,00,53,00,41,00,46,00,44,00,20,00,54,00,63,00,70,\
00,69,00,70,00,20,00,5b,00,54,00,43,00,50,00,2f,00,49,00,50,00,5d,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000002]
"PackedCatalogItem"=hex:25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,\
6d,33,32,5c,6d,73,77,73,6f,63,6b,2e,64,6c,6c,00,09,2a,86,48,86,f7,0d,01,01,\
05,05,00,30,81,8b,31,0b,30,09,06,03,55,04,06,13,02,5a,41,31,15,30,13,06,03,\
55,04,08,13,0c,57,65,73,74,65,72,6e,20,43,61,70,65,31,14,30,12,06,03,55,04,\
07,13,0b,44,75,72,62,61,6e,76,69,6c,6c,65,31,0f,30,0d,06,03,55,04,0a,13,06,\
54,68,61,77,74,65,31,1d,30,1b,06,03,55,04,0b,13,14,54,68,61,77,74,65,20,43,\
65,72,74,69,66,69,63,61,74,69,6f,6e,31,1f,30,1d,06,03,55,04,03,13,16,54,68,\
61,77,74,65,20,54,69,6d,65,73,74,61,6d,70,69,6e,67,20,43,41,30,1e,17,0d,30,\
33,31,32,30,34,30,30,30,30,30,30,5a,17,0d,31,33,31,32,30,33,32,33,35,39,35,\
39,5a,30,53,31,0b,30,09,06,03,55,04,06,13,02,55,53,31,17,30,15,06,03,55,04,\
0a,13,0e,56,65,72,69,53,69,67,6e,2c,20,49,6e,63,2e,09,06,02,00,00,00,00,00,\
00,00,00,00,00,00,00,00,08,00,00,00,a0,1a,0f,e7,8b,ab,cf,11,8c,a3,00,80,5f,\
48,a1,92,ea,03,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,02,00,00,00,02,00,00,00,10,00,00,\
00,10,00,00,00,02,00,00,00,11,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
bb,ff,00,00,00,00,00,00,4d,00,53,00,41,00,46,00,44,00,20,00,54,00,63,00,70,\
00,69,00,70,00,20,00,5b,00,55,00,44,00,50,00,2f,00,49,00,50,00,5d,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
brispie
2007-05-24, 00:17
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000003]
"PackedCatalogItem"=hex:25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,\
6d,33,32,5c,6d,73,77,73,6f,63,6b,2e,64,6c,6c,00,09,2a,86,48,86,f7,0d,01,01,\
05,05,00,30,81,8b,31,0b,30,09,06,03,55,04,06,13,02,5a,41,31,15,30,13,06,03,\
55,04,08,13,0c,57,65,73,74,65,72,6e,20,43,61,70,65,31,14,30,12,06,03,55,04,\
07,13,0b,44,75,72,62,61,6e,76,69,6c,6c,65,31,0f,30,0d,06,03,55,04,0a,13,06,\
54,68,61,77,74,65,31,1d,30,1b,06,03,55,04,0b,13,14,54,68,61,77,74,65,20,43,\
65,72,74,69,66,69,63,61,74,69,6f,6e,31,1f,30,1d,06,03,55,04,03,13,16,54,68,\
61,77,74,65,20,54,69,6d,65,73,74,61,6d,70,69,6e,67,20,43,41,30,1e,17,0d,30,\
33,31,32,30,34,30,30,30,30,30,30,5a,17,0d,31,33,31,32,30,33,32,33,35,39,35,\
39,5a,30,53,31,0b,30,09,06,03,55,04,06,13,02,55,53,31,17,30,15,06,03,55,04,\
0a,13,0e,56,65,72,69,53,69,67,6e,2c,20,49,6e,63,2e,09,06,02,00,00,00,00,00,\
00,00,00,00,00,00,00,00,0c,00,00,00,a0,1a,0f,e7,8b,ab,cf,11,8c,a3,00,80,5f,\
48,a1,92,eb,03,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,02,00,00,00,02,00,00,00,10,00,00,\
00,10,00,00,00,03,00,00,00,00,00,00,00,ff,00,00,00,00,00,00,00,00,00,00,00,\
bb,ff,00,00,00,00,00,00,4d,00,53,00,41,00,46,00,44,00,20,00,54,00,63,00,70,\
00,69,00,70,00,20,00,5b,00,52,00,41,00,57,00,2f,00,49,00,50,00,5d,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000004]
"PackedCatalogItem"=hex:25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,\
6d,33,32,5c,72,73,76,70,73,70,2e,64,6c,6c,00,00,09,2a,86,48,86,f7,0d,01,01,\
05,05,00,30,81,8b,31,0b,30,09,06,03,55,04,06,13,02,5a,41,31,15,30,13,06,03,\
55,04,08,13,0c,57,65,73,74,65,72,6e,20,43,61,70,65,31,14,30,12,06,03,55,04,\
07,13,0b,44,75,72,62,61,6e,76,69,6c,6c,65,31,0f,30,0d,06,03,55,04,0a,13,06,\
54,68,61,77,74,65,31,1d,30,1b,06,03,55,04,0b,13,14,54,68,61,77,74,65,20,43,\
65,72,74,69,66,69,63,61,74,69,6f,6e,31,1f,30,1d,06,03,55,04,03,13,16,54,68,\
61,77,74,65,20,54,69,6d,65,73,74,61,6d,70,69,6e,67,20,43,41,30,1e,17,0d,30,\
33,31,32,30,34,30,30,30,30,30,30,5a,17,0d,31,33,31,32,30,33,32,33,35,39,35,\
39,5a,30,53,31,0b,30,09,06,03,55,04,06,13,02,55,53,31,17,30,15,06,03,55,04,\
0a,13,0e,56,65,72,69,53,69,67,6e,2c,20,49,6e,63,2e,09,26,02,00,00,00,00,00,\
00,00,00,00,00,00,00,00,08,00,00,00,e0,a9,60,9d,7a,33,d0,11,bd,88,00,00,c0,\
82,e6,9a,ec,03,00,00,01,00,00,00,84,f8,56,01,7c,f8,56,01,88,f9,56,01,04,a4,\
60,75,f4,0a,00,00,a0,3c,5f,75,b0,f9,56,01,06,00,00,00,02,00,00,00,10,00,00,\
00,10,00,00,00,02,00,00,00,11,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
bb,ff,00,00,00,00,00,00,52,00,53,00,56,00,50,00,20,00,55,00,44,00,50,00,20,\
00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,20,00,50,00,72,00,6f,00,76,00,\
69,00,64,00,65,00,72,00,00,00,01,00,00,00,e4,fb,56,01,01,00,00,00,68,91,29,\
00,00,00,00,00,3d,fb,90,7c,80,f9,56,01,00,00,00,00,00,f9,56,01,6c,fb,90,7c,\
71,fb,90,7c,00,00,00,00,80,f9,56,01,3d,fb,90,7c,dc,f8,56,01,2c,f9,56,01,48,\
f9,56,01,18,ee,90,7c,78,fb,90,7c,ff,ff,ff,ff,71,fb,90,7c,18,6a,dd,77,51,6a,\
dd,77,b8,3c,5f,75,24,0b,00,00,24,0b,00,00,88,01,1c,00,24,0b,00,00,80,f9,56,\
01,40,00,00,00,00,00,00,00,00,00,00,00,08,00,08,00,b8,3c,5f,75,5c,00,44,00,\
65,00,76,00,69,00,63,00,65,00,5c,00,4e,00,65,00,74,00,42,00,54,00,5f,00,54,\
00,63,00,70,00,69,00,70,00,00,00,96,15,91,7c,eb,06,91,7c,0e,00,07,80,0c,9e,\
28,00,f0,f9,28,00,19,00,02,00,28,fa,56,01,0c,00,00,00,08,00,08,00,12,56,00,\
00,a8,f9,56,01,fe,a4,60,75,f4,0a,00,00,a0,3c,5f,75,b0,f9,56,01,92,d5,90,7c,\
cc,6b,dd,77,24,0b,00,00,00,00,00,00,b8,f9,56,01,74,6c,dd,77,c0,f9,56,01,40,\
fc,56,01,07,89,61,75,00,00,00,00,f0,f9,28,00,00,00,00,00,b2,8a,61,75,5e,6b,\
dd,77,a0,04,00,00,f4,f9,56,01,00,00,00,00,19,00,02,00,48,fa,56,01,b8,8d,5f,\
75,48,fa,56,01,00,00,00,00,00,00,c3,00,4c,fa,56,01,96,15,91,7c,eb,06,91,7c,\
01,00,00,00,58,fd,56,01,96,15,91,7c,eb,06,91,7c,00,00,00,00,00,00,00,00,58,\
00,00,00,eb,06,91,7c,01,00,00,00,58,fd,56,01,01,00,00,00,00,00,00,00,28,00,\
00,00,d0,41,e5,02,d4,f1,56,01,00,00,00,00,70,9a,cd,01,88,bc,e5,02,00,00,00,\
00,00,00,00,00,45,00,4d,00,5c,00,43,00,75,00,72,00,72,00,65,00,0c,00,00,00,\
1c,00,00,00,88,01,1c,00,b8,01,1c,00,96,15,91,7c,96,15,91,7c

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000005]
"PackedCatalogItem"=hex:25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,\
6d,33,32,5c,72,73,76,70,73,70,2e,64,6c,6c,00,00,09,2a,86,48,86,f7,0d,01,01,\
05,05,00,30,81,8b,31,0b,30,09,06,03,55,04,06,13,02,5a,41,31,15,30,13,06,03,\
55,04,08,13,0c,57,65,73,74,65,72,6e,20,43,61,70,65,31,14,30,12,06,03,55,04,\
07,13,0b,44,75,72,62,61,6e,76,69,6c,6c,65,31,0f,30,0d,06,03,55,04,0a,13,06,\
54,68,61,77,74,65,31,1d,30,1b,06,03,55,04,0b,13,14,54,68,61,77,74,65,20,43,\
65,72,74,69,66,69,63,61,74,69,6f,6e,31,1f,30,1d,06,03,55,04,03,13,16,54,68,\
61,77,74,65,20,54,69,6d,65,73,74,61,6d,70,69,6e,67,20,43,41,30,1e,17,0d,30,\
33,31,32,30,34,30,30,30,30,30,30,5a,17,0d,31,33,31,32,30,33,32,33,35,39,35,\
39,5a,30,53,31,0b,30,09,06,03,55,04,06,13,02,55,53,31,17,30,15,06,03,55,04,\
0a,13,0e,56,65,72,69,53,69,67,6e,2c,20,49,6e,63,2e,66,20,02,00,00,00,00,00,\
00,00,00,00,00,00,00,00,08,00,00,00,e0,a9,60,9d,7a,33,d0,11,bd,88,00,00,c0,\
82,e6,9a,ed,03,00,00,01,00,00,00,88,01,1c,00,00,00,1c,00,00,00,c3,00,00,00,\
00,00,8c,fb,56,01,5c,0d,91,7c,00,00,1c,00,06,00,00,00,02,00,00,00,10,00,00,\
00,10,00,00,00,01,00,00,00,06,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,52,00,53,00,56,00,50,00,20,00,54,00,43,00,50,00,20,\
00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,20,00,50,00,72,00,6f,00,76,00,\
69,00,64,00,65,00,72,00,00,00,18,9a,28,00,00,00,00,00,10,00,00,00,50,fb,56,\
01,88,01,1c,00,40,00,00,00,d8,c4,a9,01,e8,01,1c,00,f4,fb,56,01,10,9a,28,00,\
68,fb,56,01,46,0f,91,7c,02,00,00,00,08,00,00,00,00,00,1c,00,00,00,c3,00,00,\
00,00,00,3c,fc,56,01,5c,0d,91,7c,00,00,1c,00,91,0e,91,7c,08,06,1c,00,6d,05,\
91,7c,b8,99,28,00,00,00,00,00,b8,99,28,00,00,00,c3,00,01,00,00,00,b0,99,28,\
00,02,00,00,00,e8,01,1c,00,80,bc,e5,02,0b,6e,60,75,b8,99,28,00,f8,fb,56,01,\
25,c2,60,75,88,bc,e5,02,00,00,00,00,c8,0b,1d,00,14,00,00,00,60,fa,28,00,40,\
00,00,00,58,ae,dd,02,0c,00,00,00,e8,01,1c,00,00,c0,0a,18,60,00,00,00,88,01,\
1c,00,20,9a,28,00,10,00,00,00,b0,99,28,00,5c,01,1c,00,00,00,00,00,61,a8,91,\
7c,02,00,00,00,f0,03,1c,00,00,00,1c,00,00,00,1c,00,d4,99,28,00,60,00,00,00,\
00,00,00,00,00,00,00,00,00,00,01,01,3d,fb,90,7c,00,00,00,00,bc,e7,90,7c,86,\
d5,90,7c,00,00,1c,00,e8,e4,28,00,00,00,00,00,10,fd,56,01,5c,0d,91,7c,00,00,\
1c,00,91,0e,91,7c,08,06,1c,00,6d,05,91,7c,94,a8,e1,02,00,00,00,00,90,41,ce,\
01,00,00,c3,00,c0,d7,dd,77,e8,e4,28,00,00,00,00,00,00,00,00,00,f4,0a,00,00,\
00,00,00,00,f0,e4,28,00,00,00,00,00,00,00,00,00,00,00,00,00,f4,0a,00,00,dc,\
fc,56,01,f8,e8,f1,02,f4,0a,00,00,b8,fc,56,01,03,00,00,00,f0,e4,28,00,f0,03,\
1c,00,94,a8,e1,02,78,02,00,00,90,41,ce,01,0c,00,0e,00,3c,56,5f,75,00,00,00,\
00,ac,fc,56,01,90,41,ce,01,00,00,00,00,94,a8,e1,02,04,fd,56,01,6c,fb,90,7c,\
71,fb,90,7c,94,a8,e1,02,00,00,00,00,90,41,ce,01,e0,fc,56,01

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000006]
"PackedCatalogItem"=hex:25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,\
6d,33,32,5c,6d,73,77,73,6f,63,6b,2e,64,6c,6c,00,09,2a,86,48,86,f7,0d,01,01,\
05,05,00,30,81,8b,31,0b,30,09,06,03,55,04,06,13,02,5a,41,31,15,30,13,06,03,\
55,04,08,13,0c,57,65,73,74,65,72,6e,20,43,61,70,65,31,14,30,12,06,03,55,04,\
07,13,0b,44,75,72,62,61,6e,76,69,6c,6c,65,31,0f,30,0d,06,03,55,04,0a,13,06,\
54,68,61,77,74,65,31,1d,30,1b,06,03,55,04,0b,13,14,54,68,61,77,74,65,20,43,\
65,72,74,69,66,69,63,61,74,69,6f,6e,31,1f,30,1d,06,03,55,04,03,13,16,54,68,\
61,77,74,65,20,54,69,6d,65,73,74,61,6d,70,69,6e,67,20,43,41,30,1e,17,0d,30,\
33,31,32,30,34,30,30,30,30,30,30,5a,17,0d,31,33,31,32,30,33,32,33,35,39,35,\
39,5a,30,53,31,0b,30,09,06,03,55,04,06,13,02,55,53,31,17,30,15,06,03,55,04,\
0a,13,0e,56,65,72,69,53,69,67,6e,2c,20,49,6e,63,2e,0e,00,02,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,30,18,5f,8d,73,c2,cf,11,95,c8,00,80,5f,\
48,a1,92,f8,03,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,02,00,00,00,11,00,00,00,14,00,00,\
00,14,00,00,00,05,00,00,00,fd,ff,ff,ff,00,00,00,00,00,00,00,00,00,00,00,00,\
00,fa,00,00,00,00,00,00,4d,00,53,00,41,00,46,00,44,00,20,00,4e,00,65,00,74,\
00,42,00,49,00,4f,00,53,00,20,00,5b,00,5c,00,44,00,65,00,76,00,69,00,63,00,\
65,00,5c,00,4e,00,65,00,74,00,42,00,54,00,5f,00,54,00,63,00,70,00,69,00,70,\
00,5f,00,7b,00,43,00,45,00,35,00,46,00,41,00,30,00,44,00,30,00,2d,00,33,00,\
38,00,34,00,44,00,2d,00,34,00,33,00,38,00,37,00,2d,00,39,00,45,00,34,00,37,\
00,2d,00,44,00,32,00,35,00,31,00,38,00,34,00,30,00,33,00,30,00,44,00,39,00,\
39,00,7d,00,5d,00,20,00,53,00,45,00,51,00,50,00,41,00,43,00,4b,00,45,00,54,\
00,20,00,33,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000007]
"PackedCatalogItem"=hex:25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,\
6d,33,32,5c,6d,73,77,73,6f,63,6b,2e,64,6c,6c,00,09,2a,86,48,86,f7,0d,01,01,\
05,05,00,30,81,8b,31,0b,30,09,06,03,55,04,06,13,02,5a,41,31,15,30,13,06,03,\
55,04,08,13,0c,57,65,73,74,65,72,6e,20,43,61,70,65,31,14,30,12,06,03,55,04,\
07,13,0b,44,75,72,62,61,6e,76,69,6c,6c,65,31,0f,30,0d,06,03,55,04,0a,13,06,\
54,68,61,77,74,65,31,1d,30,1b,06,03,55,04,0b,13,14,54,68,61,77,74,65,20,43,\
65,72,74,69,66,69,63,61,74,69,6f,6e,31,1f,30,1d,06,03,55,04,03,13,16,54,68,\
61,77,74,65,20,54,69,6d,65,73,74,61,6d,70,69,6e,67,20,43,41,30,1e,17,0d,30,\
33,31,32,30,34,30,30,30,30,30,30,5a,17,0d,31,33,31,32,30,33,32,33,35,39,35,\
39,5a,30,53,31,0b,30,09,06,03,55,04,06,13,02,55,53,31,17,30,15,06,03,55,04,\
0a,13,0e,56,65,72,69,53,69,67,6e,2c,20,49,6e,63,2e,09,02,02,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,30,18,5f,8d,73,c2,cf,11,95,c8,00,80,5f,\
48,a1,92,f9,03,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,02,00,00,00,11,00,00,00,14,00,00,\
00,14,00,00,00,02,00,00,00,fd,ff,ff,ff,00,00,00,00,00,00,00,00,00,00,00,00,\
00,fa,00,00,00,00,00,00,4d,00,53,00,41,00,46,00,44,00,20,00,4e,00,65,00,74,\
00,42,00,49,00,4f,00,53,00,20,00,5b,00,5c,00,44,00,65,00,76,00,69,00,63,00,\
65,00,5c,00,4e,00,65,00,74,00,42,00,54,00,5f,00,54,00,63,00,70,00,69,00,70,\
00,5f,00,7b,00,43,00,45,00,35,00,46,00,41,00,30,00,44,00,30,00,2d,00,33,00,\
38,00,34,00,44,00,2d,00,34,00,33,00,38,00,37,00,2d,00,39,00,45,00,34,00,37,\
00,2d,00,44,00,32,00,35,00,31,00,38,00,34,00,30,00,33,00,30,00,44,00,39,00,\
39,00,7d,00,5d,00,20,00,44,00,41,00,54,00,41,00,47,00,52,00,41,00,4d,00,20,\
00,33,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
brispie
2007-05-24, 00:18
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000008]
"PackedCatalogItem"=hex:25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,\
6d,33,32,5c,6d,73,77,73,6f,63,6b,2e,64,6c,6c,00,09,2a,86,48,86,f7,0d,01,01,\
05,05,00,30,81,8b,31,0b,30,09,06,03,55,04,06,13,02,5a,41,31,15,30,13,06,03,\
55,04,08,13,0c,57,65,73,74,65,72,6e,20,43,61,70,65,31,14,30,12,06,03,55,04,\
07,13,0b,44,75,72,62,61,6e,76,69,6c,6c,65,31,0f,30,0d,06,03,55,04,0a,13,06,\
54,68,61,77,74,65,31,1d,30,1b,06,03,55,04,0b,13,14,54,68,61,77,74,65,20,43,\
65,72,74,69,66,69,63,61,74,69,6f,6e,31,1f,30,1d,06,03,55,04,03,13,16,54,68,\
61,77,74,65,20,54,69,6d,65,73,74,61,6d,70,69,6e,67,20,43,41,30,1e,17,0d,30,\
33,31,32,30,34,30,30,30,30,30,30,5a,17,0d,31,33,31,32,30,33,32,33,35,39,35,\
39,5a,30,53,31,0b,30,09,06,03,55,04,06,13,02,55,53,31,17,30,15,06,03,55,04,\
0a,13,0e,56,65,72,69,53,69,67,6e,2c,20,49,6e,63,2e,0e,00,02,00,00,00,00,00,\
00,00,00,00,00,00,00,00,08,00,00,00,30,18,5f,8d,73,c2,cf,11,95,c8,00,80,5f,\
48,a1,92,fa,03,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,02,00,00,00,11,00,00,00,14,00,00,\
00,14,00,00,00,05,00,00,00,00,00,00,80,00,00,00,00,00,00,00,00,00,00,00,00,\
00,fa,00,00,00,00,00,00,4d,00,53,00,41,00,46,00,44,00,20,00,4e,00,65,00,74,\
00,42,00,49,00,4f,00,53,00,20,00,5b,00,5c,00,44,00,65,00,76,00,69,00,63,00,\
65,00,5c,00,4e,00,65,00,74,00,42,00,54,00,5f,00,54,00,63,00,70,00,69,00,70,\
00,5f,00,7b,00,41,00,45,00,43,00,38,00,31,00,34,00,31,00,31,00,2d,00,42,00,\
45,00,31,00,45,00,2d,00,34,00,44,00,45,00,31,00,2d,00,42,00,42,00,37,00,39,\
00,2d,00,44,00,37,00,39,00,32,00,36,00,31,00,37,00,38,00,32,00,33,00,33,00,\
33,00,7d,00,5d,00,20,00,53,00,45,00,51,00,50,00,41,00,43,00,4b,00,45,00,54,\
00,20,00,30,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000009]
"PackedCatalogItem"=hex:25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,\
6d,33,32,5c,6d,73,77,73,6f,63,6b,2e,64,6c,6c,00,09,2a,86,48,86,f7,0d,01,01,\
05,05,00,30,81,8b,31,0b,30,09,06,03,55,04,06,13,02,5a,41,31,15,30,13,06,03,\
55,04,08,13,0c,57,65,73,74,65,72,6e,20,43,61,70,65,31,14,30,12,06,03,55,04,\
07,13,0b,44,75,72,62,61,6e,76,69,6c,6c,65,31,0f,30,0d,06,03,55,04,0a,13,06,\
54,68,61,77,74,65,31,1d,30,1b,06,03,55,04,0b,13,14,54,68,61,77,74,65,20,43,\
65,72,74,69,66,69,63,61,74,69,6f,6e,31,1f,30,1d,06,03,55,04,03,13,16,54,68,\
61,77,74,65,20,54,69,6d,65,73,74,61,6d,70,69,6e,67,20,43,41,30,1e,17,0d,30,\
33,31,32,30,34,30,30,30,30,30,30,5a,17,0d,31,33,31,32,30,33,32,33,35,39,35,\
39,5a,30,53,31,0b,30,09,06,03,55,04,06,13,02,55,53,31,17,30,15,06,03,55,04,\
0a,13,0e,56,65,72,69,53,69,67,6e,2c,20,49,6e,63,2e,09,02,02,00,00,00,00,00,\
00,00,00,00,00,00,00,00,08,00,00,00,30,18,5f,8d,73,c2,cf,11,95,c8,00,80,5f,\
48,a1,92,fb,03,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,02,00,00,00,11,00,00,00,14,00,00,\
00,14,00,00,00,02,00,00,00,00,00,00,80,00,00,00,00,00,00,00,00,00,00,00,00,\
00,fa,00,00,00,00,00,00,4d,00,53,00,41,00,46,00,44,00,20,00,4e,00,65,00,74,\
00,42,00,49,00,4f,00,53,00,20,00,5b,00,5c,00,44,00,65,00,76,00,69,00,63,00,\
65,00,5c,00,4e,00,65,00,74,00,42,00,54,00,5f,00,54,00,63,00,70,00,69,00,70,\
00,5f,00,7b,00,41,00,45,00,43,00,38,00,31,00,34,00,31,00,31,00,2d,00,42,00,\
45,00,31,00,45,00,2d,00,34,00,44,00,45,00,31,00,2d,00,42,00,42,00,37,00,39,\
00,2d,00,44,00,37,00,39,00,32,00,36,00,31,00,37,00,38,00,32,00,33,00,33,00,\
33,00,7d,00,5d,00,20,00,44,00,41,00,54,00,41,00,47,00,52,00,41,00,4d,00,20,\
00,30,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00







