-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Creative Service for CDROM Access\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,60,00,04,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,\
05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,\
00,18,00,fd,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,02,00,00,01,01,\
00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Creative Service for CDROM Access\Enum]
"0"="Root\\LEGACY_CREATIVE_SERVICE_FOR_CDROM_ACCESS\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\CryptSvc]
"DependOnService"=hex(7):52,70,63,53,73,00,00
"Description"="Provides three management services: Catalog Database Service, which confirms the signatures of Windows files; Protected Root Service, which adds and removes Trusted Root Certification Authority certificates from this computer; and Key Service, which helps enroll this computer for certificates. If this service is stopped, these management services will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start."
"DisplayName"="Cryptographic Services"
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,6d,33,\
32,5c,73,76,63,68,6f,73,74,2e,65,78,65,20,2d,6b,20,6e,65,74,73,76,63,73,00
"ObjectName"="LocalSystem"
"Start"=dword:00000002
"Type"=dword:00000020
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\CryptSvc\Parameters]
"ServiceDll"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,65,6d,\
33,32,5c,63,72,79,70,74,73,76,63,2e,64,6c,6c,00
"ServiceMain"="CryptServiceMain"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\CryptSvc\Security]
"Security"=hex:00,00,0e,00,01
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\CryptSvc\Enum]
"0"="Root\\LEGACY_CRYPTSVC\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\dac2w2k]
"Group"="SCSI miniport"
"Start"=dword:00000004
"Tag"=dword:00000020
"Type"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\dac2w2k\Parameters]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\dac2w2k\Parameters\PnpInterface]
"2"=dword:00000001
"5"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\dac960nt]
"ErrorControl"=dword:00000001
"Group"="SCSI miniport"
"Start"=dword:00000004
"Tag"=dword:00000020
"Type"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\dac960nt\Parameters]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\dac960nt\Parameters\PnpInterface]
"2"=dword:00000001
"5"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\DcomLaunch]
"Description"="Provides launch functionality for DCOM services."
"DisplayName"="DCOM Server Process Launcher"
"ErrorControl"=dword:00000001
"Group"="Event Log"
"ImagePath"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,6d,33,\
32,5c,73,76,63,68,6f,73,74,20,2d,6b,20,44,63,6f,6d,4c,61,75,6e,63,68,00
"ObjectName"="LocalSystem"
"Start"=dword:00000002
"Type"=dword:00000020
"FailureActions"=hex:00,00,00,00,00,00,00,00,00,00,00,00,01,00,00,00,00,00,00,\
00,02,00,00,00,60,ea,00,00
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\DcomLaunch\Parameters]
"ServiceDll"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,6d,\
33,32,5c,72,70,63,73,73,2e,64,6c,6c,00
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\DcomLaunch\Security]
"Security"=hex:01,00,14,80,b4,00,00,00,c0,00,00,00,14,00,00,00,34,00,00,00,02,\
00,20,00,01,00,00,00,02,80,18,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,20,02,00,00,02,00,80,00,05,00,00,00,00,03,18,00,8d,00,02,00,01,01,00,\
00,00,00,00,01,00,00,00,00,00,00,00,00,00,03,18,00,ff,01,0f,00,01,02,00,00,\
00,00,00,05,20,00,00,00,20,02,00,00,00,03,18,00,8f,00,02,00,01,02,00,00,00,\
00,00,05,20,00,00,00,23,02,00,00,00,03,18,00,9d,00,00,00,01,01,00,00,00,00,\
00,05,04,00,00,00,23,02,00,00,00,03,18,00,9d,00,00,00,01,02,00,00,00,00,00,\
05,20,00,00,00,21,02,00,00,01,01,00,00,00,00,00,05,12,00,00,00,01,01,00,00,\
00,00,00,05,12,00,00,00
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\DcomLaunch\Enum]
"0"="Root\\LEGACY_DCOMLAUNCH\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dhcp]
"Type"=dword:00000020
"Start"=dword:00000002
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,6d,33,\
32,5c,73,76,63,68,6f,73,74,2e,65,78,65,20,2d,6b,20,6e,65,74,73,76,63,73,00
"DisplayName"="DHCP Client"
"Group"="TDI"
"DependOnService"=hex(7):54,63,70,69,70,00,41,66,64,00,4e,65,74,42,54,00,00
"DependOnGroup"=hex(7):00
"ObjectName"="LocalSystem"
"Description"="Manages network configuration by registering and updating IP addresses and DNS names."
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dhcp\Configurations]
"Options"=hex:32,00,00,00,00,00,00,00,04,00,00,00,00,00,00,00,ff,ff,ff,7f,00,\
00,00,00,01,00,00,00,00,00,00,00,04,00,00,00,00,00,00,00,ff,ff,ff,7f,00,00,\
00,00
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dhcp\Linkage]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dhcp\Linkage\Disabled]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dhcp\Parameters]
"ServiceDll"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,65,6d,\
33,32,5c,64,68,63,70,63,73,76,63,2e,64,6c,6c,00
"{AEC81411-BE1E-4DE1-BB79-D79261782333}"=hex:0f,00,00,00,00,00,00,00,0b,00,00,\
00,00,00,00,00,a7,36,37,42,6d,73,68,6f,6d,65,2e,6e,65,74,00,00,51,00,00,00,\
00,00,00,00,03,00,00,00,00,00,00,00,a7,36,37,42,03,00,00,00,2e,00,00,00,00,\
00,00,00,01,00,00,00,00,00,00,00,a7,36,37,42,04,00,00,00,33,00,00,00,00,00,\
00,00,04,00,00,00,00,00,00,00,a7,36,37,42,00,09,3a,80,3b,00,00,00,00,00,00,\
00,04,00,00,00,00,00,00,00,a7,36,37,42,00,06,eb,e0,3a,00,00,00,00,00,00,00,\
04,00,00,00,00,00,00,00,a7,36,37,42,00,00,01,2c,06,00,00,00,00,00,00,00,04,\
00,00,00,00,00,00,00,a7,36,37,42,c0,a8,00,01,03,00,00,00,00,00,00,00,04,00,\
00,00,00,00,00,00,a7,36,37,42,c0,a8,00,01,01,00,00,00,00,00,00,00,04,00,00,\
00,00,00,00,00,a7,36,37,42,ff,ff,ff,00,36,00,00,00,00,00,00,00,04,00,00,00,\
00,00,00,00,a7,36,37,42,c0,a8,00,01,35,00,00,00,00,00,00,00,01,00,00,00,00,\
00,00,00,a7,36,37,42,05,00,00,00
"{CE5FA0D0-384D-4387-9E47-D25184030D99}"=hex:51,00,00,00,00,00,00,00,08,00,00,\
00,00,00,00,00,94,d3,55,46,00,ff,ff,50,68,69,6c,2e,1f,00,00,00,00,00,00,00,\
01,00,00,00,00,00,00,00,94,d3,55,46,01,00,00,00,06,00,00,00,00,00,00,00,0c,\
00,00,00,00,00,00,00,94,d3,55,46,3e,1f,b0,27,c2,75,86,13,c3,bc,35,af,03,00,\
00,00,00,00,00,00,04,00,00,00,00,00,00,00,94,d3,55,46,52,20,68,01,01,00,00,\
00,00,00,00,00,04,00,00,00,00,00,00,00,94,d3,55,46,ff,ff,f8,00,33,00,00,00,\
00,00,00,00,04,00,00,00,00,00,00,00,94,d3,55,46,00,01,51,80,36,00,00,00,00,\
00,00,00,04,00,00,00,00,00,00,00,94,d3,55,46,3e,1e,40,72,35,00,00,00,00,00,\
00,00,01,00,00,00,00,00,00,00,94,d3,55,46,05,00,00,00
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dhcp\Parameters\Options]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dhcp\Parameters\Options\1]
"KeyType"=dword:00000007
"RegLocation"=hex(7):53,59,53,54,45,4d,5c,43,75,72,72,65,6e,74,43,6f,6e,74,72,\
6f,6c,53,65,74,5c,53,65,72,76,69,63,65,73,5c,54,63,70,69,70,5c,50,61,72,61,\
6d,65,74,65,72,73,5c,49,6e,74,65,72,66,61,63,65,73,5c,3f,5c,44,68,63,70,53,\
75,62,6e,65,74,4d,61,73,6b,4f,70,74,00,53,59,53,54,45,4d,5c,43,75,72,72,65,\
6e,74,43,6f,6e,74,72,6f,6c,53,65,74,5c,53,65,72,76,69,63,65,73,5c,3f,5c,50,\
61,72,61,6d,65,74,65,72,73,5c,54,63,70,69,70,5c,44,68,63,70,53,75,62,6e,65,\
74,4d,61,73,6b,4f,70,74,00,00
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dhcp\Parameters\Options\15]
"KeyType"=dword:00000001
"RegLocation"=hex(7):53,59,53,54,45,4d,5c,43,75,72,72,65,6e,74,43,6f,6e,74,72,\
6f,6c,53,65,74,5c,53,65,72,76,69,63,65,73,5c,54,63,70,69,70,5c,50,61,72,61,\
6d,65,74,65,72,73,5c,49,6e,74,65,72,66,61,63,65,73,5c,3f,5c,44,68,63,70,44,\
6f,6d,61,69,6e,00,53,59,53,54,45,4d,5c,43,75,72,72,65,6e,74,43,6f,6e,74,72,\
6f,6c,53,65,74,5c,53,65,72,76,69,63,65,73,5c,54,63,70,49,70,5c,50,61,72,61,\
6d,65,74,65,72,73,5c,44,68,63,70,44,6f,6d,61,69,6e,00,00
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dhcp\Parameters\Options\3]
"KeyType"=dword:00000007
"RegLocation"=hex(7):53,59,53,54,45,4d,5c,43,75,72,72,65,6e,74,43,6f,6e,74,72,\
6f,6c,53,65,74,5c,53,65,72,76,69,63,65,73,5c,54,63,70,69,70,5c,50,61,72,61,\
6d,65,74,65,72,73,5c,49,6e,74,65,72,66,61,63,65,73,5c,3f,5c,44,68,63,70,44,\
65,66,61,75,6c,74,47,61,74,65,77,61,79,00,53,59,53,54,45,4d,5c,43,75,72,72,\
65,6e,74,43,6f,6e,74,72,6f,6c,53,65,74,5c,53,65,72,76,69,63,65,73,5c,3f,5c,\
50,61,72,61,6d,65,74,65,72,73,5c,54,63,70,69,70,5c,44,68,63,70,44,65,66,61,\
75,6c,74,47,61,74,65,77,61,79,00,00
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dhcp\Parameters\Options\44]
"KeyType"=dword:00000001
"RegLocation"=hex(7):53,59,53,54,45,4d,5c,43,75,72,72,65,6e,74,43,6f,6e,74,72,\
6f,6c,53,65,74,5c,53,65,72,76,69,63,65,73,5c,4e,65,74,42,54,5c,50,61,72,61,\
6d,65,74,65,72,73,5c,49,6e,74,65,72,66,61,63,65,73,5c,54,63,70,69,70,5f,3f,\
5c,44,68,63,70,4e,61,6d,65,53,65,72,76,65,72,4c,69,73,74,00,53,59,53,54,45,\
4d,5c,43,75,72,72,65,6e,74,43,6f,6e,74,72,6f,6c,53,65,74,5c,53,65,72,76,69,\
63,65,73,5c,4e,65,74,42,54,5c,41,64,61,70,74,65,72,73,5c,3f,5c,44,68,63,70,\
4e,61,6d,65,53,65,72,76,65,72,00,00
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dhcp\Parameters\Options\46]
"KeyType"=dword:00000004
"RegLocation"="SYSTEM\\CurrentControlSet\\Services\\NetBT\\Parameters\\DhcpNodeType"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dhcp\Parameters\Options\47]
"KeyType"=dword:00000001
"RegLocation"="SYSTEM\\CurrentControlSet\\Services\\NetBT\\Parameters\\DhcpScopeID"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dhcp\Parameters\Options\6]
"KeyType"=dword:00000001
"RegLocation"=hex(7):53,59,53,54,45,4d,5c,43,75,72,72,65,6e,74,43,6f,6e,74,72,\
6f,6c,53,65,74,5c,53,65,72,76,69,63,65,73,5c,54,63,70,69,70,5c,50,61,72,61,\
6d,65,74,65,72,73,5c,49,6e,74,65,72,66,61,63,65,73,5c,3f,5c,44,68,63,70,4e,\
61,6d,65,53,65,72,76,65,72,00,53,59,53,54,45,4d,5c,43,75,72,72,65,6e,74,43,\
6f,6e,74,72,6f,6c,53,65,74,5c,53,65,72,76,69,63,65,73,5c,54,63,70,69,70,5c,\
50,61,72,61,6d,65,74,65,72,73,5c,44,68,63,70,4e,61,6d,65,53,65,72,76,65,72,\
00,00
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dhcp\Parameters\Options\DhcpNetbiosOptions]
"KeyType"=dword:00000004
"OptionId"=dword:00000001
"VendorType"=dword:00000001
"RegLocation"=hex(7):53,59,53,54,45,4d,5c,43,75,72,72,65,6e,74,43,6f,6e,74,72,\
6f,6c,53,65,74,5c,53,65,72,76,69,63,65,73,5c,4e,65,74,42,54,5c,50,61,72,61,\
6d,65,74,65,72,73,5c,49,6e,74,65,72,66,61,63,65,73,5c,54,63,70,69,70,5f,3f,\
5c,44,68,63,70,4e,65,74,62,69,6f,73,4f,70,74,69,6f,6e,73,00,00
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dhcp\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,60,00,04,00,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,\
05,0b,00,00,00,00,00,18,00,fd,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,\
2c,02,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,20,\
02,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,05,12,00,00,00,01,01,\
00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dhcp\Enum]
"0"="Root\\LEGACY_DHCP\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Disk]
"DependOnGroup"=hex(7):53,43,53,49,20,6d,69,6e,69,70,6f,72,74,00,00
"ErrorControl"=dword:00000001
"Group"="SCSI Class"
"Start"=dword:00000000
"Tag"=dword:00000002
"Type"=dword:00000001
"DisplayName"="Disk Driver"
"ImagePath"=hex(2):73,79,73,74,65,6d,33,32,5c,44,52,49,56,45,52,53,5c,64,69,73,\
6b,2e,73,79,73,00
"AutoRunAlwaysDisable"=hex(7):42,72,6f,74,68,65,72,20,52,65,6d,6f,76,61,62,6c,\
65,44,69,73,6b,28,55,29,00,00
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum]
"0"="IDE\\DiskMaxtor_6E040L0__________________________NAR61HA0\\394536324d504548202020202020202020202020"
"Count"=dword:00000001
"NextInstance"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\dmadmin]
"DependOnService"=hex(7):52,70,63,53,73,00,50,6c,75,67,50,6c,61,79,00,44,6d,53,\
65,72,76,65,72,00,00
"Type"=dword:00000020
"Start"=dword:00000003
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,65,6d,33,\
32,5c,64,6d,61,64,6d,69,6e,2e,65,78,65,20,2f,63,6f,6d,00
"DisplayName"="Logical Disk Manager Administrative Service"
"ObjectName"="LocalSystem"
"Description"="Configures hard disk drives and volumes. The service only runs for configuration processes and then stops."
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\dmadmin\Parameters]
"EnableDynamicConversionFor1394"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\dmadmin\Enum]
"0"="Root\\LEGACY_DMADMIN\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\dmboot]
"Type"=dword:00000001
"Start"=dword:00000004
"ErrorControl"=dword:00000001
"Group"="Filter"
"Tag"=dword:0000000b
"ImagePath"=hex(2):53,79,73,74,65,6d,33,32,5c,64,72,69,76,65,72,73,5c,64,6d,62,\
6f,6f,74,2e,73,79,73,00
"VolumeRecoveryNeeded"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\dmboot\Enum]
"0"="Root\\LEGACY_DMBOOT\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\dmio]
"Type"=dword:00000001
"Start"=dword:00000000
"ErrorControl"=dword:00000001
"Group"="System Bus Extender"
"Tag"=dword:0000000d
"ImagePath"=hex(2):53,79,73,74,65,6d,33,32,5c,64,72,69,76,65,72,73,5c,64,6d,69,\
6f,2e,73,79,73,00
"DisplayName"="Logical Disk Manager Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\dmio\Boot Info]
"Boot ID"="eab194c1-9020-11d9-a154-806d6172696f"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\dmio\Enum]
"0"="Root\\dmio\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\dmload]
"Type"=dword:00000001
"Start"=dword:00000000
"ErrorControl"=dword:00000001
"Group"="System Bus Extender"
"Tag"=dword:0000000c
"ImagePath"=hex(2):53,79,73,74,65,6d,33,32,5c,64,72,69,76,65,72,73,5c,64,6d,6c,\
6f,61,64,2e,73,79,73,00
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\dmload\Enum]
"0"="Root\\LEGACY_DMLOAD\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\dmserver]
"DependOnService"=hex(7):52,70,63,53,73,00,50,6c,75,67,50,6c,61,79,00,00
"Type"=dword:00000020
"Start"=dword:00000002
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,65,6d,33,\
32,5c,73,76,63,68,6f,73,74,2e,65,78,65,20,2d,6b,20,6e,65,74,73,76,63,73,00
"DisplayName"="Logical Disk Manager"
"ObjectName"="LocalSystem"
"Description"="Detects and monitors new hard disk drives and sends disk volume information to Logical Disk Manager Administrative Service for configuration. If this service is stopped, dynamic disk status and configuration information may become out of date. If this service is disabled, any services that explicitly depend on it will fail to start."
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\dmserver\Parameters]
"ServiceDll"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,65,6d,\
33,32,5c,64,6d,73,65,72,76,65,72,2e,64,6c,6c,00
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\dmserver\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,60,00,04,00,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,\
05,0b,00,00,00,00,00,18,00,9d,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,\
23,02,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,20,\
02,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,05,12,00,00,00,01,01,\
00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\dmserver\Enum]
"0"="Root\\LEGACY_DMSERVER\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\DMusic]
"Type"=dword:00000001
"Start"=dword:00000003
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):73,79,73,74,65,6d,33,32,5c,64,72,69,76,65,72,73,5c,44,4d,75,\
73,69,63,2e,73,79,73,00
"DisplayName"="Microsoft Kernel DLS Syntheiszer"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\DMusic\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,60,00,04,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,\
05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,\
00,18,00,fd,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,02,00,00,01,01,\
00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\DMusic\Enum]
"Count"=dword:00000000
"NextInstance"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache]
"Type"=dword:00000020
"Start"=dword:00000002
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,6d,33,\
32,5c,73,76,63,68,6f,73,74,2e,65,78,65,20,2d,6b,20,4e,65,74,77,6f,72,6b,53,\
65,72,76,69,63,65,00
"DisplayName"="DNS Client"
"Group"="TDI"
"DependOnService"=hex(7):54,63,70,69,70,00,00
"DependOnGroup"=hex(7):00
"ObjectName"="NT AUTHORITY\\NetworkService"
"Description"="Resolves and caches Domain Name System (DNS) names for this computer. If this service is stopped, this computer will not be able to resolve DNS names and locate Active Directory domain controllers. If this service is disabled, any services that explicitly depend on it will fail to start."
