Lutino

merci encore charles ingals pour le temps passé à dépanner ma machine je t'en suis vraiment reconnaissant...je vais lire attentivement tes conseils et vais aller rapporter mon infection sur malware complaints. je suis content et je te dis pas à bientôt... de peur de voir réapparaitre ce malware. bonne suite à toi

ok mister charles on se recroise ce soir sans doute @ +

salut charles ingals bon ok ces 5 fichiers n'ont pas moufté lors de leurs effacement c'était eux les fautifs? sinon je cherche sur bitfefender pro v8 mais ya rien en configuration du parefeu je ne vois nulle part evoqué ne serait ce que les ports alors le mode furtif... peut etre une bonne idée de changer tout ça et de mettre avast plus kerio? qu'en penses tu? sinon le pc est tout calme : plus d'alertes depuis qques jours, ça serait y desinfecté? @ + et bonne journée

hola charles ingals voici le premier fichier qkiiw.bat @echo off :deleteagain del /A:H /F iebrkp.exe del /F iebrkp.exe if exist iebrkp.exe goto deleteagain del qkiiw.bat les autres sont du même tonneau: même rédaction même style d'algorythme yen a 5 comme ça: les 3 que tu as mentionnés plus deux autres (bedgsly.bat et xdll.bat) c'est grave doc? sinon le pc fonctionne plutot bien, bit defender est bien calmé, je dirais même muet pourvu que ça dure... une question en ce qui concerne mes ports à présent fermés : y a t il un moyen qu'ils soient masqués plutôt que fermés? j'arrive pas à trouver un tuto pour configurer le parefeu de bitd 8 à + et merci encore

je suis bille en info j'avoue... heureusement que tu m'aides pour ce malware sinon ça fait longtemps que j'aurais formaté voici le log panda Incident Statut Analyse Spyware:Cookie/WUpd No Désinfecté C:\Documents and Settings\Administrateur\Cookies\administrateur@revenue[2].txt Spyware:Cookie/Searchportal No Désinfecté C:\Documents and Settings\Administrateur\Cookies\administrateur@searchportal.information[1].txt Spyware:Cookie/Xiti No Désinfecté C:\Documents and Settings\Administrateur\Cookies\administrateur@xiti[1].txt Outil indésirable:Application/Processor No Désinfecté C:\WINNT\system32\Process.exe Outil indésirable:Application/KillApp.B No Désinfecté D:\Mes documents\Programmes source\EasyDivX\softs\ck.exe je t'envoie le reste en suivant... @ + log de winpfind3u [Files/Folders - Created Within 90 days] C:\WINNT\SYSTEM32\massvc32.exe moved successfully. [Files/Folders - Modified Within 90 days] C:\WINNT\SYSTEM32\dp.exe moved successfully. File C:\WINNT\SYSTEM32\massvc32.exe not found! < End of log > Created on 04/11/2007 14:28:09 et enfin service filter The script did not recognize the services listed below. This does not mean that they are a problem. To copy the entire contents of this document for posting: At the top of this window click "Edit" then "Select All" Next click "Edit" again then "Copy" Now right click in the forum post box then click "Paste" ######################################## ServiceFilter 1.1 by rand1038 Microsoft Windows 2000 Professionnel Version: 5.0.2195 Service Pack 4 avr. 11, 2007 14:30:08 ---> Begin Service Listing <--- Unknown Service # 1 Service Name: AVG Anti-Spyware Guard Display Name: AVG Anti-Spyware Guard Start Mode: Auto Start Name: LocalSystem Description: AVG Anti-Spyware ... Service Type: Own Process Path: d:\avg anti-spyware 7.5\guard.exe State: Running Process ID: 500 Started: Vrai Exit Code: 0 Accept Pause: Faux Accept Stop: Faux Unknown Service # 2 Service Name: bdss Display Name: BitDefender Scan Server Start Mode: Auto Start Name: LocalSystem Description: BitDefender Scan ... Service Type: Own Process Path: c:\program files\fichiers communs\softwin\bitdefender scan server\bdss.exe /service State: Running Process ID: 864 Started: Vrai Exit Code: 0 Accept Pause: Faux Accept Stop: Vrai Unknown Service # 3 Service Name: gusvc Display Name: Google Updater Service Start Mode: Manual Start Name: LocalSystem Description: Google Updater ... Service Type: Own Process Path: "c:\program files\google\common\google updater\googleupdaterservice.exe" State: Stopped Process ID: 0 Started: Faux Exit Code: 1077 Accept Pause: Faux Accept Stop: Faux Unknown Service # 4 Service Name: StarWindService Display Name: StarWind iSCSI Service Start Mode: Auto Start Name: LocalSystem Description: StarWind iSCSI ... Service Type: Own Process Path: d:\alcohol 120\starwind\starwindservice.exe State: Running Process ID: 600 Started: Vrai Exit Code: 0 Accept Pause: Faux Accept Stop: Vrai Unknown Service # 5 Service Name: VSSERV Display Name: BitDefender Virus Shield Start Mode: Auto Start Name: LocalSystem Description: BitDefender Virus ... Service Type: Own Process Path: c:\program files\softwin\bitdefender8\vsserv.exe /service State: Running Process ID: 1044 Started: Vrai Exit Code: 0 Accept Pause: Faux Accept Stop: Vrai Unknown Service # 6 Service Name: XCOMM Display Name: BitDefender Communicator Start Mode: Auto Start Name: LocalSystem Description: BitDefender ... Service Type: Own Process Path: c:\program files\fichiers communs\softwin\bitdefender communicator\xcommsvr.exe /service State: Running Process ID: 772 Started: Vrai Exit Code: 0 Accept Pause: Faux Accept Stop: Vrai ---> End Service Listing <--- There are 64 Win32 services on this machine. 6 were unrecognized. Script Execution Time: 6,015625 seconds. ça serait y pas mieux??