[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000010]
"PackedCatalogItem"=hex:25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,\
6d,33,32,5c,6d,73,77,73,6f,63,6b,2e,64,6c,6c,00,09,2a,86,48,86,f7,0d,01,01,\
05,05,00,30,81,8b,31,0b,30,09,06,03,55,04,06,13,02,5a,41,31,15,30,13,06,03,\
55,04,08,13,0c,57,65,73,74,65,72,6e,20,43,61,70,65,31,14,30,12,06,03,55,04,\
07,13,0b,44,75,72,62,61,6e,76,69,6c,6c,65,31,0f,30,0d,06,03,55,04,0a,13,06,\
54,68,61,77,74,65,31,1d,30,1b,06,03,55,04,0b,13,14,54,68,61,77,74,65,20,43,\
65,72,74,69,66,69,63,61,74,69,6f,6e,31,1f,30,1d,06,03,55,04,03,13,16,54,68,\
61,77,74,65,20,54,69,6d,65,73,74,61,6d,70,69,6e,67,20,43,41,30,1e,17,0d,30,\
33,31,32,30,34,30,30,30,30,30,30,5a,17,0d,31,33,31,32,30,33,32,33,35,39,35,\
39,5a,30,53,31,0b,30,09,06,03,55,04,06,13,02,55,53,31,17,30,15,06,03,55,04,\
0a,13,0e,56,65,72,69,53,69,67,6e,2c,20,49,6e,63,2e,0e,00,02,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,30,18,5f,8d,73,c2,cf,11,95,c8,00,80,5f,\
48,a1,92,fc,03,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,02,00,00,00,11,00,00,00,14,00,00,\
00,14,00,00,00,05,00,00,00,ff,ff,ff,ff,00,00,00,00,00,00,00,00,00,00,00,00,\
00,fa,00,00,00,00,00,00,4d,00,53,00,41,00,46,00,44,00,20,00,4e,00,65,00,74,\
00,42,00,49,00,4f,00,53,00,20,00,5b,00,5c,00,44,00,65,00,76,00,69,00,63,00,\
65,00,5c,00,4e,00,65,00,74,00,42,00,54,00,5f,00,54,00,63,00,70,00,69,00,70,\
00,5f,00,7b,00,45,00,46,00,41,00,41,00,31,00,41,00,32,00,30,00,2d,00,31,00,\
31,00,33,00,36,00,2d,00,34,00,41,00,31,00,33,00,2d,00,41,00,35,00,33,00,43,\
00,2d,00,42,00,31,00,45,00,34,00,45,00,34,00,43,00,35,00,32,00,43,00,42,00,\
45,00,7d,00,5d,00,20,00,53,00,45,00,51,00,50,00,41,00,43,00,4b,00,45,00,54,\
00,20,00,31,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000011]
"PackedCatalogItem"=hex:25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,\
6d,33,32,5c,6d,73,77,73,6f,63,6b,2e,64,6c,6c,00,09,2a,86,48,86,f7,0d,01,01,\
05,05,00,30,81,8b,31,0b,30,09,06,03,55,04,06,13,02,5a,41,31,15,30,13,06,03,\
55,04,08,13,0c,57,65,73,74,65,72,6e,20,43,61,70,65,31,14,30,12,06,03,55,04,\
07,13,0b,44,75,72,62,61,6e,76,69,6c,6c,65,31,0f,30,0d,06,03,55,04,0a,13,06,\
54,68,61,77,74,65,31,1d,30,1b,06,03,55,04,0b,13,14,54,68,61,77,74,65,20,43,\
65,72,74,69,66,69,63,61,74,69,6f,6e,31,1f,30,1d,06,03,55,04,03,13,16,54,68,\
61,77,74,65,20,54,69,6d,65,73,74,61,6d,70,69,6e,67,20,43,41,30,1e,17,0d,30,\
33,31,32,30,34,30,30,30,30,30,30,5a,17,0d,31,33,31,32,30,33,32,33,35,39,35,\
39,5a,30,53,31,0b,30,09,06,03,55,04,06,13,02,55,53,31,17,30,15,06,03,55,04,\
0a,13,0e,56,65,72,69,53,69,67,6e,2c,20,49,6e,63,2e,09,02,02,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,30,18,5f,8d,73,c2,cf,11,95,c8,00,80,5f,\
48,a1,92,fd,03,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,02,00,00,00,11,00,00,00,14,00,00,\
00,14,00,00,00,02,00,00,00,ff,ff,ff,ff,00,00,00,00,00,00,00,00,00,00,00,00,\
00,fa,00,00,00,00,00,00,4d,00,53,00,41,00,46,00,44,00,20,00,4e,00,65,00,74,\
00,42,00,49,00,4f,00,53,00,20,00,5b,00,5c,00,44,00,65,00,76,00,69,00,63,00,\
65,00,5c,00,4e,00,65,00,74,00,42,00,54,00,5f,00,54,00,63,00,70,00,69,00,70,\
00,5f,00,7b,00,45,00,46,00,41,00,41,00,31,00,41,00,32,00,30,00,2d,00,31,00,\
31,00,33,00,36,00,2d,00,34,00,41,00,31,00,33,00,2d,00,41,00,35,00,33,00,43,\
00,2d,00,42,00,31,00,45,00,34,00,45,00,34,00,43,00,35,00,32,00,43,00,42,00,\
45,00,7d,00,5d,00,20,00,44,00,41,00,54,00,41,00,47,00,52,00,41,00,4d,00,20,\
00,31,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000012]
"PackedCatalogItem"=hex:25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,\
6d,33,32,5c,6d,73,77,73,6f,63,6b,2e,64,6c,6c,00,09,2a,86,48,86,f7,0d,01,01,\
05,05,00,30,81,8b,31,0b,30,09,06,03,55,04,06,13,02,5a,41,31,15,30,13,06,03,\
55,04,08,13,0c,57,65,73,74,65,72,6e,20,43,61,70,65,31,14,30,12,06,03,55,04,\
07,13,0b,44,75,72,62,61,6e,76,69,6c,6c,65,31,0f,30,0d,06,03,55,04,0a,13,06,\
54,68,61,77,74,65,31,1d,30,1b,06,03,55,04,0b,13,14,54,68,61,77,74,65,20,43,\
65,72,74,69,66,69,63,61,74,69,6f,6e,31,1f,30,1d,06,03,55,04,03,13,16,54,68,\
61,77,74,65,20,54,69,6d,65,73,74,61,6d,70,69,6e,67,20,43,41,30,1e,17,0d,30,\
33,31,32,30,34,30,30,30,30,30,30,5a,17,0d,31,33,31,32,30,33,32,33,35,39,35,\
39,5a,30,53,31,0b,30,09,06,03,55,04,06,13,02,55,53,31,17,30,15,06,03,55,04,\
0a,13,0e,56,65,72,69,53,69,67,6e,2c,20,49,6e,63,2e,0e,00,02,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,30,18,5f,8d,73,c2,cf,11,95,c8,00,80,5f,\
48,a1,92,fe,03,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,02,00,00,00,11,00,00,00,14,00,00,\
00,14,00,00,00,05,00,00,00,fe,ff,ff,ff,00,00,00,00,00,00,00,00,00,00,00,00,\
00,fa,00,00,00,00,00,00,4d,00,53,00,41,00,46,00,44,00,20,00,4e,00,65,00,74,\
00,42,00,49,00,4f,00,53,00,20,00,5b,00,5c,00,44,00,65,00,76,00,69,00,63,00,\
65,00,5c,00,4e,00,65,00,74,00,42,00,54,00,5f,00,54,00,63,00,70,00,69,00,70,\
00,5f,00,7b,00,39,00,35,00,42,00,42,00,43,00,34,00,35,00,35,00,2d,00,30,00,\
43,00,42,00,41,00,2d,00,34,00,45,00,44,00,33,00,2d,00,42,00,39,00,44,00,38,\
00,2d,00,32,00,41,00,46,00,43,00,45,00,31,00,38,00,43,00,34,00,39,00,45,00,\
37,00,7d,00,5d,00,20,00,53,00,45,00,51,00,50,00,41,00,43,00,4b,00,45,00,54,\
00,20,00,32,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000013]
"PackedCatalogItem"=hex:25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,\
6d,33,32,5c,6d,73,77,73,6f,63,6b,2e,64,6c,6c,00,09,2a,86,48,86,f7,0d,01,01,\
05,05,00,30,81,8b,31,0b,30,09,06,03,55,04,06,13,02,5a,41,31,15,30,13,06,03,\
55,04,08,13,0c,57,65,73,74,65,72,6e,20,43,61,70,65,31,14,30,12,06,03,55,04,\
07,13,0b,44,75,72,62,61,6e,76,69,6c,6c,65,31,0f,30,0d,06,03,55,04,0a,13,06,\
54,68,61,77,74,65,31,1d,30,1b,06,03,55,04,0b,13,14,54,68,61,77,74,65,20,43,\
65,72,74,69,66,69,63,61,74,69,6f,6e,31,1f,30,1d,06,03,55,04,03,13,16,54,68,\
61,77,74,65,20,54,69,6d,65,73,74,61,6d,70,69,6e,67,20,43,41,30,1e,17,0d,30,\
33,31,32,30,34,30,30,30,30,30,30,5a,17,0d,31,33,31,32,30,33,32,33,35,39,35,\
39,5a,30,53,31,0b,30,09,06,03,55,04,06,13,02,55,53,31,17,30,15,06,03,55,04,\
0a,13,0e,56,65,72,69,53,69,67,6e,2c,20,49,6e,63,2e,09,02,02,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,30,18,5f,8d,73,c2,cf,11,95,c8,00,80,5f,\
48,a1,92,ff,03,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,02,00,00,00,11,00,00,00,14,00,00,\
00,14,00,00,00,02,00,00,00,fe,ff,ff,ff,00,00,00,00,00,00,00,00,00,00,00,00,\
00,fa,00,00,00,00,00,00,4d,00,53,00,41,00,46,00,44,00,20,00,4e,00,65,00,74,\
00,42,00,49,00,4f,00,53,00,20,00,5b,00,5c,00,44,00,65,00,76,00,69,00,63,00,\
65,00,5c,00,4e,00,65,00,74,00,42,00,54,00,5f,00,54,00,63,00,70,00,69,00,70,\
00,5f,00,7b,00,39,00,35,00,42,00,42,00,43,00,34,00,35,00,35,00,2d,00,30,00,\
43,00,42,00,41,00,2d,00,34,00,45,00,44,00,33,00,2d,00,42,00,39,00,44,00,38,\
00,2d,00,32,00,41,00,46,00,43,00,45,00,31,00,38,00,43,00,34,00,39,00,45,00,\
37,00,7d,00,5d,00,20,00,44,00,41,00,54,00,41,00,47,00,52,00,41,00,4d,00,20,\
00,32,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Winsock2 - Google Desktop Search Backup Before First Install]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Winsock2 - Google Desktop Search Backup Before First Install\Parameters]
"WinSock_Registry_Version"="2.0"
"Current_NameSpace_Catalog"="NameSpace_Catalog5"
"Current_Protocol_Catalog"="Protocol_Catalog9"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Winsock2 - Google Desktop Search Backup Before First Install\Parameters\NameSpace_Catalog5]
"Num_Catalog_Entries"=dword:00000003
"Serial_Access_Num"=dword:00000004

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Winsock2 - Google Desktop Search Backup Before First Install\Parameters\NameSpace_Catalog5\Catalog_Entries]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Winsock2 - Google Desktop Search Backup Before First Install\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001]
"LibraryPath"="%SystemRoot%\\System32\\mswsock.dll"
"DisplayString"="Tcpip"
"ProviderId"=hex:40,9d,05,22,9e,7e,cf,11,ae,5a,00,aa,00,a7,11,2b
"SupportedNameSpace"=dword:0000000c
"Enabled"=dword:00000001
"Version"=dword:00000000
"StoresServiceClassInfo"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Winsock2 - Google Desktop Search Backup Before First Install\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002]
"LibraryPath"="%SystemRoot%\\System32\\winrnr.dll"
"DisplayString"="NTDS"
"ProviderId"=hex:ee,37,26,3b,80,e5,cf,11,a5,55,00,c0,4f,d8,d4,ac
"SupportedNameSpace"=dword:00000020
"Enabled"=dword:00000001
"Version"=dword:00000000
"StoresServiceClassInfo"=dword:00000001
brispie
2007-05-24, 00:19
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Winsock2 - Google Desktop Search Backup Before First Install\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003]
"LibraryPath"="%SystemRoot%\\System32\\mswsock.dll"
"DisplayString"="Network Location Awareness (NLA) Namespace"
"ProviderId"=hex:3a,24,42,66,a8,3b,a6,4a,ba,a5,2e,0b,d7,1f,dd,83
"SupportedNameSpace"=dword:0000000f
"Enabled"=dword:00000001
"Version"=dword:00000000
"StoresServiceClassInfo"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Winsock2 - Google Desktop Search Backup Before First Install\Parameters\Protocol_Catalog9]
"Num_Catalog_Entries"=dword:0000000d
"Next_Catalog_Entry_ID"=dword:00000400
"Serial_Access_Num"=dword:00000008

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Winsock2 - Google Desktop Search Backup Before First Install\Parameters\Protocol_Catalog9\Catalog_Entries]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Winsock2 - Google Desktop Search Backup Before First Install\Parameters\Protocol_Catalog9\Catalog_Entries\000000000001]
"PackedCatalogItem"=hex:25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,\
6d,33,32,5c,6d,73,77,73,6f,63,6b,2e,64,6c,6c,00,09,2a,86,48,86,f7,0d,01,01,\
05,05,00,30,81,8b,31,0b,30,09,06,03,55,04,06,13,02,5a,41,31,15,30,13,06,03,\
55,04,08,13,0c,57,65,73,74,65,72,6e,20,43,61,70,65,31,14,30,12,06,03,55,04,\
07,13,0b,44,75,72,62,61,6e,76,69,6c,6c,65,31,0f,30,0d,06,03,55,04,0a,13,06,\
54,68,61,77,74,65,31,1d,30,1b,06,03,55,04,0b,13,14,54,68,61,77,74,65,20,43,\
65,72,74,69,66,69,63,61,74,69,6f,6e,31,1f,30,1d,06,03,55,04,03,13,16,54,68,\
61,77,74,65,20,54,69,6d,65,73,74,61,6d,70,69,6e,67,20,43,41,30,1e,17,0d,30,\
33,31,32,30,34,30,30,30,30,30,30,5a,17,0d,31,33,31,32,30,33,32,33,35,39,35,\
39,5a,30,53,31,0b,30,09,06,03,55,04,06,13,02,55,53,31,17,30,15,06,03,55,04,\
0a,13,0e,56,65,72,69,53,69,67,6e,2c,20,49,6e,63,2e,66,00,02,00,00,00,00,00,\
00,00,00,00,00,00,00,00,08,00,00,00,a0,1a,0f,e7,8b,ab,cf,11,8c,a3,00,80,5f,\
48,a1,92,e9,03,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,02,00,00,00,02,00,00,00,10,00,00,\
00,10,00,00,00,01,00,00,00,06,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,4d,00,53,00,41,00,46,00,44,00,20,00,54,00,63,00,70,\
00,69,00,70,00,20,00,5b,00,54,00,43,00,50,00,2f,00,49,00,50,00,5d,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Winsock2 - Google Desktop Search Backup Before First Install\Parameters\Protocol_Catalog9\Catalog_Entries\000000000002]
"PackedCatalogItem"=hex:25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,\
6d,33,32,5c,6d,73,77,73,6f,63,6b,2e,64,6c,6c,00,09,2a,86,48,86,f7,0d,01,01,\
05,05,00,30,81,8b,31,0b,30,09,06,03,55,04,06,13,02,5a,41,31,15,30,13,06,03,\
55,04,08,13,0c,57,65,73,74,65,72,6e,20,43,61,70,65,31,14,30,12,06,03,55,04,\
07,13,0b,44,75,72,62,61,6e,76,69,6c,6c,65,31,0f,30,0d,06,03,55,04,0a,13,06,\
54,68,61,77,74,65,31,1d,30,1b,06,03,55,04,0b,13,14,54,68,61,77,74,65,20,43,\
65,72,74,69,66,69,63,61,74,69,6f,6e,31,1f,30,1d,06,03,55,04,03,13,16,54,68,\
61,77,74,65,20,54,69,6d,65,73,74,61,6d,70,69,6e,67,20,43,41,30,1e,17,0d,30,\
33,31,32,30,34,30,30,30,30,30,30,5a,17,0d,31,33,31,32,30,33,32,33,35,39,35,\
39,5a,30,53,31,0b,30,09,06,03,55,04,06,13,02,55,53,31,17,30,15,06,03,55,04,\
0a,13,0e,56,65,72,69,53,69,67,6e,2c,20,49,6e,63,2e,09,06,02,00,00,00,00,00,\
00,00,00,00,00,00,00,00,08,00,00,00,a0,1a,0f,e7,8b,ab,cf,11,8c,a3,00,80,5f,\
48,a1,92,ea,03,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,02,00,00,00,02,00,00,00,10,00,00,\
00,10,00,00,00,02,00,00,00,11,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
bb,ff,00,00,00,00,00,00,4d,00,53,00,41,00,46,00,44,00,20,00,54,00,63,00,70,\
00,69,00,70,00,20,00,5b,00,55,00,44,00,50,00,2f,00,49,00,50,00,5d,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Winsock2 - Google Desktop Search Backup Before First Install\Parameters\Protocol_Catalog9\Catalog_Entries\000000000003]
"PackedCatalogItem"=hex:25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,\
6d,33,32,5c,6d,73,77,73,6f,63,6b,2e,64,6c,6c,00,09,2a,86,48,86,f7,0d,01,01,\
05,05,00,30,81,8b,31,0b,30,09,06,03,55,04,06,13,02,5a,41,31,15,30,13,06,03,\
55,04,08,13,0c,57,65,73,74,65,72,6e,20,43,61,70,65,31,14,30,12,06,03,55,04,\
07,13,0b,44,75,72,62,61,6e,76,69,6c,6c,65,31,0f,30,0d,06,03,55,04,0a,13,06,\
54,68,61,77,74,65,31,1d,30,1b,06,03,55,04,0b,13,14,54,68,61,77,74,65,20,43,\
65,72,74,69,66,69,63,61,74,69,6f,6e,31,1f,30,1d,06,03,55,04,03,13,16,54,68,\
61,77,74,65,20,54,69,6d,65,73,74,61,6d,70,69,6e,67,20,43,41,30,1e,17,0d,30,\
33,31,32,30,34,30,30,30,30,30,30,5a,17,0d,31,33,31,32,30,33,32,33,35,39,35,\
39,5a,30,53,31,0b,30,09,06,03,55,04,06,13,02,55,53,31,17,30,15,06,03,55,04,\
0a,13,0e,56,65,72,69,53,69,67,6e,2c,20,49,6e,63,2e,09,06,02,00,00,00,00,00,\
00,00,00,00,00,00,00,00,0c,00,00,00,a0,1a,0f,e7,8b,ab,cf,11,8c,a3,00,80,5f,\
48,a1,92,eb,03,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,02,00,00,00,02,00,00,00,10,00,00,\
00,10,00,00,00,03,00,00,00,00,00,00,00,ff,00,00,00,00,00,00,00,00,00,00,00,\
bb,ff,00,00,00,00,00,00,4d,00,53,00,41,00,46,00,44,00,20,00,54,00,63,00,70,\
00,69,00,70,00,20,00,5b,00,52,00,41,00,57,00,2f,00,49,00,50,00,5d,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Winsock2 - Google Desktop Search Backup Before First Install\Parameters\Protocol_Catalog9\Catalog_Entries\000000000004]
"PackedCatalogItem"=hex:25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,\
6d,33,32,5c,72,73,76,70,73,70,2e,64,6c,6c,00,00,09,2a,86,48,86,f7,0d,01,01,\
05,05,00,30,81,8b,31,0b,30,09,06,03,55,04,06,13,02,5a,41,31,15,30,13,06,03,\
55,04,08,13,0c,57,65,73,74,65,72,6e,20,43,61,70,65,31,14,30,12,06,03,55,04,\
07,13,0b,44,75,72,62,61,6e,76,69,6c,6c,65,31,0f,30,0d,06,03,55,04,0a,13,06,\
54,68,61,77,74,65,31,1d,30,1b,06,03,55,04,0b,13,14,54,68,61,77,74,65,20,43,\
65,72,74,69,66,69,63,61,74,69,6f,6e,31,1f,30,1d,06,03,55,04,03,13,16,54,68,\
61,77,74,65,20,54,69,6d,65,73,74,61,6d,70,69,6e,67,20,43,41,30,1e,17,0d,30,\
33,31,32,30,34,30,30,30,30,30,30,5a,17,0d,31,33,31,32,30,33,32,33,35,39,35,\
39,5a,30,53,31,0b,30,09,06,03,55,04,06,13,02,55,53,31,17,30,15,06,03,55,04,\
0a,13,0e,56,65,72,69,53,69,67,6e,2c,20,49,6e,63,2e,09,26,02,00,00,00,00,00,\
00,00,00,00,00,00,00,00,08,00,00,00,e0,a9,60,9d,7a,33,d0,11,bd,88,00,00,c0,\
82,e6,9a,ec,03,00,00,01,00,00,00,84,f8,56,01,7c,f8,56,01,88,f9,56,01,04,a4,\
60,75,f4,0a,00,00,a0,3c,5f,75,b0,f9,56,01,06,00,00,00,02,00,00,00,10,00,00,\
00,10,00,00,00,02,00,00,00,11,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
bb,ff,00,00,00,00,00,00,52,00,53,00,56,00,50,00,20,00,55,00,44,00,50,00,20,\
00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,20,00,50,00,72,00,6f,00,76,00,\
69,00,64,00,65,00,72,00,00,00,01,00,00,00,e4,fb,56,01,01,00,00,00,68,91,29,\
00,00,00,00,00,3d,fb,90,7c,80,f9,56,01,00,00,00,00,00,f9,56,01,6c,fb,90,7c,\
71,fb,90,7c,00,00,00,00,80,f9,56,01,3d,fb,90,7c,dc,f8,56,01,2c,f9,56,01,48,\
f9,56,01,18,ee,90,7c,78,fb,90,7c,ff,ff,ff,ff,71,fb,90,7c,18,6a,dd,77,51,6a,\
dd,77,b8,3c,5f,75,24,0b,00,00,24,0b,00,00,88,01,1c,00,24,0b,00,00,80,f9,56,\
01,40,00,00,00,00,00,00,00,00,00,00,00,08,00,08,00,b8,3c,5f,75,5c,00,44,00,\
65,00,76,00,69,00,63,00,65,00,5c,00,4e,00,65,00,74,00,42,00,54,00,5f,00,54,\
00,63,00,70,00,69,00,70,00,00,00,96,15,91,7c,eb,06,91,7c,0e,00,07,80,0c,9e,\
28,00,f0,f9,28,00,19,00,02,00,28,fa,56,01,0c,00,00,00,08,00,08,00,12,56,00,\
00,a8,f9,56,01,fe,a4,60,75,f4,0a,00,00,a0,3c,5f,75,b0,f9,56,01,92,d5,90,7c,\
cc,6b,dd,77,24,0b,00,00,00,00,00,00,b8,f9,56,01,74,6c,dd,77,c0,f9,56,01,40,\
fc,56,01,07,89,61,75,00,00,00,00,f0,f9,28,00,00,00,00,00,b2,8a,61,75,5e,6b,\
dd,77,a0,04,00,00,f4,f9,56,01,00,00,00,00,19,00,02,00,48,fa,56,01,b8,8d,5f,\
75,48,fa,56,01,00,00,00,00,00,00,c3,00,4c,fa,56,01,96,15,91,7c,eb,06,91,7c,\
01,00,00,00,58,fd,56,01,96,15,91,7c,eb,06,91,7c,00,00,00,00,00,00,00,00,58,\
00,00,00,eb,06,91,7c,01,00,00,00,58,fd,56,01,01,00,00,00,00,00,00,00,28,00,\
00,00,d0,41,e5,02,d4,f1,56,01,00,00,00,00,70,9a,cd,01,88,bc,e5,02,00,00,00,\
00,00,00,00,00,45,00,4d,00,5c,00,43,00,75,00,72,00,72,00,65,00,0c,00,00,00,\
1c,00,00,00,88,01,1c,00,b8,01,1c,00,96,15,91,7c,96,15,91,7c