-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters]
"ServiceDll"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,65,6d,\
33,32,5c,64,6e,73,72,73,6c,76,72,2e,64,6c,6c,00
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Security]
"Security"=hex:01,00,14,80,a8,00,00,00,b4,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,78,00,05,00,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,\
05,0b,00,00,00,00,00,18,00,9d,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,\
23,02,00,00,00,00,18,00,fd,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,2c,\
02,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,20,02,\
00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,05,12,00,00,00,01,01,00,\
00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Enum]
"0"="Root\\LEGACY_DNSCACHE\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\dpti2o]
"ErrorControl"=dword:00000001
"Group"="SCSI miniport"
"Start"=dword:00000004
"Tag"=dword:0000003c
"Type"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\dpti2o\Parameters]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\dpti2o\Parameters\PnpInterface]
"5"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\drmkaud]
"Type"=dword:00000001
"Start"=dword:00000003
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):73,79,73,74,65,6d,33,32,5c,64,72,69,76,65,72,73,5c,64,72,6d,\
6b,61,75,64,2e,73,79,73,00
"DisplayName"="Microsoft Kernel DRM Audio Descrambler"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\drmkaud\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,60,00,04,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,\
05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,\
00,18,00,fd,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,02,00,00,01,01,\
00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\drmkaud\Enum]
"Count"=dword:00000000
"NextInstance"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\eeCtrl]
"Type"=dword:00000001
"Start"=dword:00000001
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):5c,3f,3f,5c,43,3a,5c,50,72,6f,67,72,61,6d,20,46,69,6c,65,73,\
5c,43,6f,6d,6d,6f,6e,20,46,69,6c,65,73,5c,53,79,6d,61,6e,74,65,63,20,53,68,\
61,72,65,64,5c,45,45,4e,47,49,4e,45,5c,65,65,43,74,72,6c,2e,73,79,73,00
"DisplayName"="Symantec Eraser Control driver"
"DependOnService"=hex(7):46,6c,74,4d,67,72,00,00
"DependOnGroup"=hex(7):00
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\eeCtrl\Instances]
"DefaultInstance"="eeCtrl"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\eeCtrl\Instances\eeCtrl]
"Altitude"="329010"
"Flags"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\eeCtrl\Parameters]
"SPManifest"="\\??\\C:\\Program Files\\Common Files\\Symantec Shared\\SPManifests"
"Version"=hex(b):45,00,00,00,01,00,6b,00
"LastUsedDefs"="C:\\PROGRA~1\\COMMON~1\\SYMANT~1\\VIRUSD~1\\"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\eeCtrl\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,60,00,04,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,\
05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,\
00,18,00,fd,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,02,00,00,01,01,\
00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\eeCtrl\Enum]
"0"="Root\\LEGACY_EECTRL\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\eeCtrl\Started]
@=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EIO]
"Type"=dword:00000001
"Start"=dword:00000002
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):5c,3f,3f,5c,43,3a,5c,57,49,4e,44,4f,57,53,5c,73,79,73,74,65,\
6d,33,32,5c,64,72,69,76,65,72,73,5c,45,49,4f,2e,73,79,73,00
"DisplayName"="EIO"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EIO\Parameters]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EIO\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,60,00,04,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,\
05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,\
00,18,00,fd,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,02,00,00,01,01,\
00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EIO\Enum]
"0"="Root\\LEGACY_EIO\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ERSvc]
"DependOnService"=hex(7):52,70,63,53,73,00,00
"Description"="Allows error reporting for services and applictions running in non-standard environments."
"DisplayName"="Error Reporting Service"
"ErrorControl"=dword:00000000
"ImagePath"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,65,6d,33,\
32,5c,73,76,63,68,6f,73,74,2e,65,78,65,20,2d,6b,20,6e,65,74,73,76,63,73,00
"ObjectName"="LocalSystem"
"Start"=dword:00000002
"Type"=dword:00000020
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ERSvc\Parameters]
"ServiceDll"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,65,6d,\
33,32,5c,65,72,73,76,63,2e,64,6c,6c,00
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ERSvc\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,60,00,04,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,\
05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,\
00,18,00,fd,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,02,00,00,01,01,\
00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ERSvc\Enum]
"0"="Root\\LEGACY_ERSVC\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog]
"Description"="Enables event log messages issued by Windows-based programs and components to be viewed in Event Viewer. This service cannot be stopped."
"DisplayName"="Event Log"
"ErrorControl"=dword:00000001
"Group"="Event log"
"ImagePath"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,6d,33,\
32,5c,73,65,72,76,69,63,65,73,2e,65,78,65,00
"ObjectName"="LocalSystem"
"PlugPlayServiceType"=dword:00000003
"Start"=dword:00000002
"Type"=dword:00000020
"ComputerName"="PHIL"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application]
"DisplayNameFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,\
6d,33,32,5c,65,6c,73,2e,64,6c,6c,00
"DisplayNameID"=dword:00000100
"File"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,6d,33,32,\
5c,63,6f,6e,66,69,67,5c,41,70,70,45,76,65,6e,74,2e,45,76,74,00
"MaxSize"=dword:00080000
"PrimaryModule"="Application"
"Retention"=dword:00093a80
"Sources"=hex(7):57,53,48,00,57,4d,49,41,64,61,70,74,65,72,00,57,6d,64,6d,50,\
6d,53,4e,00,57,69,6e,4d,67,6d,74,00,57,69,6e,6c,6f,67,6f,6e,00,57,69,6e,64,\
6f,77,73,20,50,72,6f,64,75,63,74,20,41,63,74,69,76,61,74,69,6f,6e,00,57,69,\
6e,64,6f,77,73,20,33,2e,31,20,4d,69,67,72,61,74,69,6f,6e,00,57,65,62,43,6c,\
69,65,6e,74,00,56,53,53,00,56,42,52,75,6e,74,69,6d,65,00,55,73,65,72,69,6e,\
69,74,00,55,73,65,72,65,6e,76,00,54,6c,6e,74,73,76,72,00,53,79,73,6d,6f,6e,\
4c,6f,67,00,53,74,61,72,74,65,72,00,53,70,6f,6f,6c,65,72,43,74,72,73,00,53,\
6f,66,74,77,61,72,65,20,52,65,73,74,72,69,63,74,69,6f,6e,20,50,6f,6c,69,63,\
69,65,73,00,53,6f,66,74,77,61,72,65,20,49,6e,73,74,61,6c,6c,61,74,69,6f,6e,\
00,53,65,63,75,72,69,74,79,43,65,6e,74,65,72,00,53,63,6c,67,4e,74,66,79,00,\
53,63,65,53,72,76,00,53,63,65,43,6c,69,00,73,61,66,72,73,6c,76,00,53,41,46,\
72,64,6d,73,00,52,65,6d,6f,74,65,20,41,73,73,69,73,74,61,6e,63,65,00,50,65,\
72,66,50,72,6f,63,00,50,65,72,66,4f,53,00,50,65,72,66,4e,65,74,00,50,65,72,\
66,6d,6f,6e,00,50,65,72,66,6c,69,62,00,50,65,72,66,44,69,73,6b,00,50,65,72,\
66,63,74,72,73,00,4f,66,66,6c,69,6e,65,20,46,69,6c,65,73,00,4f,61,6b,6c,65,\
79,00,6e,74,62,61,63,6b,75,70,00,4e,65,72,6f,43,68,65,63,6b,00,4d,53,53,51,\
4c,53,45,52,56,45,52,2f,4d,53,44,45,00,4d,73,69,49,6e,73,74,61,6c,6c,65,72,\
00,4d,53,44,54,43,20,43,6c,69,65,6e,74,00,4d,53,44,54,43,00,4d,53,44,4d,69,\
6e,65,00,6d,6e,6d,73,72,76,63,00,4d,69,63,72,6f,73,6f,66,74,20,4f,66,66,69,\
63,65,20,31,30,00,4d,69,63,72,6f,73,6f,66,74,20,48,2e,33,32,33,20,54,65,6c,\
65,70,68,6f,6e,79,20,53,65,72,76,69,63,65,20,50,72,6f,76,69,64,65,72,00,4c,\
6f,61,64,50,65,72,66,00,4c,69,76,65,55,70,64,61,74,65,00,4a,61,76,61,20,56,\
4d,00,48,65,6c,70,53,76,63,00,46,6f,6c,64,65,72,20,52,65,64,69,72,65,63,74,\
69,6f,6e,00,46,69,6c,65,20,44,65,70,6c,6f,79,6d,65,6e,74,00,45,76,65,6e,74,\
53,79,73,74,65,6d,00,45,53,45,4e,54,00,44,72,57,61,74,73,6f,6e,00,44,69,73,\
6b,51,75,6f,74,61,00,63,72,79,70,74,33,32,00,43,72,65,61,74,69,76,65,20,53,\
65,72,76,69,63,65,20,66,6f,72,20,43,44,52,4f,4d,20,41,63,63,65,73,73,00,43,\
4f,4d,2b,00,43,4f,4d,00,43,69,00,43,68,6b,64,73,6b,00,41,76,67,45,6d,73,00,\
41,76,67,37,55,70,64,53,76,63,00,41,76,67,37,41,6c,72,74,00,41,56,47,37,00,\
41,75,74,6f,6d,61,74,69,63,20,4c,69,76,65,55,70,64,61,74,65,20,53,63,68,65,\
64,75,6c,65,72,00,41,75,74,6f,45,6e,72,6f,6c,6c,6d,65,6e,74,00,41,75,74,6f,\
63,68,6b,00,41,54,49,20,53,6d,61,72,74,00,41,70,70,6c,69,63,61,74,69,6f,6e,\
20,4d,61,6e,61,67,65,6d,65,6e,74,00,41,70,70,6c,69,63,61,74,69,6f,6e,20,48,\
61,6e,67,00,41,70,70,6c,69,63,61,74,69,6f,6e,20,45,72,72,6f,72,00,41,70,70,\
6c,69,63,61,74,69,6f,6e,00,00
"RestrictGuestAccess"=dword:00000001
@="mnmsrvc"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\Application]
"CategoryCount"=dword:00000007
"CategoryMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,\
74,65,6d,33,32,5c,65,76,65,6e,74,6c,6f,67,2e,64,6c,6c,00
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\Application Error]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,66,61,75,6c,74,72,65,70,2e,64,6c,6c,3b,25,53,79,73,74,65,6d,\
52,6f,6f,74,25,5c,53,79,73,74,65,6d,33,32,5c,78,70,73,70,32,72,65,73,2e,64,\
6c,6c,00
"TypesSupported"=dword:00000007
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\Application Hang]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,66,61,75,6c,74,72,65,70,2e,64,6c,6c,00
"TypesSupported"=dword:00000007
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\Application Management]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,61,70,70,6d,67,6d,74,73,2e,64,6c,6c,00
"ParameterMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,\
74,65,6d,33,32,5c,6b,65,72,6e,65,6c,33,32,2e,64,6c,6c,00
"TypesSupported"=dword:00000007
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\ATI Smart]
"EventMessageFile"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,73,79,73,74,65,6d,\
33,32,5c,61,74,69,32,73,67,61,67,2e,65,78,65,00
"TypesSupported"=dword:00000007
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\Autochk]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,77,69,6e,6c,6f,67,6f,6e,2e,65,78,65,00
"TypesSupported"=dword:00000007
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\AutoEnrollment]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,70,61,75,74,6f,65,6e,72,2e,64,6c,6c,00
"TypesSupported"=dword:00000007
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\Automatic LiveUpdate Scheduler]
"CategoryCount"=dword:00000001
"EventMessageFile"="C:\\Program Files\\Symantec\\LiveUpdate\\ALUSchedulerSvcRes.dll"
"CategoryMessageFile"="C:\\Program Files\\Symantec\\LiveUpdate\\ALUSchedulerSvcRes.dll"
"TypesSupported"=dword:00000007
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\AVG7]
"EventMessageFile"="C:\\PROGRA~1\\Grisoft\\AVG7\\avglog.dll"
"CategoryMessageFile"="C:\\PROGRA~1\\Grisoft\\AVG7\\avglog.dll"
"TypesSupported"=dword:00000007
"CategoryCount"=dword:00000005
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\Avg7Alrt]
"EventMessageFile"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgamint.dll"
"CategoryMessageFile"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgamint.dll"
"CategoryCount"=dword:00000001
"TypesSupported"=dword:00000007
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\Avg7UpdSvc]
"EventMessageFile"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgupsvc.dll"
"TypesSupported"=dword:00000007
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\AvgEms]
"EventMessageFile"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgemc.exe"
"TypesSupported"=dword:00000007
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\Chkdsk]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,75,6c,69,62,2e,64,6c,6c,00
"TypesSupported"=dword:00000007
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\Ci]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,71,75,65,72,79,2e,64,6c,6c,00
"CategoryMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,\
74,65,6d,33,32,5c,71,75,65,72,79,2e,64,6c,6c,00
"TypesSupported"=dword:00000007
"CategoryCount"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\COM]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,6e,65,74,65,76,65,6e,74,2e,64,6c,6c,3b,25,53,79,73,74,65,6d,\
52,6f,6f,74,25,5c,53,79,73,74,65,6d,33,32,5c,78,70,73,70,32,72,65,73,2e,64,\
6c,6c,00
"ParameterMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,\
74,65,6d,33,32,5c,6b,65,72,6e,65,6c,33,32,2e,64,6c,6c,00
"TypesSupported"=dword:00000007
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\COM+]
"EventMessageFile"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,73,79,73,74,65,6d,\
33,32,5c,43,4f,4d,52,65,73,2e,64,6c,6c,00
"CategoryMessageFile"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,73,79,73,74,65,\
6d,33,32,5c,43,4f,4d,52,65,73,2e,64,6c,6c,00
"ParameterMessageFile"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,73,79,73,74,65,\
6d,33,32,5c,43,4f,4d,52,65,73,2e,64,6c,6c,00
"TypeSupported"=dword:00000007
"CategoryCount"=dword:00000075
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\Creative Service for CDROM Access]
"EventMessageFile"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,73,79,73,74,65,6d,\
33,32,5c,43,54,73,76,63,43,44,41,2e,65,78,65,00
"TypesSupported"=dword:00000007
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\crypt32]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,63,72,79,70,74,33,32,2e,64,6c,6c,00
"TypesSupported"=dword:00000007
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\DiskQuota]
"EventMessageFile"="%SystemRoot%\\System32\\dskquota.dll"
"TypesSupported"="0x00000007"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\DrWatson]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,64,72,77,74,73,6e,33,32,2e,65,78,65,00
"TypesSupported"=dword:00000007
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\ESENT]
"EventMessageFile"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,73,79,73,74,65,6d,\
33,32,5c,45,53,45,4e,54,2e,64,6c,6c,00
"CategoryMessageFile"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,73,79,73,74,65,\
6d,33,32,5c,45,53,45,4e,54,2e,64,6c,6c,00
"CategoryCount"=dword:00000010
"TypesSupported"=dword:00000007
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\EventSystem]
"CategoryCount"=dword:00000006
"TypesSupported"=dword:00000007
"CategoryMessageFile"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,73,79,73,74,65,\
6d,33,32,5c,43,4f,4d,52,65,73,2e,64,6c,6c,00
"EventMessageFile"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,73,79,73,74,65,6d,\
33,32,5c,43,4f,4d,52,65,73,2e,64,6c,6c,00
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\File Deployment]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,66,64,65,70,6c,6f,79,2e,64,6c,6c,00
"ParameterMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,\
74,65,6d,33,32,5c,6b,65,72,6e,65,6c,33,32,2e,64,6c,6c,00
"TypesSupported"=dword:00000007
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\Folder Redirection]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,66,64,65,70,6c,6f,79,2e,64,6c,6c,00
"ParameterMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,\
74,65,6d,33,32,5c,6b,65,72,6e,65,6c,33,32,2e,64,6c,6c,00
"TypesSupported"=dword:00000007
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\HelpSvc]
"EventMessageFile"="C:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\HCAppRes.dll"
"TypesSupported"=dword:0000001f
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\Java VM]
"EventMessageFile"="C:\\WINDOWS\\system32\\vmhelper.dll"
"TypesSupported"=hex:07,00,00,00
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\LiveUpdate]
"EventMessageFile"="C:\\Program Files\\Symantec\\LiveUpdate\\LuComServerRes.dll"
"TypesSupported"=dword:00000007
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\LoadPerf]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,6c,6f,61,64,70,65,72,66,2e,64,6c,6c,00
"TypesSupported"=dword:00000007
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\Microsoft H.323 Telephony Service Provider]
"EventMessageFile"="C:\\WINDOWS\\System32\\h323.tsp"
"TypesSupported"=dword:00000007
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\Microsoft Office 10]
"EventMessageFile"="C:\\PROGRA~1\\COMMON~1\\MICROS~1\\Office10\\DW.EXE"
"TypesSupported"=dword:00000007
-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\mnmsrvc]
"EventMessageFile"="%SystemRoot%\\System32\\nmevtmsg.dll"
"TypeSupported"=hex:07,00,00,00
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\MSDMine]
"CategoryCount"=dword:00000002
"CategoryMessageFile"="C:\\PROGRA~1\\COMMON~1\\System\\OLEDB~1\\MSDMINE.DLL"
"EventMessageFile"="C:\\PROGRA~1\\COMMON~1\\System\\OLEDB~1\\MSDMINE.DLL"
"TypesSupported"=hex:00,12,b8,58
"DisableHotPlugDFP"=dword:00000000
"ExtEvent_EnableAlpsMouseOrientation"=dword:00000000
"ExtEvent_SafeEscapeSupport"=dword:00000001
"DALRULE_DISABLEPSEUDOLARGEDESKTOP"=dword:00000000
"OvlTheaterMode"=hex:00,00,00,00
"DisableOvlTheaterMode"=dword:00000000
"UseVMRPitch"=dword:00000001
"DisableMMSnifferCode"=dword:00000000
"DisableProgPCILatency"=dword:00000000
"DALRULE_GetTVFakeEDID"=dword:00000000
"Catalyst_Version"="0"
"DALRULE_REGISTRYACCESS"=dword:00000000
"DALRULE_RESTRICTCRTANALOGDETECTIONONEDIDMISMATCH"=dword:00000000
"DALRULE_ENABLEDRIVERMODEPRUNNING"=dword:00000000
"GCORULE_ENABLETILEDMEMORYCALCULATION"=dword:00000001
"DALRULE_MACROVISIONINFOREPORT"=dword:00000000
"DALRULE_BANDWIDTHMODEENUM"=dword:00000001
"ExtEvent_LCDSetNativeModeOnResume"=dword:00000000
"DALRULE_LIMITTMDSMODES"=dword:00000000
"DALRULE_RESTRICT640x480MODE"=dword:00000000
"DALRULE_RESTRICT8BPPON2NDDRV"=dword:00000000
"TVForceDetection"=dword:00000000
"DALRULE_ADAPTERBANDWIDTHMODEENUM"=dword:00000000
"GCOOPTION_MinMemEff"=dword:00000000
"GCORULE_IncreaseMinMemEff"=dword:00000000
"DALRULE_DISABLECWDDEDETECTION"=dword:00000000
"DALRULE_SELECTION_SCHEME"=dword:00000000
"DALRULE_NOCRTANDDFPACTIVESIMULTANEOUSLY"=dword:00000000
"DisableTabletPCRotation"=dword:00000001
"DisableSmartSave"=dword:00000000
"DisableSmartSave_DEF"=dword:00000000
"VPUEnableSubmissionBox_DEF"="1"
"ExtEvent_EnableMultiSessions"=dword:00000001
"TVEnableOverscan"=dword:00000001
"RotationSupportLevel"=dword:00000002
"NewRotation"="1"
"DALRULE_DYNAMICMODESUPPORT"=dword:00000001
"CVRULE_CUSTOMIZEDMODESENABLED"=dword:00000001
"GSettingControl"=dword:00000002
"GCOOPTION_DigitalCrtInfo"=hex:a3,38,61,c1,a3,38,61,b1
"GCORULE_FracFbDivSupport"=dword:00000000
"PrimaryTiling"="1"
"GCORULE_FlickerWA"=dword:00000001
"SMOOTHVISION_NAME"="SMOOTHVISION 2.1"
"GCORULE_ENABLERMXFILTER"=dword:00000001
"DALRULE_RESTRICT2ACTIVEDISPLAYS"=dword:00000000
"TVM6Flag"=dword:00000001
"DXVA_WMV"="0"
"DALRULE_ONEDISPLAYBOOTDEFAULT"=dword:00000001
"DfpUsePixSlip"=dword:00000001
"GI"="0"
"Main3D_DEF"="3"
"AntiAlias_DEF"="1"
"AntiAliasSamples_DEF"="0"
"AnisoType_DEF"="0"
"AnisoDegree_DEF"="0"
"TextureOpt_DEF"="0"
"TextureLod_DEF"="0"
"TruformMode_DEF"="0"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\MSDTC]
"EventMessageFile"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,73,79,73,74,65,6d,\
33,32,5c,43,4f,4d,52,45,53,2e,44,4c,4c,3b,43,3a,5c,57,49,4e,44,4f,57,53,5c,\
73,79,73,74,65,6d,33,32,5c,78,70,73,70,32,72,65,73,2e,64,6c,6c,00
"TypesSupported"=dword:00000007
"CategoryMessageFile"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,73,79,73,74,65,\
6d,33,32,5c,43,4f,4d,52,45,53,2e,44,4c,4c,3b,43,3a,5c,57,49,4e,44,4f,57,53,\
5c,73,79,73,74,65,6d,33,32,5c,78,70,73,70,32,72,65,73,2e,64,6c,6c,00
"CategoryCount"=dword:0000000f
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\MSDTC Client]