salut charles ingals bon le fichier massvc32.exe dans winnt\system32 n'existe pas ou se cache très bien tandis que dp.exe est un fichier qui fait 0 Ko et donc virustotal me revoie un message d'erreur "0 bytes size received / Se ha recibido un archivo vacio" miam ensuite voila le log de winpfind3u [Win32 Services - Non-Microsoft Only] Service Event stopped successfully. Service Event deleted successfully. File C:\WINNT\SYSTEM32\drivers\csrss.exe not found. [Files/Folders - Created Within 90 days] File C:\b48da1ca53575bea94a6b53607 not found! < End of log > Created on 04/11/2007 09:13:41 j'ai bien peur que ça aie pas marché et donc je lance le scan panda... @ + et bonne journée ah j'oubliais pas de matos de marque cirrus ma CG est geforce fx5200 de chez MSI

yes ça y est merci msieur tesgaz et ingals ce port est à présent fermé pret à continuer...

ben naaann toujours 139 ouvert malgré tout...

oui j'avais pensé à un truc comme ça et ça fait trois fois que je redémarre en recochant le tout soit le port 139 soit tout le monde soit le port 135 mais toujours ce port 139 reste ouvert je retente encore pour voir...

je me ballade un peu sur zebulon et j'ai d'un coup un gros doute: je viens d'aller sur "mon assistant" et je tombe, dans l'onglet "messages", sur tous les topics que j'ai visité??? si c'est le cas y a un problème car il y a une foule de topics evoqués où je n'ai jamais mis les pieds... y aurait il un enorme brother qui se ballade à ma place??? bon autant pour moi je paranoïe à fond depuis que j'ai ces malwares: je viens de lire l'aide et j'ai compris ce qu'est que cet onglet messages dans l'assistant desolé