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Winsock2 - Google Desktop Search Backup Before First Install\Parameters\Protocol_Catalog9\Catalog_Entries\000000000005]
"PackedCatalogItem"=hex:25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,\
6d,33,32,5c,72,73,76,70,73,70,2e,64,6c,6c,00,00,09,2a,86,48,86,f7,0d,01,01,\
05,05,00,30,81,8b,31,0b,30,09,06,03,55,04,06,13,02,5a,41,31,15,30,13,06,03,\
55,04,08,13,0c,57,65,73,74,65,72,6e,20,43,61,70,65,31,14,30,12,06,03,55,04,\
07,13,0b,44,75,72,62,61,6e,76,69,6c,6c,65,31,0f,30,0d,06,03,55,04,0a,13,06,\
54,68,61,77,74,65,31,1d,30,1b,06,03,55,04,0b,13,14,54,68,61,77,74,65,20,43,\
65,72,74,69,66,69,63,61,74,69,6f,6e,31,1f,30,1d,06,03,55,04,03,13,16,54,68,\
61,77,74,65,20,54,69,6d,65,73,74,61,6d,70,69,6e,67,20,43,41,30,1e,17,0d,30,\
33,31,32,30,34,30,30,30,30,30,30,5a,17,0d,31,33,31,32,30,33,32,33,35,39,35,\
39,5a,30,53,31,0b,30,09,06,03,55,04,06,13,02,55,53,31,17,30,15,06,03,55,04,\
0a,13,0e,56,65,72,69,53,69,67,6e,2c,20,49,6e,63,2e,66,20,02,00,00,00,00,00,\
00,00,00,00,00,00,00,00,08,00,00,00,e0,a9,60,9d,7a,33,d0,11,bd,88,00,00,c0,\
82,e6,9a,ed,03,00,00,01,00,00,00,88,01,1c,00,00,00,1c,00,00,00,c3,00,00,00,\
00,00,8c,fb,56,01,5c,0d,91,7c,00,00,1c,00,06,00,00,00,02,00,00,00,10,00,00,\
00,10,00,00,00,01,00,00,00,06,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,52,00,53,00,56,00,50,00,20,00,54,00,43,00,50,00,20,\
00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,20,00,50,00,72,00,6f,00,76,00,\
69,00,64,00,65,00,72,00,00,00,18,9a,28,00,00,00,00,00,10,00,00,00,50,fb,56,\
01,88,01,1c,00,40,00,00,00,d8,c4,a9,01,e8,01,1c,00,f4,fb,56,01,10,9a,28,00,\
68,fb,56,01,46,0f,91,7c,02,00,00,00,08,00,00,00,00,00,1c,00,00,00,c3,00,00,\
00,00,00,3c,fc,56,01,5c,0d,91,7c,00,00,1c,00,91,0e,91,7c,08,06,1c,00,6d,05,\
91,7c,b8,99,28,00,00,00,00,00,b8,99,28,00,00,00,c3,00,01,00,00,00,b0,99,28,\
00,02,00,00,00,e8,01,1c,00,80,bc,e5,02,0b,6e,60,75,b8,99,28,00,f8,fb,56,01,\
25,c2,60,75,88,bc,e5,02,00,00,00,00,c8,0b,1d,00,14,00,00,00,60,fa,28,00,40,\
00,00,00,58,ae,dd,02,0c,00,00,00,e8,01,1c,00,00,c0,0a,18,60,00,00,00,88,01,\
1c,00,20,9a,28,00,10,00,00,00,b0,99,28,00,5c,01,1c,00,00,00,00,00,61,a8,91,\
7c,02,00,00,00,f0,03,1c,00,00,00,1c,00,00,00,1c,00,d4,99,28,00,60,00,00,00,\
00,00,00,00,00,00,00,00,00,00,01,01,3d,fb,90,7c,00,00,00,00,bc,e7,90,7c,86,\
d5,90,7c,00,00,1c,00,e8,e4,28,00,00,00,00,00,10,fd,56,01,5c,0d,91,7c,00,00,\
1c,00,91,0e,91,7c,08,06,1c,00,6d,05,91,7c,94,a8,e1,02,00,00,00,00,90,41,ce,\
01,00,00,c3,00,c0,d7,dd,77,e8,e4,28,00,00,00,00,00,00,00,00,00,f4,0a,00,00,\
00,00,00,00,f0,e4,28,00,00,00,00,00,00,00,00,00,00,00,00,00,f4,0a,00,00,dc,\
fc,56,01,f8,e8,f1,02,f4,0a,00,00,b8,fc,56,01,03,00,00,00,f0,e4,28,00,f0,03,\
1c,00,94,a8,e1,02,78,02,00,00,90,41,ce,01,0c,00,0e,00,3c,56,5f,75,00,00,00,\
00,ac,fc,56,01,90,41,ce,01,00,00,00,00,94,a8,e1,02,04,fd,56,01,6c,fb,90,7c,\
71,fb,90,7c,94,a8,e1,02,00,00,00,00,90,41,ce,01,e0,fc,56,01

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Winsock2 - Google Desktop Search Backup Before First Install\Parameters\Protocol_Catalog9\Catalog_Entries\000000000006]
"PackedCatalogItem"=hex:25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,\
6d,33,32,5c,6d,73,77,73,6f,63,6b,2e,64,6c,6c,00,09,2a,86,48,86,f7,0d,01,01,\
05,05,00,30,81,8b,31,0b,30,09,06,03,55,04,06,13,02,5a,41,31,15,30,13,06,03,\
55,04,08,13,0c,57,65,73,74,65,72,6e,20,43,61,70,65,31,14,30,12,06,03,55,04,\
07,13,0b,44,75,72,62,61,6e,76,69,6c,6c,65,31,0f,30,0d,06,03,55,04,0a,13,06,\
54,68,61,77,74,65,31,1d,30,1b,06,03,55,04,0b,13,14,54,68,61,77,74,65,20,43,\
65,72,74,69,66,69,63,61,74,69,6f,6e,31,1f,30,1d,06,03,55,04,03,13,16,54,68,\
61,77,74,65,20,54,69,6d,65,73,74,61,6d,70,69,6e,67,20,43,41,30,1e,17,0d,30,\
33,31,32,30,34,30,30,30,30,30,30,5a,17,0d,31,33,31,32,30,33,32,33,35,39,35,\
39,5a,30,53,31,0b,30,09,06,03,55,04,06,13,02,55,53,31,17,30,15,06,03,55,04,\
0a,13,0e,56,65,72,69,53,69,67,6e,2c,20,49,6e,63,2e,0e,00,02,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,30,18,5f,8d,73,c2,cf,11,95,c8,00,80,5f,\
48,a1,92,f8,03,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,02,00,00,00,11,00,00,00,14,00,00,\
00,14,00,00,00,05,00,00,00,fd,ff,ff,ff,00,00,00,00,00,00,00,00,00,00,00,00,\
00,fa,00,00,00,00,00,00,4d,00,53,00,41,00,46,00,44,00,20,00,4e,00,65,00,74,\
00,42,00,49,00,4f,00,53,00,20,00,5b,00,5c,00,44,00,65,00,76,00,69,00,63,00,\
65,00,5c,00,4e,00,65,00,74,00,42,00,54,00,5f,00,54,00,63,00,70,00,69,00,70,\
00,5f,00,7b,00,43,00,45,00,35,00,46,00,41,00,30,00,44,00,30,00,2d,00,33,00,\
38,00,34,00,44,00,2d,00,34,00,33,00,38,00,37,00,2d,00,39,00,45,00,34,00,37,\
00,2d,00,44,00,32,00,35,00,31,00,38,00,34,00,30,00,33,00,30,00,44,00,39,00,\
39,00,7d,00,5d,00,20,00,53,00,45,00,51,00,50,00,41,00,43,00,4b,00,45,00,54,\
00,20,00,33,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
brispie
2007-05-24, 00:21
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Winsock2 - Google Desktop Search Backup Before First Install\Parameters\Protocol_Catalog9\Catalog_Entries\000000000007]
"PackedCatalogItem"=hex:25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,\
6d,33,32,5c,6d,73,77,73,6f,63,6b,2e,64,6c,6c,00,09,2a,86,48,86,f7,0d,01,01,\
05,05,00,30,81,8b,31,0b,30,09,06,03,55,04,06,13,02,5a,41,31,15,30,13,06,03,\
55,04,08,13,0c,57,65,73,74,65,72,6e,20,43,61,70,65,31,14,30,12,06,03,55,04,\
07,13,0b,44,75,72,62,61,6e,76,69,6c,6c,65,31,0f,30,0d,06,03,55,04,0a,13,06,\
54,68,61,77,74,65,31,1d,30,1b,06,03,55,04,0b,13,14,54,68,61,77,74,65,20,43,\
65,72,74,69,66,69,63,61,74,69,6f,6e,31,1f,30,1d,06,03,55,04,03,13,16,54,68,\
61,77,74,65,20,54,69,6d,65,73,74,61,6d,70,69,6e,67,20,43,41,30,1e,17,0d,30,\
33,31,32,30,34,30,30,30,30,30,30,5a,17,0d,31,33,31,32,30,33,32,33,35,39,35,\
39,5a,30,53,31,0b,30,09,06,03,55,04,06,13,02,55,53,31,17,30,15,06,03,55,04,\
0a,13,0e,56,65,72,69,53,69,67,6e,2c,20,49,6e,63,2e,09,02,02,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,30,18,5f,8d,73,c2,cf,11,95,c8,00,80,5f,\
48,a1,92,f9,03,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,02,00,00,00,11,00,00,00,14,00,00,\
00,14,00,00,00,02,00,00,00,fd,ff,ff,ff,00,00,00,00,00,00,00,00,00,00,00,00,\
00,fa,00,00,00,00,00,00,4d,00,53,00,41,00,46,00,44,00,20,00,4e,00,65,00,74,\
00,42,00,49,00,4f,00,53,00,20,00,5b,00,5c,00,44,00,65,00,76,00,69,00,63,00,\
65,00,5c,00,4e,00,65,00,74,00,42,00,54,00,5f,00,54,00,63,00,70,00,69,00,70,\
00,5f,00,7b,00,43,00,45,00,35,00,46,00,41,00,30,00,44,00,30,00,2d,00,33,00,\
38,00,34,00,44,00,2d,00,34,00,33,00,38,00,37,00,2d,00,39,00,45,00,34,00,37,\
00,2d,00,44,00,32,00,35,00,31,00,38,00,34,00,30,00,33,00,30,00,44,00,39,00,\
39,00,7d,00,5d,00,20,00,44,00,41,00,54,00,41,00,47,00,52,00,41,00,4d,00,20,\
00,33,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Winsock2 - Google Desktop Search Backup Before First Install\Parameters\Protocol_Catalog9\Catalog_Entries\000000000008]
"PackedCatalogItem"=hex:25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,\
6d,33,32,5c,6d,73,77,73,6f,63,6b,2e,64,6c,6c,00,09,2a,86,48,86,f7,0d,01,01,\
05,05,00,30,81,8b,31,0b,30,09,06,03,55,04,06,13,02,5a,41,31,15,30,13,06,03,\
55,04,08,13,0c,57,65,73,74,65,72,6e,20,43,61,70,65,31,14,30,12,06,03,55,04,\
07,13,0b,44,75,72,62,61,6e,76,69,6c,6c,65,31,0f,30,0d,06,03,55,04,0a,13,06,\
54,68,61,77,74,65,31,1d,30,1b,06,03,55,04,0b,13,14,54,68,61,77,74,65,20,43,\
65,72,74,69,66,69,63,61,74,69,6f,6e,31,1f,30,1d,06,03,55,04,03,13,16,54,68,\
61,77,74,65,20,54,69,6d,65,73,74,61,6d,70,69,6e,67,20,43,41,30,1e,17,0d,30,\
33,31,32,30,34,30,30,30,30,30,30,5a,17,0d,31,33,31,32,30,33,32,33,35,39,35,\
39,5a,30,53,31,0b,30,09,06,03,55,04,06,13,02,55,53,31,17,30,15,06,03,55,04,\
0a,13,0e,56,65,72,69,53,69,67,6e,2c,20,49,6e,63,2e,0e,00,02,00,00,00,00,00,\
00,00,00,00,00,00,00,00,08,00,00,00,30,18,5f,8d,73,c2,cf,11,95,c8,00,80,5f,\
48,a1,92,fa,03,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,02,00,00,00,11,00,00,00,14,00,00,\
00,14,00,00,00,05,00,00,00,00,00,00,80,00,00,00,00,00,00,00,00,00,00,00,00,\
00,fa,00,00,00,00,00,00,4d,00,53,00,41,00,46,00,44,00,20,00,4e,00,65,00,74,\
00,42,00,49,00,4f,00,53,00,20,00,5b,00,5c,00,44,00,65,00,76,00,69,00,63,00,\
65,00,5c,00,4e,00,65,00,74,00,42,00,54,00,5f,00,54,00,63,00,70,00,69,00,70,\
00,5f,00,7b,00,41,00,45,00,43,00,38,00,31,00,34,00,31,00,31,00,2d,00,42,00,\
45,00,31,00,45,00,2d,00,34,00,44,00,45,00,31,00,2d,00,42,00,42,00,37,00,39,\
00,2d,00,44,00,37,00,39,00,32,00,36,00,31,00,37,00,38,00,32,00,33,00,33,00,\
33,00,7d,00,5d,00,20,00,53,00,45,00,51,00,50,00,41,00,43,00,4b,00,45,00,54,\
00,20,00,30,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Winsock2 - Google Desktop Search Backup Before First Install\Parameters\Protocol_Catalog9\Catalog_Entries\000000000009]
"PackedCatalogItem"=hex:25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,\
6d,33,32,5c,6d,73,77,73,6f,63,6b,2e,64,6c,6c,00,09,2a,86,48,86,f7,0d,01,01,\
05,05,00,30,81,8b,31,0b,30,09,06,03,55,04,06,13,02,5a,41,31,15,30,13,06,03,\
55,04,08,13,0c,57,65,73,74,65,72,6e,20,43,61,70,65,31,14,30,12,06,03,55,04,\
07,13,0b,44,75,72,62,61,6e,76,69,6c,6c,65,31,0f,30,0d,06,03,55,04,0a,13,06,\
54,68,61,77,74,65,31,1d,30,1b,06,03,55,04,0b,13,14,54,68,61,77,74,65,20,43,\
65,72,74,69,66,69,63,61,74,69,6f,6e,31,1f,30,1d,06,03,55,04,03,13,16,54,68,\
61,77,74,65,20,54,69,6d,65,73,74,61,6d,70,69,6e,67,20,43,41,30,1e,17,0d,30,\
33,31,32,30,34,30,30,30,30,30,30,5a,17,0d,31,33,31,32,30,33,32,33,35,39,35,\
39,5a,30,53,31,0b,30,09,06,03,55,04,06,13,02,55,53,31,17,30,15,06,03,55,04,\
0a,13,0e,56,65,72,69,53,69,67,6e,2c,20,49,6e,63,2e,09,02,02,00,00,00,00,00,\
00,00,00,00,00,00,00,00,08,00,00,00,30,18,5f,8d,73,c2,cf,11,95,c8,00,80,5f,\
48,a1,92,fb,03,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,02,00,00,00,11,00,00,00,14,00,00,\
00,14,00,00,00,02,00,00,00,00,00,00,80,00,00,00,00,00,00,00,00,00,00,00,00,\
00,fa,00,00,00,00,00,00,4d,00,53,00,41,00,46,00,44,00,20,00,4e,00,65,00,74,\
00,42,00,49,00,4f,00,53,00,20,00,5b,00,5c,00,44,00,65,00,76,00,69,00,63,00,\
65,00,5c,00,4e,00,65,00,74,00,42,00,54,00,5f,00,54,00,63,00,70,00,69,00,70,\
00,5f,00,7b,00,41,00,45,00,43,00,38,00,31,00,34,00,31,00,31,00,2d,00,42,00,\
45,00,31,00,45,00,2d,00,34,00,44,00,45,00,31,00,2d,00,42,00,42,00,37,00,39,\
00,2d,00,44,00,37,00,39,00,32,00,36,00,31,00,37,00,38,00,32,00,33,00,33,00,\
33,00,7d,00,5d,00,20,00,44,00,41,00,54,00,41,00,47,00,52,00,41,00,4d,00,20,\
00,30,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Winsock2 - Google Desktop Search Backup Before First Install\Parameters\Protocol_Catalog9\Catalog_Entries\000000000010]
"PackedCatalogItem"=hex:25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,\
6d,33,32,5c,6d,73,77,73,6f,63,6b,2e,64,6c,6c,00,09,2a,86,48,86,f7,0d,01,01,\
05,05,00,30,81,8b,31,0b,30,09,06,03,55,04,06,13,02,5a,41,31,15,30,13,06,03,\
55,04,08,13,0c,57,65,73,74,65,72,6e,20,43,61,70,65,31,14,30,12,06,03,55,04,\
07,13,0b,44,75,72,62,61,6e,76,69,6c,6c,65,31,0f,30,0d,06,03,55,04,0a,13,06,\
54,68,61,77,74,65,31,1d,30,1b,06,03,55,04,0b,13,14,54,68,61,77,74,65,20,43,\
65,72,74,69,66,69,63,61,74,69,6f,6e,31,1f,30,1d,06,03,55,04,03,13,16,54,68,\
61,77,74,65,20,54,69,6d,65,73,74,61,6d,70,69,6e,67,20,43,41,30,1e,17,0d,30,\
33,31,32,30,34,30,30,30,30,30,30,5a,17,0d,31,33,31,32,30,33,32,33,35,39,35,\
39,5a,30,53,31,0b,30,09,06,03,55,04,06,13,02,55,53,31,17,30,15,06,03,55,04,\
0a,13,0e,56,65,72,69,53,69,67,6e,2c,20,49,6e,63,2e,0e,00,02,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,30,18,5f,8d,73,c2,cf,11,95,c8,00,80,5f,\
48,a1,92,fc,03,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,02,00,00,00,11,00,00,00,14,00,00,\
00,14,00,00,00,05,00,00,00,ff,ff,ff,ff,00,00,00,00,00,00,00,00,00,00,00,00,\
00,fa,00,00,00,00,00,00,4d,00,53,00,41,00,46,00,44,00,20,00,4e,00,65,00,74,\
00,42,00,49,00,4f,00,53,00,20,00,5b,00,5c,00,44,00,65,00,76,00,69,00,63,00,\
65,00,5c,00,4e,00,65,00,74,00,42,00,54,00,5f,00,54,00,63,00,70,00,69,00,70,\
00,5f,00,7b,00,45,00,46,00,41,00,41,00,31,00,41,00,32,00,30,00,2d,00,31,00,\
31,00,33,00,36,00,2d,00,34,00,41,00,31,00,33,00,2d,00,41,00,35,00,33,00,43,\
00,2d,00,42,00,31,00,45,00,34,00,45,00,34,00,43,00,35,00,32,00,43,00,42,00,\
45,00,7d,00,5d,00,20,00,53,00,45,00,51,00,50,00,41,00,43,00,4b,00,45,00,54,\
00,20,00,31,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Winsock2 - Google Desktop Search Backup Before First Install\Parameters\Protocol_Catalog9\Catalog_Entries\000000000011]
"PackedCatalogItem"=hex:25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,\
6d,33,32,5c,6d,73,77,73,6f,63,6b,2e,64,6c,6c,00,09,2a,86,48,86,f7,0d,01,01,\
05,05,00,30,81,8b,31,0b,30,09,06,03,55,04,06,13,02,5a,41,31,15,30,13,06,03,\
55,04,08,13,0c,57,65,73,74,65,72,6e,20,43,61,70,65,31,14,30,12,06,03,55,04,\
07,13,0b,44,75,72,62,61,6e,76,69,6c,6c,65,31,0f,30,0d,06,03,55,04,0a,13,06,\
54,68,61,77,74,65,31,1d,30,1b,06,03,55,04,0b,13,14,54,68,61,77,74,65,20,43,\
65,72,74,69,66,69,63,61,74,69,6f,6e,31,1f,30,1d,06,03,55,04,03,13,16,54,68,\
61,77,74,65,20,54,69,6d,65,73,74,61,6d,70,69,6e,67,20,43,41,30,1e,17,0d,30,\
33,31,32,30,34,30,30,30,30,30,30,5a,17,0d,31,33,31,32,30,33,32,33,35,39,35,\
39,5a,30,53,31,0b,30,09,06,03,55,04,06,13,02,55,53,31,17,30,15,06,03,55,04,\
0a,13,0e,56,65,72,69,53,69,67,6e,2c,20,49,6e,63,2e,09,02,02,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,30,18,5f,8d,73,c2,cf,11,95,c8,00,80,5f,\
48,a1,92,fd,03,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,02,00,00,00,11,00,00,00,14,00,00,\
00,14,00,00,00,02,00,00,00,ff,ff,ff,ff,00,00,00,00,00,00,00,00,00,00,00,00,\
00,fa,00,00,00,00,00,00,4d,00,53,00,41,00,46,00,44,00,20,00,4e,00,65,00,74,\
00,42,00,49,00,4f,00,53,00,20,00,5b,00,5c,00,44,00,65,00,76,00,69,00,63,00,\
65,00,5c,00,4e,00,65,00,74,00,42,00,54,00,5f,00,54,00,63,00,70,00,69,00,70,\
00,5f,00,7b,00,45,00,46,00,41,00,41,00,31,00,41,00,32,00,30,00,2d,00,31,00,\
31,00,33,00,36,00,2d,00,34,00,41,00,31,00,33,00,2d,00,41,00,35,00,33,00,43,\
00,2d,00,42,00,31,00,45,00,34,00,45,00,34,00,43,00,35,00,32,00,43,00,42,00,\
45,00,7d,00,5d,00,20,00,44,00,41,00,54,00,41,00,47,00,52,00,41,00,4d,00,20,\
00,31,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Winsock2 - Google Desktop Search Backup Before First Install\Parameters\Protocol_Catalog9\Catalog_Entries\000000000012]
"PackedCatalogItem"=hex:25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,\
6d,33,32,5c,6d,73,77,73,6f,63,6b,2e,64,6c,6c,00,09,2a,86,48,86,f7,0d,01,01,\
05,05,00,30,81,8b,31,0b,30,09,06,03,55,04,06,13,02,5a,41,31,15,30,13,06,03,\
55,04,08,13,0c,57,65,73,74,65,72,6e,20,43,61,70,65,31,14,30,12,06,03,55,04,\
07,13,0b,44,75,72,62,61,6e,76,69,6c,6c,65,31,0f,30,0d,06,03,55,04,0a,13,06,\
54,68,61,77,74,65,31,1d,30,1b,06,03,55,04,0b,13,14,54,68,61,77,74,65,20,43,\
65,72,74,69,66,69,63,61,74,69,6f,6e,31,1f,30,1d,06,03,55,04,03,13,16,54,68,\
61,77,74,65,20,54,69,6d,65,73,74,61,6d,70,69,6e,67,20,43,41,30,1e,17,0d,30,\
33,31,32,30,34,30,30,30,30,30,30,5a,17,0d,31,33,31,32,30,33,32,33,35,39,35,\
39,5a,30,53,31,0b,30,09,06,03,55,04,06,13,02,55,53,31,17,30,15,06,03,55,04,\
0a,13,0e,56,65,72,69,53,69,67,6e,2c,20,49,6e,63,2e,0e,00,02,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,30,18,5f,8d,73,c2,cf,11,95,c8,00,80,5f,\
48,a1,92,fe,03,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,02,00,00,00,11,00,00,00,14,00,00,\
00,14,00,00,00,05,00,00,00,fe,ff,ff,ff,00,00,00,00,00,00,00,00,00,00,00,00,\
00,fa,00,00,00,00,00,00,4d,00,53,00,41,00,46,00,44,00,20,00,4e,00,65,00,74,\
00,42,00,49,00,4f,00,53,00,20,00,5b,00,5c,00,44,00,65,00,76,00,69,00,63,00,\
65,00,5c,00,4e,00,65,00,74,00,42,00,54,00,5f,00,54,00,63,00,70,00,69,00,70,\
00,5f,00,7b,00,39,00,35,00,42,00,42,00,43,00,34,00,35,00,35,00,2d,00,30,00,\
43,00,42,00,41,00,2d,00,34,00,45,00,44,00,33,00,2d,00,42,00,39,00,44,00,38,\
00,2d,00,32,00,41,00,46,00,43,00,45,00,31,00,38,00,43,00,34,00,39,00,45,00,\
37,00,7d,00,5d,00,20,00,53,00,45,00,51,00,50,00,41,00,43,00,4b,00,45,00,54,\
00,20,00,32,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
brispie
2007-05-24, 00:21
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Winsock2 - Google Desktop Search Backup Before First Install\Parameters\Protocol_Catalog9\Catalog_Entries\000000000013]
"PackedCatalogItem"=hex:25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,\
6d,33,32,5c,6d,73,77,73,6f,63,6b,2e,64,6c,6c,00,09,2a,86,48,86,f7,0d,01,01,\
05,05,00,30,81,8b,31,0b,30,09,06,03,55,04,06,13,02,5a,41,31,15,30,13,06,03,\
55,04,08,13,0c,57,65,73,74,65,72,6e,20,43,61,70,65,31,14,30,12,06,03,55,04,\
07,13,0b,44,75,72,62,61,6e,76,69,6c,6c,65,31,0f,30,0d,06,03,55,04,0a,13,06,\
54,68,61,77,74,65,31,1d,30,1b,06,03,55,04,0b,13,14,54,68,61,77,74,65,20,43,\
65,72,74,69,66,69,63,61,74,69,6f,6e,31,1f,30,1d,06,03,55,04,03,13,16,54,68,\
61,77,74,65,20,54,69,6d,65,73,74,61,6d,70,69,6e,67,20,43,41,30,1e,17,0d,30,\
33,31,32,30,34,30,30,30,30,30,30,5a,17,0d,31,33,31,32,30,33,32,33,35,39,35,\
39,5a,30,53,31,0b,30,09,06,03,55,04,06,13,02,55,53,31,17,30,15,06,03,55,04,\
0a,13,0e,56,65,72,69,53,69,67,6e,2c,20,49,6e,63,2e,09,02,02,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,30,18,5f,8d,73,c2,cf,11,95,c8,00,80,5f,\
48,a1,92,ff,03,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,02,00,00,00,11,00,00,00,14,00,00,\
00,14,00,00,00,02,00,00,00,fe,ff,ff,ff,00,00,00,00,00,00,00,00,00,00,00,00,\
00,fa,00,00,00,00,00,00,4d,00,53,00,41,00,46,00,44,00,20,00,4e,00,65,00,74,\
00,42,00,49,00,4f,00,53,00,20,00,5b,00,5c,00,44,00,65,00,76,00,69,00,63,00,\
65,00,5c,00,4e,00,65,00,74,00,42,00,54,00,5f,00,54,00,63,00,70,00,69,00,70,\
00,5f,00,7b,00,39,00,35,00,42,00,42,00,43,00,34,00,35,00,35,00,2d,00,30,00,\
43,00,42,00,41,00,2d,00,34,00,45,00,44,00,33,00,2d,00,42,00,39,00,44,00,38,\
00,2d,00,32,00,41,00,46,00,43,00,45,00,31,00,38,00,43,00,34,00,39,00,45,00,\
37,00,7d,00,5d,00,20,00,44,00,41,00,54,00,41,00,47,00,52,00,41,00,4d,00,20,\
00,32,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00