"EventMessageFile"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,73,79,73,74,65,6d,\
33,32,5c,43,4f,4d,52,45,53,2e,44,4c,4c,3b,43,3a,5c,57,49,4e,44,4f,57,53,5c,\
73,79,73,74,65,6d,33,32,5c,78,70,73,70,32,72,65,73,2e,64,6c,6c,00
"TypesSupported"=dword:00000007
"CategoryMessageFile"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,73,79,73,74,65,\
6d,33,32,5c,43,4f,4d,52,45,53,2e,44,4c,4c,3b,43,3a,5c,57,49,4e,44,4f,57,53,\
5c,73,79,73,74,65,6d,33,32,5c,78,70,73,70,32,72,65,73,2e,64,6c,6c,00
"CategoryCount"=dword:0000000f
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\MsiInstaller]
"EventMessageFile"="C:\\WINDOWS\\system32\\msi.dll"
"TypesSupported"=dword:00000007
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\MSSQLSERVER/MSDE]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,78,70,73,70,32,72,65,73,2e,64,6c,6c,00
"TypesSupported"=dword:00000007
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\NeroCheck]
"EventMessageFile"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"CategoryMessageFile"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"TypesSupported"=dword:00000007
"CategoryCount"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\ntbackup]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,6e,74,62,61,63,6b,75,70,2e,65,78,65,00
"TypesSupported"=dword:00000007
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\Oakley]
"EventMessageFile"="%SystemRoot%\\System32\\oakley.dll"
"TypesSupported"=dword:00000007
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\Offline Files]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,63,73,63,75,69,2e,64,6c,6c,00
"TypesSupported"="0x00000007"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\Perfctrs]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,70,65,72,66,63,74,72,73,2e,64,6c,6c,00
"TypesSupported"=dword:00000007
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\PerfDisk]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,70,65,72,66,64,69,73,6b,2e,64,6c,6c,00
"TypesSupported"=dword:00000007
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\Perflib]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,70,72,66,6c,62,6d,73,67,2e,64,6c,6c,00
"TypesSupported"=dword:00000007
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\Perfmon]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,70,65,72,66,6d,6f,6e,2e,65,78,65,00
"TypesSupported"=dword:00000007
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\PerfNet]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,70,65,72,66,6e,65,74,2e,64,6c,6c,00
"TypesSupported"=dword:00000007
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\PerfOS]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,70,65,72,66,4f,53,2e,64,6c,6c,00
"TypesSupported"=dword:00000007
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\PerfProc]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,70,65,72,66,70,72,6f,63,2e,64,6c,6c,00
"TypesSupported"=dword:00000007
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\Remote Assistance]
"EventMessageFile"="%SystemRoot%\\System32\\xpsp2res.dll"
"TypesSupported"=dword:00000007
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\SAFrdms]
"EventMessageFile"="C:\\WINDOWS\\system32\\safrdm.dll"
"TypesSupported"=dword:00000007
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\safrslv]
"EventMessageFile"="C:\\WINDOWS\\system32\\safrslv.dll"
"TypesSupported"=dword:0000001f
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\SceCli]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,73,63,65,63,6c,69,2e,64,6c,6c,00
"TypesSupported"=dword:00000007
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\SceSrv]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,73,63,65,73,72,76,2e,64,6c,6c,00
"TypesSupported"=dword:00000007
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\SclgNtfy]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,73,63,6c,67,6e,74,66,79,2e,64,6c,6c,00
"TypesSupported"=dword:00000007
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\SecurityCenter]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,\
65,6d,33,32,5c,78,70,73,70,32,72,65,73,2e,64,6c,6c,00
"TypesSupported"=dword:00000007
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\Software Installation]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,61,70,70,6d,67,72,2e,64,6c,6c,00
"TypesSupported"=dword:00000007
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\Software Restriction Policies]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,6e,74,64,6c,6c,2e,64,6c,6c,00
"TypesSupported"=dword:00000007
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\SpoolerCtrs]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,77,69,6e,73,70,6f,6f,6c,2e,64,72,76,00
"TypesSupported"=dword:00000007
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\Starter]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,78,70,73,70,32,72,65,73,2e,64,6c,6c,00
"TypesSupported"=dword:00000007
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\SysmonLog]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,73,6d,6c,6f,67,73,76,63,2e,65,78,65,00
"TypesSupported"=dword:00000007
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\Tlntsvr]
"EventMessageFile"="C:\\WINDOWS\\system32\\tlntsvr.exe;C:\\WINDOWS\\system32\\xpsp1res.dll"
"TypesSupported"=dword:0000001f
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\Userenv]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,75,73,65,72,65,6e,76,2e,64,6c,6c,3b,25,53,79,73,74,65,6d,52,\
6f,6f,74,25,5c,53,79,73,74,65,6d,33,32,5c,78,70,73,70,31,72,65,73,2e,64,6c,\
6c,3b,25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,65,6d,33,32,5c,78,\
70,73,70,32,72,65,73,2e,64,6c,6c,00
"TypesSupported"=dword:00000007
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\Userinit]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,75,73,65,72,69,6e,69,74,2e,65,78,65,00
"TypesSupported"=dword:00000007
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\VBRuntime]
"EventMessageFile"="C:\\WINDOWS\\system32\\msvbvm60.dll"
"TypesSupported"=dword:00000004
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\VSS]
"TypesSupported"=dword:00000007
"EventMessageFile"="C:\\WINDOWS\\system32\\vssvc.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\WebClient]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,6e,65,74,65,76,65,6e,74,2e,64,6c,6c,00
"TypesSupported"=dword:00000007
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\Windows 3.1 Migration]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,61,64,76,61,70,69,33,32,2e,64,6c,6c,00
"TypesSupported"=dword:00000007
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\Windows Product Activation]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,64,70,63,64,6c,6c,2e,64,6c,6c,00
"TypesSupported"=dword:00000007
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\Winlogon]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,77,69,6e,6c,6f,67,6f,6e,2e,65,78,65,00
"TypesSupported"=dword:00000007
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\WinMgmt]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,\
65,6d,33,32,5c,57,42,45,4d,5c,57,69,6e,4d,67,6d,74,52,2e,64,6c,6c,3b,25,53,\
79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,6d,33,32,5c,78,70,73,70,32,\
72,65,73,2e,64,6c,6c,00
"TypesSupported"=dword:00000007
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\WmdmPmSN]
"EventMessageFile"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,73,79,73,74,65,6d,\
33,32,5c,4d,73,50,4d,53,4e,53,76,2e,64,6c,6c,00
"TypesSupported"=dword:00000007
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\WMIAdapter]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,\
65,6d,33,32,5c,57,42,45,4d,5c,57,4d,49,41,70,52,65,73,2e,64,6c,6c,00
"TypesSupported"=dword:00000007
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\WSH]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,77,73,68,65,78,74,2e,64,6c,6c,00
"TypesSupported"=dword:0000001f
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Security]
"DisplayNameFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,65,\
6d,33,32,5c,65,6c,73,2e,64,6c,6c,00
"DisplayNameID"=dword:00000101
"File"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,65,6d,33,32,\
5c,63,6f,6e,66,69,67,5c,53,65,63,45,76,65,6e,74,2e,45,76,74,00
"MaxSize"=dword:00080000
"PrimaryModule"="Security"
"Retention"=dword:00093a80
"Sources"=hex(7):53,70,6f,6f,6c,65,72,00,53,65,63,75,72,69,74,79,20,41,63,63,\
6f,75,6e,74,20,4d,61,6e,61,67,65,72,00,53,43,20,4d,61,6e,61,67,65,72,00,4e,\
65,74,44,44,45,20,4f,62,6a,65,63,74,00,4c,53,41,00,44,53,00,53,65,63,75,72,\
69,74,79,00,00
"RestrictGuestAccess"=dword:00000001
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,60,00,04,00,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,\
05,0b,00,00,00,00,00,18,00,9d,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,\
23,02,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,20,\
02,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,05,12,00,00,00,01,01,\
00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Security\DS]
"ParameterMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,\
74,65,6d,33,32,5c,4d,73,4f,62,6a,73,2e,64,6c,6c,00
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Security\DS\ObjectNames]
"Directory Service Object"=dword:00001e00
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Security\LSA]
"ParameterMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,\
74,65,6d,33,32,5c,4d,73,4f,62,6a,73,2e,64,6c,6c,00
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Security\LSA\ObjectNames]
"PolicyObject"=dword:00001600
"SecretObject"=dword:00001610
"TrustedDomainObject"=dword:00001620
"UserAccountObject"=dword:00001630
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Security\NetDDE Object]
"ParameterMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,\
74,65,6d,33,32,5c,4d,73,4f,62,6a,73,2e,64,6c,6c,00
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Security\NetDDE Object\ObjectNames]
"DDE Share"=dword:00001d00
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Security\SC Manager]
"ParameterMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,\
74,65,6d,33,32,5c,4d,73,4f,62,6a,73,2e,64,6c,6c,00
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Security\SC Manager\ObjectNames]
"SC_MANAGER Object"=dword:00001c00
"SERVICE Object"=dword:00001c10
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Security\Security]
"CategoryCount"=dword:00000009
"CategoryMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,\
74,65,6d,33,32,5c,4d,73,41,75,64,69,74,45,2e,64,6c,6c,00
"GuidMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,65,\
6d,33,32,5c,4e,74,4d,61,72,74,61,2e,64,6c,6c,00
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,4d,73,41,75,64,69,74,45,2e,64,6c,6c,3b,25,53,79,73,74,65,6d,\
52,6f,6f,74,25,5c,53,79,73,74,65,6d,33,32,5c,78,70,73,70,32,72,65,73,2e,64,\
6c,6c,00
"ParameterMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,\
74,65,6d,33,32,5c,4d,73,4f,62,6a,73,2e,64,6c,6c,00
"TypesSupported"=dword:0000001c
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Security\Security\ObjectNames]
"Channel"=dword:00001400
"Desktop"=dword:00001a10
"Device"=dword:00001100
"Directory"=dword:00001110
"Event"=dword:00001120
"EventPair"=dword:00001130
"File"=dword:00001140
"IoCompletion"=dword:00001300
"Job"=dword:00001410
"Key"=dword:00001150
"MailSlot"=dword:00001140
"Mutant"=dword:00001160
"NamedPipe"=dword:00001140
"Port"=dword:00001170
"Process"=dword:00001180
"Profile"=dword:00001190
"Section"=dword:000011a0
"Semaphore"=dword:000011b0
"SymbolicLink"=dword:000011c0
"Thread"=dword:000011d0
"Timer"=dword:000011e0
"Token"=dword:000011f0
"Type"=dword:00001200
"WaitablePort"=dword:00001170
"WindowStation"=dword:00001a00
-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Security\Security Account Manager]
"ParameterMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,\
74,65,6d,33,32,5c,4d,73,4f,62,6a,73,2e,64,6c,6c,00
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Security\Security Account Manager\ObjectNames]
"SAM_ALIAS"=dword:00001530
"SAM_DOMAIN"=dword:00001510
"SAM_GROUP"=dword:00001520
"SAM_SERVER"=dword:00001500
"SAM_USER"=dword:00001540
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Security\Spooler]
"ParameterMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,\
74,65,6d,33,32,5c,4d,73,4f,62,6a,73,2e,64,6c,6c,00
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Security\Spooler\ObjectNames]
"Document"=dword:00001b20
"Printer"=dword:00001b10
"Server"=dword:00001b00
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System]
"DisplayNameFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,\
6d,33,32,5c,65,6c,73,2e,64,6c,6c,00
"DisplayNameID"=dword:00000102
"File"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,6d,33,32,\
5c,63,6f,6e,66,69,67,5c,53,79,73,45,76,65,6e,74,2e,45,76,74,00
"MaxSize"=dword:00080000
"PrimaryModule"="System"
"Retention"=dword:00093a80
"Sources"=hex(7):57,5a,43,53,56,43,00,57,6f,72,6b,73,74,61,74,69,6f,6e,00,57,\
69,6e,64,6f,77,73,4d,65,64,69,61,00,57,69,6e,64,6f,77,73,20,55,70,64,61,74,\
65,20,41,67,65,6e,74,00,57,69,6e,64,6f,77,73,20,53,63,72,69,70,74,20,48,6f,\
73,74,00,57,69,6e,64,6f,77,73,20,49,6e,73,74,61,6c,6c,65,72,20,33,2e,31,00,\
57,69,6e,64,6f,77,73,20,46,69,6c,65,20,50,72,6f,74,65,63,74,69,6f,6e,00,57,\
69,6e,33,32,6b,00,57,67,61,4e,6f,74,69,66,79,00,57,33,32,54,69,6d,65,00,56,\
6f,6c,53,6e,61,70,00,76,69,61,69,64,65,00,56,67,61,53,61,76,65,00,55,53,45,\
52,33,32,00,55,50,53,00,75,6c,74,72,61,00,75,64,66,73,00,74,6f,73,69,64,65,\
00,54,65,72,6d,53,65,72,76,53,65,73,73,44,69,72,00,54,65,72,6d,53,65,72,76,\
69,63,65,00,54,65,72,6d,53,65,72,76,44,65,76,69,63,65,73,00,54,65,72,6d,44,\
44,00,74,64,69,00,54,43,50,4d,6f,6e,00,54,63,70,69,70,00,53,79,73,74,65,6d,\
20,45,72,72,6f,72,00,73,79,6d,5f,75,33,00,73,79,6d,5f,68,69,00,73,79,6d,63,\
38,78,78,00,73,79,6d,63,38,31,30,00,53,74,69,6c,6c,49,6d,61,67,65,00,53,53,\
44,50,53,52,56,00,53,72,76,00,73,72,73,65,72,76,69,63,65,00,73,72,00,73,70,\
61,72,72,6f,77,00,73,6e,64,62,6c,73,74,00,53,69,6d,62,61,64,00,53,69,64,65,\
42,79,53,69,64,65,00,73,66,6c,6f,70,70,79,00,53,65,74,75,70,00,53,65,72,76,\
69,63,65,20,43,6f,6e,74,72,6f,6c,20,4d,61,6e,61,67,65,72,00,53,65,72,76,65,\
72,00,73,65,72,69,61,6c,00,73,63,73,69,70,6f,72,74,00,53,63,68,65,64,75,6c,\
65,00,53,63,68,61,6e,6e,65,6c,00,53,43,61,72,64,53,76,72,00,53,61,76,65,20,\
44,75,6d,70,00,53,41,4d,00,72,74,6c,38,31,33,39,00,52,53,56,50,00,52,65,6d,\
6f,76,61,62,6c,65,20,53,74,6f,72,61,67,65,20,53,65,72,76,69,63,65,00,52,65,\
6d,6f,74,65,41,63,63,65,73,73,00,72,65,64,62,6f,6f,6b,00,52,64,62,73,73,00,\
52,61,73,4d,61,6e,00,52,61,73,41,75,74,6f,00,71,6c,31,32,38,30,00,71,6c,31,\
32,34,30,00,71,6c,31,32,31,36,30,00,71,6c,31,30,77,6e,74,00,71,6c,31,30,38,\
30,00,50,78,48,65,6c,70,32,30,00,50,53,63,68,65,64,00,50,72,69,6e,74,00,50,\
70,74,70,4d,69,6e,69,70,6f,72,74,00,50,6f,6c,69,63,79,41,67,65,6e,74,00,50,\
6c,75,67,50,6c,61,79,4d,61,6e,61,67,65,72,00,70,65,72,63,32,00,70,63,6d,63,\
69,61,00,70,63,69,69,64,65,00,70,63,69,00,70,61,72,76,64,6d,00,70,61,72,74,\
6d,67,72,00,70,61,72,70,6f,72,74,00,4f,53,50,46,4d,69,62,00,4f,53,50,46,00,\
4e,56,45,4e,45,54,00,6e,75,6c,6c,00,4e,74,53,65,72,76,69,63,65,50,61,63,6b,\
00,6e,74,66,73,00,6e,70,66,73,00,4e,6c,61,00,4e,65,74,6c,6f,67,6f,6e,00,4e,\
65,74,44,44,45,00,4e,65,74,42,54,00,4e,65,74,42,49,4f,53,00,4e,64,69,73,57,\
61,6e,00,6e,64,69,73,00,4d,75,70,00,6d,73,66,73,00,6d,73,61,64,6c,69,62,00,\
4d,72,78,53,6d,62,00,4d,52,78,44,41,56,00,6d,72,61,69,64,33,35,78,00,6d,6f,\
75,68,69,64,00,6d,6f,75,63,6c,61,73,73,00,4d,6f,64,65,6d,00,4c,73,61,53,72,\
76,00,4c,6d,48,6f,73,74,73,00,4c,44,4d,53,00,4c,44,4d,00,6c,62,72,74,66,64,\
63,00,4b,65,72,62,65,72,6f,73,00,6b,62,64,63,6c,61,73,73,00,69,73,61,70,6e,\
70,00,49,50,58,53,41,50,00,49,50,58,52,6f,75,74,65,72,4d,61,6e,61,67,65,72,\
00,49,50,58,52,49,50,00,49,50,58,43,50,00,49,50,53,65,63,00,49,50,52,6f,75,\
74,65,72,4d,61,6e,61,67,65,72,00,49,50,52,49,50,32,00,49,50,4e,41,54,48,4c,\
50,00,49,50,4d,47,4d,00,49,50,42,4f,4f,54,50,00,69,6e,74,65,6c,69,64,65,00,\
69,6e,69,39,31,30,75,00,49,47,4d,50,76,32,00,69,38,30,34,32,70,72,74,00,69,\
32,6f,6d,70,00,69,32,6f,6d,67,6d,74,00,48,74,74,70,00,68,70,6e,00,66,74,64,\
69,73,6b,00,66,73,5f,72,65,63,00,66,6c,70,79,64,69,73,6b,00,46,69,70,73,00,\
66,64,63,00,66,61,73,74,66,61,74,00,65,76,65,6e,74,6c,6f,67,00,65,66,73,00,\
64,70,74,69,32,6f,00,44,6e,73,63,61,63,68,65,00,44,6e,73,61,70,69,00,64,6d,\
69,6f,00,64,6d,62,6f,6f,74,00,44,69,73,74,72,69,62,75,74,65,64,20,4c,69,6e,\
6b,20,54,72,61,63,6b,69,6e,67,20,43,6c,69,65,6e,74,00,64,69,73,6b,00,44,68,\
63,70,00,44,66,73,53,76,63,00,44,66,73,44,72,69,76,65,72,00,44,43,4f,4d,00,\
64,61,63,39,36,30,6e,74,00,64,61,63,32,77,32,6b,00,63,70,71,61,72,72,61,79,\
00,63,6d,64,69,64,65,00,63,68,61,6e,67,65,72,00,63,64,72,6f,6d,00,43,64,6d,\
00,63,64,66,73,00,63,64,61,75,64,69,6f,00,63,64,32,30,78,72,6e,74,00,63,62,\
69,64,66,32,6b,00,42,72,6f,77,73,65,72,00,42,49,54,53,00,62,65,65,70,00,41,\
74,6d,61,72,70,63,00,61,74,69,32,6d,74,61,67,00,41,74,69,20,48,6f,74,4b,65,\
79,20,50,6f,6c,6c,65,72,00,61,74,64,69,73,6b,00,61,74,61,70,69,00,41,73,79,\
6e,63,4d,61,63,00,61,73,63,33,35,35,30,00,61,73,63,33,33,35,30,70,00,61,73,\
63,00,41,70,70,6c,69,63,61,74,69,6f,6e,20,50,6f,70,75,70,00,61,70,70,68,65,\
6c,70,00,61,6d,73,69,6e,74,00,61,6d,69,30,6e,74,00,41,6d,64,4b,37,00,61,6c,\
69,69,64,65,00,41,6c,65,72,74,65,72,00,61,69,63,37,38,78,78,00,61,69,63,37,\
38,75,32,00,61,68,61,31,35,34,78,00,61,64,70,75,31,36,30,6d,00,61,63,70,69,\
65,63,00,61,63,70,69,00,61,62,70,34,38,30,6e,35,00,61,62,69,6f,73,64,73,6b,\
00,53,79,73,74,65,6d,00,00
"RestrictGuestAccess"=dword:00000001
"EventMessageFile"="%systemroot%\\system32\\stisvc.exe"
"TypesSupported"=hex:07,00,00,00
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\abiosdsk]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,49,6f,4c,6f,67,4d,73,67,2e,64,6c,6c,00
"TypesSupported"=dword:00000007
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\abp480n5]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,49,6f,4c,6f,67,4d,73,67,2e,64,6c,6c,00
"TypesSupported"=dword:00000007
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\acpi]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,49,6f,4c,6f,67,4d,73,67,2e,64,6c,6c,3b,25,53,79,73,74,65,6d,\
52,6f,6f,74,25,5c,53,79,73,74,65,6d,33,32,5c,44,72,69,76,65,72,73,5c,61,63,\
70,69,2e,73,79,73,00
"TypesSupported"=dword:00000007
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\acpiec]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,49,6f,4c,6f,67,4d,73,67,2e,64,6c,6c,3b,25,53,79,73,74,65,6d,\
52,6f,6f,74,25,5c,53,79,73,74,65,6d,33,32,5c,44,72,69,76,65,72,73,5c,61,63,\
70,69,65,63,2e,73,79,73,00
"TypesSupported"=dword:00000007
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\adpu160m]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,49,6f,4c,6f,67,4d,73,67,2e,64,6c,6c,00
"TypesSupported"=dword:00000007
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\aha154x]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,49,6f,4c,6f,67,4d,73,67,2e,64,6c,6c,00
"TypesSupported"=dword:00000007
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\aic78u2]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,49,6f,4c,6f,67,4d,73,67,2e,64,6c,6c,00
"TypesSupported"=dword:00000007
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\aic78xx]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,49,6f,4c,6f,67,4d,73,67,2e,64,6c,6c,00
"TypesSupported"=dword:00000007
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\Alerter]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,6e,65,74,6d,73,67,2e,64,6c,6c,00
"TypesSupported"=dword:00000007