slt charles i et encore merci de tes réponses j'ai le port 139 toujours ouvert malgré zebprotect (pourtant 139 coché dans la liste) est ce que ce ne serait pas obligatoire puisque ma boite est branché sur port ethernet? Ports TCP ouverts 139 netbios-ssn Utilisé pour le partage de fichiers dans un réseau local Ports TCP fermés 21 ftp Utilisé pour le transfert de fichier entre ordinateurs 22 ssh Le shell SSH permet de se connecter à un serveur de façon sécurisée 23 telnet Utilisé pour obtenir un shell distant 25 smtp Utilisé pour le transfert de courrier électronique entre deux hôtes. Si vous n'utilisez pas de serveur de messagerie, il est conseillé de fermer ce port. 79 finger Permet de connaître diverses informations relatives à votre profil 80 http Utilisé pour les services Web. Si vous n'utilisez pas de serveur web, il est conseillé de fermer ce port 110 pop3 Utilisé par les serveurs de messagerie Internet. Si vous n'utilisez pas de serveur de messagerie, il est conseillé de fermer ce port. 113 auth Utilisé par certains serveurs de messagerie ou de newsgroups (MiRC - Virc...). Des problèmes de performances peuvent survenir si ce port est masqué 119 nntp Utilisé par les serveurs de news pour la distribution d'articles Usenet 135 N/A Utilisé pour les applications client/server basées sur des systèmes d'exploitation Microsoft 143 imap Utilisé par les serveurs de messagerie Internet pour l'envoi de messages électroniques. Si vous n'utilisez pas de serveur IMAP, il est conseillé de fermer ce port. 389 ldap LDAP (Lightweight Directory Access Protocol) : utilisé pour accéder automatiquement à des services d'annuaires en ligne 443 https Utilisé pour sécuriser les communications HTTP. Si vous n'utilisez pas de serveur web, il est conseillé de fermer ce port. Ce port est également utilisé par AOL Instant Messenger 445 microsoft-ds Utilisé pour le partage des protocoles SMB. Son exploitation peut permettre d'obtenir vos mots de passe 1002 N/A Port non standard 1024 N/A Port réservé 1025 N/A Port non standard 1026 N/A Port non standard 1027 N/A Port non standard 1028 N/A Port non standard 1029 N/A Port non standard 1030 N/A Port non standard 1720 h323hostcall Port non standard. Peut être utilisé par NetMeeting 5000 N/A Utilisé pour communiquer avec tous les périphériques UpnP reliés à votre réseau Ports TCP masqués Aucun port détecté Temps d'exécution du scan : 1.18 seconds mais c'est déjà mieux semble t il...

ah ben pile au moment ou tu rajoutais ton edit sur mes ports que je t'en parlais dans mon message... donc voici ce que me repond le test je crains que ce ne soit pas bien terrible mais je ne trouve pas comment configurer le firewall de bitdefender 8 Ports TCP ouverts 135 N/A Utilisé pour les applications client/server basées sur des systèmes d'exploitation Microsoft 139 netbios-ssn Utilisé pour le partage de fichiers dans un réseau local 445 microsoft-ds Utilisé pour le partage des protocoles SMB. Son exploitation peut permettre d'obtenir vos mots de passe 1025 N/A Port non standard Ports TCP fermés 21 ftp Utilisé pour le transfert de fichier entre ordinateurs 22 ssh Le shell SSH permet de se connecter à un serveur de façon sécurisée 23 telnet Utilisé pour obtenir un shell distant 25 smtp Utilisé pour le transfert de courrier électronique entre deux hôtes. Si vous n'utilisez pas de serveur de messagerie, il est conseillé de fermer ce port. 79 finger Permet de connaître diverses informations relatives à votre profil 80 http Utilisé pour les services Web. Si vous n'utilisez pas de serveur web, il est conseillé de fermer ce port 110 pop3 Utilisé par les serveurs de messagerie Internet. Si vous n'utilisez pas de serveur de messagerie, il est conseillé de fermer ce port. 113 auth Utilisé par certains serveurs de messagerie ou de newsgroups (MiRC - Virc...). Des problèmes de performances peuvent survenir si ce port est masqué 119 nntp Utilisé par les serveurs de news pour la distribution d'articles Usenet 143 imap Utilisé par les serveurs de messagerie Internet pour l'envoi de messages électroniques. Si vous n'utilisez pas de serveur IMAP, il est conseillé de fermer ce port. 389 ldap LDAP (Lightweight Directory Access Protocol) : utilisé pour accéder automatiquement à des services d'annuaires en ligne 443 https Utilisé pour sécuriser les communications HTTP. Si vous n'utilisez pas de serveur web, il est conseillé de fermer ce port. Ce port est également utilisé par AOL Instant Messenger 1002 N/A Port non standard 1024 N/A Port réservé 1026 N/A Port non standard 1027 N/A Port non standard 1028 N/A Port non standard 1029 N/A Port non standard 1030 N/A Port non standard 1720 h323hostcall Port non standard. Peut être utilisé par NetMeeting 5000 N/A Utilisé pour communiquer avec tous les périphériques UpnP reliés à votre réseau Ports TCP masqués Aucun port détecté voili voilà comment faire pour fermer ces ports ( et faut il les fermer?)