[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Winsock2 - Google Desktop Search Backup Before Last Install]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Winsock2 - Google Desktop Search Backup Before Last Install\Parameters]
"WinSock_Registry_Version"="2.0"
"Current_NameSpace_Catalog"="NameSpace_Catalog5"
"Current_Protocol_Catalog"="Protocol_Catalog9"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Winsock2 - Google Desktop Search Backup Before Last Install\Parameters\NameSpace_Catalog5]
"Num_Catalog_Entries"=dword:00000003
"Serial_Access_Num"=dword:00000004

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Winsock2 - Google Desktop Search Backup Before Last Install\Parameters\NameSpace_Catalog5\Catalog_Entries]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Winsock2 - Google Desktop Search Backup Before Last Install\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001]
"LibraryPath"="%SystemRoot%\\System32\\mswsock.dll"
"DisplayString"="Tcpip"
"ProviderId"=hex:40,9d,05,22,9e,7e,cf,11,ae,5a,00,aa,00,a7,11,2b
"SupportedNameSpace"=dword:0000000c
"Enabled"=dword:00000001
"Version"=dword:00000000
"StoresServiceClassInfo"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Winsock2 - Google Desktop Search Backup Before Last Install\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002]
"LibraryPath"="%SystemRoot%\\System32\\winrnr.dll"
"DisplayString"="NTDS"
"ProviderId"=hex:ee,37,26,3b,80,e5,cf,11,a5,55,00,c0,4f,d8,d4,ac
"SupportedNameSpace"=dword:00000020
"Enabled"=dword:00000001
"Version"=dword:00000000
"StoresServiceClassInfo"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Winsock2 - Google Desktop Search Backup Before Last Install\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003]
"LibraryPath"="%SystemRoot%\\System32\\mswsock.dll"
"DisplayString"="Network Location Awareness (NLA) Namespace"
"ProviderId"=hex:3a,24,42,66,a8,3b,a6,4a,ba,a5,2e,0b,d7,1f,dd,83
"SupportedNameSpace"=dword:0000000f
"Enabled"=dword:00000001
"Version"=dword:00000000
"StoresServiceClassInfo"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Winsock2 - Google Desktop Search Backup Before Last Install\Parameters\Protocol_Catalog9]
"Num_Catalog_Entries"=dword:0000000d
"Next_Catalog_Entry_ID"=dword:00000400
"Serial_Access_Num"=dword:00000008

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Winsock2 - Google Desktop Search Backup Before Last Install\Parameters\Protocol_Catalog9\Catalog_Entries]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Winsock2 - Google Desktop Search Backup Before Last Install\Parameters\Protocol_Catalog9\Catalog_Entries\000000000001]
"PackedCatalogItem"=hex:25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,\
6d,33,32,5c,6d,73,77,73,6f,63,6b,2e,64,6c,6c,00,09,2a,86,48,86,f7,0d,01,01,\
05,05,00,30,81,8b,31,0b,30,09,06,03,55,04,06,13,02,5a,41,31,15,30,13,06,03,\
55,04,08,13,0c,57,65,73,74,65,72,6e,20,43,61,70,65,31,14,30,12,06,03,55,04,\
07,13,0b,44,75,72,62,61,6e,76,69,6c,6c,65,31,0f,30,0d,06,03,55,04,0a,13,06,\
54,68,61,77,74,65,31,1d,30,1b,06,03,55,04,0b,13,14,54,68,61,77,74,65,20,43,\
65,72,74,69,66,69,63,61,74,69,6f,6e,31,1f,30,1d,06,03,55,04,03,13,16,54,68,\
61,77,74,65,20,54,69,6d,65,73,74,61,6d,70,69,6e,67,20,43,41,30,1e,17,0d,30,\
33,31,32,30,34,30,30,30,30,30,30,5a,17,0d,31,33,31,32,30,33,32,33,35,39,35,\
39,5a,30,53,31,0b,30,09,06,03,55,04,06,13,02,55,53,31,17,30,15,06,03,55,04,\
0a,13,0e,56,65,72,69,53,69,67,6e,2c,20,49,6e,63,2e,66,00,02,00,00,00,00,00,\
00,00,00,00,00,00,00,00,08,00,00,00,a0,1a,0f,e7,8b,ab,cf,11,8c,a3,00,80,5f,\
48,a1,92,e9,03,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,02,00,00,00,02,00,00,00,10,00,00,\
00,10,00,00,00,01,00,00,00,06,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,4d,00,53,00,41,00,46,00,44,00,20,00,54,00,63,00,70,\
00,69,00,70,00,20,00,5b,00,54,00,43,00,50,00,2f,00,49,00,50,00,5d,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Winsock2 - Google Desktop Search Backup Before Last Install\Parameters\Protocol_Catalog9\Catalog_Entries\000000000002]
"PackedCatalogItem"=hex:25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,\
6d,33,32,5c,6d,73,77,73,6f,63,6b,2e,64,6c,6c,00,09,2a,86,48,86,f7,0d,01,01,\
05,05,00,30,81,8b,31,0b,30,09,06,03,55,04,06,13,02,5a,41,31,15,30,13,06,03,\
55,04,08,13,0c,57,65,73,74,65,72,6e,20,43,61,70,65,31,14,30,12,06,03,55,04,\
07,13,0b,44,75,72,62,61,6e,76,69,6c,6c,65,31,0f,30,0d,06,03,55,04,0a,13,06,\
54,68,61,77,74,65,31,1d,30,1b,06,03,55,04,0b,13,14,54,68,61,77,74,65,20,43,\
65,72,74,69,66,69,63,61,74,69,6f,6e,31,1f,30,1d,06,03,55,04,03,13,16,54,68,\
61,77,74,65,20,54,69,6d,65,73,74,61,6d,70,69,6e,67,20,43,41,30,1e,17,0d,30,\
33,31,32,30,34,30,30,30,30,30,30,5a,17,0d,31,33,31,32,30,33,32,33,35,39,35,\
39,5a,30,53,31,0b,30,09,06,03,55,04,06,13,02,55,53,31,17,30,15,06,03,55,04,\
0a,13,0e,56,65,72,69,53,69,67,6e,2c,20,49,6e,63,2e,09,06,02,00,00,00,00,00,\
00,00,00,00,00,00,00,00,08,00,00,00,a0,1a,0f,e7,8b,ab,cf,11,8c,a3,00,80,5f,\
48,a1,92,ea,03,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,02,00,00,00,02,00,00,00,10,00,00,\
00,10,00,00,00,02,00,00,00,11,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
bb,ff,00,00,00,00,00,00,4d,00,53,00,41,00,46,00,44,00,20,00,54,00,63,00,70,\
00,69,00,70,00,20,00,5b,00,55,00,44,00,50,00,2f,00,49,00,50,00,5d,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Winsock2 - Google Desktop Search Backup Before Last Install\Parameters\Protocol_Catalog9\Catalog_Entries\000000000003]
"PackedCatalogItem"=hex:25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,\
6d,33,32,5c,6d,73,77,73,6f,63,6b,2e,64,6c,6c,00,09,2a,86,48,86,f7,0d,01,01,\
05,05,00,30,81,8b,31,0b,30,09,06,03,55,04,06,13,02,5a,41,31,15,30,13,06,03,\
55,04,08,13,0c,57,65,73,74,65,72,6e,20,43,61,70,65,31,14,30,12,06,03,55,04,\
07,13,0b,44,75,72,62,61,6e,76,69,6c,6c,65,31,0f,30,0d,06,03,55,04,0a,13,06,\
54,68,61,77,74,65,31,1d,30,1b,06,03,55,04,0b,13,14,54,68,61,77,74,65,20,43,\
65,72,74,69,66,69,63,61,74,69,6f,6e,31,1f,30,1d,06,03,55,04,03,13,16,54,68,\
61,77,74,65,20,54,69,6d,65,73,74,61,6d,70,69,6e,67,20,43,41,30,1e,17,0d,30,\
33,31,32,30,34,30,30,30,30,30,30,5a,17,0d,31,33,31,32,30,33,32,33,35,39,35,\
39,5a,30,53,31,0b,30,09,06,03,55,04,06,13,02,55,53,31,17,30,15,06,03,55,04,\
0a,13,0e,56,65,72,69,53,69,67,6e,2c,20,49,6e,63,2e,09,06,02,00,00,00,00,00,\
00,00,00,00,00,00,00,00,0c,00,00,00,a0,1a,0f,e7,8b,ab,cf,11,8c,a3,00,80,5f,\
48,a1,92,eb,03,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,02,00,00,00,02,00,00,00,10,00,00,\
00,10,00,00,00,03,00,00,00,00,00,00,00,ff,00,00,00,00,00,00,00,00,00,00,00,\
bb,ff,00,00,00,00,00,00,4d,00,53,00,41,00,46,00,44,00,20,00,54,00,63,00,70,\
00,69,00,70,00,20,00,5b,00,52,00,41,00,57,00,2f,00,49,00,50,00,5d,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Winsock2 - Google Desktop Search Backup Before Last Install\Parameters\Protocol_Catalog9\Catalog_Entries\000000000004]
"PackedCatalogItem"=hex:25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,\
6d,33,32,5c,72,73,76,70,73,70,2e,64,6c,6c,00,00,09,2a,86,48,86,f7,0d,01,01,\
05,05,00,30,81,8b,31,0b,30,09,06,03,55,04,06,13,02,5a,41,31,15,30,13,06,03,\
55,04,08,13,0c,57,65,73,74,65,72,6e,20,43,61,70,65,31,14,30,12,06,03,55,04,\
07,13,0b,44,75,72,62,61,6e,76,69,6c,6c,65,31,0f,30,0d,06,03,55,04,0a,13,06,\
54,68,61,77,74,65,31,1d,30,1b,06,03,55,04,0b,13,14,54,68,61,77,74,65,20,43,\
65,72,74,69,66,69,63,61,74,69,6f,6e,31,1f,30,1d,06,03,55,04,03,13,16,54,68,\
61,77,74,65,20,54,69,6d,65,73,74,61,6d,70,69,6e,67,20,43,41,30,1e,17,0d,30,\
33,31,32,30,34,30,30,30,30,30,30,5a,17,0d,31,33,31,32,30,33,32,33,35,39,35,\
39,5a,30,53,31,0b,30,09,06,03,55,04,06,13,02,55,53,31,17,30,15,06,03,55,04,\
0a,13,0e,56,65,72,69,53,69,67,6e,2c,20,49,6e,63,2e,09,26,02,00,00,00,00,00,\
00,00,00,00,00,00,00,00,08,00,00,00,e0,a9,60,9d,7a,33,d0,11,bd,88,00,00,c0,\
82,e6,9a,ec,03,00,00,01,00,00,00,84,f8,56,01,7c,f8,56,01,88,f9,56,01,04,a4,\
60,75,f4,0a,00,00,a0,3c,5f,75,b0,f9,56,01,06,00,00,00,02,00,00,00,10,00,00,\
00,10,00,00,00,02,00,00,00,11,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
bb,ff,00,00,00,00,00,00,52,00,53,00,56,00,50,00,20,00,55,00,44,00,50,00,20,\
00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,20,00,50,00,72,00,6f,00,76,00,\
69,00,64,00,65,00,72,00,00,00,01,00,00,00,e4,fb,56,01,01,00,00,00,68,91,29,\
00,00,00,00,00,3d,fb,90,7c,80,f9,56,01,00,00,00,00,00,f9,56,01,6c,fb,90,7c,\
71,fb,90,7c,00,00,00,00,80,f9,56,01,3d,fb,90,7c,dc,f8,56,01,2c,f9,56,01,48,\
f9,56,01,18,ee,90,7c,78,fb,90,7c,ff,ff,ff,ff,71,fb,90,7c,18,6a,dd,77,51,6a,\
dd,77,b8,3c,5f,75,24,0b,00,00,24,0b,00,00,88,01,1c,00,24,0b,00,00,80,f9,56,\
01,40,00,00,00,00,00,00,00,00,00,00,00,08,00,08,00,b8,3c,5f,75,5c,00,44,00,\
65,00,76,00,69,00,63,00,65,00,5c,00,4e,00,65,00,74,00,42,00,54,00,5f,00,54,\
00,63,00,70,00,69,00,70,00,00,00,96,15,91,7c,eb,06,91,7c,0e,00,07,80,0c,9e,\
28,00,f0,f9,28,00,19,00,02,00,28,fa,56,01,0c,00,00,00,08,00,08,00,12,56,00,\
00,a8,f9,56,01,fe,a4,60,75,f4,0a,00,00,a0,3c,5f,75,b0,f9,56,01,92,d5,90,7c,\
cc,6b,dd,77,24,0b,00,00,00,00,00,00,b8,f9,56,01,74,6c,dd,77,c0,f9,56,01,40,\
fc,56,01,07,89,61,75,00,00,00,00,f0,f9,28,00,00,00,00,00,b2,8a,61,75,5e,6b,\
dd,77,a0,04,00,00,f4,f9,56,01,00,00,00,00,19,00,02,00,48,fa,56,01,b8,8d,5f,\
75,48,fa,56,01,00,00,00,00,00,00,c3,00,4c,fa,56,01,96,15,91,7c,eb,06,91,7c,\
01,00,00,00,58,fd,56,01,96,15,91,7c,eb,06,91,7c,00,00,00,00,00,00,00,00,58,\
00,00,00,eb,06,91,7c,01,00,00,00,58,fd,56,01,01,00,00,00,00,00,00,00,28,00,\
00,00,d0,41,e5,02,d4,f1,56,01,00,00,00,00,70,9a,cd,01,88,bc,e5,02,00,00,00,\
00,00,00,00,00,45,00,4d,00,5c,00,43,00,75,00,72,00,72,00,65,00,0c,00,00,00,\
1c,00,00,00,88,01,1c,00,b8,01,1c,00,96,15,91,7c,96,15,91,7c
brispie
2007-05-24, 00:23
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Winsock2 - Google Desktop Search Backup Before Last Install\Parameters\Protocol_Catalog9\Catalog_Entries\000000000005]
"PackedCatalogItem"=hex:25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,\
6d,33,32,5c,72,73,76,70,73,70,2e,64,6c,6c,00,00,09,2a,86,48,86,f7,0d,01,01,\
05,05,00,30,81,8b,31,0b,30,09,06,03,55,04,06,13,02,5a,41,31,15,30,13,06,03,\
55,04,08,13,0c,57,65,73,74,65,72,6e,20,43,61,70,65,31,14,30,12,06,03,55,04,\
07,13,0b,44,75,72,62,61,6e,76,69,6c,6c,65,31,0f,30,0d,06,03,55,04,0a,13,06,\
54,68,61,77,74,65,31,1d,30,1b,06,03,55,04,0b,13,14,54,68,61,77,74,65,20,43,\
65,72,74,69,66,69,63,61,74,69,6f,6e,31,1f,30,1d,06,03,55,04,03,13,16,54,68,\
61,77,74,65,20,54,69,6d,65,73,74,61,6d,70,69,6e,67,20,43,41,30,1e,17,0d,30,\
33,31,32,30,34,30,30,30,30,30,30,5a,17,0d,31,33,31,32,30,33,32,33,35,39,35,\
39,5a,30,53,31,0b,30,09,06,03,55,04,06,13,02,55,53,31,17,30,15,06,03,55,04,\
0a,13,0e,56,65,72,69,53,69,67,6e,2c,20,49,6e,63,2e,66,20,02,00,00,00,00,00,\
00,00,00,00,00,00,00,00,08,00,00,00,e0,a9,60,9d,7a,33,d0,11,bd,88,00,00,c0,\
82,e6,9a,ed,03,00,00,01,00,00,00,88,01,1c,00,00,00,1c,00,00,00,c3,00,00,00,\
00,00,8c,fb,56,01,5c,0d,91,7c,00,00,1c,00,06,00,00,00,02,00,00,00,10,00,00,\
00,10,00,00,00,01,00,00,00,06,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,52,00,53,00,56,00,50,00,20,00,54,00,43,00,50,00,20,\
00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,20,00,50,00,72,00,6f,00,76,00,\
69,00,64,00,65,00,72,00,00,00,18,9a,28,00,00,00,00,00,10,00,00,00,50,fb,56,\
01,88,01,1c,00,40,00,00,00,d8,c4,a9,01,e8,01,1c,00,f4,fb,56,01,10,9a,28,00,\
68,fb,56,01,46,0f,91,7c,02,00,00,00,08,00,00,00,00,00,1c,00,00,00,c3,00,00,\
00,00,00,3c,fc,56,01,5c,0d,91,7c,00,00,1c,00,91,0e,91,7c,08,06,1c,00,6d,05,\
91,7c,b8,99,28,00,00,00,00,00,b8,99,28,00,00,00,c3,00,01,00,00,00,b0,99,28,\
00,02,00,00,00,e8,01,1c,00,80,bc,e5,02,0b,6e,60,75,b8,99,28,00,f8,fb,56,01,\
25,c2,60,75,88,bc,e5,02,00,00,00,00,c8,0b,1d,00,14,00,00,00,60,fa,28,00,40,\
00,00,00,58,ae,dd,02,0c,00,00,00,e8,01,1c,00,00,c0,0a,18,60,00,00,00,88,01,\
1c,00,20,9a,28,00,10,00,00,00,b0,99,28,00,5c,01,1c,00,00,00,00,00,61,a8,91,\
7c,02,00,00,00,f0,03,1c,00,00,00,1c,00,00,00,1c,00,d4,99,28,00,60,00,00,00,\
00,00,00,00,00,00,00,00,00,00,01,01,3d,fb,90,7c,00,00,00,00,bc,e7,90,7c,86,\
d5,90,7c,00,00,1c,00,e8,e4,28,00,00,00,00,00,10,fd,56,01,5c,0d,91,7c,00,00,\
1c,00,91,0e,91,7c,08,06,1c,00,6d,05,91,7c,94,a8,e1,02,00,00,00,00,90,41,ce,\
01,00,00,c3,00,c0,d7,dd,77,e8,e4,28,00,00,00,00,00,00,00,00,00,f4,0a,00,00,\
00,00,00,00,f0,e4,28,00,00,00,00,00,00,00,00,00,00,00,00,00,f4,0a,00,00,dc,\
fc,56,01,f8,e8,f1,02,f4,0a,00,00,b8,fc,56,01,03,00,00,00,f0,e4,28,00,f0,03,\
1c,00,94,a8,e1,02,78,02,00,00,90,41,ce,01,0c,00,0e,00,3c,56,5f,75,00,00,00,\
00,ac,fc,56,01,90,41,ce,01,00,00,00,00,94,a8,e1,02,04,fd,56,01,6c,fb,90,7c,\
71,fb,90,7c,94,a8,e1,02,00,00,00,00,90,41,ce,01,e0,fc,56,01