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\aliide]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,49,6f,4c,6f,67,4d,73,67,2e,64,6c,6c,3b,25,53,79,73,74,65,6d,\
52,6f,6f,74,25,5c,53,79,73,74,65,6d,33,32,5c,44,72,69,76,65,72,73,5c,41,6c,\
69,49,64,65,2e,73,79,73,00
"TypesSupported"=dword:00000007
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\AmdK7]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,49,6f,4c,6f,67,4d,73,67,2e,64,6c,6c,3b,25,53,79,73,74,65,6d,\
52,6f,6f,74,25,5c,53,79,73,74,65,6d,33,32,5c,64,72,69,76,65,72,73,5c,61,6d,\
64,6b,37,2e,73,79,73,00
"TypesSupported"=dword:00000007
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\ami0nt]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,49,6f,4c,6f,67,4d,73,67,2e,64,6c,6c,00
"TypesSupported"=dword:00000007
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\amsint]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,49,6f,4c,6f,67,4d,73,67,2e,64,6c,6c,00
"TypesSupported"=dword:00000007
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\apphelp]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,61,70,70,68,65,6c,70,2e,64,6c,6c,00
"TypesSupported"=dword:00000007
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\Application Popup]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,6e,74,64,6c,6c,2e,64,6c,6c,3b,25,53,79,73,74,65,6d,52,6f,6f,\
74,25,5c,53,79,73,74,65,6d,33,32,5c,78,70,73,70,32,72,65,73,2e,64,6c,6c,00
"TypesSupported"=dword:00000007
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\asc]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,49,6f,4c,6f,67,4d,73,67,2e,64,6c,6c,00
"TypesSupported"=dword:00000007
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\asc3350p]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,49,6f,4c,6f,67,4d,73,67,2e,64,6c,6c,00
"TypesSupported"=dword:00000007
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\asc3550]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,49,6f,4c,6f,67,4d,73,67,2e,64,6c,6c,00
"TypesSupported"=dword:00000007
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\AsyncMac]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,6d,70,72,6d,73,67,2e,64,6c,6c,00
"TypesSupported"=dword:0000001f
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\atapi]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,49,6f,4c,6f,67,4d,73,67,2e,64,6c,6c,00
"TypesSupported"=dword:00000007
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\atdisk]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,49,6f,4c,6f,67,4d,73,67,2e,64,6c,6c,00
"TypesSupported"=dword:00000007
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\Ati HotKey Poller]
"EventMessageFile"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,73,79,73,74,65,6d,\
33,32,5c,41,74,69,32,65,76,78,78,2e,65,78,65,00
"TypesSupported"=dword:00000007
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\ati2mtag]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,49,6f,4c,6f,67,4d,73,67,2e,64,6c,6c,3b,25,53,79,73,74,65,6d,\
52,6f,6f,74,25,5c,53,79,73,74,65,6d,33,32,5c,64,72,69,76,65,72,73,5c,61,74,\
69,32,6d,74,61,67,2e,73,79,73,00
"TypesSupported"=dword:00000007
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\Atmarpc]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,6e,65,74,65,76,65,6e,74,2e,64,6c,6c,3b,25,53,79,73,74,65,6d,\
52,6f,6f,74,25,5c,53,79,73,74,65,6d,33,32,5c,78,70,73,70,32,72,65,73,2e,64,\
6c,6c,00
"TypesSupported"=dword:00000007
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\beep]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,49,6f,4c,6f,67,4d,73,67,2e,64,6c,6c,00
"TypesSupported"=dword:00000007
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\BITS]
"TypesSupported"=dword:00000007
"CategoryCount"=dword:00000001
"CategoryMessageFile"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,\
74,65,6d,33,32,5c,78,70,6f,62,32,72,65,73,2e,64,6c,6c,00
"EventMessageFile"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,\
65,6d,33,32,5c,78,70,6f,62,32,72,65,73,2e,64,6c,6c,00
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\Browser]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,6e,65,74,65,76,65,6e,74,2e,64,6c,6c,00
"TypesSupported"=dword:00000007
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\cbidf2k]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,49,6f,4c,6f,67,4d,73,67,2e,64,6c,6c,00
"TypesSupported"=dword:00000007
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\cd20xrnt]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,49,6f,4c,6f,67,4d,73,67,2e,64,6c,6c,00
"TypesSupported"=dword:00000007
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\cdaudio]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,49,6f,4c,6f,67,4d,73,67,2e,64,6c,6c,00
"TypesSupported"=dword:00000007
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\cdfs]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,49,6f,4c,6f,67,4d,73,67,2e,64,6c,6c,00
"TypesSupported"=dword:00000007
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\Cdm]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\cdrom]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,49,6f,4c,6f,67,4d,73,67,2e,64,6c,6c,00
"TypesSupported"=dword:00000007
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\changer]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,49,6f,4c,6f,67,4d,73,67,2e,64,6c,6c,00
"TypesSupported"=dword:00000007
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\cmdide]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,49,6f,4c,6f,67,4d,73,67,2e,64,6c,6c,3b,25,53,79,73,74,65,6d,\
52,6f,6f,74,25,5c,53,79,73,74,65,6d,33,32,5c,44,72,69,76,65,72,73,5c,43,6d,\
64,49,64,65,2e,73,79,73,00
"TypesSupported"=dword:00000007
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\cpqarray]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,49,6f,4c,6f,67,4d,73,67,2e,64,6c,6c,00
"TypesSupported"=dword:00000007
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\dac2w2k]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,49,6f,4c,6f,67,4d,73,67,2e,64,6c,6c,00
"TypesSupported"=dword:00000007
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\dac960nt]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,49,6f,4c,6f,67,4d,73,67,2e,64,6c,6c,00
"TypesSupported"=dword:00000007
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\DCOM]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,6e,65,74,65,76,65,6e,74,2e,64,6c,6c,3b,25,53,79,73,74,65,6d,\
52,6f,6f,74,25,5c,53,79,73,74,65,6d,33,32,5c,78,70,73,70,32,72,65,73,2e,64,\
6c,6c,00
"ParameterMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,\
74,65,6d,33,32,5c,6b,65,72,6e,65,6c,33,32,2e,64,6c,6c,00
"TypesSupported"=dword:00000007
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\DfsDriver]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,6e,65,74,65,76,65,6e,74,2e,64,6c,6c,00
"TypesSupported"=dword:00000007
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\DfsSvc]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,6e,65,74,65,76,65,6e,74,2e,64,6c,6c,00
"TypesSupported"=dword:00000007
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\Dhcp]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,64,68,63,70,63,73,76,63,2e,64,6c,6c,00
"ParameterMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,\
74,65,6d,33,32,5c,6b,65,72,6e,65,6c,33,32,2e,64,6c,6c,00
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\disk]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,49,6f,4c,6f,67,4d,73,67,2e,64,6c,6c,00
"TypesSupported"=dword:00000007
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\Distributed Link Tracking Client]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,6e,65,74,65,76,65,6e,74,2e,64,6c,6c,00
"TypesSupported"=dword:00000007
-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\dmboot]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,44,72,69,76,65,72,73,5c,64,6d,62,6f,6f,74,2e,73,79,73,00
"TypesSupported"=dword:00000007
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\dmio]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,49,6f,4c,6f,67,4d,73,67,2e,64,6c,6c,3b,25,53,79,73,74,65,6d,\
52,6f,6f,74,25,5c,53,79,73,74,65,6d,33,32,5c,44,72,69,76,65,72,73,5c,64,6d,\
69,6f,2e,73,79,73,00
"TypesSupported"=dword:00000007
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\Dnsapi]
"ParameterMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,\
74,65,6d,33,32,5c,6b,65,72,6e,65,6c,33,32,2e,64,6c,6c,00
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,6e,65,74,65,76,65,6e,74,2e,64,6c,6c,00
"TypesSupported"=dword:00000007
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\Dnscache]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,6e,65,74,65,76,65,6e,74,2e,64,6c,6c,3b,25,53,79,73,74,65,6d,\
52,6f,6f,74,25,5c,53,79,73,74,65,6d,33,32,5c,78,70,73,70,32,72,65,73,2e,64,\
6c,6c,00
"TypesSupported"=dword:00000007
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\dpti2o]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,49,6f,4c,6f,67,4d,73,67,2e,64,6c,6c,00
"TypesSupported"=dword:00000007
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\efs]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,6c,73,61,73,72,76,2e,64,6c,6c,00
"TypesSupported"=dword:00000007
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\eventlog]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,6e,65,74,65,76,65,6e,74,2e,64,6c,6c,00
"TypesSupported"=dword:00000007
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\fastfat]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,49,6f,4c,6f,67,4d,73,67,2e,64,6c,6c,00
"TypesSupported"=dword:00000007
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\fdc]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,49,6f,4c,6f,67,4d,73,67,2e,64,6c,6c,3b,25,53,79,73,74,65,6d,\
52,6f,6f,74,25,5c,53,79,73,74,65,6d,33,32,5c,44,72,69,76,65,72,73,5c,66,64,\
63,2e,73,79,73,00
"TypesSupported"=dword:00000007
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\Fips]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,44,72,69,76,65,72,73,5c,66,69,70,73,2e,73,79,73,00
"TypesSupported"=dword:00000007
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\flpydisk]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,49,6f,4c,6f,67,4d,73,67,2e,64,6c,6c,3b,25,53,79,73,74,65,6d,\
52,6f,6f,74,25,5c,53,79,73,74,65,6d,33,32,5c,44,72,69,76,65,72,73,5c,66,6c,\
70,79,64,69,73,6b,2e,73,79,73,00
"TypesSupported"=dword:00000007
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\fs_rec]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,49,6f,4c,6f,67,4d,73,67,2e,64,6c,6c,00
"TypesSupported"=dword:00000007
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\ftdisk]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,49,6f,4c,6f,67,4d,73,67,2e,64,6c,6c,3b,25,53,79,73,74,65,6d,\
52,6f,6f,74,25,5c,53,79,73,74,65,6d,33,32,5c,44,72,69,76,65,72,73,5c,46,74,\
44,69,73,6b,2e,73,79,73,00
"TypesSupported"=dword:00000007
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\hpn]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,49,6f,4c,6f,67,4d,73,67,2e,64,6c,6c,00
"TypesSupported"=dword:00000007
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\Http]
"TypesSupported"=dword:00000007
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,78,70,73,70,32,72,65,73,2e,64,6c,6c,00
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\i2omgmt]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,49,6f,4c,6f,67,4d,73,67,2e,64,6c,6c,00
"TypesSupported"=dword:00000007
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\i2omp]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,49,6f,4c,6f,67,4d,73,67,2e,64,6c,6c,00
"TypesSupported"=dword:00000007
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\i8042prt]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,49,6f,4c,6f,67,4d,73,67,2e,64,6c,6c,3b,25,53,79,73,74,65,6d,\
52,6f,6f,74,25,5c,53,79,73,74,65,6d,33,32,5c,64,72,69,76,65,72,73,5c,69,38,\
30,34,32,70,72,74,2e,73,79,73,00
"TypesSupported"=dword:00000007
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\IGMPv2]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,69,67,6d,70,76,32,2e,64,6c,6c,00
"TypesSupported"=dword:00000007
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\ini910u]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,49,6f,4c,6f,67,4d,73,67,2e,64,6c,6c,00
"TypesSupported"=dword:00000007
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\intelide]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,49,6f,4c,6f,67,4d,73,67,2e,64,6c,6c,3b,25,53,79,73,74,65,6d,\
52,6f,6f,74,25,5c,53,79,73,74,65,6d,33,32,5c,44,72,69,76,65,72,73,5c,49,6e,\
74,65,6c,49,64,65,2e,73,79,73,00
"TypesSupported"=dword:00000007
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\IPBOOTP]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,69,70,62,6f,6f,74,70,2e,64,6c,6c,00
"TypesSupported"=dword:00000007
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\IPMGM]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,72,74,6d,2e,64,6c,6c,00
"TypesSupported"=dword:00000007
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\IPNATHLP]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,69,70,6e,61,74,68,6c,70,2e,64,6c,6c,00
"TypesSupported"=dword:00000007
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\IPRIP2]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,69,70,72,69,70,32,2e,64,6c,6c,00
"TypesSupported"=dword:00000007
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\IPRouterManager]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,6d,70,72,6d,73,67,2e,64,6c,6c,00
"TypesSupported"=dword:00000007
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\IPSec]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,6e,65,74,65,76,65,6e,74,2e,64,6c,6c,3b,25,53,79,73,74,65,6d,\
52,6f,6f,74,25,5c,53,79,73,74,65,6d,33,32,5c,78,70,73,70,32,72,65,73,2e,64,\
6c,6c,00
"TypesSupported"=dword:00000007
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\IPXCP]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,6d,70,72,6d,73,67,2e,64,6c,6c,00
"TypesSupported"=dword:00000007
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\IPXRIP]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,6d,70,72,6d,73,67,2e,64,6c,6c,00
"TypesSupported"=dword:00000007
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\IPXRouterManager]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,6d,70,72,6d,73,67,2e,64,6c,6c,00
"TypesSupported"=dword:00000007
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\IPXSAP]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,6d,70,72,6d,73,67,2e,64,6c,6c,00
"TypesSupported"=dword:00000007
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\isapnp]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,49,6f,4c,6f,67,4d,73,67,2e,64,6c,6c,3b,25,53,79,73,74,65,6d,\
52,6f,6f,74,25,5c,53,79,73,74,65,6d,33,32,5c,64,72,69,76,65,72,73,5c,69,73,\
61,70,6e,70,2e,73,79,73,00
"TypesSupported"=dword:00000007
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\kbdclass]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,49,6f,4c,6f,67,4d,73,67,2e,64,6c,6c,3b,25,53,79,73,74,65,6d,\
52,6f,6f,74,25,5c,53,79,73,74,65,6d,33,32,5c,64,72,69,76,65,72,73,5c,6b,62,\
64,63,6c,61,73,73,2e,73,79,73,00
"TypesSupported"=dword:00000007
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\Kerberos]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,6b,65,72,62,65,72,6f,73,2e,64,6c,6c,3b,25,53,79,73,74,65,6d,\
52,6f,6f,74,25,5c,53,79,73,74,65,6d,33,32,5c,78,70,73,70,32,72,65,73,2e,64,\
6c,6c,00
"TypesSupported"=dword:00000007
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\lbrtfdc]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,49,6f,4c,6f,67,4d,73,67,2e,64,6c,6c,3b,25,53,79,73,74,65,6d,\
52,6f,6f,74,25,5c,53,79,73,74,65,6d,33,32,5c,44,72,69,76,65,72,73,5c,6c,62,\
72,74,66,64,63,2e,73,79,73,00
"TypesSupported"=dword:00000007
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\LDM]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,64,6d,61,64,6d,69,6e,2e,65,78,65,00
"TypesSupported"=dword:00000007
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\LDMS]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,64,6d,73,65,72,76,65,72,2e,64,6c,6c,00
"TypesSupported"=dword:00000007
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\LmHosts]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,6e,65,74,65,76,65,6e,74,2e,64,6c,6c,3b,25,53,79,73,74,65,6d,\
52,6f,6f,74,25,5c,53,79,73,74,65,6d,33,32,5c,78,70,73,70,32,72,65,73,2e,64,\
6c,6c,00
"TypesSupported"=dword:00000007
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\LsaSrv]
"TypesSupported"=dword:00000007
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,6c,73,61,73,72,76,2e,64,6c,6c,00
"CategoryMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,\
74,65,6d,33,32,5c,6c,73,61,73,72,76,2e,64,6c,6c,00
"CategoryCount"=dword:00000004
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\Modem]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,49,6f,4c,6f,67,4d,73,67,2e,64,6c,6c,3b,25,53,79,73,74,65,6d,\
52,6f,6f,74,25,5c,53,79,73,74,65,6d,33,32,5c,44,72,69,76,65,72,73,5c,4d,6f,\
64,65,6d,2e,73,79,73,00
"TypesSupported"=dword:00000007
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\mouclass]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,49,6f,4c,6f,67,4d,73,67,2e,64,6c,6c,3b,25,53,79,73,74,65,6d,\
52,6f,6f,74,25,5c,53,79,73,74,65,6d,33,32,5c,64,72,69,76,65,72,73,5c,6d,6f,\
75,63,6c,61,73,73,2e,73,79,73,00
"TypesSupported"=dword:00000007
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\mouhid]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,49,6f,4c,6f,67,4d,73,67,2e,64,6c,6c,3b,25,53,79,73,74,65,6d,\
52,6f,6f,74,25,5c,53,79,73,74,65,6d,33,32,5c,64,72,69,76,65,72,73,5c,6d,6f,\
75,68,69,64,2e,73,79,73,00
"TypesSupported"=dword:00000007
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\mraid35x]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,49,6f,4c,6f,67,4d,73,67,2e,64,6c,6c,00
"TypesSupported"=dword:00000007
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\MRxDAV]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,6e,65,74,65,76,65,6e,74,2e,64,6c,6c,00
"TypesSupported"=dword:00000007
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\MrxSmb]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,6e,65,74,65,76,65,6e,74,2e,64,6c,6c,3b,25,53,79,73,74,65,6d,\
52,6f,6f,74,25,5c,53,79,73,74,65,6d,33,32,5c,69,6f,6c,6f,67,6d,73,67,2e,64,\
6c,6c,00
"TypesSupported"=dword:00000007
"ParameterMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,\
74,65,6d,33,32,5c,6b,65,72,6e,65,6c,33,32,2e,64,6c,6c,00,00
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\msadlib]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,49,6f,4c,6f,67,4d,73,67,2e,64,6c,6c,00
"TypesSupported"=dword:00000007
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\msfs]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,49,6f,4c,6f,67,4d,73,67,2e,64,6c,6c,00
"TypesSupported"=dword:00000007
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\Mup]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,6e,65,74,65,76,65,6e,74,2e,64,6c,6c,00
"TypesSupported"=dword:00000007
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\ndis]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,6e,65,74,65,76,65,6e,74,2e,64,6c,6c,00
"TypesSupported"=dword:00000007
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\NdisWan]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,6d,70,72,6d,73,67,2e,64,6c,6c,00
"TypesSupported"=dword:0000001f
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\NetBIOS]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,69,6f,6c,6f,67,6d,73,67,2e,64,6c,6c,00
"TypesSupported"=dword:00000007
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\NetBT]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,6e,65,74,65,76,65,6e,74,2e,64,6c,6c,3b,25,53,79,73,74,65,6d,\