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Winsock2 - Google Desktop Search Backup Before Last Install\Parameters\Protocol_Catalog9\Catalog_Entries\000000000006]
"PackedCatalogItem"=hex:25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,\
6d,33,32,5c,6d,73,77,73,6f,63,6b,2e,64,6c,6c,00,09,2a,86,48,86,f7,0d,01,01,\
05,05,00,30,81,8b,31,0b,30,09,06,03,55,04,06,13,02,5a,41,31,15,30,13,06,03,\
55,04,08,13,0c,57,65,73,74,65,72,6e,20,43,61,70,65,31,14,30,12,06,03,55,04,\
07,13,0b,44,75,72,62,61,6e,76,69,6c,6c,65,31,0f,30,0d,06,03,55,04,0a,13,06,\
54,68,61,77,74,65,31,1d,30,1b,06,03,55,04,0b,13,14,54,68,61,77,74,65,20,43,\
65,72,74,69,66,69,63,61,74,69,6f,6e,31,1f,30,1d,06,03,55,04,03,13,16,54,68,\
61,77,74,65,20,54,69,6d,65,73,74,61,6d,70,69,6e,67,20,43,41,30,1e,17,0d,30,\
33,31,32,30,34,30,30,30,30,30,30,5a,17,0d,31,33,31,32,30,33,32,33,35,39,35,\
39,5a,30,53,31,0b,30,09,06,03,55,04,06,13,02,55,53,31,17,30,15,06,03,55,04,\
0a,13,0e,56,65,72,69,53,69,67,6e,2c,20,49,6e,63,2e,0e,00,02,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,30,18,5f,8d,73,c2,cf,11,95,c8,00,80,5f,\
48,a1,92,f8,03,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,02,00,00,00,11,00,00,00,14,00,00,\
00,14,00,00,00,05,00,00,00,fd,ff,ff,ff,00,00,00,00,00,00,00,00,00,00,00,00,\
00,fa,00,00,00,00,00,00,4d,00,53,00,41,00,46,00,44,00,20,00,4e,00,65,00,74,\
00,42,00,49,00,4f,00,53,00,20,00,5b,00,5c,00,44,00,65,00,76,00,69,00,63,00,\
65,00,5c,00,4e,00,65,00,74,00,42,00,54,00,5f,00,54,00,63,00,70,00,69,00,70,\
00,5f,00,7b,00,43,00,45,00,35,00,46,00,41,00,30,00,44,00,30,00,2d,00,33,00,\
38,00,34,00,44,00,2d,00,34,00,33,00,38,00,37,00,2d,00,39,00,45,00,34,00,37,\
00,2d,00,44,00,32,00,35,00,31,00,38,00,34,00,30,00,33,00,30,00,44,00,39,00,\
39,00,7d,00,5d,00,20,00,53,00,45,00,51,00,50,00,41,00,43,00,4b,00,45,00,54,\
00,20,00,33,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Winsock2 - Google Desktop Search Backup Before Last Install\Parameters\Protocol_Catalog9\Catalog_Entries\000000000007]
"PackedCatalogItem"=hex:25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,\
6d,33,32,5c,6d,73,77,73,6f,63,6b,2e,64,6c,6c,00,09,2a,86,48,86,f7,0d,01,01,\
05,05,00,30,81,8b,31,0b,30,09,06,03,55,04,06,13,02,5a,41,31,15,30,13,06,03,\
55,04,08,13,0c,57,65,73,74,65,72,6e,20,43,61,70,65,31,14,30,12,06,03,55,04,\
07,13,0b,44,75,72,62,61,6e,76,69,6c,6c,65,31,0f,30,0d,06,03,55,04,0a,13,06,\
54,68,61,77,74,65,31,1d,30,1b,06,03,55,04,0b,13,14,54,68,61,77,74,65,20,43,\
65,72,74,69,66,69,63,61,74,69,6f,6e,31,1f,30,1d,06,03,55,04,03,13,16,54,68,\
61,77,74,65,20,54,69,6d,65,73,74,61,6d,70,69,6e,67,20,43,41,30,1e,17,0d,30,\
33,31,32,30,34,30,30,30,30,30,30,5a,17,0d,31,33,31,32,30,33,32,33,35,39,35,\
39,5a,30,53,31,0b,30,09,06,03,55,04,06,13,02,55,53,31,17,30,15,06,03,55,04,\
0a,13,0e,56,65,72,69,53,69,67,6e,2c,20,49,6e,63,2e,09,02,02,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,30,18,5f,8d,73,c2,cf,11,95,c8,00,80,5f,\
48,a1,92,f9,03,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,02,00,00,00,11,00,00,00,14,00,00,\
00,14,00,00,00,02,00,00,00,fd,ff,ff,ff,00,00,00,00,00,00,00,00,00,00,00,00,\
00,fa,00,00,00,00,00,00,4d,00,53,00,41,00,46,00,44,00,20,00,4e,00,65,00,74,\
00,42,00,49,00,4f,00,53,00,20,00,5b,00,5c,00,44,00,65,00,76,00,69,00,63,00,\
65,00,5c,00,4e,00,65,00,74,00,42,00,54,00,5f,00,54,00,63,00,70,00,69,00,70,\
00,5f,00,7b,00,43,00,45,00,35,00,46,00,41,00,30,00,44,00,30,00,2d,00,33,00,\
38,00,34,00,44,00,2d,00,34,00,33,00,38,00,37,00,2d,00,39,00,45,00,34,00,37,\
00,2d,00,44,00,32,00,35,00,31,00,38,00,34,00,30,00,33,00,30,00,44,00,39,00,\
39,00,7d,00,5d,00,20,00,44,00,41,00,54,00,41,00,47,00,52,00,41,00,4d,00,20,\
00,33,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Winsock2 - Google Desktop Search Backup Before Last Install\Parameters\Protocol_Catalog9\Catalog_Entries\000000000008]
"PackedCatalogItem"=hex:25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,\
6d,33,32,5c,6d,73,77,73,6f,63,6b,2e,64,6c,6c,00,09,2a,86,48,86,f7,0d,01,01,\
05,05,00,30,81,8b,31,0b,30,09,06,03,55,04,06,13,02,5a,41,31,15,30,13,06,03,\
55,04,08,13,0c,57,65,73,74,65,72,6e,20,43,61,70,65,31,14,30,12,06,03,55,04,\
07,13,0b,44,75,72,62,61,6e,76,69,6c,6c,65,31,0f,30,0d,06,03,55,04,0a,13,06,\
54,68,61,77,74,65,31,1d,30,1b,06,03,55,04,0b,13,14,54,68,61,77,74,65,20,43,\
65,72,74,69,66,69,63,61,74,69,6f,6e,31,1f,30,1d,06,03,55,04,03,13,16,54,68,\
61,77,74,65,20,54,69,6d,65,73,74,61,6d,70,69,6e,67,20,43,41,30,1e,17,0d,30,\
33,31,32,30,34,30,30,30,30,30,30,5a,17,0d,31,33,31,32,30,33,32,33,35,39,35,\
39,5a,30,53,31,0b,30,09,06,03,55,04,06,13,02,55,53,31,17,30,15,06,03,55,04,\
0a,13,0e,56,65,72,69,53,69,67,6e,2c,20,49,6e,63,2e,0e,00,02,00,00,00,00,00,\
00,00,00,00,00,00,00,00,08,00,00,00,30,18,5f,8d,73,c2,cf,11,95,c8,00,80,5f,\
48,a1,92,fa,03,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,02,00,00,00,11,00,00,00,14,00,00,\
00,14,00,00,00,05,00,00,00,00,00,00,80,00,00,00,00,00,00,00,00,00,00,00,00,\
00,fa,00,00,00,00,00,00,4d,00,53,00,41,00,46,00,44,00,20,00,4e,00,65,00,74,\
00,42,00,49,00,4f,00,53,00,20,00,5b,00,5c,00,44,00,65,00,76,00,69,00,63,00,\
65,00,5c,00,4e,00,65,00,74,00,42,00,54,00,5f,00,54,00,63,00,70,00,69,00,70,\
00,5f,00,7b,00,41,00,45,00,43,00,38,00,31,00,34,00,31,00,31,00,2d,00,42,00,\
45,00,31,00,45,00,2d,00,34,00,44,00,45,00,31,00,2d,00,42,00,42,00,37,00,39,\
00,2d,00,44,00,37,00,39,00,32,00,36,00,31,00,37,00,38,00,32,00,33,00,33,00,\
33,00,7d,00,5d,00,20,00,53,00,45,00,51,00,50,00,41,00,43,00,4b,00,45,00,54,\
00,20,00,30,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Winsock2 - Google Desktop Search Backup Before Last Install\Parameters\Protocol_Catalog9\Catalog_Entries\000000000009]
"PackedCatalogItem"=hex:25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,\
6d,33,32,5c,6d,73,77,73,6f,63,6b,2e,64,6c,6c,00,09,2a,86,48,86,f7,0d,01,01,\
05,05,00,30,81,8b,31,0b,30,09,06,03,55,04,06,13,02,5a,41,31,15,30,13,06,03,\
55,04,08,13,0c,57,65,73,74,65,72,6e,20,43,61,70,65,31,14,30,12,06,03,55,04,\
07,13,0b,44,75,72,62,61,6e,76,69,6c,6c,65,31,0f,30,0d,06,03,55,04,0a,13,06,\
54,68,61,77,74,65,31,1d,30,1b,06,03,55,04,0b,13,14,54,68,61,77,74,65,20,43,\
65,72,74,69,66,69,63,61,74,69,6f,6e,31,1f,30,1d,06,03,55,04,03,13,16,54,68,\
61,77,74,65,20,54,69,6d,65,73,74,61,6d,70,69,6e,67,20,43,41,30,1e,17,0d,30,\
33,31,32,30,34,30,30,30,30,30,30,5a,17,0d,31,33,31,32,30,33,32,33,35,39,35,\
39,5a,30,53,31,0b,30,09,06,03,55,04,06,13,02,55,53,31,17,30,15,06,03,55,04,\
0a,13,0e,56,65,72,69,53,69,67,6e,2c,20,49,6e,63,2e,09,02,02,00,00,00,00,00,\
00,00,00,00,00,00,00,00,08,00,00,00,30,18,5f,8d,73,c2,cf,11,95,c8,00,80,5f,\
48,a1,92,fb,03,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,02,00,00,00,11,00,00,00,14,00,00,\
00,14,00,00,00,02,00,00,00,00,00,00,80,00,00,00,00,00,00,00,00,00,00,00,00,\
00,fa,00,00,00,00,00,00,4d,00,53,00,41,00,46,00,44,00,20,00,4e,00,65,00,74,\
00,42,00,49,00,4f,00,53,00,20,00,5b,00,5c,00,44,00,65,00,76,00,69,00,63,00,\
65,00,5c,00,4e,00,65,00,74,00,42,00,54,00,5f,00,54,00,63,00,70,00,69,00,70,\
00,5f,00,7b,00,41,00,45,00,43,00,38,00,31,00,34,00,31,00,31,00,2d,00,42,00,\
45,00,31,00,45,00,2d,00,34,00,44,00,45,00,31,00,2d,00,42,00,42,00,37,00,39,\
00,2d,00,44,00,37,00,39,00,32,00,36,00,31,00,37,00,38,00,32,00,33,00,33,00,\
33,00,7d,00,5d,00,20,00,44,00,41,00,54,00,41,00,47,00,52,00,41,00,4d,00,20,\
00,30,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Winsock2 - Google Desktop Search Backup Before Last Install\Parameters\Protocol_Catalog9\Catalog_Entries\000000000010]
"PackedCatalogItem"=hex:25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,\
6d,33,32,5c,6d,73,77,73,6f,63,6b,2e,64,6c,6c,00,09,2a,86,48,86,f7,0d,01,01,\
05,05,00,30,81,8b,31,0b,30,09,06,03,55,04,06,13,02,5a,41,31,15,30,13,06,03,\
55,04,08,13,0c,57,65,73,74,65,72,6e,20,43,61,70,65,31,14,30,12,06,03,55,04,\
07,13,0b,44,75,72,62,61,6e,76,69,6c,6c,65,31,0f,30,0d,06,03,55,04,0a,13,06,\
54,68,61,77,74,65,31,1d,30,1b,06,03,55,04,0b,13,14,54,68,61,77,74,65,20,43,\
65,72,74,69,66,69,63,61,74,69,6f,6e,31,1f,30,1d,06,03,55,04,03,13,16,54,68,\
61,77,74,65,20,54,69,6d,65,73,74,61,6d,70,69,6e,67,20,43,41,30,1e,17,0d,30,\
33,31,32,30,34,30,30,30,30,30,30,5a,17,0d,31,33,31,32,30,33,32,33,35,39,35,\
39,5a,30,53,31,0b,30,09,06,03,55,04,06,13,02,55,53,31,17,30,15,06,03,55,04,\
0a,13,0e,56,65,72,69,53,69,67,6e,2c,20,49,6e,63,2e,0e,00,02,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,30,18,5f,8d,73,c2,cf,11,95,c8,00,80,
brispie
2007-05-24, 00:23
5f,\
48,a1,92,fc,03,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,02,00,00,00,11,00,00,00,14,00,00,\
00,14,00,00,00,05,00,00,00,ff,ff,ff,ff,00,00,00,00,00,00,00,00,00,00,00,00,\
00,fa,00,00,00,00,00,00,4d,00,53,00,41,00,46,00,44,00,20,00,4e,00,65,00,74,\
00,42,00,49,00,4f,00,53,00,20,00,5b,00,5c,00,44,00,65,00,76,00,69,00,63,00,\
65,00,5c,00,4e,00,65,00,74,00,42,00,54,00,5f,00,54,00,63,00,70,00,69,00,70,\
00,5f,00,7b,00,45,00,46,00,41,00,41,00,31,00,41,00,32,00,30,00,2d,00,31,00,\
31,00,33,00,36,00,2d,00,34,00,41,00,31,00,33,00,2d,00,41,00,35,00,33,00,43,\
00,2d,00,42,00,31,00,45,00,34,00,45,00,34,00,43,00,35,00,32,00,43,00,42,00,\
45,00,7d,00,5d,00,20,00,53,00,45,00,51,00,50,00,41,00,43,00,4b,00,45,00,54,\
00,20,00,31,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Winsock2 - Google Desktop Search Backup Before Last Install\Parameters\Protocol_Catalog9\Catalog_Entries\000000000011]
"PackedCatalogItem"=hex:25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,\
6d,33,32,5c,6d,73,77,73,6f,63,6b,2e,64,6c,6c,00,09,2a,86,48,86,f7,0d,01,01,\
05,05,00,30,81,8b,31,0b,30,09,06,03,55,04,06,13,02,5a,41,31,15,30,13,06,03,\
55,04,08,13,0c,57,65,73,74,65,72,6e,20,43,61,70,65,31,14,30,12,06,03,55,04,\
07,13,0b,44,75,72,62,61,6e,76,69,6c,6c,65,31,0f,30,0d,06,03,55,04,0a,13,06,\
54,68,61,77,74,65,31,1d,30,1b,06,03,55,04,0b,13,14,54,68,61,77,74,65,20,43,\
65,72,74,69,66,69,63,61,74,69,6f,6e,31,1f,30,1d,06,03,55,04,03,13,16,54,68,\
61,77,74,65,20,54,69,6d,65,73,74,61,6d,70,69,6e,67,20,43,41,30,1e,17,0d,30,\
33,31,32,30,34,30,30,30,30,30,30,5a,17,0d,31,33,31,32,30,33,32,33,35,39,35,\
39,5a,30,53,31,0b,30,09,06,03,55,04,06,13,02,55,53,31,17,30,15,06,03,55,04,\
0a,13,0e,56,65,72,69,53,69,67,6e,2c,20,49,6e,63,2e,09,02,02,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,30,18,5f,8d,73,c2,cf,11,95,c8,00,80,5f,\
48,a1,92,fd,03,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,02,00,00,00,11,00,00,00,14,00,00,\
00,14,00,00,00,02,00,00,00,ff,ff,ff,ff,00,00,00,00,00,00,00,00,00,00,00,00,\
00,fa,00,00,00,00,00,00,4d,00,53,00,41,00,46,00,44,00,20,00,4e,00,65,00,74,\
00,42,00,49,00,4f,00,53,00,20,00,5b,00,5c,00,44,00,65,00,76,00,69,00,63,00,\
65,00,5c,00,4e,00,65,00,74,00,42,00,54,00,5f,00,54,00,63,00,70,00,69,00,70,\
00,5f,00,7b,00,45,00,46,00,41,00,41,00,31,00,41,00,32,00,30,00,2d,00,31,00,\
31,00,33,00,36,00,2d,00,34,00,41,00,31,00,33,00,2d,00,41,00,35,00,33,00,43,\
00,2d,00,42,00,31,00,45,00,34,00,45,00,34,00,43,00,35,00,32,00,43,00,42,00,\
45,00,7d,00,5d,00,20,00,44,00,41,00,54,00,41,00,47,00,52,00,41,00,4d,00,20,\
00,31,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00