52,6f,6f,74,25,5c,53,79,73,74,65,6d,33,32,5c,78,70,73,70,32,72,65,73,2e,64,\
6c,6c,00
"TypesSupported"=dword:00000007
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\NetDDE]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,6e,65,74,64,64,65,2e,65,78,65,00
"TypesSupported"=dword:0000001f
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\Netlogon]
"ParameterMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,\
74,65,6d,33,32,5c,6b,65,72,6e,65,6c,33,32,2e,64,6c,6c,00
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,6e,65,74,6d,73,67,2e,64,6c,6c,00
"TypesSupported"=dword:00000007
-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\Nla]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,6e,65,74,65,76,65,6e,74,2e,64,6c,6c,3b,25,53,79,73,74,65,6d,\
52,6f,6f,74,25,5c,53,79,73,74,65,6d,33,32,5c,78,70,73,70,32,72,65,73,2e,64,\
6c,6c,00
"TypesSupported"=dword:00000007
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\npfs]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,49,6f,4c,6f,67,4d,73,67,2e,64,6c,6c,00
"TypesSupported"=dword:00000007
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\ntfs]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,49,6f,4c,6f,67,4d,73,67,2e,64,6c,6c,00
"TypesSupported"=dword:00000007
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\NtServicePack]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,73,70,6d,73,67,2e,64,6c,6c,00
"TypesSupported"=dword:00000007
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\null]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,49,6f,4c,6f,67,4d,73,67,2e,64,6c,6c,00
"TypesSupported"=dword:00000007
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\NVENET]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,6e,65,74,65,76,65,6e,74,2e,64,6c,6c,00
"TypesSupported"=dword:00000007
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\OSPF]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,6f,73,70,66,2e,64,6c,6c,00
"TypesSupported"=dword:00000007
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\OSPFMib]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,6f,73,70,66,6d,69,62,2e,64,6c,6c,00
"TypesSupported"=dword:00000007
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\parport]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,49,6f,4c,6f,67,4d,73,67,2e,64,6c,6c,3b,25,53,79,73,74,65,6d,\
52,6f,6f,74,25,5c,53,79,73,74,65,6d,33,32,5c,64,72,69,76,65,72,73,5c,70,61,\
72,70,6f,72,74,2e,73,79,73,00
"TypesSupported"=dword:00000007
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\partmgr]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,49,6f,4c,6f,67,4d,73,67,2e,64,6c,6c,00
"TypesSupported"=dword:00000007
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\parvdm]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,49,6f,4c,6f,67,4d,73,67,2e,64,6c,6c,3b,25,53,79,73,74,65,6d,\
52,6f,6f,74,25,5c,53,79,73,74,65,6d,33,32,5c,44,72,69,76,65,72,73,5c,50,61,\
72,56,64,6d,2e,73,79,73,00
"TypesSupported"=dword:00000007
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\pci]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,49,6f,4c,6f,67,4d,73,67,2e,64,6c,6c,3b,25,53,79,73,74,65,6d,\
52,6f,6f,74,25,5c,53,79,73,74,65,6d,33,32,5c,44,72,69,76,65,72,73,5c,50,63,\
69,2e,73,79,73,00
"TypesSupported"=dword:00000007
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\pciide]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,49,6f,4c,6f,67,4d,73,67,2e,64,6c,6c,3b,25,53,79,73,74,65,6d,\
52,6f,6f,74,25,5c,53,79,73,74,65,6d,33,32,5c,44,72,69,76,65,72,73,5c,50,63,\
69,49,64,65,2e,73,79,73,00
"TypesSupported"=dword:00000007
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\pcmcia]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,49,6f,4c,6f,67,4d,73,67,2e,64,6c,6c,3b,25,53,79,73,74,65,6d,\
52,6f,6f,74,25,5c,53,79,73,74,65,6d,33,32,5c,44,72,69,76,65,72,73,5c,50,63,\
6d,63,69,61,2e,73,79,73,00
"TypesSupported"=dword:00000007
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\perc2]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,49,6f,4c,6f,67,4d,73,67,2e,64,6c,6c,00
"TypesSupported"=dword:00000007
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\PlugPlayManager]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,75,6d,70,6e,70,6d,67,72,2e,64,6c,6c,00
"TypesSupported"=dword:00000007
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\PolicyAgent]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,70,6f,6c,61,67,65,6e,74,2e,64,6c,6c,00
"TypesSupported"=dword:00000007
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\PptpMiniport]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,6e,65,74,65,76,65,6e,74,2e,64,6c,6c,00
"TypesSupported"=dword:00000007
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\Print]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,4c,6f,63,61,6c,53,70,6c,2e,64,6c,6c,3b,25,53,79,73,74,65,6d,\
52,6f,6f,74,25,5c,53,79,73,74,65,6d,33,32,5c,78,70,73,70,32,72,65,73,2e,64,\
6c,6c,00
"TypesSupported"=dword:00000007
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\PSched]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,6e,65,74,65,76,65,6e,74,2e,64,6c,6c,00
"TypesSupported"=dword:00000007
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\PxHelp20]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,49,6f,4c,6f,67,4d,73,67,2e,64,6c,6c,00
"TypesSupported"=dword:00000007
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\ql1080]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,49,6f,4c,6f,67,4d,73,67,2e,64,6c,6c,00
"TypesSupported"=dword:00000007
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\ql10wnt]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,49,6f,4c,6f,67,4d,73,67,2e,64,6c,6c,00
"TypesSupported"=dword:00000007
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\ql12160]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,49,6f,4c,6f,67,4d,73,67,2e,64,6c,6c,00
"TypesSupported"=dword:00000007
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\ql1240]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,49,6f,4c,6f,67,4d,73,67,2e,64,6c,6c,00
"TypesSupported"=dword:00000007
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\ql1280]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,49,6f,4c,6f,67,4d,73,67,2e,64,6c,6c,00
"TypesSupported"=dword:00000007
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\RasAuto]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,6d,70,72,6d,73,67,2e,64,6c,6c,00
"TypesSupported"=dword:0000001f
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\RasMan]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,6d,70,72,6d,73,67,2e,64,6c,6c,00
"TypesSupported"=dword:0000001f
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\Rdbss]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,6e,65,74,65,76,65,6e,74,2e,64,6c,6c,00
"TypesSupported"=dword:00000007
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\redbook]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,49,6f,4c,6f,67,4d,73,67,2e,64,6c,6c,3b,25,53,79,73,74,65,6d,\
52,6f,6f,74,25,5c,53,79,73,74,65,6d,33,32,5c,64,72,69,76,65,72,73,5c,72,65,\
64,62,6f,6f,6b,2e,73,79,73,00
"TypesSupported"=dword:00000007
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\RemoteAccess]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,6d,70,72,6d,73,67,2e,64,6c,6c,00
"ParameterMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,\
74,65,6d,33,32,5c,69,61,73,73,76,63,73,2e,64,6c,6c,00
"TypesSupported"=dword:0000001f
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\Removable Storage Service]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,4e,54,4d,53,45,56,54,2e,44,4c,4c,00
"TypesSupported"=dword:00000007
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\RSVP]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,72,73,76,70,6d,73,67,2e,64,6c,6c,00
"TypesSupported"=dword:00000007
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\rtl8139]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,6e,65,74,65,76,65,6e,74,2e,64,6c,6c,00
"TypesSupported"=dword:00000007
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\SAM]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,73,61,6d,73,72,76,2e,64,6c,6c,00
"TypesSupported"=dword:00000007
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\Save Dump]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,53,61,76,65,44,75,6d,70,2e,65,78,65,00
"TypesSupported"=dword:00000007
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\SCardSvr]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,53,43,61,72,64,53,76,72,2e,65,78,65,00
"TypesSupported"=dword:00000007
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\Schannel]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,\
65,6d,33,32,5c,6c,73,61,73,72,76,2e,64,6c,6c,00
"TypesSupported"=dword:00000007
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\Schedule]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,6e,65,74,65,76,65,6e,74,2e,64,6c,6c,00
"ParameterMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,\
74,65,6d,33,32,5c,6b,65,72,6e,65,6c,33,32,2e,64,6c,6c,00
"TypesSupported"=dword:00000007
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\scsiport]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,49,6f,4c,6f,67,4d,73,67,2e,64,6c,6c,00
"TypesSupported"=dword:00000007
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\serial]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,49,6f,4c,6f,67,4d,73,67,2e,64,6c,6c,3b,25,53,79,73,74,65,6d,\
52,6f,6f,74,25,5c,53,79,73,74,65,6d,33,32,5c,64,72,69,76,65,72,73,5c,73,65,\
72,69,61,6c,2e,73,79,73,00
"TypesSupported"=dword:00000007
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\Server]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,6e,65,74,65,76,65,6e,74,2e,64,6c,6c,00
"TypesSupported"=dword:00000007
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\Service Control Manager]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,6e,65,74,65,76,65,6e,74,2e,64,6c,6c,00
"ParameterMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,\
74,65,6d,33,32,5c,6b,65,72,6e,65,6c,33,32,2e,64,6c,6c,00
"TypesSupported"=dword:00000007
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\Setup]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,73,79,73,73,65,74,75,70,2e,64,6c,6c,00
"TypesSupported"=dword:00000007
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\sfloppy]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,49,6f,4c,6f,67,4d,73,67,2e,64,6c,6c,00
"TypesSupported"=dword:00000007
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\SideBySide]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,73,78,73,2e,64,6c,6c,00
"TypesSupported"=dword:00000007
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\Simbad]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,49,6f,4c,6f,67,4d,73,67,2e,64,6c,6c,00
"TypesSupported"=dword:00000007
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\sndblst]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,49,6f,4c,6f,67,4d,73,67,2e,64,6c,6c,00
"TypesSupported"=dword:00000007
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\sparrow]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,49,6f,4c,6f,67,4d,73,67,2e,64,6c,6c,00
"TypesSupported"=dword:00000007
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\sr]
"EventMessageFile"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,73,79,73,74,65,6d,\
33,32,5c,49,6f,4c,6f,67,4d,73,67,2e,64,6c,6c,3b,43,3a,5c,57,49,4e,44,4f,57,\
53,5c,73,79,73,74,65,6d,33,32,5c,44,52,49,56,45,52,53,5c,73,72,2e,73,79,73,\
00
"TypesSupported"=dword:00000007
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\srservice]
"EventMessageFile"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,73,79,73,74,65,6d,\
33,32,5c,73,72,73,76,63,2e,64,6c,6c,00
"TypesSupported"=dword:00000007
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\Srv]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,6e,65,74,65,76,65,6e,74,2e,64,6c,6c,00
"TypesSupported"=dword:00000007
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\SSDPSRV]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\StillImage]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,77,69,61,73,65,72,76,63,2e,64,6c,6c,00
"TypesSupported"=dword:00000007
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\symc810]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,49,6f,4c,6f,67,4d,73,67,2e,64,6c,6c,00
"TypesSupported"=dword:00000007
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\symc8xx]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,49,6f,4c,6f,67,4d,73,67,2e,64,6c,6c,00
"TypesSupported"=dword:00000007
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\sym_hi]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,49,6f,4c,6f,67,4d,73,67,2e,64,6c,6c,00
"TypesSupported"=dword:00000007
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\sym_u3]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,49,6f,4c,6f,67,4d,73,67,2e,64,6c,6c,00
"TypesSupported"=dword:00000007
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\System]
"CategoryCount"=dword:00000007
"CategoryMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,\
74,65,6d,33,32,5c,65,76,65,6e,74,6c,6f,67,2e,64,6c,6c,00
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\System Error]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,66,61,75,6c,74,72,65,70,2e,64,6c,6c,00
"TypesSupported"=dword:00000007
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\Tcpip]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,6e,65,74,65,76,65,6e,74,2e,64,6c,6c,3b,25,53,79,73,74,65,6d,\
52,6f,6f,74,25,5c,53,79,73,74,65,6d,33,32,5c,78,70,73,70,32,72,65,73,2e,64,\
6c,6c,00
"TypesSupported"=dword:00000007
-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\TCPMon]
"TypesSupported"=dword:00000007
"EventMessageFile"="%SystemRoot%\\System32\\tcpmon.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\tdi]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,49,6f,4c,6f,67,4d,73,67,2e,64,6c,6c,00
"TypesSupported"=dword:00000007
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\TermDD]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,6e,74,64,6c,6c,2e,64,6c,6c,00
"TypesSupported"=dword:00000007
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\TermServDevices]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,77,6c,6e,6f,74,69,66,79,2e,64,6c,6c,00
"TypesSupported"=dword:00000007
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\TermService]
"TypesSupported"=dword:00000007
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,74,65,72,6d,73,72,76,2e,64,6c,6c,3b,25,53,79,73,74,65,6d,52,\
6f,6f,74,25,5c,53,79,73,74,65,6d,33,32,5c,6e,74,64,6c,6c,2e,64,6c,6c,00
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\TermServSessDir]
"TypesSupported"=dword:00000007
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,74,73,73,64,69,73,2e,65,78,65,00
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\toside]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,49,6f,4c,6f,67,4d,73,67,2e,64,6c,6c,3b,25,53,79,73,74,65,6d,\
52,6f,6f,74,25,5c,53,79,73,74,65,6d,33,32,5c,44,72,69,76,65,72,73,5c,54,6f,\
73,49,64,65,2e,73,79,73,00
"TypesSupported"=dword:00000007
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\udfs]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,49,6f,4c,6f,67,4d,73,67,2e,64,6c,6c,00
"TypesSupported"=dword:00000007
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\ultra]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,49,6f,4c,6f,67,4d,73,67,2e,64,6c,6c,00
"TypesSupported"=dword:00000007
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\UPS]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,6e,65,74,6d,73,67,2e,64,6c,6c,00
"TypesSupported"=dword:00000007
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\USER32]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,75,73,65,72,33,32,2e,64,6c,6c,00
"TypesSupported"=dword:00000007
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\VgaSave]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,49,6f,4c,6f,67,4d,73,67,2e,64,6c,6c,3b,25,53,79,73,74,65,6d,\
52,6f,6f,74,25,5c,53,79,73,74,65,6d,33,32,5c,44,72,69,76,65,72,73,5c,76,67,\
61,2e,73,79,73,00
"TypesSupported"=dword:00000007
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\viaide]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,49,6f,4c,6f,67,4d,73,67,2e,64,6c,6c,3b,25,53,79,73,74,65,6d,\
52,6f,6f,74,25,5c,53,79,73,74,65,6d,33,32,5c,44,72,69,76,65,72,73,5c,56,69,\
61,49,64,65,2e,73,79,73,00
"TypesSupported"=dword:00000007
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\VolSnap]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,49,6f,4c,6f,67,4d,73,67,2e,64,6c,6c,3b,25,53,79,73,74,65,6d,\
52,6f,6f,74,25,5c,53,79,73,74,65,6d,33,32,5c,44,72,69,76,65,72,73,5c,56,6f,\
6c,53,6e,61,70,2e,73,79,73,00
"TypesSupported"=dword:00000007
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\W32Time]
"EventMessageFile"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,73,79,73,74,65,6d,\
33,32,5c,77,33,32,74,69,6d,65,2e,64,6c,6c,00
"TypesSupported"=dword:00000007
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\WgaNotify]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,73,70,6d,73,67,2e,64,6c,6c,00
"TypesSupported"=dword:00000007
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\Win32k]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,77,69,6e,33,32,6b,2e,73,79,73,00
"TypesSupported"=dword:00000007
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\Windows File Protection]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,73,66,63,5f,6f,73,2e,64,6c,6c,00
"TypesSupported"=dword:00000007
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\Windows Installer 3.1]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,73,70,6d,73,67,2e,64,6c,6c,00
"TypesSupported"=dword:00000007
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\Windows Script Host]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,77,73,68,65,78,74,2e,64,6c,6c,00
"TypesSupported"=dword:00000018
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\Windows Update Agent]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,\
65,6d,33,32,5c,77,75,61,75,63,70,6c,2e,63,70,6c,00
"TypesSupported"=dword:00000007
"CategoryMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,\
74,65,6d,33,32,5c,77,75,61,75,63,70,6c,2e,63,70,6c,00
"CategoryCount"=dword:00000009
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\WindowsMedia]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,73,70,6d,73,67,2e,64,6c,6c,00
"TypesSupported"=dword:00000007
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\Workstation]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,6e,65,74,6d,73,67,2e,64,6c,6c,00
"TypesSupported"=dword:00000007
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\WZCSVC]
"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\
65,6d,33,32,5c,77,7a,63,73,76,63,2e,64,6c,6c,00
"TypesSupported"=dword:00000007
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventSystem]
"Type"=dword:00000020
"Start"=dword:00000003
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,73,79,73,74,65,6d,33,32,5c,\
73,76,63,68,6f,73,74,2e,65,78,65,20,2d,6b,20,6e,65,74,73,76,63,73,00
"DisplayName"="COM+ Event System"
"Group"="Network"
"DependOnService"=hex(7):52,50,43,53,53,00,00
"DependOnGroup"=hex(7):00
"ObjectName"="LocalSystem"
"Description"="Supports System Event Notification Service (SENS), which provides automatic distribution of events to subscribing Component Object Model (COM) components. If the service is stopped, SENS will close and will not be able to provide logon and logoff notifications. If this service is disabled, any services that explicitly depend on it will fail to start."