[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Winsock2 - Google Desktop Search Backup Before Last Install\Parameters\Protocol_Catalog9\Catalog_Entries\000000000012]
"PackedCatalogItem"=hex:25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,\
6d,33,32,5c,6d,73,77,73,6f,63,6b,2e,64,6c,6c,00,09,2a,86,48,86,f7,0d,01,01,\
05,05,00,30,81,8b,31,0b,30,09,06,03,55,04,06,13,02,5a,41,31,15,30,13,06,03,\
55,04,08,13,0c,57,65,73,74,65,72,6e,20,43,61,70,65,31,14,30,12,06,03,55,04,\
07,13,0b,44,75,72,62,61,6e,76,69,6c,6c,65,31,0f,30,0d,06,03,55,04,0a,13,06,\
54,68,61,77,74,65,31,1d,30,1b,06,03,55,04,0b,13,14,54,68,61,77,74,65,20,43,\
65,72,74,69,66,69,63,61,74,69,6f,6e,31,1f,30,1d,06,03,55,04,03,13,16,54,68,\
61,77,74,65,20,54,69,6d,65,73,74,61,6d,70,69,6e,67,20,43,41,30,1e,17,0d,30,\
33,31,32,30,34,30,30,30,30,30,30,5a,17,0d,31,33,31,32,30,33,32,33,35,39,35,\
39,5a,30,53,31,0b,30,09,06,03,55,04,06,13,02,55,53,31,17,30,15,06,03,55,04,\
0a,13,0e,56,65,72,69,53,69,67,6e,2c,20,49,6e,63,2e,0e,00,02,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,30,18,5f,8d,73,c2,cf,11,95,c8,00,80,5f,\
48,a1,92,fe,03,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,02,00,00,00,11,00,00,00,14,00,00,\
00,14,00,00,00,05,00,00,00,fe,ff,ff,ff,00,00,00,00,00,00,00,00,00,00,00,00,\
00,fa,00,00,00,00,00,00,4d,00,53,00,41,00,46,00,44,00,20,00,4e,00,65,00,74,\
00,42,00,49,00,4f,00,53,00,20,00,5b,00,5c,00,44,00,65,00,76,00,69,00,63,00,\
65,00,5c,00,4e,00,65,00,74,00,42,00,54,00,5f,00,54,00,63,00,70,00,69,00,70,\
00,5f,00,7b,00,39,00,35,00,42,00,42,00,43,00,34,00,35,00,35,00,2d,00,30,00,\
43,00,42,00,41,00,2d,00,34,00,45,00,44,00,33,00,2d,00,42,00,39,00,44,00,38,\
00,2d,00,32,00,41,00,46,00,43,00,45,00,31,00,38,00,43,00,34,00,39,00,45,00,\
37,00,7d,00,5d,00,20,00,53,00,45,00,51,00,50,00,41,00,43,00,4b,00,45,00,54,\
00,20,00,32,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Winsock2 - Google Desktop Search Backup Before Last Install\Parameters\Protocol_Catalog9\Catalog_Entries\000000000013]
"PackedCatalogItem"=hex:25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,\
6d,33,32,5c,6d,73,77,73,6f,63,6b,2e,64,6c,6c,00,09,2a,86,48,86,f7,0d,01,01,\
05,05,00,30,81,8b,31,0b,30,09,06,03,55,04,06,13,02,5a,41,31,15,30,13,06,03,\
55,04,08,13,0c,57,65,73,74,65,72,6e,20,43,61,70,65,31,14,30,12,06,03,55,04,\
07,13,0b,44,75,72,62,61,6e,76,69,6c,6c,65,31,0f,30,0d,06,03,55,04,0a,13,06,\
54,68,61,77,74,65,31,1d,30,1b,06,03,55,04,0b,13,14,54,68,61,77,74,65,20,43,\
65,72,74,69,66,69,63,61,74,69,6f,6e,31,1f,30,1d,06,03,55,04,03,13,16,54,68,\
61,77,74,65,20,54,69,6d,65,73,74,61,6d,70,69,6e,67,20,43,41,30,1e,17,0d,30,\
33,31,32,30,34,30,30,30,30,30,30,5a,17,0d,31,33,31,32,30,33,32,33,35,39,35,\
39,5a,30,53,31,0b,30,09,06,03,55,04,06,13,02,55,53,31,17,30,15,06,03,55,04,\
0a,13,0e,56,65,72,69,53,69,67,6e,2c,20,49,6e,63,2e,09,02,02,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,30,18,5f,8d,73,c2,cf,11,95,c8,00,80,5f,\
48,a1,92,ff,03,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,02,00,00,00,11,00,00,00,14,00,00,\
00,14,00,00,00,02,00,00,00,fe,ff,ff,ff,00,00,00,00,00,00,00,00,00,00,00,00,\
00,fa,00,00,00,00,00,00,4d,00,53,00,41,00,46,00,44,00,20,00,4e,00,65,00,74,\
00,42,00,49,00,4f,00,53,00,20,00,5b,00,5c,00,44,00,65,00,76,00,69,00,63,00,\
65,00,5c,00,4e,00,65,00,74,00,42,00,54,00,5f,00,54,00,63,00,70,00,69,00,70,\
00,5f,00,7b,00,39,00,35,00,42,00,42,00,43,00,34,00,35,00,35,00,2d,00,30,00,\
43,00,42,00,41,00,2d,00,34,00,45,00,44,00,33,00,2d,00,42,00,39,00,44,00,38,\
00,2d,00,32,00,41,00,46,00,43,00,45,00,31,00,38,00,43,00,34,00,39,00,45,00,\
37,00,7d,00,5d,00,20,00,44,00,41,00,54,00,41,00,47,00,52,00,41,00,4d,00,20,\
00,32,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinTrust]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinTrust\SubjectPackages]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinTrust\SubjectPackages\MS Subjects 1]
"$DLL"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,6d,33,32,\
5c,4d,73,53,69,70,31,2e,64,6c,6c,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinTrust\SubjectPackages\MS Subjects 2]
"$DLL"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,6d,33,32,\
5c,4d,73,53,69,70,32,2e,64,6c,6c,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinTrust\SubjectPackages\MS Subjects 3]
"$DLL"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,6d,33,32,\
5c,4d,73,53,69,70,33,2e,64,6c,6c,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinTrust\TrustProviders]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinTrust\TrustProviders\Software Publisher]
"$DLL"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,6d,33,32,\
5c,53,6f,66,74,50,75,62,2e,64,6c,6c,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WmdmPmSN]
"Type"=dword:00000020
"Start"=dword:00000003
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,65,6d,33,\
32,5c,73,76,63,68,6f,73,74,2e,65,78,65,20,2d,6b,20,6e,65,74,73,76,63,73,00
"DisplayName"="Portable Media Serial Number Service"
"ObjectName"="LocalSystem"
"Description"="Retrieves the serial number of any portable media player connected to this computer. If this service is stopped, protected content might not be down loaded to the device."

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WmdmPmSN\Parameters]
"ServiceDll"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,73,79,73,74,65,6d,33,32,\
5c,4d,73,50,4d,53,4e,53,76,2e,64,6c,6c,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WmdmPmSN\Security]
"Security"=hex:01,00,14,80,a4,00,00,00,b0,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,74,00,05,00,00,00,00,00,14,00,10,00,00,00,01,01,00,00,00,00,00,\
05,04,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,05,12,00,00,00,\
00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,20,02,00,00,00,\
00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,00,18,00,fd,01,\
02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,02,00,00,01,01,00,00,00,00,00,\
05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00
brispie
2007-05-24, 00:24
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Wmi]
"Description"="Provides systems management information to and from drivers."
"DisplayName"="Windows Management Instrumentation Driver Extensions"
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,65,6d,33,\
32,5c,73,76,63,68,6f,73,74,2e,65,78,65,20,2d,6b,20,6e,65,74,73,76,63,73,00
"ObjectName"="LocalSystem"
"Start"=dword:00000003
"Type"=dword:00000020

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Wmi\Parameters]
"ServiceDll"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,65,6d,\
33,32,5c,61,64,76,61,70,69,33,32,2e,64,6c,6c,00
"ServiceMain"="WdmWmiServiceMain"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Wmi\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,60,00,04,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,\
05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,\
00,18,00,fd,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,02,00,00,01,01,\
00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WmiApRpl]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WmiApRpl\Performance]
"Library"="C:\\WINDOWS\\system32\\wbem\\wmiaprpl.dll"
"Open"="WmiOpenPerfData"
"Collect"="WmiCollectPerfData"
"Close"="WmiClosePerfData"
"Last Counter"=dword:000008e4
"Last Help"=dword:000008e5
"First Counter"=dword:000008e0
"First Help"=dword:000008e1
"Object List"="2272 2272"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WmiApSrv]
"Type"=dword:00000010
"Start"=dword:00000003
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,73,79,73,74,65,6d,33,32,5c,\
77,62,65,6d,5c,77,6d,69,61,70,73,72,76,2e,65,78,65,00
"DisplayName"="WMI Performance Adapter"
"DependOnService"=hex(7):52,50,43,53,53,00,00
"DependOnGroup"=hex(7):00
"ObjectName"="LocalSystem"
"Description"="Provides performance library information from WMI HiPerf providers."

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WmiApSrv\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,60,00,04,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,\
05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,\
00,18,00,fd,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,02,00,00,01,01,\
00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WS2IFSL]
"Start"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\wscsvc]
"Type"=dword:00000020
"Start"=dword:00000002
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,65,6d,33,\
32,5c,73,76,63,68,6f,73,74,2e,65,78,65,20,2d,6b,20,6e,65,74,73,76,63,73,00
"DisplayName"="Security Center"
"DependOnService"=hex(7):52,70,63,53,73,00,77,69,6e,6d,67,6d,74,00,00
"ObjectName"="LocalSystem"
"Description"="Monitors system security settings and configurations."

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\wscsvc\Parameters]
"ServiceDll"=hex(2):25,53,59,53,54,45,4d,52,4f,4f,54,25,5c,73,79,73,74,65,6d,\
33,32,5c,77,73,63,73,76,63,2e,64,6c,6c,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\wscsvc\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,60,00,04,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,\
05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,\
00,18,00,fd,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,02,00,00,01,01,\
00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\wscsvc\Enum]
"0"="Root\\LEGACY_WSCSVC\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\wuauserv]
"Type"=dword:00000020
"Start"=dword:00000002
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,65,6d,33,\
32,5c,73,76,63,68,6f,73,74,2e,65,78,65,20,2d,6b,20,6e,65,74,73,76,63,73,00
"DisplayName"="Automatic Updates"
"ObjectName"="LocalSystem"
"Description"="Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site."

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\wuauserv\Parameters]
"ServiceDll"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,73,79,73,74,65,6d,33,32,\
5c,77,75,61,75,73,65,72,76,2e,64,6c,6c,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\wuauserv\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,60,00,04,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,\
05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,\
00,18,00,fd,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,02,00,00,01,01,\
00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\wuauserv\Enum]
"0"="Root\\LEGACY_WUAUSERV\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WZCSVC]
"Type"=dword:00000020
"Start"=dword:00000002
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,65,6d,33,\
32,5c,73,76,63,68,6f,73,74,2e,65,78,65,20,2d,6b,20,6e,65,74,73,76,63,73,00
"DisplayName"="Wireless Zero Configuration"
"Group"="TDI"
"DependOnService"=hex(7):52,70,63,53,73,00,4e,64,69,73,75,69,6f,00,00
"DependOnGroup"=hex(7):00
"ObjectName"="LocalSystem"
"Description"="Provides automatic configuration for the 802.11 adapters"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WZCSVC\Parameters]
"ServiceDll"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,65,6d,\
33,32,5c,77,7a,63,73,76,63,2e,64,6c,6c,00
"ServiceMain"="WZCSvcMain"
"ServiceDllUnloadOnStop"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WZCSVC\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,60,00,04,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,\
05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,\
00,18,00,fd,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,02,00,00,01,01,\
00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WZCSVC\Enum]
"0"="Root\\LEGACY_WZCSVC\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\xmlprov]
"DependOnService"=hex(7):52,70,63,53,73,00,00
"Description"="Manages XML configuration files on a domain basis for automatic network provisioning."
"DisplayName"="Network Provisioning Service"
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,65,6d,33,\
32,5c,73,76,63,68,6f,73,74,2e,65,78,65,20,2d,6b,20,6e,65,74,73,76,63,73,00
"ObjectName"="LocalSystem"
"Start"=dword:00000003
"Type"=dword:00000020

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\xmlprov\Parameters]
"ServiceDll"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,65,6d,\
33,32,5c,78,6d,6c,70,72,6f,76,2e,64,6c,6c,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\xmlprov\Parameters\SchemaGroups]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\xmlprov\Parameters\SchemaGroups\Branding]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\xmlprov\Parameters\SchemaGroups\Branding\http://www.microsoft.com/provisioning/Branding]
"QueryAlias"="branding"
"SchemaFile"="branding.xdr"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\xmlprov\Parameters\SchemaGroups\Connection]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\xmlprov\Parameters\SchemaGroups\Connection\http://www.microsoft.com/provisioning/BaseEapConnectionPropertiesV1]
"QueryAlias"="baseeapconnectionpropertiesv1"
"SchemaFile"="baseeapconnectionpropertiesv1.xdr"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\xmlprov\Parameters\SchemaGroups\Connection\http://www.microsoft.com/provisioning/EapConnectionPropertiesV1]
"QueryAlias"="eapconnectionpropertiesv1"
"SchemaFile"="eapconnectionpropertiesv1.xdr"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\xmlprov\Parameters\SchemaGroups\Connection\http://www.microsoft.com/provisioning/MsChapV2ConnectionPropertiesV1]
"QueryAlias"="mschapv2connectionpropertiesv1"
"SchemaFile"="mschapv2connectionpropertiesv1.xdr"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\xmlprov\Parameters\SchemaGroups\Connection\http://www.microsoft.com/provisioning/MsPeapConnectionPropertiesV1]
"QueryAlias"="mspeapconnectionpropertiesv1"
"SchemaFile"="mspeapconnectionpropertiesv1.xdr"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\xmlprov\Parameters\SchemaGroups\Help]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\xmlprov\Parameters\SchemaGroups\Help\http://www.microsoft.com/provisioning/Help]
"QueryAlias"="help"
"SchemaFile"="help.xdr"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\xmlprov\Parameters\SchemaGroups\Locations]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\xmlprov\Parameters\SchemaGroups\Locations\http://www.microsoft.com/provisioning/Locations]
"QueryAlias"="locations"
"SchemaFile"="locations.xdr"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\xmlprov\Parameters\SchemaGroups\Master]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\xmlprov\Parameters\SchemaGroups\Master\http://www.microsoft.com/provisioning/Master]
"QueryAlias"="master"
"SchemaFile"="masterfile.xdr"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\xmlprov\Parameters\SchemaGroups\Register]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\xmlprov\Parameters\SchemaGroups\Register\http://www.microsoft.com/provisioning/Register]
"QueryAlias"="register"
"SchemaFile"="register.xdr"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\xmlprov\Parameters\SchemaGroups\SSID]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\xmlprov\Parameters\SchemaGroups\SSID\http://www.microsoft.com/provisioning/SSID]
"QueryAlias"="ssid"
"SchemaFile"="ssid.xdr"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\xmlprov\Parameters\SchemaGroups\User]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\xmlprov\Parameters\SchemaGroups\User\http://www.microsoft.com/provisioning/BaseEapUserPropertiesV1]
"QueryAlias"="baseeapuserpropertiesv1"
"SchemaFile"="baseeapuserpropertiesv1.xdr"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\xmlprov\Parameters\SchemaGroups\User\http://www.microsoft.com/provisioning/EapUserPropertiesV1]
"QueryAlias"="eapuserpropertiesv1"
"SchemaFile"="eapuserpropertiesv1.xdr"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\xmlprov\Parameters\SchemaGroups\User\http://www.microsoft.com/provisioning/MsChapV2UserPropertiesV1]
"QueryAlias"="mschapv2userpropertiesv1"
"SchemaFile"="mschapv2userpropertiesv1.xdr"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\xmlprov\Parameters\SchemaGroups\User\http://www.microsoft.com/provisioning/MsPeapUserPropertiesV1]
"QueryAlias"="mspeapuserpropertiesv1"
"SchemaFile"="mspeapuserpropertiesv1.xdr"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\xmlprov\Parameters\SchemaGroups\WirelessProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\xmlprov\Parameters\SchemaGroups\WirelessProfile\http://www.microsoft.com/provisioning/WirelessProfile]
"QueryAlias"="wirelessprofile"
"SchemaFile"="wirelessprofile.xdr"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{AEC81411-BE1E-4DE1-BB79-D79261782333}]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{AEC81411-BE1E-4DE1-BB79-D79261782333}\Parameters]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{AEC81411-BE1E-4DE1-BB79-D79261782333}\Parameters\Tcpip]
"EnableDHCP"=dword:00000001
"IPAddress"=hex(7):30,2e,30,2e,30,2e,30,00,00
"SubnetMask"=hex(7):30,2e,30,2e,30,2e,30,00,00
"DefaultGateway"=hex(7):00
"DhcpIPAddress"="192.168.0.73"
"DhcpSubnetMask"="255.255.255.0"
"DhcpServer"="192.168.0.1"
"Lease"=dword:00093a80
"LeaseObtainedTime"=dword:422dfc27
"T1"=dword:422dfd53
"T2"=dword:4234e807
"LeaseTerminatesTime"=dword:423736a7

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{CE5FA0D0-384D-4387-9E47-D25184030D99}]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{CE5FA0D0-384D-4387-9E47-D25184030D99}\Parameters]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{CE5FA0D0-384D-4387-9E47-D25184030D99}\Parameters\Tcpip]
"EnableDHCP"=dword:00000001
"IPAddress"=hex(7):30,2e,30,2e,30,2e,30,00,00
"SubnetMask"=hex(7):30,2e,30,2e,30,2e,30,00,00
"DefaultGateway"=hex(7):00
"DhcpIPAddress"="82.32.104.229"
"DhcpSubnetMask"="255.255.248.0"
"DhcpServer"="62.30.64.114"
"Lease"=dword:00015180
"LeaseObtainedTime"=dword:46548214
"T1"=dword:46552ad4
"T2"=dword:4655a964
"LeaseTerminatesTime"=dword:4655d394
"DhcpDefaultGateway"=hex(7):38,32,2e,33,32,2e,31,30,34,2e,31,00,00
"DhcpSubnetMaskOpt"=hex(7):32,35,35,2e,32,35,35,2e,32,34,38,2e,30,00,00
brispie
2007-05-24, 00:26
This is all from regkey. Regperms was empty.
Shaba
2007-05-24, 17:23
Hi

Let's try this next:

Download registrar lite and install it -> http://www.majorgeeks.com/download469.html

Copy this to address field and press Go:

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_CMDSERVICE

Right-click key and choose properties. Click "Take ownership". After that, delete it (right-click -> delete)

If no success, try things above to subkey(s) first, that one below considering that particular key:

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_CMDSERVICE\0000

Repeat steps for keys below.

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\cmdService
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_CMDSERVICE
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cmdService

Run another search for cmdService with registry search tool and post results.
brispie
2007-05-24, 20:02
1&2 deleted OK. 3 was 'Access Denied'. 4&5 didn't appear.

REGEDIT4
; RegSrch.vbs © Bill James

; Registry search results for string "cmdService" 24/05/2007 19:02:08

; NOTE: This file will be deleted when you close WordPad.
; You must manually save this file to a new location if you want to refer to it again later.
; (If you save the file with a .reg extension, you can use it to restore any Registry changes you make to these values.)


[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_CMDSERVICE]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_CMDSERVICE\0000]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_CMDSERVICE\0000]
"Service"="cmdService"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\cmdService]

[HKEY_USERS\S-1-5-21-1606980848-1547161642-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Applets\Regedit]
"LastKey"="My Computer\\HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\cmdService"

[HKEY_USERS\S-1-5-21-1606980848-1547161642-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\zip]
"a"="C:\\Documents and Settings\\PHIL\\Desktop\\delcmdservice.zip"

[HKEY_USERS\S-1-5-21-1606980848-1547161642-1801674531-1003\Software\Resplendence Sp\Registrar Lite\Settings]
"LastOpenedKey"="HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet002\\Enum\\Root\\LEGACY_CMDSERVICE"

[HKEY_USERS\S-1-5-21-1606980848-1547161642-1801674531-1003\Software\WinRAR\ArcHistory]
"2"="C:\\Documents and Settings\\PHIL\\Desktop\\delcmdservice.zip"

"3"="C:\\Documents and Settings\\PHIL\\Local Settings\\Temporary Internet Files\\Content.IE5\\WLIRO5U3\\delcmdservice[1].zip"
Shaba
2007-05-24, 20:08
Hi

Great, some progress :)

Then next try same steps as above for:

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_CMDSERVICE
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\cmdService

If no success, try things above to subkey(s) first, that one below considering that particular key:

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_CMDSERVICE\0000

Run another search for cmdService with registry search tool and post results.
brispie
2007-05-24, 21:56
All done?

REGEDIT4
; RegSrch.vbs © Bill James

; Registry search results for string "cmdService" 24/05/2007 20:56:02

; NOTE: This file will be deleted when you close WordPad.
; You must manually save this file to a new location if you want to refer to it again later.
; (If you save the file with a .reg extension, you can use it to restore any Registry changes you make to these values.)