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventSystem\Parameters]
"ServiceDll"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,73,79,73,74,65,6d,33,32,\
5c,65,73,2e,64,6c,6c,00
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventSystem\Security]
"Security"=hex:01,00,14,80,7c,00,00,00,88,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,4c,00,03,00,00,00,00,00,14,00,9d,01,02,00,01,01,00,00,00,00,00,\
05,0b,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
20,02,00,00,00,00,18,00,8d,00,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,\
02,00,00,01,01,00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,\
00,00
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventSystem\Enum]
"0"="Root\\LEGACY_EVENTSYSTEM\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ewido security suite control]
"Type"=dword:00000110
"Start"=dword:00000004
"ErrorControl"=dword:00000000
"ImagePath"=hex(2):43,3a,5c,50,72,6f,67,72,61,6d,20,46,69,6c,65,73,5c,65,77,69,\
64,6f,20,61,6e,74,69,2d,6d,61,6c,77,61,72,65,5c,65,77,69,64,6f,63,74,72,6c,\
2e,65,78,65,00
"DisplayName"="ewido security suite control"
"ObjectName"="LocalSystem"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ewido security suite control\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,60,00,04,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,\
05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,\
00,18,00,fd,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,02,00,00,01,01,\
00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ewido security suite control\Enum]
"0"="Root\\LEGACY_EWIDO_SECURITY_SUITE_CONTROL\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Fastfat]
"ErrorControl"=dword:00000001
"Group"="Boot file system"
"Start"=dword:00000004
"Type"=dword:00000002
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Fastfat\Enum]
"0"="Root\\LEGACY_FASTFAT\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\FastUserSwitchingCompatibility]
"Type"=dword:00000020
"Start"=dword:00000003
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,65,6d,33,\
32,5c,73,76,63,68,6f,73,74,2e,65,78,65,20,2d,6b,20,6e,65,74,73,76,63,73,00
"DisplayName"="Fast User Switching Compatibility"
"DependOnService"=hex(7):54,65,72,6d,53,65,72,76,69,63,65,00,00
"DependOnGroup"=hex(7):00
"ObjectName"="LocalSystem"
"Description"="Provides management for applications that require assistance in a multiple user environment."
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\FastUserSwitchingCompatibility\Parameters]
"ServiceDll"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,65,6d,\
33,32,5c,73,68,73,76,63,73,2e,64,6c,6c,00
"ServiceMain"="BadApplicationServiceMain"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\FastUserSwitchingCompatibility\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,60,00,04,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,\
05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,\
00,18,00,fd,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,02,00,00,01,01,\
00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\FastUserSwitchingCompatibility\Enum]
"0"="Root\\LEGACY_FASTUSERSWITCHINGCOMPATIBILITY\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Fdc]
"ErrorControl"=dword:00000001
"Group"="System Bus Extender"
"Start"=dword:00000003
"Tag"=dword:00000002
"Type"=dword:00000001
"SetupDone"=dword:00000001
"DisplayName"="Floppy Disk Controller Driver"
"ImagePath"=hex(2):73,79,73,74,65,6d,33,32,5c,44,52,49,56,45,52,53,5c,66,64,63,\
2e,73,79,73,00
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Fdc\Enum]
"0"="ACPI\\PNP0700\\3&13c0b0c5&0"
"Count"=dword:00000001
"NextInstance"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Fips]
"ErrorControl"=dword:00000001
"Start"=dword:00000001
"Type"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Fips\Enum]
"0"="Root\\LEGACY_FIPS\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Flpydisk]
"ErrorControl"=dword:00000001
"Group"="Primary disk"
"Start"=dword:00000003
"Tag"=dword:00000002
"Type"=dword:00000001
"DisplayName"="Floppy Disk Driver"
"ImagePath"=hex(2):73,79,73,74,65,6d,33,32,5c,44,52,49,56,45,52,53,5c,66,6c,70,\
79,64,69,73,6b,2e,73,79,73,00
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Flpydisk\Enum]
"0"="FDC\\GENERIC_FLOPPY_DRIVE\\4&33bc18fa&0&0"
"Count"=dword:00000001
"NextInstance"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\FltMgr]
"Type"=dword:00000002
"Start"=dword:00000000
"ErrorControl"=dword:00000001
"Tag"=dword:00000004
"ImagePath"=hex(2):73,79,73,74,65,6d,33,32,5c,44,52,49,56,45,52,53,5c,66,6c,74,\
4d,67,72,2e,73,79,73,00
"DisplayName"="FltMgr"
"Group"="FSFilter Infrastructure"
"Description"="File System Filter Manager Driver"
"AttachWhenLoaded"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\FltMgr\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,60,00,04,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,\
05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,\
00,18,00,fd,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,02,00,00,01,01,\
00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\FltMgr\Enum]
"0"="Root\\LEGACY_FLTMGR\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Fs_Rec]
"ErrorControl"=dword:00000000
"Group"="Boot file system"
"Start"=dword:00000001
"Type"=dword:00000008
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Fs_Rec\Enum]
"0"="Root\\LEGACY_FS_REC\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Ftdisk]
"ErrorControl"=dword:00000001
"Group"="System Bus Extender"
"Start"=dword:00000000
"Tag"=dword:00000009
"Type"=dword:00000001
"DisplayName"="Volume Manager Driver"
"ImagePath"=hex(2):73,79,73,74,65,6d,33,32,5c,44,52,49,56,45,52,53,5c,66,74,64,\
69,73,6b,2e,73,79,73,00
-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Ftdisk\Enum]
"0"="Root\\ftdisk\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\gameenum]
"Type"=dword:00000001
"Start"=dword:00000003
"ErrorControl"=dword:00000000
"Tag"=dword:00000005
"ImagePath"=hex(2):73,79,73,74,65,6d,33,32,5c,44,52,49,56,45,52,53,5c,67,61,6d,\
65,65,6e,75,6d,2e,73,79,73,00
"DisplayName"="Game Port Enumerator"
"Group"="Extended Base"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\gameenum\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,60,00,04,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,\
05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,\
00,18,00,fd,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,02,00,00,01,01,\
00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\gameenum\Enum]
"0"="ACPI\\PNPB02F\\3&13c0b0c5&0"
"Count"=dword:00000001
"NextInstance"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\GhostStartService]
"Type"=dword:00000010
"Start"=dword:00000002
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):43,3a,5c,50,52,4f,47,52,41,7e,31,5c,53,79,6d,61,6e,74,65,63,\
5c,4e,4f,52,54,4f,4e,7e,31,5c,47,48,4f,53,54,53,7e,32,2e,45,58,45,00
"DisplayName"="GhostStartService"
"DependOnService"=hex(7):52,50,43,53,53,00,00
"DependOnGroup"=hex(7):00
"ObjectName"="LocalSystem"
"Description"="Background service to allow Norton Ghost to perform priviledged operations"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\GhostStartService\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,60,00,04,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,\
05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,\
00,18,00,fd,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,02,00,00,01,01,\
00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\GhostStartService\Enum]
"0"="Root\\LEGACY_GHOSTSTARTSERVICE\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\GhPciScan]
"Type"=dword:00000001
"Start"=dword:00000001
"ErrorControl"=dword:00000000
"ImagePath"=hex(2):5c,3f,3f,5c,43,3a,5c,50,72,6f,67,72,61,6d,20,46,69,6c,65,73,\
5c,53,79,6d,61,6e,74,65,63,5c,4e,6f,72,74,6f,6e,20,47,68,6f,73,74,20,32,30,\
30,33,5c,67,68,70,63,69,73,63,61,6e,2e,73,79,73,00
"DisplayName"="GhostPciScanner"
"Group"="Base"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\GhPciScan\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,60,00,04,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,\
05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,\
00,18,00,fd,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,02,00,00,01,01,\
00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\GhPciScan\Enum]
"0"="Root\\LEGACY_GHPCISCAN\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Gpc]
"Type"=dword:00000001
"Start"=dword:00000003
"ErrorControl"=dword:00000001
"Tag"=dword:00000003
"ImagePath"=hex(2):73,79,73,74,65,6d,33,32,5c,44,52,49,56,45,52,53,5c,6d,73,67,\
70,63,2e,73,79,73,00
"DisplayName"="Generic Packet Classifier"
"Group"="PNP_TDI"
"Description"="Generic Packet Classifier"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Gpc\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,60,00,04,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,\
05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,\
00,18,00,fd,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,02,00,00,01,01,\
00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Gpc\Enum]
"0"="Root\\LEGACY_GPC\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\helpsvc]
"Type"=dword:00000020
"Start"=dword:00000002
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,65,6d,33,\
32,5c,73,76,63,68,6f,73,74,2e,65,78,65,20,2d,6b,20,6e,65,74,73,76,63,73,00
"DisplayName"="Help and Support"
"DependOnService"=hex(7):52,50,43,53,53,00,00
"DependOnGroup"=hex(7):00
"ObjectName"="LocalSystem"
"Description"="Enables Help and Support Center to run on this computer. If this service is stopped, Help and Support Center will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start."
"FailureActions"=hex:80,51,01,00,00,00,00,00,00,00,00,00,03,00,00,00,05,00,03,\
00,01,00,00,00,64,00,00,00,01,00,00,00,64,00,00,00,00,00,00,00,64,00,00,00
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\helpsvc\Parameters]
"ServiceDll"=hex(2):25,57,49,4e,44,49,52,25,5c,50,43,48,65,61,6c,74,68,5c,48,\
65,6c,70,43,74,72,5c,42,69,6e,61,72,69,65,73,5c,70,63,68,73,76,63,2e,64,6c,\
6c,00
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\helpsvc\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,60,00,04,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,\
05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,\
00,18,00,fd,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,02,00,00,01,01,\
00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\helpsvc\Enum]
"0"="Root\\LEGACY_HELPSVC\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\HidServ]
"DependOnService"=hex(7):52,70,63,53,73,00,00
"Description"="Enables generic input access to Human Interface Devices (HID), which activates and maintains the use of predefined hot buttons on keyboards, remote controls, and other multimedia devices. If this service is stopped, hot buttons controlled by this service will no longer function. If this service is disabled, any services that explicitly depend on it will fail to start."
"DisplayName"="Human Interface Device Access"
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,65,6d,33,\
32,5c,73,76,63,68,6f,73,74,2e,65,78,65,20,2d,6b,20,6e,65,74,73,76,63,73,00
"ObjectName"="LocalSystem"
"Start"=dword:00000004
"Type"=dword:00000020
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\HidServ\Parameters]
"ServiceDll"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,65,6d,\
33,32,5c,68,69,64,73,65,72,76,2e,64,6c,6c,00
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\hidusb]
"Type"=dword:00000001
"Start"=dword:00000003
"ErrorControl"=dword:00000000
"DisplayName"="Microsoft HID Class Driver"
"ImagePath"=hex(2):73,79,73,74,65,6d,33,32,5c,44,52,49,56,45,52,53,5c,68,69,64,\
75,73,62,2e,73,79,73,00
"Group"="extended base"
"Tag"=dword:00000006
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\hidusb\Enum]
"0"="USB\\Vid_06a2&Pid_0033\\5&df9f058&0&1"
"Count"=dword:00000001
"NextInstance"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\hpn]
"ErrorControl"=dword:00000001
"Group"="SCSI miniport"
"Start"=dword:00000004
"Type"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\hpn\Parameters]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\hpn\Parameters\PnpInterface]
"5"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\HTTP]
"DisplayName"="HTTP"
"Description"="This service implements the hypertext transfer protocol (HTTP). If this service is disabled, any services that explicitly depend on it will fail to start."
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):53,79,73,74,65,6d,33,32,5c,44,72,69,76,65,72,73,5c,48,54,54,\
50,2e,73,79,73,00
"Start"=dword:00000003
"Type"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\HTTP\Parameters]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\HTTP\Parameters\SslBindingInfo]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\HTTP\Parameters\UrlAclInfo]
"http://*:2869/"=hex:01,00,04,80,00,00,00,00,00,00,00,00,00,00,00,00,14,00,00,\
00,02,00,1c,00,01,00,00,00,00,00,14,00,00,00,00,20,01,01,00,00,00,00,00,05,\
13,00,00,00
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\HTTP\Security]
"Security"=hex:01,00,14,80,b8,00,00,00,c4,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,88,00,06,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,\
05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,\
00,18,00,fd,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,02,00,00,00,00,\
14,00,14,00,00,00,01,01,00,00,00,00,00,05,04,00,00,00,00,00,14,00,14,00,00,\
00,01,01,00,00,00,00,00,05,06,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00,\
01,01,00,00,00,00,00,05,12,00,00,00
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\HTTP\Enum]
"0"="Root\\LEGACY_HTTP\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\HTTPFilter]
"DependOnService"=hex(7):48,54,54,50,00,00
"Description"="This service implements the secure hypertext transfer protocol (HTTPS) for the HTTP service, using the Secure Socket Layer (SSL). If this service is disabled, any services that explicitly depend on it will fail to start."
"DisplayName"="HTTP SSL"
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,65,6d,33,\
32,5c,73,76,63,68,6f,73,74,2e,65,78,65,20,2d,6b,20,48,54,54,50,46,69,6c,74,\
65,72,00
"ObjectName"="LocalSystem"
"Start"=dword:00000003
"Type"=dword:00000020
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\HTTPFilter\Parameters]
"ServiceDll"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,65,6d,\
33,32,5c,77,33,73,73,6c,2e,64,6c,6c,00
"ServiceMain"="HTTPFilterServiceMain"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\HTTPFilter\Security]
"Security"=hex:01,00,14,80,b8,00,00,00,c4,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,88,00,06,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,\
05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,\
00,18,00,fd,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,02,00,00,00,00,\
14,00,14,00,00,00,01,01,00,00,00,00,00,05,04,00,00,00,00,00,14,00,14,00,00,\
00,01,01,00,00,00,00,00,05,06,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00,\
01,01,00,00,00,00,00,05,12,00,00,00
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\i2omgmt]
"ErrorControl"=dword:00000001
"Group"="SCSI Class"
"Start"=dword:00000001
"Tag"=dword:0000002d
"Type"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\i2omp]
"ErrorControl"=dword:00000001
"Group"="SCSI miniport"
"Start"=dword:00000004
"Tag"=dword:0000002d
"Type"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\i2omp\Parameters]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\i2omp\Parameters\PnpInterface]
"5"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\i8042prt]
"Type"=dword:00000001
"Start"=dword:00000001
"Group"="Keyboard Port"
"ErrorControl"=dword:00000001
"DisplayName"="i8042 Keyboard and PS/2 Mouse Port Driver"
"ImagePath"=hex(2):73,79,73,74,65,6d,33,32,5c,44,52,49,56,45,52,53,5c,69,38,30,\
34,32,70,72,74,2e,73,79,73,00
"Tag"=dword:00000004
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\i8042prt\Parameters]
"LayerDriver JPN"="kbd101.dll"
"LayerDriver KOR"="kbd101a.dll"
"PollingIterations"=dword:00002ee0
"PollingIterationsMaximum"=dword:00002ee0
"ResendIterations"=dword:00000003
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\i8042prt\Enum]
"0"="ACPI\\PNP0303\\3&13c0b0c5&0"
"Count"=dword:00000001
"NextInstance"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Imapi]
"ErrorControl"=dword:00000001
"Group"="Pnp Filter"
"Start"=dword:00000001
"Tag"=dword:00000002
"Type"=dword:00000001
"DisplayName"="CD-Burning Filter Driver"
"ImagePath"=hex(2):73,79,73,74,65,6d,33,32,5c,44,52,49,56,45,52,53,5c,69,6d,61,\
70,69,2e,73,79,73,00
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Imapi\Enum]
"0"="IDE\\CdRomSONY_CD-RW__CRX320EE____________________RYK3____\\3032353030313630303030303533383520202020"
"Count"=dword:00000001
"NextInstance"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ImapiService]
"Type"=dword:00000010
"Start"=dword:00000003
"ErrorControl"=dword:00000001
"ImagePath"="C:\\WINDOWS\\system32\\imapi.exe"
"ObjectName"="LocalSystem"
"DisplayName"="IMAPI CD-Burning COM Service"
"Description"="Manages CD recording using Image Mastering Applications Programming Interface (IMAPI). If this service is stopped, this computer will be unable to record CDs. If this service is disabled, any services that explicitly depend on it will fail to start."
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ImapiService\Enum]
"0"="Root\\LEGACY_IMAPISERVICE\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\inetaccs]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\inetaccs\Parameters]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ini910u]
"ErrorControl"=dword:00000001
"Group"="SCSI miniport"
"Start"=dword:00000004
"Tag"=dword:00000030
"Type"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ini910u\Parameters]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ini910u\Parameters\PnpInterface]
"5"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Inport]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Inport\Parameters]
"HzMode"=dword:00000002
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\IntelIde]
"ErrorControl"=dword:00000001
"Group"="System Bus Extender"
"Start"=dword:00000004
"Tag"=dword:00000004
"Type"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Ip6Fw]
"Type"=dword:00000001
"Start"=dword:00000003
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):73,79,73,74,65,6d,33,32,5c,44,52,49,56,45,52,53,5c,49,70,36,\
46,77,2e,73,79,73,00
"DisplayName"="IPv6 Windows Firewall Driver"
"Description"="Provides intrusion prevention service for a home or small office network."
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Ip6Fw\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,60,00,04,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,\
05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,\
00,18,00,fd,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,02,00,00,01,01,\
00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00
-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\IpFilterDriver]
"Type"=dword:00000001
"Start"=dword:00000003
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):73,79,73,74,65,6d,33,32,5c,44,52,49,56,45,52,53,5c,69,70,66,\
6c,74,64,72,76,2e,73,79,73,00
"DisplayName"="IP Traffic Filter Driver"
"DependOnService"=hex(7):54,63,70,69,70,00,00
"DependOnGroup"=hex(7):00
"Description"="IP Traffic Filter Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\IpFilterDriver\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,60,00,04,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,\
05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,\
00,18,00,fd,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,02,00,00,01,01,\
00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\IpInIp]
"Type"=dword:00000001
"Start"=dword:00000003
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):73,79,73,74,65,6d,33,32,5c,44,52,49,56,45,52,53,5c,69,70,69,\
6e,69,70,2e,73,79,73,00
"DisplayName"="IP in IP Tunnel Driver"
"DependOnService"=hex(7):54,63,70,69,70,00,00
"DependOnGroup"=hex(7):00
"Description"="IP in IP Tunnel Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\IpInIp\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,60,00,04,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,\
05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,\
00,18,00,fd,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,02,00,00,01,01,\
00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\IpNat]
"DependOnGroup"=hex(7):00
"DependOnService"=hex(7):54,63,70,69,70,00,00
"Description"="IP Network Address Translator"
"DisplayName"="IP Network Address Translator"
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):73,79,73,74,65,6d,33,32,5c,44,52,49,56,45,52,53,5c,69,70,6e,\
61,74,2e,73,79,73,00
"Start"=dword:00000003
"Type"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\IpNat\Enum]
"0"="Root\\LEGACY_IPNAT\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\IPSec]
"Type"=dword:00000001
"Start"=dword:00000001
"ErrorControl"=dword:00000001
"Tag"=dword:00000005
"ImagePath"=hex(2):73,79,73,74,65,6d,33,32,5c,44,52,49,56,45,52,53,5c,69,70,73,\
65,63,2e,73,79,73,00
"DisplayName"="IPSEC driver"
"Group"="PNP_TDI"
"Description"="IPSEC driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\IPSec\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,60,00,04,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,\
05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,\
00,18,00,fd,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,02,00,00,01,01,\
00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\IPSec\Enum]
"0"="Root\\LEGACY_IPSEC\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\IRENUM]
"Type"=dword:00000001
"Start"=dword:00000003
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):73,79,73,74,65,6d,33,32,5c,44,52,49,56,45,52,53,5c,69,72,65,\
6e,75,6d,2e,73,79,73,00
"DisplayName"="IR Enumerator Service"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\IRENUM\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,60,00,04,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,\
05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,\
00,18,00,fd,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,02,00,00,01,01,\
00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ISAPISearch]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ISAPISearch\Linkage]
"Bind"="\\Dummy"
"Export"="\\Dummy"
"Route"="\\Dummy"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ISAPISearch\Performance]
"Close"="DoneCIISAPIPerformanceData"
"Collect"="CollectCIISAPIPerformanceData"
"Open"="InitializeCIISAPIPerformanceData"
"Library"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,65,6d,33,\
32,5c,71,75,65,72,79,2e,64,6c,6c,00
"Last Counter"=dword:000008de
"Last Help"=dword:000008df
"First Counter"=dword:000008ca
"First Help"=dword:000008cb
"Object List"="2250"
"WbemAdapFileSignature"=hex:0e,5a,34,78,55,08,cd,55,5e,d1,bb,15,d3,71,55,79
"WbemAdapFileTime"=hex:00,5b,4e,ea,bd,79,c4,01
"WbemAdapFileSize"=dword:0015e800
"WbemAdapStatus"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\isapnp]
"ErrorControl"=dword:00000003
"Group"="Boot Bus Extender"
"Start"=dword:00000000
"Tag"=dword:00000003
"Type"=dword:00000001
"HasBootConfig"=dword:00000000
"DisplayName"="PnP ISA/EISA Bus Driver"
"ImagePath"=hex(2):73,79,73,74,65,6d,33,32,5c,44,52,49,56,45,52,53,5c,69,73,61,\
70,6e,70,2e,73,79,73,00
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\isapnp\Parameters]
"ADP1502"=dword:00000001
"ADP1505"=dword:00000001
"ADP1510"=dword:00000001
"ADP1512"=dword:00000001
"ADP1515"=dword:00000001
"ADP1520"=dword:00000001
"ADP1522"=dword:00000001
"ADP3015"=dword:00000001
"ADP3215"=dword:00000001
"ADP6360"=dword:00000001
"ADP6370"=dword:00000001
"USR0014"=dword:00000001
"USR1001"=dword:00000001
"USR1002"=dword:00000001
"USR1003"=dword:00000001
"USR1004"=dword:00000001
"USR6001"=dword:00000001
"USR6002"=dword:00000001
"USR6003"=dword:00000001
"USR6004"=dword:00000001
"USR6005"=dword:00000001
"USR6006"=dword:00000001
"USR6007"=dword:00000001
"USR6008"=dword:00000001
"USR6009"=dword:00000001
"USR600A"=dword:00000001
"USR600B"=dword:00000001
"USR600C"=dword:00000001
"USR600D"=dword:00000001
"USR600E"=dword:00000001
"USR600F"=dword:00000001
"USR6010"=dword:00000001
"USR6011"=dword:00000001
"USR6012"=dword:00000001
"USR6101"=dword:00000001
"USR6020"=dword:00000001
"USR0041"=dword:00000001
"USR002C"=dword:00000001
"AZT4029"=dword:00000001
"AZT4023"=dword:00000001
"USR0040"=dword:00000001
"HAY8601"=dword:00000001
"EQX2400"=dword:00000002
"EQX0900"=dword:00000002
"EQX1B00"=dword:00000002
"EQX1700"=dword:00000002
"EQX0700"=dword:00000002
"EQX0F00"=dword:00000002
"EQX0800"=dword:00000002
"EQX1000"=dword:00000002
"EQX3F00"=dword:00000002
"EQX1200"=dword:00000002
"IBM0001"=dword:00000010
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\isapnp\Enum]
"0"="PCI\\VEN_10DE&DEV_0060&SUBSYS_00000000&REV_A4\\3&13c0b0c5&0&08"
"Count"=dword:00000001
"NextInstance"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Kbdclass]
"ErrorControl"=dword:00000001
"Group"="Keyboard Class"
"Start"=dword:00000001
"Tag"=dword:00000001
"Type"=dword:00000001
"DisplayName"="Keyboard Class Driver"
"ImagePath"=hex(2):73,79,73,74,65,6d,33,32,5c,44,52,49,56,45,52,53,5c,6b,62,64,\
63,6c,61,73,73,2e,73,79,73,00
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Kbdclass\Parameters]
"ConnectMultiplePorts"=dword:00000000
"KeyboardDataQueueSize"=dword:00000064
"KeyboardDeviceBaseName"="KeyboardClass"
"MaximumPortsServiced"=dword:00000003
"SendOutputToAllPorts"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Kbdclass\Enum]
"0"="Root\\RDP_KBD\\0000"
"Count"=dword:00000002
"NextInstance"=dword:00000002
"1"="ACPI\\PNP0303\\3&13c0b0c5&0"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\kmixer]
"Type"=dword:00000001
"Start"=dword:00000003
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):73,79,73,74,65,6d,33,32,5c,64,72,69,76,65,72,73,5c,6b,6d,69,\
78,65,72,2e,73,79,73,00
"DisplayName"="Microsoft Kernel Wave Audio Mixer"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\kmixer\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,60,00,04,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,\
05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,\
00,18,00,fd,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,02,00,00,01,01,\
00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\kmixer\Enum]
"Count"=dword:00000000
"NextInstance"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\KSecDD]
"ErrorControl"=dword:00000001
"Group"="Base"
"Start"=dword:00000000
"Tag"=dword:00000001
"Type"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\KSecDD\Enum]
"0"="Root\\LEGACY_KSECDD\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\lanmanserver]
"Type"=dword:00000020
"Start"=dword:00000002
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,6d,33,\
32,5c,73,76,63,68,6f,73,74,2e,65,78,65,20,2d,6b,20,6e,65,74,73,76,63,73,00
"DisplayName"="Server"
"ObjectName"="LocalSystem"
"Description"="Supports file, print, and named-pipe sharing over the network for this computer. If this service is stopped, these functions will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start."
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\lanmanserver\AutotunedParameters]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\lanmanserver\DefaultSecurity]
"SrvsvcConfigInfo"=hex:01,00,04,80,a0,00,00,00,ac,00,00,00,00,00,00,00,14,00,\
00,00,02,00,8c,00,06,00,00,00,00,00,18,00,17,00,0f,00,01,02,00,00,00,00,00,\
05,20,00,00,00,20,02,00,00,00,00,18,00,17,00,0f,00,01,02,00,00,00,00,00,05,\
20,00,00,00,25,02,00,00,00,00,14,00,17,00,0f,00,01,01,00,00,00,00,00,05,12,\
00,00,00,00,00,18,00,03,00,00,00,01,02,00,00,00,00,00,05,20,00,00,00,23,02,\
00,00,00,00,14,00,01,00,00,00,01,01,00,00,00,00,00,01,00,00,00,00,00,00,14,\
00,01,00,00,00,01,01,00,00,00,00,00,05,07,00,00,00,01,01,00,00,00,00,00,05,\
12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00
"SrvsvcTransportEnum"=hex:01,00,04,80,8c,00,00,00,98,00,00,00,00,00,00,00,14,\
00,00,00,02,00,78,00,05,00,00,00,00,00,18,00,17,00,0f,00,01,02,00,00,00,00,\
00,05,20,00,00,00,20,02,00,00,00,00,18,00,17,00,0f,00,01,02,00,00,00,00,00,\
05,20,00,00,00,25,02,00,00,00,00,14,00,17,00,0f,00,01,01,00,00,00,00,00,05,\
12,00,00,00,00,00,18,00,03,00,00,00,01,02,00,00,00,00,00,05,20,00,00,00,23,\
02,00,00,00,00,14,00,01,00,00,00,01,01,00,00,00,00,00,05,0b,00,00,00,01,01,\
00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00
"SrvsvcConnection"=hex:01,00,04,80,7c,00,00,00,88,00,00,00,00,00,00,00,14,00,\
00,00,02,00,68,00,04,00,00,00,00,00,18,00,01,00,0f,00,01,02,00,00,00,00,00,\
05,20,00,00,00,20,02,00,00,00,00,18,00,01,00,0f,00,01,02,00,00,00,00,00,05,\
20,00,00,00,25,02,00,00,00,00,18,00,01,00,00,00,01,02,00,00,00,00,00,05,20,\
00,00,00,26,02,00,00,00,00,18,00,01,00,00,00,01,02,00,00,00,00,00,05,20,00,\
00,00,23,02,00,00,01,01,00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,\
05,12,00,00,00
"SrvsvcServerDiskEnum"=hex:01,00,04,80,4c,00,00,00,58,00,00,00,00,00,00,00,14,\
00,00,00,02,00,38,00,02,00,00,00,00,00,18,00,01,00,0f,00,01,02,00,00,00,00,\
00,05,20,00,00,00,20,02,00,00,00,00,18,00,01,00,0f,00,01,02,00,00,00,00,00,\
05,20,00,00,00,25,02,00,00,01,01,00,00,00,00,00,05,12,00,00,00,01,01,00,00,\
00,00,00,05,12,00,00,00
"SrvsvcFile"=hex:01,00,04,80,64,00,00,00,70,00,00,00,00,00,00,00,14,00,00,00,\
02,00,50,00,03,00,00,00,00,00,18,00,11,00,0f,00,01,02,00,00,00,00,00,05,20,\
00,00,00,20,02,00,00,00,00,18,00,11,00,0f,00,01,02,00,00,00,00,00,05,20,00,\
00,00,25,02,00,00,00,00,18,00,11,00,0f,00,01,02,00,00,00,00,00,05,20,00,00,\
00,23,02,00,00,01,01,00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,\
12,00,00,00
"SrvsvcShareFileInfo"=hex:01,00,04,80,8c,00,00,00,98,00,00,00,00,00,00,00,14,\
00,00,00,02,00,78,00,05,00,00,00,00,00,18,00,13,00,0f,00,01,02,00,00,00,00,\
00,05,20,00,00,00,20,02,00,00,00,00,18,00,13,00,0f,00,01,02,00,00,00,00,00,\
05,20,00,00,00,25,02,00,00,00,00,18,00,13,00,0f,00,01,02,00,00,00,00,00,05,\
20,00,00,00,23,02,00,00,00,00,14,00,01,00,00,00,01,01,00,00,00,00,00,01,00,\
00,00,00,00,00,14,00,01,00,00,00,01,01,00,00,00,00,00,05,07,00,00,00,01,01,\
00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00
"SrvsvcSharePrintInfo"=hex:01,00,04,80,a4,00,00,00,b0,00,00,00,00,00,00,00,14,\
00,00,00,02,00,90,00,06,00,00,00,00,00,18,00,13,00,0f,00,01,02,00,00,00,00,\
00,05,20,00,00,00,20,02,00,00,00,00,18,00,13,00,0f,00,01,02,00,00,00,00,00,\
05,20,00,00,00,25,02,00,00,00,00,18,00,13,00,0f,00,01,02,00,00,00,00,00,05,\
20,00,00,00,26,02,00,00,00,00,18,00,13,00,0f,00,01,02,00,00,00,00,00,05,20,\
00,00,00,23,02,00,00,00,00,14,00,01,00,00,00,01,01,00,00,00,00,00,01,00,00,\
00,00,00,00,14,00,01,00,00,00,01,01,00,00,00,00,00,05,07,00,00,00,01,01,00,\
00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00
"SrvsvcShareAdminInfo"=hex:01,00,04,80,8c,00,00,00,98,00,00,00,00,00,00,00,14,\
00,00,00,02,00,78,00,05,00,00,00,00,00,18,00,13,00,0f,00,01,02,00,00,00,00,\
00,05,20,00,00,00,20,02,00,00,00,00,18,00,02,00,00,00,01,02,00,00,00,00,00,\
05,20,00,00,00,25,02,00,00,00,00,18,00,02,00,00,00,01,02,00,00,00,00,00,05,\
20,00,00,00,23,02,00,00,00,00,14,00,01,00,00,00,01,01,00,00,00,00,00,01,00,\
00,00,00,00,00,14,00,01,00,00,00,01,01,00,00,00,00,00,05,07,00,00,00,01,01,\
00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00
"SrvsvcShareConnect"=hex:01,00,04,80,8c,00,00,00,98,00,00,00,00,00,00,00,14,00,\
00,00,02,00,78,00,05,00,00,00,00,00,18,00,03,00,0f,00,01,02,00,00,00,00,00,\
05,20,00,00,00,20,02,00,00,00,00,18,00,03,00,0f,00,01,02,00,00,00,00,00,05,\
20,00,00,00,25,02,00,00,00,00,18,00,03,00,0f,00,01,02,00,00,00,00,00,05,20,\
00,00,00,27,02,00,00,00,00,14,00,01,00,00,00,01,01,00,00,00,00,00,01,00,00,\
00,00,00,00,14,00,01,00,00,00,01,01,00,00,00,00,00,05,07,00,00,00,01,01,00,\
00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00
"SrvsvcShareAdminConnect"=hex:01,00,04,80,64,00,00,00,70,00,00,00,00,00,00,00,\
14,00,00,00,02,00,50,00,03,00,00,00,00,00,18,00,03,00,0f,00,01,02,00,00,00,\
00,00,05,20,00,00,00,20,02,00,00,00,00,18,00,03,00,0f,00,01,02,00,00,00,00,\
00,05,20,00,00,00,25,02,00,00,00,00,18,00,03,00,0f,00,01,02,00,00,00,00,00,\
05,20,00,00,00,27,02,00,00,01,01,00,00,00,00,00,05,12,00,00,00,01,01,00,00,\
00,00,00,05,12,00,00,00
"SrvsvcStatisticsInfo"=hex:01,00,04,80,60,00,00,00,6c,00,00,00,00,00,00,00,14,\
00,00,00,02,00,4c,00,03,00,00,00,00,00,18,00,01,00,0f,00,01,02,00,00,00,00,\
00,05,20,00,00,00,20,02,00,00,00,00,18,00,01,00,0f,00,01,02,00,00,00,00,00,\
05,20,00,00,00,25,02,00,00,00,00,14,00,01,00,00,00,01,01,00,00,00,00,00,02,\
00,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,\
00,00,00
"AnonymousDescriptorsUpgraded"=dword:00000001
"PreviousAnonymousRestriction"=dword:00000000
"SrvsvcSessionInfo"=hex:01,00,04,80,78,00,00,00,84,00,00,00,00,00,00,00,14,00,\
00,00,02,00,64,00,04,00,00,00,00,00,18,00,13,00,0f,00,01,02,00,00,00,00,00,\
05,20,00,00,00,20,02,00,00,00,00,18,00,13,00,0f,00,01,02,00,00,00,00,00,05,\