[HKEY_USERS\S-1-5-21-1606980848-1547161642-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Applets\Regedit]
"LastKey"="My Computer\\HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\cmdService"

[HKEY_USERS\S-1-5-21-1606980848-1547161642-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\zip]
"a"="C:\\Documents and Settings\\PHIL\\Desktop\\delcmdservice.zip"

[HKEY_USERS\S-1-5-21-1606980848-1547161642-1801674531-1003\Software\WinRAR\ArcHistory]
"2"="C:\\Documents and Settings\\PHIL\\Desktop\\delcmdservice.zip"

"3"="C:\\Documents and Settings\\PHIL\\Local Settings\\Temporary Internet Files\\Content.IE5\\WLIRO5U3\\delcmdservice[1].zip"
Shaba
2007-05-25, 08:21
Hi

Yes, it looks like so :)

Let's run one online scan:

Please do an online scan with Kaspersky Online Scanner (http://www.kaspersky.com/downloads/kws/kavwebscan.html). You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
The program will launch and then start to download the latest definition files.
Once the scanner is installed and the definitions downloaded, click Next.
Now click on Scan Settings
In the scan settings make sure that the following are selected:

o Scan using the following Anti-Virus database:

+ Extended (If available otherwise Standard)

o Scan Options:

+ Scan Archives
+ Scan Mail Bases

Click OK
Now under select a target to scan select My Computer
The scan will take a while so be patient and let it run. Once the scan is complete it will display if your system has been infected.
Now click on the Save as Text button
Save the file to your desktop.
Copy and paste that information in your next post.

Post:

- a fresh HijackThis log
- kaspersky report
brispie
2007-05-25, 21:14
I can't install it as I apparently haven't got administrator rights.

Don't understand why not as this is a home pc.

What do I need to do?
Shaba
2007-05-26, 11:02
Hi

Please download SWWhoAmI (http://www.xs4all.nl/~fstaal01/downloads/swwhoami.exe) and save it to your Desktop.

Launch Notepad, and copy/paste the box below into a new text file. Save it as Export.bat and save it on your Desktop.



swwhoami > Output.txt
notepad Output.txt

Locate Export.bat on your Desktop and double-click on it. It will open Notepad with some text in it. Please post the text here.
brispie
2007-05-26, 15:34
Username: PHIL\PHIL
SID: S-1-5-21-1606980848-1547161642-1801674531
Days since last password change: 808
Privilege: 2 (USER_PRIV_ADMIN)
Home directory:
Comment: ''
Flags: 66049 (UF_SCRIPT, UF_NORMAL_ACCOUNT, UF_DONT_EXPIRE_PASSWD)
Script path:
Operator privilege: 0 ()
Full name:
User comment: ''
Parms: ''
Workstations:
Last logon time: 26 May 2007 07:37:05
Last logoff time: unknown
Account expires: never
Maximum discspace: unlimited
Units per week: 168
Logonhours: 0xFF 0xFF 0xFF 0xFF 0xFF 0xFF 0xFF
0xFF 0xFF 0xFF 0xFF 0xFF 0xFF 0xFF
0xFF 0xFF 0xFF 0xFF 0xFF 0xFF 0xFF
Bad password count: 0
Total logins count: 2508
Logonserver: \\*
Countrycode: 0
Codepage: 0
User ID: 1003
Primary Group ID: 513
Profile path:
Home directory:
Password is not expired

Groups: ----------------------------------------------------------------------
PHIL\None (S-1-5-21-1606980848-1547161642-1801674531-513)
Everyone (S-1-1-0)
PHIL\Administrators (S-1-5-32-544)
PHIL\Users (S-1-5-32-545)
NT AUTHORITY\INTERACTIVE (S-1-5-4)
NT AUTHORITY\Authenticated Users (S-1-5-11)
<??> (S-1-5-5-0-51402)
LOCAL (S-1-2-0)

Privileges: ------------------------------------------------------------------
(0) SeTakeOwnershipPrivilege = Take ownership of files or other objects
(0) SeCreateTokenPrivilege = Create a token object
(0) SeAssignPrimaryTokenPrivilege = Replace a process level token
(0) SeLockMemoryPrivilege = Lock pages in memory
(0) SeIncreaseQuotaPrivilege = Adjust memory quotas for a process
(0) SeUnsolicitedInputPrivilege = SeUnsolicitedInputPrivilege
(0) SeMachineAccountPrivilege = Add workstations to domain
(0) SeTcbPrivilege = Act as part of the operating system
(0) SeSecurityPrivilege = Manage auditing and security log
(0) SeTakeOwnershipPrivilege = Take ownership of files or other objects
(X) SeLoadDriverPrivilege = Load and unload device drivers
(0) SeSystemProfilePrivilege = Profile system performance
(0) SeSystemtimePrivilege = Change the system time
(0) SeProfileSingleProcessPrivilege = Profile single process
(0) SeIncreaseBasePriorityPrivilege = Increase scheduling priority
(0) SeCreatePagefilePrivilege = Create a pagefile
(0) SeCreatePermanentPrivilege = Create permanent shared objects
(0) SeBackupPrivilege = Back up files and directories
(0) SeRestorePrivilege = Restore files and directories
(0) SeShutdownPrivilege = Shut down the system
(0) SeDebugPrivilege = Debug programs
(0) SeAuditPrivilege = Generate security audits
(0) SeSystemEnvironmentPrivilege = Modify firmware environment values
(X) SeChangeNotifyPrivilege = Bypass traverse checking
(0) SeRemoteShutdownPrivilege = Force shutdown from a remote system
(X) SeUndockPrivilege = Remove computer from docking station
(0) SeSyncAgentPrivilege = Synchronize directory service data
(0) SeEnableDelegationPrivilege = Enable computer and user accounts to be trusted for delegation
(0) SeManageVolumePrivilege = Perform volume maintenance tasks
(X) SeImpersonatePrivilege = Impersonate a client after authentication
(X) SeCreateGlobalPrivilege = Create global objects

Environment variables: -------------------------------------------------------
ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\PHIL\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=PHIL
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\PHIL
LOGONSERVER=\\PHIL
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\ATI Technologies\ATI Control Panel;"C:\Program Files\Symantec\Norton Ghost 2003\"
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 8 Stepping 1, AuthenticAMD
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0801
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\PHIL\LOCALS~1\Temp
TMP=C:\DOCUME~1\PHIL\LOCALS~1\Temp
USERDOMAIN=PHIL
USERNAME=PHIL
USERPROFILE=C:\Documents and Settings\PHIL
windir=C:\WINDOWS
Shaba
2007-05-26, 17:54
Hi

Yes, there are almost all priviledges missing so no wonder that kaspersky failed.

Please download NTrights.zip.
http://koti.mbnet.fi/illukka/NTrights.zip
Save it on your desktop.
Unzip/extract it.
Open the NTrights-folder

Copy text below to Notepad and save it as addperms.bat (save it as all files, *.* and to Ntrights-folder you previously extracted)

@ECHO OFF
ntrights +r SeDebugPrivilege -u Phil >>log.txt
ntrights +r SeTakeOwnershipPrivilege -u Phil >>log.txt
ntrights +r SeCreateTokenPrivilege -u Phil >>log.txt
ntrights +r SeAssignPrimaryTokenPrivilege -u Phil >>log.txt
ntrights +r SeIncreaseQuotaPrivilege -u Phil >>log.txt
ntrights +r SeLockMemoryPrivilege -u Phil >>log.txt
ntrights +r SeUnsolicitedInputPrivilege -u Phil >>log.txt
ntrights +r SeMachineAccountPrivilege -u Phil >>log.txt
ntrights +r SeTcbPrivilege -u Phil >>log.txt
ntrights +r SeSecurityPrivilege -u Phil >>log.txt
ntrights +r SeSystemProfilePrivilege -u Phil >>log.txt
ntrights +r SeSystemtimePrivilege -u Phil >>log.txt
ntrights +r SeProfileSingleProcessPrivilege -u Phil >>log.txt
ntrights +r SeIncreaseBasePriorityPrivilege -u Phil >>log.txt
ntrights +r SeCreatePagefilePrivilege -u Phil >>log.txt
ntrights +r SeCreatePermanentPrivilege -u Phil >>log.txt
ntrights +r SeBackupPrivilege -u Phil >>log.txt
ntrights +r SeRestorePrivilege -u Phil >>log.txt
ntrights +r SeShutdownPrivilege -u Phil >>log.txt
ntrights +r SeAuditPrivilege -u Phil >>log.txt
ntrights +r SeSystemEnvironmentPrivilege -u Phil >>log.txt
ntrights +r SeRemoteShutdownPrivilege -u Phil >>log.txt
ntrights +r SeSyncAgentPrivilege -u Phil >>log.txt
ntrights +r SeEnableDelegationPrivilege -u Phil >>log.txt
ntrights +r SeManageVolumePrivilege -u Phil >>log.txt
now done >>log.txt
@echo.
@echo.
@echo.

start log.txt

It should look like this -> http://users.telenet.be/bluepatchy/miekiemoes/images/bat.JPG

Double click on the addperms.bat file to run it, follow any prompts it asks.
REBOOT
Doubleclick the addperms.bat again after reboot.
It will create a log.
If the log says:
"Granting SeDebugPrivilege to Administrators ... successful" etc. things should be ok.

Re-run export.bat and post its contents here, please
brispie
2007-05-28, 14:27
Username: PHIL\PHIL
SID: S-1-5-21-1606980848-1547161642-1801674531
Days since last password change: 810
Privilege: 2 (USER_PRIV_ADMIN)
Home directory:
Comment: ''
Flags: 66049 (UF_SCRIPT, UF_NORMAL_ACCOUNT, UF_DONT_EXPIRE_PASSWD)
Script path:
Operator privilege: 0 ()
Full name:
User comment: ''
Parms: ''
Workstations:
Last logon time: 28 May 2007 12:24:06
Last logoff time: unknown
Account expires: never
Maximum discspace: unlimited
Units per week: 168
Logonhours: 0xFF 0xFF 0xFF 0xFF 0xFF 0xFF 0xFF
0xFF 0xFF 0xFF 0xFF 0xFF 0xFF 0xFF
0xFF 0xFF 0xFF 0xFF 0xFF 0xFF 0xFF
Bad password count: 0
Total logins count: 2516
Logonserver: \\*
Countrycode: 0
Codepage: 0
User ID: 1003
Primary Group ID: 513
Profile path:
Home directory:
Password is not expired

Groups: ----------------------------------------------------------------------
PHIL\None (S-1-5-21-1606980848-1547161642-1801674531-513)
Everyone (S-1-1-0)
PHIL\Administrators (S-1-5-32-544)
PHIL\Users (S-1-5-32-545)
NT AUTHORITY\INTERACTIVE (S-1-5-4)
NT AUTHORITY\Authenticated Users (S-1-5-11)
<??> (S-1-5-5-0-51492)
LOCAL (S-1-2-0)

Privileges: ------------------------------------------------------------------
(0) SeTakeOwnershipPrivilege = Take ownership of files or other objects
(0) SeCreateTokenPrivilege = Create a token object
(0) SeAssignPrimaryTokenPrivilege = Replace a process level token
(0) SeLockMemoryPrivilege = Lock pages in memory
(0) SeIncreaseQuotaPrivilege = Adjust memory quotas for a process
(0) SeUnsolicitedInputPrivilege = SeUnsolicitedInputPrivilege
(0) SeMachineAccountPrivilege = Add workstations to domain
(0) SeTcbPrivilege = Act as part of the operating system
(0) SeSecurityPrivilege = Manage auditing and security log
(0) SeTakeOwnershipPrivilege = Take ownership of files or other objects
(X) SeLoadDriverPrivilege = Load and unload device drivers
(0) SeSystemProfilePrivilege = Profile system performance
(0) SeSystemtimePrivilege = Change the system time
(0) SeProfileSingleProcessPrivilege = Profile single process
(0) SeIncreaseBasePriorityPrivilege = Increase scheduling priority
(0) SeCreatePagefilePrivilege = Create a pagefile
(0) SeCreatePermanentPrivilege = Create permanent shared objects
(0) SeBackupPrivilege = Back up files and directories
(0) SeRestorePrivilege = Restore files and directories
(0) SeShutdownPrivilege = Shut down the system
(0) SeDebugPrivilege = Debug programs
(0) SeAuditPrivilege = Generate security audits
(0) SeSystemEnvironmentPrivilege = Modify firmware environment values
(X) SeChangeNotifyPrivilege = Bypass traverse checking
(0) SeRemoteShutdownPrivilege = Force shutdown from a remote system
(X) SeUndockPrivilege = Remove computer from docking station
(0) SeSyncAgentPrivilege = Synchronize directory service data
(0) SeEnableDelegationPrivilege = Enable computer and user accounts to be trusted for delegation
(0) SeManageVolumePrivilege = Perform volume maintenance tasks
(X) SeImpersonatePrivilege = Impersonate a client after authentication
(X) SeCreateGlobalPrivilege = Create global objects

Environment variables: -------------------------------------------------------
ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\PHIL\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=PHIL
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\PHIL
LOGONSERVER=\\PHIL
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\ATI Technologies\ATI Control Panel;"C:\Program Files\Symantec\Norton Ghost 2003\"
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 8 Stepping 1, AuthenticAMD
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0801
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\PHIL\LOCALS~1\Temp
TMP=C:\DOCUME~1\PHIL\LOCALS~1\Temp
USERDOMAIN=PHIL
USERNAME=PHIL
USERPROFILE=C:\Documents and Settings\PHIL
windir=C:\WINDOWS
Shaba
2007-05-28, 16:21
Hi

Ok, let's modify bat a bit:

Please download NTrights.zip.
http://koti.mbnet.fi/illukka/NTrights.zip
Save it on your desktop.
Unzip/extract it.
Open the NTrights-folder

Copy text below to Notepad and save it as addperms.bat (save it as all files, *.* and to Ntrights-folder you previously extracted)

@ECHO OFF
ntrights +r SeDebugPrivilege -u PHIL >>log.txt
ntrights +r SeTakeOwnershipPrivilege -u PHIL >>log.txt
ntrights +r SeCreateTokenPrivilege -u PHIL >>log.txt
ntrights +r SeAssignPrimaryTokenPrivilege -u PHIL >>log.txt
ntrights +r SeIncreaseQuotaPrivilege -u PHIL >>log.txt
ntrights +r SeLockMemoryPrivilege -u PHIL >>log.txt
ntrights +r SeUnsolicitedInputPrivilege -u PHIL >>log.txt
ntrights +r SeMachineAccountPrivilege -u PHIL >>log.txt
ntrights +r SeTcbPrivilege -u PHIL >>log.txt
ntrights +r SeSecurityPrivilege -u PHIL >>log.txt
ntrights +r SeSystemProfilePrivilege -u PHIL >>log.txt
ntrights +r SeSystemtimePrivilege -u PHIL >>log.txt
ntrights +r SeProfileSingleProcessPrivilege -u PHIL >>log.txt
ntrights +r SeIncreaseBasePriorityPrivilege -u PHIL >>log.txt
ntrights +r SeCreatePagefilePrivilege -u PHIL >>log.txt
ntrights +r SeCreatePermanentPrivilege -u PHILl >>log.txt
ntrights +r SeBackupPrivilege -u PHIL >>log.txt
ntrights +r SeRestorePrivilege -u PHIL >>log.txt
ntrights +r SeShutdownPrivilege -u PHIL >>log.txt
ntrights +r SeAuditPrivilege -u PHIL >>log.txt
ntrights +r SeSystemEnvironmentPrivilege -u PHIL >>log.txt
ntrights +r SeRemoteShutdownPrivilege -u PHIL >>log.txt
ntrights +r SeSyncAgentPrivilege -u PHIL >>log.txt
ntrights +r SeEnableDelegationPrivilege -u PHIL >>log.txt
ntrights +r SeManageVolumePrivilege -u PHIL >>log.txt
now done >>log.txt
@echo.
@echo.
@echo.

start log.txt

It should look like this -> http://users.telenet.be/bluepatchy/miekiemoes/images/bat.JPG

Double click on the addperms.bat file to run it, follow any prompts it asks.
REBOOT
Doubleclick the addperms.bat again after reboot.
It will create a log.
brispie
2007-05-28, 21:02
Hi.

Wasn't sure which log you wanted to see. This is the addperms log.

Granting SeDebugPrivilege to Phil ... successful
Granting SeTakeOwnershipPrivilege to Phil ... successful
Granting SeCreateTokenPrivilege to Phil ... successful
Granting SeAssignPrimaryTokenPrivilege to Phil ... successful
Granting SeIncreaseQuotaPrivilege to Phil ... successful
Granting SeLockMemoryPrivilege to Phil ... successful
Granting SeUnsolicitedInputPrivilege to Phil ... failed
AddUserRightToAccount:

***Error*** AddUserRightToAccount -1073741728
Granting SeMachineAccountPrivilege to Phil ... successful
Granting SeTcbPrivilege to Phil ... successful
Granting SeSecurityPrivilege to Phil ... successful
Granting SeSystemProfilePrivilege to Phil ... successful
Granting SeSystemtimePrivilege to Phil ... successful
Granting SeProfileSingleProcessPrivilege to Phil ... successful
Granting SeIncreaseBasePriorityPrivilege to Phil ... successful
Granting SeCreatePagefilePrivilege to Phil ... successful
Granting SeCreatePermanentPrivilege to Phil ... successful
Granting SeBackupPrivilege to Phil ... successful
Granting SeRestorePrivilege to Phil ... successful
Granting SeShutdownPrivilege to Phil ... successful
Granting SeAuditPrivilege to Phil ... successful
Granting SeSystemEnvironmentPrivilege to Phil ... successful
Granting SeRemoteShutdownPrivilege to Phil ... successful
Granting SeSyncAgentPrivilege to Phil ... successful
Granting SeEnableDelegationPrivilege to Phil ... successful
Granting SeManageVolumePrivilege to Phil ... successful

Mon May 28 13:22:23 2007 -- done
Granting SeDebugPrivilege to Phil ... successful
Granting SeTakeOwnershipPrivilege to Phil ... successful
Granting SeCreateTokenPrivilege to Phil ... successful
Granting SeAssignPrimaryTokenPrivilege to Phil ... successful
Granting SeIncreaseQuotaPrivilege to Phil ... successful
Granting SeLockMemoryPrivilege to Phil ... successful
Granting SeUnsolicitedInputPrivilege to Phil ... failed
AddUserRightToAccount:

***Error*** AddUserRightToAccount -1073741728
Granting SeMachineAccountPrivilege to Phil ... successful
Granting SeTcbPrivilege to Phil ... successful
Granting SeSecurityPrivilege to Phil ... successful
Granting SeSystemProfilePrivilege to Phil ... successful
Granting SeSystemtimePrivilege to Phil ... successful
Granting SeProfileSingleProcessPrivilege to Phil ... successful
Granting SeIncreaseBasePriorityPrivilege to Phil ... successful
Granting SeCreatePagefilePrivilege to Phil ... successful
Granting SeCreatePermanentPrivilege to Phil ... successful
Granting SeBackupPrivilege to Phil ... successful
Granting SeRestorePrivilege to Phil ... successful
Granting SeShutdownPrivilege to Phil ... successful
Granting SeAuditPrivilege to Phil ... successful
Granting SeSystemEnvironmentPrivilege to Phil ... successful
Granting SeRemoteShutdownPrivilege to Phil ... successful
Granting SeSyncAgentPrivilege to Phil ... successful
Granting SeEnableDelegationPrivilege to Phil ... successful
Granting SeManageVolumePrivilege to Phil ... successful

Mon May 28 13:26:54 2007 -- done
Granting SeDebugPrivilege to PHIL ... successful
Granting SeTakeOwnershipPrivilege to PHIL ... successful
Granting SeCreateTokenPrivilege to PHIL ... successful
Granting SeAssignPrimaryTokenPrivilege to PHIL ... successful
Granting SeIncreaseQuotaPrivilege to PHIL ... successful
Granting SeLockMemoryPrivilege to PHIL ... successful
Granting SeUnsolicitedInputPrivilege to PHIL ... failed
AddUserRightToAccount:

***Error*** AddUserRightToAccount -1073741728
Granting SeMachineAccountPrivilege to PHIL ... successful
Granting SeTcbPrivilege to PHIL ... successful
Granting SeSecurityPrivilege to PHIL ... successful
Granting SeSystemProfilePrivilege to PHIL ... successful
Granting SeSystemtimePrivilege to PHIL ... successful
Granting SeProfileSingleProcessPrivilege to PHIL ... successful
Granting SeIncreaseBasePriorityPrivilege to PHIL ... successful
Granting SeCreatePagefilePrivilege to PHIL ... successful
Granting SeCreatePermanentPrivilege to PHILl ... failed (GetAccountSid(PHILl)=1332
Granting SeBackupPrivilege to PHIL ... successful
Granting SeRestorePrivilege to PHIL ... successful
Granting SeShutdownPrivilege to PHIL ... successful
Granting SeAuditPrivilege to PHIL ... successful
Granting SeSystemEnvironmentPrivilege to PHIL ... successful
Granting SeRemoteShutdownPrivilege to PHIL ... successful
Granting SeSyncAgentPrivilege to PHIL ... successful
Granting SeEnableDelegationPrivilege to PHIL ... successful
Granting SeManageVolumePrivilege to PHIL ... successful

Mon May 28 19:59:02 2007 -- done
Granting SeDebugPrivilege to PHIL ... successful
Granting SeTakeOwnershipPrivilege to PHIL ... successful
Granting SeCreateTokenPrivilege to PHIL ... successful
Granting SeAssignPrimaryTokenPrivilege to PHIL ... successful
Granting SeIncreaseQuotaPrivilege to PHIL ... successful
Granting SeLockMemoryPrivilege to PHIL ... successful
Granting SeUnsolicitedInputPrivilege to PHIL ... failed
AddUserRightToAccount:

***Error*** AddUserRightToAccount -1073741728
Granting SeMachineAccountPrivilege to PHIL ... successful
Granting SeTcbPrivilege to PHIL ... successful
Granting SeSecurityPrivilege to PHIL ... successful
Granting SeSystemProfilePrivilege to PHIL ... successful
Granting SeSystemtimePrivilege to PHIL ... successful
Granting SeProfileSingleProcessPrivilege to PHIL ... successful
Granting SeIncreaseBasePriorityPrivilege to PHIL ... successful
Granting SeCreatePagefilePrivilege to PHIL ... successful
Granting SeCreatePermanentPrivilege to PHILl ... failed (GetAccountSid(PHILl)=1332
Granting SeBackupPrivilege to PHIL ... successful
Granting SeRestorePrivilege to PHIL ... successful
Granting SeShutdownPrivilege to PHIL ... successful
Granting SeAuditPrivilege to PHIL ... successful
Granting SeSystemEnvironmentPrivilege to PHIL ... successful
Granting SeRemoteShutdownPrivilege to PHIL ... successful
Granting SeSyncAgentPrivilege to PHIL ... successful
Granting SeEnableDelegationPrivilege to PHIL ... successful
Granting SeManageVolumePrivilege to PHIL ... successful

Mon May 28 20:01:03 2007 -- done
Shaba
2007-05-29, 08:11
Hi

I want you to re-run SWWhoami and post its log here :)

That log you posted looks good.
brispie
2007-05-29, 10:14
Is this the one?