20,00,00,00,25,02,00,00,00,00,18,00,13,00,0f,00,01,02,00,00,00,00,00,05,20,\
00,00,00,23,02,00,00,00,00,14,00,01,00,00,00,01,01,00,00,00,00,00,05,0b,00,\
00,00,01,01,00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,\
00
"SessionSecurityDescriptorRegenerated"=dword:00000001
-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\lanmanserver\Linkage]
"Bind"=hex(7):5c,44,65,76,69,63,65,5c,4e,65,74,62,69,6f,73,53,6d,62,00,5c,44,\
65,76,69,63,65,5c,4e,65,74,42,54,5f,54,63,70,69,70,5f,7b,43,45,35,46,41,30,\
44,30,2d,33,38,34,44,2d,34,33,38,37,2d,39,45,34,37,2d,44,32,35,31,38,34,30,\
33,30,44,39,39,7d,00,5c,44,65,76,69,63,65,5c,4e,65,74,42,54,5f,54,63,70,69,\
70,5f,7b,41,45,43,38,31,34,31,31,2d,42,45,31,45,2d,34,44,45,31,2d,42,42,37,\
39,2d,44,37,39,32,36,31,37,38,32,33,33,33,7d,00,5c,44,65,76,69,63,65,5c,4e,\
65,74,42,54,5f,54,63,70,69,70,5f,7b,45,46,41,41,31,41,32,30,2d,31,31,33,36,\
2d,34,41,31,33,2d,41,35,33,43,2d,42,31,45,34,45,34,43,35,32,43,42,45,7d,00,\
5c,44,65,76,69,63,65,5c,4e,65,74,42,54,5f,54,63,70,69,70,5f,7b,39,35,42,42,\
43,34,35,35,2d,30,43,42,41,2d,34,45,44,33,2d,42,39,44,38,2d,32,41,46,43,45,\
31,38,43,34,39,45,37,7d,00,00
"Route"=hex(7):22,4e,65,74,62,69,6f,73,53,6d,62,22,00,22,4e,65,74,42,54,22,20,\
22,54,63,70,69,70,22,20,22,7b,43,45,35,46,41,30,44,30,2d,33,38,34,44,2d,34,\
33,38,37,2d,39,45,34,37,2d,44,32,35,31,38,34,30,33,30,44,39,39,7d,22,00,22,\
4e,65,74,42,54,22,20,22,54,63,70,69,70,22,20,22,7b,41,45,43,38,31,34,31,31,\
2d,42,45,31,45,2d,34,44,45,31,2d,42,42,37,39,2d,44,37,39,32,36,31,37,38,32,\
33,33,33,7d,22,00,22,4e,65,74,42,54,22,20,22,54,63,70,69,70,22,20,22,4e,64,\
69,73,57,61,6e,49,70,22,00,00
"Export"=hex(7):5c,44,65,76,69,63,65,5c,4c,61,6e,6d,61,6e,53,65,72,76,65,72,5f,\
4e,65,74,62,69,6f,73,53,6d,62,00,5c,44,65,76,69,63,65,5c,4c,61,6e,6d,61,6e,\
53,65,72,76,65,72,5f,4e,65,74,42,54,5f,54,63,70,69,70,5f,7b,43,45,35,46,41,\
30,44,30,2d,33,38,34,44,2d,34,33,38,37,2d,39,45,34,37,2d,44,32,35,31,38,34,\
30,33,30,44,39,39,7d,00,5c,44,65,76,69,63,65,5c,4c,61,6e,6d,61,6e,53,65,72,\
76,65,72,5f,4e,65,74,42,54,5f,54,63,70,69,70,5f,7b,41,45,43,38,31,34,31,31,\
2d,42,45,31,45,2d,34,44,45,31,2d,42,42,37,39,2d,44,37,39,32,36,31,37,38,32,\
33,33,33,7d,00,5c,44,65,76,69,63,65,5c,4c,61,6e,6d,61,6e,53,65,72,76,65,72,\
5f,4e,65,74,42,54,5f,54,63,70,69,70,5f,7b,45,46,41,41,31,41,32,30,2d,31,31,\
33,36,2d,34,41,31,33,2d,41,35,33,43,2d,42,31,45,34,45,34,43,35,32,43,42,45,\
7d,00,5c,44,65,76,69,63,65,5c,4c,61,6e,6d,61,6e,53,65,72,76,65,72,5f,4e,65,\
74,42,54,5f,54,63,70,69,70,5f,7b,39,35,42,42,43,34,35,35,2d,30,43,42,41,2d,\
34,45,44,33,2d,42,39,44,38,2d,32,41,46,43,45,31,38,43,34,39,45,37,7d,00,00
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\lanmanserver\parameters]
"autodisconnect"=dword:0000000f
"enableforcedlogoff"=dword:00000001
"enablesecuritysignature"=dword:00000000
"requiresecuritysignature"=dword:00000000
"NullSessionPipes"=hex(7):43,4f,4d,4e,41,50,00,43,4f,4d,4e,4f,44,45,00,53,51,\
4c,5c,51,55,45,52,59,00,53,50,4f,4f,4c,53,53,00,4c,4c,53,52,50,43,00,62,72,\
6f,77,73,65,72,00,00
"NullSessionShares"=hex(7):43,4f,4d,43,46,47,00,44,46,53,24,00,00
"ServiceDll"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,65,6d,\
33,32,5c,73,72,76,73,76,63,2e,64,6c,6c,00
"Lmannounce"=dword:00000000
"Size"=dword:00000001
"Guid"=hex:f9,45,d0,ea,ae,42,f0,4a,99,c8,cb,24,84,65,29,63
"AdjustedNullSessionPipes"=dword:00000001
"CachedOpenLimit"=dword:00000000
"srvcomment"="Phil"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\lanmanserver\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,60,00,04,00,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,\
05,0b,00,00,00,00,00,18,00,9d,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,\
23,02,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,20,\
02,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,05,12,00,00,00,01,01,\
00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\lanmanserver\Shares]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\lanmanserver\Shares\Security]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\lanmanserver\Enum]
"0"="Root\\LEGACY_LANMANSERVER\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\lanmanworkstation]
"Type"=dword:00000020
"Start"=dword:00000002
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,6d,33,\
32,5c,73,76,63,68,6f,73,74,2e,65,78,65,20,2d,6b,20,6e,65,74,73,76,63,73,00
"DisplayName"="Workstation"
"Group"="NetworkProvider"
"ObjectName"="LocalSystem"
"Description"="Creates and maintains client network connections to remote servers. If this service is stopped, these connections will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start."
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\lanmanworkstation\Linkage]
"Bind"=hex(7):5c,44,65,76,69,63,65,5c,4e,65,74,62,69,6f,73,53,6d,62,00,5c,44,\
65,76,69,63,65,5c,4e,65,74,42,54,5f,54,63,70,69,70,5f,7b,43,45,35,46,41,30,\
44,30,2d,33,38,34,44,2d,34,33,38,37,2d,39,45,34,37,2d,44,32,35,31,38,34,30,\
33,30,44,39,39,7d,00,5c,44,65,76,69,63,65,5c,4e,65,74,42,54,5f,54,63,70,69,\
70,5f,7b,41,45,43,38,31,34,31,31,2d,42,45,31,45,2d,34,44,45,31,2d,42,42,37,\
39,2d,44,37,39,32,36,31,37,38,32,33,33,33,7d,00,5c,44,65,76,69,63,65,5c,4e,\
65,74,42,54,5f,54,63,70,69,70,5f,7b,45,46,41,41,31,41,32,30,2d,31,31,33,36,\
2d,34,41,31,33,2d,41,35,33,43,2d,42,31,45,34,45,34,43,35,32,43,42,45,7d,00,\
5c,44,65,76,69,63,65,5c,4e,65,74,42,54,5f,54,63,70,69,70,5f,7b,39,35,42,42,\
43,34,35,35,2d,30,43,42,41,2d,34,45,44,33,2d,42,39,44,38,2d,32,41,46,43,45,\
31,38,43,34,39,45,37,7d,00,00
"Route"=hex(7):22,4e,65,74,62,69,6f,73,53,6d,62,22,00,22,4e,65,74,42,54,22,20,\
22,54,63,70,69,70,22,20,22,7b,43,45,35,46,41,30,44,30,2d,33,38,34,44,2d,34,\
33,38,37,2d,39,45,34,37,2d,44,32,35,31,38,34,30,33,30,44,39,39,7d,22,00,22,\
4e,65,74,42,54,22,20,22,54,63,70,69,70,22,20,22,7b,41,45,43,38,31,34,31,31,\
2d,42,45,31,45,2d,34,44,45,31,2d,42,42,37,39,2d,44,37,39,32,36,31,37,38,32,\
33,33,33,7d,22,00,22,4e,65,74,42,54,22,20,22,54,63,70,69,70,22,20,22,4e,64,\
69,73,57,61,6e,49,70,22,00,00
"Export"=hex(7):5c,44,65,76,69,63,65,5c,4c,61,6e,6d,61,6e,57,6f,72,6b,73,74,61,\
74,69,6f,6e,5f,4e,65,74,62,69,6f,73,53,6d,62,00,5c,44,65,76,69,63,65,5c,4c,\
61,6e,6d,61,6e,57,6f,72,6b,73,74,61,74,69,6f,6e,5f,4e,65,74,42,54,5f,54,63,\
70,69,70,5f,7b,43,45,35,46,41,30,44,30,2d,33,38,34,44,2d,34,33,38,37,2d,39,\
45,34,37,2d,44,32,35,31,38,34,30,33,30,44,39,39,7d,00,5c,44,65,76,69,63,65,\
5c,4c,61,6e,6d,61,6e,57,6f,72,6b,73,74,61,74,69,6f,6e,5f,4e,65,74,42,54,5f,\
54,63,70,69,70,5f,7b,41,45,43,38,31,34,31,31,2d,42,45,31,45,2d,34,44,45,31,\
2d,42,42,37,39,2d,44,37,39,32,36,31,37,38,32,33,33,33,7d,00,5c,44,65,76,69,\
63,65,5c,4c,61,6e,6d,61,6e,57,6f,72,6b,73,74,61,74,69,6f,6e,5f,4e,65,74,42,\
54,5f,54,63,70,69,70,5f,7b,45,46,41,41,31,41,32,30,2d,31,31,33,36,2d,34,41,\
31,33,2d,41,35,33,43,2d,42,31,45,34,45,34,43,35,32,43,42,45,7d,00,5c,44,65,\
76,69,63,65,5c,4c,61,6e,6d,61,6e,57,6f,72,6b,73,74,61,74,69,6f,6e,5f,4e,65,\
74,42,54,5f,54,63,70,69,70,5f,7b,39,35,42,42,43,34,35,35,2d,30,43,42,41,2d,\
34,45,44,33,2d,42,39,44,38,2d,32,41,46,43,45,31,38,43,34,39,45,37,7d,00,00
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\lanmanworkstation\NetworkProvider]
"Name"="Microsoft Windows Network"
"ProviderPath"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,65,6d,\
33,32,5c,6e,74,6c,61,6e,6d,61,6e,2e,64,6c,6c,00
"DeviceName"="\\Device\\LanmanRedirector"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\lanmanworkstation\parameters]
"enableplaintextpassword"=dword:00000000
"enablesecuritysignature"=dword:00000001
"requiresecuritysignature"=dword:00000000
"ServiceDll"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,65,6d,\
33,32,5c,77,6b,73,73,76,63,2e,64,6c,6c,00
"OtherDomains"=hex(7):00
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\lanmanworkstation\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,60,00,04,00,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,\
05,0b,00,00,00,00,00,18,00,9d,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,\
23,02,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,20,\
02,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,05,12,00,00,00,01,01,\
00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\lanmanworkstation\Enum]
"0"="Root\\LEGACY_LANMANWORKSTATION\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\lbrtfdc]
"ErrorControl"=dword:00000000
"Group"="System Bus Extender"
"Start"=dword:00000001
"Tag"=dword:0000000e
"Type"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ldap]
"ldapclientintegrity"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\LicenseService]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\LicenseService\FilePrint]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\LicenseService\FilePrint\TermService]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\LiveUpdate]
"Type"=dword:00000010
"Start"=dword:00000003
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):22,43,3a,5c,50,52,4f,47,52,41,7e,31,5c,53,79,6d,61,6e,74,65,\
63,5c,4c,49,56,45,55,50,7e,31,5c,4c,55,43,4f,4d,53,7e,31,2e,45,58,45,22,00
"DisplayName"="LiveUpdate"
"DependOnService"=hex(7):52,50,43,53,53,00,00
"DependOnGroup"=hex(7):00
"ObjectName"="LocalSystem"
"Description"="LiveUpdate Core Engine"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\LiveUpdate\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,60,00,04,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,\
05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,\
00,18,00,fd,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,02,00,00,01,01,\
00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\LiveUpdate\Enum]
"0"="Root\\LEGACY_LIVEUPDATE\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\LmHosts]
"Type"=dword:00000020
"Start"=dword:00000002
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,6d,33,\
32,5c,73,76,63,68,6f,73,74,2e,65,78,65,20,2d,6b,20,4c,6f,63,61,6c,53,65,72,\
76,69,63,65,00
"DisplayName"="TCP/IP NetBIOS Helper"
"Group"="TDI"
"DependOnService"=hex(7):4e,65,74,42,54,00,41,66,64,00,00
"DependOnGroup"=hex(7):00
"ObjectName"="NT AUTHORITY\\LocalService"
"Description"="Enables support for NetBIOS over TCP/IP (NetBT) service and NetBIOS name resolution."
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\LmHosts\Parameters]
"ServiceDll"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,65,6d,\
33,32,5c,6c,6d,68,73,76,63,2e,64,6c,6c,00
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\LmHosts\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,60,00,04,00,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,\
05,0b,00,00,00,00,00,18,00,9d,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,\
23,02,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,20,\
02,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,05,12,00,00,00,01,01,\
00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\LmHosts\Enum]
"0"="Root\\LEGACY_LMHOSTS\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Messenger]
"Type"=dword:00000020
"Start"=dword:00000004
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,6d,33,\
32,5c,73,76,63,68,6f,73,74,2e,65,78,65,20,2d,6b,20,6e,65,74,73,76,63,73,00
"DisplayName"="Messenger"
"DependOnService"=hex(7):4c,61,6e,6d,61,6e,57,6f,72,6b,73,74,61,74,69,6f,6e,00,\
4e,65,74,42,49,4f,53,00,50,6c,75,67,50,6c,61,79,00,52,70,63,53,53,00,00
"DependOnGroup"=hex(7):00
"ObjectName"="LocalSystem"
"Description"="Transmits net send and Alerter service messages between clients and servers. This service is not related to Windows Messenger. If this service is stopped, Alerter messages will not be transmitted. If this service is disabled, any services that explicitly depend on it will fail to start."
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Messenger\Parameters]
"ServiceDll"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,65,6d,\
33,32,5c,6d,73,67,73,76,63,2e,64,6c,6c,00
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Messenger\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,60,00,04,00,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,\
05,0b,00,00,00,00,00,18,00,9d,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,\
23,02,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,20,\
02,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,05,12,00,00,00,01,01,\
00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mnmdd]
"ErrorControl"=dword:00000000
"Group"="Video Save"
"Start"=dword:00000001
"Type"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mnmdd\Device0]
"InstalledDisplayDrivers"=hex(7):6d,6e,6d,64,64,00,00
"Device Description"="NetMeeting driver"
"VgaCompatible"=dword:00000000
"MirrorDriver"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mnmdd\Video]
"VideoID"="{8B6D7859-A639-4A15-8790-7161976D057A}"
"Service"="mnmdd"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mnmdd\Enum]
"0"="Root\\LEGACY_MNMDD\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mnmsrvc]
"Type"=dword:00000110
"Start"=dword:00000003
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,73,79,73,74,65,6d,33,32,5c,\
6d,6e,6d,73,72,76,63,2e,65,78,65,00
"DisplayName"="NetMeeting Remote Desktop Sharing"
"ObjectName"="LocalSystem"
"Description"="Enables an authorized user to access this computer remotely by using NetMeeting over a corporate intranet. If this service is stopped, remote desktop sharing will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start."
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mnmsrvc\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,60,00,04,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,\
05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,\
00,18,00,fd,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,02,00,00,01,01,\
00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Modem]
"ErrorControl"=dword:00000000
"Group"="Extended base"
"Start"=dword:00000003
"Tag"=dword:00000004
"Type"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Modem\Parameters]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Mouclass]
"ErrorControl"=dword:00000001
"Group"="Pointer Class"
"Start"=dword:00000001
"Tag"=dword:00000001
"Type"=dword:00000001
"DisplayName"="Mouse Class Driver"
"ImagePath"=hex(2):73,79,73,74,65,6d,33,32,5c,44,52,49,56,45,52,53,5c,6d,6f,75,\
63,6c,61,73,73,2e,73,79,73,00
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Mouclass\Parameters]
"ConnectMultiplePorts"=dword:00000000
"MaximumPortsServiced"=dword:00000003
"MouseDataQueueSize"=dword:00000064
"PointerDeviceBaseName"="PointerClass"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Mouclass\Enum]
"0"="Root\\RDP_MOU\\0000"
"Count"=dword:00000002
"NextInstance"=dword:00000002
"1"="HID\\Vid_06a2&Pid_0033\\6&434331b&0&0000"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mouhid]
"Type"=dword:00000001
"Start"=dword:00000003
"Group"="Pointer Port"
"ErrorControl"=dword:00000000
"DisplayName"="Mouse HID Driver"
"ImagePath"=hex(2):73,79,73,74,65,6d,33,32,5c,44,52,49,56,45,52,53,5c,6d,6f,75,\
68,69,64,2e,73,79,73,00
"Tag"=dword:00000004
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mouhid\Parameters]
"UseOnlyMice"=dword:00000000
"TreatAbsoluteAsRelative"=dword:00000000
"TreatAbsolutePointerAsAbsolute"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mouhid\Enum]
"0"="HID\\Vid_06a2&Pid_0033\\6&434331b&0&0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MountMgr]
"ErrorControl"=dword:00000001
"Group"="System Bus Extender"
"Start"=dword:00000000
"Tag"=dword:00000008
"Type"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MountMgr\Enum]
"0"="Root\\LEGACY_MOUNTMGR\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