Username: PHIL\PHIL
SID: S-1-5-21-1606980848-1547161642-1801674531
Days since last password change: 811
Privilege: 2 (USER_PRIV_ADMIN)
Home directory:
Comment: ''
Flags: 66049 (UF_SCRIPT, UF_NORMAL_ACCOUNT, UF_DONT_EXPIRE_PASSWD)
Script path:
Operator privilege: 0 ()
Full name:
User comment: ''
Parms: ''
Workstations:
Last logon time: 29 May 2007 07:01:04
Last logoff time: unknown
Account expires: never
Maximum discspace: unlimited
Units per week: 168
Logonhours: 0xFF 0xFF 0xFF 0xFF 0xFF 0xFF 0xFF
0xFF 0xFF 0xFF 0xFF 0xFF 0xFF 0xFF
0xFF 0xFF 0xFF 0xFF 0xFF 0xFF 0xFF
Bad password count: 0
Total logins count: 2520
Logonserver: \\*
Countrycode: 0
Codepage: 0
User ID: 1003
Primary Group ID: 513
Profile path:
Home directory:
Password is not expired

Groups: ----------------------------------------------------------------------
PHIL\None (S-1-5-21-1606980848-1547161642-1801674531-513)
Everyone (S-1-1-0)
PHIL\Administrators (S-1-5-32-544)
PHIL\Users (S-1-5-32-545)
NT AUTHORITY\INTERACTIVE (S-1-5-4)
NT AUTHORITY\Authenticated Users (S-1-5-11)
<??> (S-1-5-5-0-51320)
LOCAL (S-1-2-0)

Privileges: ------------------------------------------------------------------
(0) SeTakeOwnershipPrivilege = Take ownership of files or other objects
(0) SeCreateTokenPrivilege = Create a token object
(0) SeAssignPrimaryTokenPrivilege = Replace a process level token
(0) SeLockMemoryPrivilege = Lock pages in memory
(0) SeIncreaseQuotaPrivilege = Adjust memory quotas for a process
(0) SeUnsolicitedInputPrivilege = SeUnsolicitedInputPrivilege
(0) SeMachineAccountPrivilege = Add workstations to domain
(0) SeTcbPrivilege = Act as part of the operating system
(0) SeSecurityPrivilege = Manage auditing and security log
(0) SeTakeOwnershipPrivilege = Take ownership of files or other objects
(X) SeLoadDriverPrivilege = Load and unload device drivers
(0) SeSystemProfilePrivilege = Profile system performance
(0) SeSystemtimePrivilege = Change the system time
(0) SeProfileSingleProcessPrivilege = Profile single process
(0) SeIncreaseBasePriorityPrivilege = Increase scheduling priority
(0) SeCreatePagefilePrivilege = Create a pagefile
(0) SeCreatePermanentPrivilege = Create permanent shared objects
(0) SeBackupPrivilege = Back up files and directories
(0) SeRestorePrivilege = Restore files and directories
(0) SeShutdownPrivilege = Shut down the system
(0) SeDebugPrivilege = Debug programs
(0) SeAuditPrivilege = Generate security audits
(0) SeSystemEnvironmentPrivilege = Modify firmware environment values
(X) SeChangeNotifyPrivilege = Bypass traverse checking
(0) SeRemoteShutdownPrivilege = Force shutdown from a remote system
(X) SeUndockPrivilege = Remove computer from docking station
(0) SeSyncAgentPrivilege = Synchronize directory service data
(0) SeEnableDelegationPrivilege = Enable computer and user accounts to be trusted for delegation
(0) SeManageVolumePrivilege = Perform volume maintenance tasks
(X) SeImpersonatePrivilege = Impersonate a client after authentication
(X) SeCreateGlobalPrivilege = Create global objects

Environment variables: -------------------------------------------------------
ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\PHIL\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=PHIL
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\PHIL
LOGONSERVER=\\PHIL
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\ATI Technologies\ATI Control Panel;"C:\Program Files\Symantec\Norton Ghost 2003\"
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 8 Stepping 1, AuthenticAMD
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0801
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\PHIL\LOCALS~1\Temp
TMP=C:\DOCUME~1\PHIL\LOCALS~1\Temp
USERDOMAIN=PHIL
USERNAME=PHIL
USERPROFILE=C:\Documents and Settings\PHIL
windir=C:\WINDOWS
Shaba
2007-05-29, 11:40
Hi

Yes, that's the one.

No success however.

Copy text below to Notepad and save it as addperms2.bat (save it as all files, *.*, and to Ntrights-folder you previously extracted)

@ECHO OFF
ntrights +r SeDebugPrivilege -u Administrators >>log.txt
ntrights +r SeTakeOwnershipPrivilege -u Administrators >>log.txt
ntrights +r SeCreateTokenPrivilege -u Administrators >>log.txt
ntrights +r SeAssignPrimaryTokenPrivilege -u Administrators >>log.txt
ntrights +r SeIncreaseQuotaPrivilege -u Administrators >>log.txt
ntrights +r SeLockMemoryPrivilege -u Administrators >>log.txt
ntrights +r SeUnsolicitedInputPrivilege -u Administrators >>log.txt
ntrights +r SeMachineAccountPrivilege -u Administrators >>log.txt
ntrights +r SeTcbPrivilege -u Administrators >>log.txt
ntrights +r SeSecurityPrivilege -u Administrators >>log.txt
ntrights +r SeSystemProfilePrivilege -u Administrators >>log.txt
ntrights +r SeSystemtimePrivilege -u Administrators >>log.txt
ntrights +r SeProfileSingleProcessPrivilege -u Administrators >>log.txt
ntrights +r SeIncreaseBasePriorityPrivilege -u Administrators >>log.txt
ntrights +r SeCreatePagefilePrivilege -u Administrators >>log.txt
ntrights +r SeCreatePermanentPrivilege -u Administratorsl >>log.txt
ntrights +r SeBackupPrivilege -u Administrators >>log.txt
ntrights +r SeRestorePrivilege -u Administrators >>log.txt
ntrights +r SeShutdownPrivilege -u Administrators >>log.txt
ntrights +r SeAuditPrivilege -u Administrators >>log.txt
ntrights +r SeSystemEnvironmentPrivilege -u Administrators >>log.txt
ntrights +r SeRemoteShutdownPrivilege -u Administrators >>log.txt
ntrights +r SeSyncAgentPrivilege -u Administrators >>log.txt
ntrights +r SeEnableDelegationPrivilege -u Administrators >>log.txt
ntrights +r SeManageVolumePrivilege -u Administrators >>log.txt
now done >>log.txt
@echo.
@echo.
@echo.

Double click on the addperms2.bat file to run it, follow any prompts it asks.
REBOOT
Doubleclick the addperms.bat again after reboot.
It will create a log

Re-run export.bat and post its contents here, please
brispie
2007-05-29, 20:25
At this stage I feel I should point out that when I double click on addperms/addperms2 it never asks me to do anything.

Username: PHIL\PHIL
SID: S-1-5-21-1606980848-1547161642-1801674531
Days since last password change: 812
Privilege: 2 (USER_PRIV_ADMIN)
Home directory:
Comment: ''
Flags: 66049 (UF_SCRIPT, UF_NORMAL_ACCOUNT, UF_DONT_EXPIRE_PASSWD)
Script path:
Operator privilege: 0 ()
Full name:
User comment: ''
Parms: ''
Workstations:
Last logon time: 29 May 2007 18:22:54
Last logoff time: unknown
Account expires: never
Maximum discspace: unlimited
Units per week: 168
Logonhours: 0xFF 0xFF 0xFF 0xFF 0xFF 0xFF 0xFF
0xFF 0xFF 0xFF 0xFF 0xFF 0xFF 0xFF
0xFF 0xFF 0xFF 0xFF 0xFF 0xFF 0xFF
Bad password count: 0
Total logins count: 2522
Logonserver: \\*
Countrycode: 0
Codepage: 0
User ID: 1003
Primary Group ID: 513
Profile path:
Home directory:
Password is not expired

Groups: ----------------------------------------------------------------------
PHIL\None (S-1-5-21-1606980848-1547161642-1801674531-513)
Everyone (S-1-1-0)
PHIL\Administrators (S-1-5-32-544)
PHIL\Users (S-1-5-32-545)
NT AUTHORITY\INTERACTIVE (S-1-5-4)
NT AUTHORITY\Authenticated Users (S-1-5-11)
<??> (S-1-5-5-0-51470)
LOCAL (S-1-2-0)

Privileges: ------------------------------------------------------------------
(0) SeTakeOwnershipPrivilege = Take ownership of files or other objects
(0) SeCreateTokenPrivilege = Create a token object
(0) SeAssignPrimaryTokenPrivilege = Replace a process level token
(0) SeLockMemoryPrivilege = Lock pages in memory
(0) SeIncreaseQuotaPrivilege = Adjust memory quotas for a process
(0) SeUnsolicitedInputPrivilege = SeUnsolicitedInputPrivilege
(0) SeMachineAccountPrivilege = Add workstations to domain
(0) SeTcbPrivilege = Act as part of the operating system
(0) SeSecurityPrivilege = Manage auditing and security log
(0) SeTakeOwnershipPrivilege = Take ownership of files or other objects
(X) SeLoadDriverPrivilege = Load and unload device drivers
(0) SeSystemProfilePrivilege = Profile system performance
(0) SeSystemtimePrivilege = Change the system time
(0) SeProfileSingleProcessPrivilege = Profile single process
(0) SeIncreaseBasePriorityPrivilege = Increase scheduling priority
(0) SeCreatePagefilePrivilege = Create a pagefile
(0) SeCreatePermanentPrivilege = Create permanent shared objects
(0) SeBackupPrivilege = Back up files and directories
(0) SeRestorePrivilege = Restore files and directories
(0) SeShutdownPrivilege = Shut down the system
(0) SeDebugPrivilege = Debug programs
(0) SeAuditPrivilege = Generate security audits
(0) SeSystemEnvironmentPrivilege = Modify firmware environment values
(X) SeChangeNotifyPrivilege = Bypass traverse checking
(0) SeRemoteShutdownPrivilege = Force shutdown from a remote system
(X) SeUndockPrivilege = Remove computer from docking station
(0) SeSyncAgentPrivilege = Synchronize directory service data
(0) SeEnableDelegationPrivilege = Enable computer and user accounts to be trusted for delegation
(0) SeManageVolumePrivilege = Perform volume maintenance tasks
(X) SeImpersonatePrivilege = Impersonate a client after authentication
(X) SeCreateGlobalPrivilege = Create global objects

Environment variables: -------------------------------------------------------
ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\PHIL\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=PHIL
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\PHIL
LOGONSERVER=\\PHIL
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\ATI Technologies\ATI Control Panel;"C:\Program Files\Symantec\Norton Ghost 2003\"
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 8 Stepping 1, AuthenticAMD
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0801
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\PHIL\LOCALS~1\Temp
TMP=C:\DOCUME~1\PHIL\LOCALS~1\Temp
USERDOMAIN=PHIL
USERNAME=PHIL
USERPROFILE=C:\Documents and Settings\PHIL
windir=C:\WINDOWS
Shaba
2007-05-30, 08:06
Hi

Doesn't look good :(

Try installing kaspersky online scan activex and tell if it works now.
brispie
2007-05-30, 16:00
Hi

It ran fine :-) Lots of problems though :-(

KASPERSKY ONLINE SCANNER REPORT
Wednesday, May 30, 2007 2:59:39 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.93.0
Kaspersky Anti-Virus database last update: 30/05/2007
Kaspersky Anti-Virus database records: 334084
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 79637
Number of viruses found: 3
Number of infected objects: 10
Number of suspicious objects: 0
Duration of the scan process: 01:04:56

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\avg7\Log\emc.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\2007-05-30_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\PHIL\.housecall6.6\Quarantine\b104.exe.bac_a02460/stream/data0002 Infected: Trojan-Downloader.Win32.Small.buy skipped
C:\Documents and Settings\PHIL\.housecall6.6\Quarantine\b104.exe.bac_a02460/stream/data0004 Infected: not-a-virus:AdWare.Win32.Softomate.u skipped
C:\Documents and Settings\PHIL\.housecall6.6\Quarantine\b104.exe.bac_a02460/stream Infected: not-a-virus:AdWare.Win32.Softomate.u skipped
C:\Documents and Settings\PHIL\.housecall6.6\Quarantine\b104.exe.bac_a02460 NSIS: infected - 3 skipped
C:\Documents and Settings\PHIL\.housecall6.6\Quarantine\b104.exe.bac_a02460 CryptFF.b: infected - 3 skipped
C:\Documents and Settings\PHIL\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\PHIL\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\PHIL\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\PHIL\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\PHIL\Local Settings\History\History.IE5\MSHist012007053020070531\index.dat Object is locked skipped
C:\Documents and Settings\PHIL\Local Settings\Temp\b130.exe/stream/data0002 Infected: not-a-virus:AdWare.Win32.Softomate.u skipped
C:\Documents and Settings\PHIL\Local Settings\Temp\b130.exe/stream/data0004 Infected: not-a-virus:AdWare.Win32.Softomate.u skipped
C:\Documents and Settings\PHIL\Local Settings\Temp\b130.exe/stream Infected: not-a-virus:AdWare.Win32.Softomate.u skipped
C:\Documents and Settings\PHIL\Local Settings\Temp\b130.exe NSIS: infected - 3 skipped
C:\Documents and Settings\PHIL\Local Settings\Temp\Temporary Internet Files\Content.IE5\37PRJXSS\loading[1].htm Infected: Trojan-Downloader.JS.Agent.af skipped
C:\Documents and Settings\PHIL\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\PHIL\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\PHIL\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{968C9190-6233-4ABD-951B-A494B8B2E236}\RP554\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

Scan process completed.
Shaba
2007-05-30, 16:47
Hi

That's great news :)

Please download the Killbox (http://download.bleepingcomputer.com/spyware/KillBox.zip).
Unzip it to the desktop.

Please run Killbox.

Select "Delete on Reboot" and "All files"

Copy the file names below to the clipboard by highlighting them and pressing Control-C:

C:\Documents and Settings\PHIL\Local Settings\Temp\b130.exe
C:\Documents and Settings\PHIL\Local Settings\Temp\Temporary Internet Files\Content.IE5\37PRJXSS\loading[1].htm

Go to the File menu, and choose "Paste from Clipboard".

Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "No" at the Pending Operations prompt.

If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run TheKillbox, click here (http://www.eudaemonia.me.uk/downloads/Files/missingfilesetup.exe) to download and run missingfilesetup.exe. Then try TheKillbox again..

If your computer does not restart automatically, please restart it manually.

Empty these folders:

C:\Documents and Settings\PHIL\.housecall6.6\Quarantine\
C:\Documents and Settings\PHIL\Local Settings\Temp\

Empty Recycle Bin

Re-scan with kaspersky

Post:

- a fresh HijackThis log
- kaspersky report
brispie
2007-05-31, 12:08
Hijack this log

Logfile of HijackThis v1.99.1
Scan saved at 11:08:14, on 31/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\ASUS\Probe\AsusProb.exe
C:\Program Files\Winamp\winampa.exe
C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Boots F2CD\Picture Suite\InsDetect.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\PROGRA~1\Symantec\NORTON~1\GHOSTS~2.EXE
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by blueyonder
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [WinPatrol] C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [Boots Insert Detect] C:\Program Files\Boots F2CD\Picture Suite\InsDetect.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\googletoolbar.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\googletoolbar.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\googletoolbar.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\googletoolbar.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\googletoolbar.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.blueyonder.co.uk/dial
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1110302565593
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\PROGRA~1\Symantec\NORTON~1\GHOSTS~2.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
brispie
2007-05-31, 12:09
Kaspersky log

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Thursday, May 31, 2007 11:07:42 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.93.0
Kaspersky Anti-Virus database last update: 31/05/2007
Kaspersky Anti-Virus database records: 334594
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 80071
Number of viruses found: 2
Number of infected objects: 5
Number of suspicious objects: 0
Duration of the scan process: 00:53:34

Infected Object Name / Virus Name / Last Action
C:\!KillBox\b130.exe/stream/data0002 Infected: not-a-virus:AdWare.Win32.Softomate.u skipped
C:\!KillBox\b130.exe/stream/data0004 Infected: not-a-virus:AdWare.Win32.Softomate.u skipped
C:\!KillBox\b130.exe/stream Infected: not-a-virus:AdWare.Win32.Softomate.u skipped
C:\!KillBox\b130.exe NSIS: infected - 3 skipped
C:\!KillBox\loading[1].htm Infected: Trojan-Downloader.JS.Agent.af skipped
C:\Documents and Settings\All Users\Application Data\avg7\Log\emc.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\2007-05-31_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\PHIL\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\PHIL\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\PHIL\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\PHIL\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\PHIL\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\PHIL\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\PHIL\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{968C9190-6233-4ABD-951B-A494B8B2E236}\RP555\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{7714B268-A8A4-495D-A3F4-A45EDB5EF27A}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

Scan process completed.
Shaba
2007-05-31, 12:15
Hi

Empty this folder:

C:\!KillBox

Empty Recycle Bin

Otherwise looking good.

How are things running now?
brispie
2007-05-31, 14:04
Done! Seems to be better, but might need to give it a reboot to feel the full effect.

Many thanks for your help. It's been along process, but we got there and I learned a few new things along the way!

I owe you one cyberbeer! :bigthumb:
Shaba
2007-05-31, 16:42
Hi

Then you're clean!

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

Looking over your log, it seems you don't have any evidence of a third party firewall.

As the term conveys, a firewall is an extra layer of security installed onto computers, which restricts access to systems from the outside world. Firewalls protect against hackers and malicious intruders. I want you to download a free firewall NOW from one of these excellent vendors:

1) ZoneAlarm (http://www.zonelabs.com/store/content/catalog/products/sku_list_za.jsp?dc=12bms&ctry=US&lang=en&lid=nav_za)
2) Agnitum (http://www.agnitum.com/products/outpostfree/download.php)
3) Sunbelt/Kerio (http://www.sunbelt-software.com/Kerio-Download.cfm)
4) Comodo (http://www.personalfirewall.comodo.com/)

If you are using the built-in Windows XP firewall, it is not recommended as it does not block outgoing connections. This means that any malware on your computer is free to "phone home" for more instructions. Simply put, Windows XP contains a mediocre firewall. This firewall is NO replacement for a dedicated software solution. Remember to use only one firewall at the same time.

Disable and Enable System Restore. - If you are using Windows XP then you should disable and re-enable system restore to make sure there are no infected files found in a restore point.

You can find instructions on how to enable and reenable system restore here:

Managing Windows Millenium System Restore (http://www.bleepingcomputer.com/forums/tutorial63.html)

or

Windows XP System Restore Guide (http://www.bleepingcomputer.com/forums/tutorial56.html)

Reenable system restore with instructions from tutorial above

Make your Internet Explorer more secure - This can be done by following these simple instructions:
From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
Change the Download signed ActiveX controls to Prompt

Change the Download unsigned ActiveX controls to Disable

Change the Initialize and script ActiveX controls not marked as safe to Disable

Change the Installation of desktop items to Prompt

Change the Launching programs and files in an IFRAME to Prompt

Change the Navigate sub-frames across different domains to Prompt

When all these settings have been made, click on the OK button.

If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.
Use an AntiVirus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.

See this link for a listing of some online & their stand-alone antivirus programs:

Virus, Spyware, and Malware Protection and Removal Resources (http://www.bleepingcomputer.com/forums/topic405.html)


Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.


Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.

For a tutorial on Firewalls and a listing of some available ones see the link below:

Understanding and Using Firewalls (http://www.bleepingcomputer.com/tutorials/tutorial60.html)


Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com (http://www.windowsupdate.com) regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.


Install Ad-Aware - Install and download Ad-Aware. ou should also scan your computer with program on a regular basis just as you would an antivirus software in conjunction with Spybot.

A tutorial on installing & using this product can be found here:

Using Ad-aware to remove Spyware, Malware, & Hijackers from Your Computer (http://www.bleepingcomputer.com/forums/?showtutorial=48)

Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

A tutorial on installing & using this product can be found here:

Using SpywareBlaster to protect your computer from Spyware and Malware (http://www.bleepingcomputer.com/tutorials/tutorial49.html)


Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.

Here are some additional utilities that will enhance your safety

IE/Spyad (http://www.spywarewarrior.com/uiuc/resource.htm) <= IE/Spyad places over 4000 websites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.
MVPS Hosts file (http://mvps.org/winhelp2002/hosts.htm) <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your coputer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer
Winpatrol (http://www.winpatrol.com/) <= Download and install the free version of Winpatrol. a tutorial for this product is located here:
Using Winpatrol to protect your computer from malicious software (http://www.winpatrol.com/features.html)

Stand Up and Be Counted ---> Malware Complaints (http://www.malwarecomplaints.info/index.php) <--- where you can make difference!

The site offers people who have been (or are) victims of malware the opportunity to document their story and, in that way, launch a complaint against the malware and the makers of the malware.

Also, please read this great article by Tony Klein So How Did I Get Infected In First Place (http://castlecops.com/postlite7736-.html)

Happy surfing and stay clean!
Shaba
2007-06-02, 11:10
Since this issue appears resolved ... this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.