salut charles ingals en ce qui concerne les dossiers partagés il n'y en a plus sur mon disque c (j'ai plusieurs partitions et celle nommée c: abrite windows) j'ai donc pas trop regardé sur les autres disques car j'imagine que les malwares et autres bebettes se greffent plus volontiers sur le disque hébergeant win daube. d'autre part j'avais regardé il y a un moment de ça la configuration de mes ports et plusieurs étaient carrément ouverts je vais essayer de poster un rapport... sinon voici le winpfind3u WinPFind3 logfile created on: 10/04/2007 14:20:26 WinPFind3U by OldTimer - Version 1.0.34 Folder = C:\Documents and Settings\Administrateur\Bureau\winpfind3u\WinPFind3u\ Microsoft Windows 2000 Service Pack 4 (Version = 5.0.2195) Internet Explorer (Version = 6.0.2800.1106) 383,48 Mb Total Physical Memory | 12,50 Mb Available Physical Memory | 3,26% Memory free 920,11 Mb Paging File | 480,67 Mb Available in Paging File | 52,24% Paging File free Paging file location(s): C:\pagefile.sys 576 1152; %SystemDrive% = C: | %SystemRoot% = C:\WINNT | %ProgramFiles% = C:\Program Files Drive C: | 11,46 Gb Total Space | 4,82 Gb Free Space | 42,04% Space Free Drive D: | 11,35 Gb Total Space | 0,66 Gb Free Space | 5,81% Space Free Drive E: | 11,35 Gb Total Space | 1,64 Gb Free Space | 14,44% Space Free Drive F: | 11,67 Gb Total Space | 3,41 Gb Free Space | 29,21% Space Free Computer Name: HOULALA Current User Name: Administrateur Logged in as Administrator. Current Boot Mode: Normal [Processes - Non-Microsoft Only] a2guard.exe -> D:\a-squared Anti-Malware\a2guard.exe -> Emsi Software GmbH [Ver = 2.1.0.73 | Size = 1164896 bytes | Modified Date = 28/03/2007 12:03:22 | Attr = ] acrord32.exe -> D:\Acrobat 5.0\Reader\AcroRd32.exe -> Adobe Systems Incorporated [Ver = 5.0.5.2001092400 | Size = 3891268 bytes | Modified Date = 24/09/2001 17:15:58 | Attr = ] alert.exe -> D:\PC Alert III\alert.exe -> MICRO-STAR INT'L CO., LTD. [Ver = 3.4.3.8 | Size = 1774080 bytes | Modified Date = 15/11/2001 16:04:58 | Attr = ] avgas.exe -> D:\AVG Anti-Spyware 7.5\avgas.exe -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 50 | Size = 6266880 bytes | Modified Date = 07/10/2006 14:20:00 | Attr = ] bdmcon.exe -> %ProgramFiles%\Softwin\BitDefender8\bdmcon.exe -> SOFTWIN S.R.L. [Ver = 8.1.0.3 | Size = 421888 bytes | Modified Date = 24/01/2007 21:31:38 | Attr = ] bdnagent.exe -> %ProgramFiles%\Softwin\BitDefender8\bdnagent.exe -> [Ver = | Size = 8192 bytes | Modified Date = 24/01/2007 21:31:40 | Attr = ] bdoesrv.exe -> %ProgramFiles%\Softwin\BitDefender8\bdoesrv.exe -> SOFTWIN SRL [Ver = 8, 1, 0, 0 | Size = 90112 bytes | Modified Date = 24/01/2007 21:31:48 | Attr = ] bdss.exe -> %CommonProgramFiles%\Softwin\BitDefender Scan Server\bdss.exe -> [Ver = | Size = 69632 bytes | Modified Date = 24/01/2007 21:32:16 | Attr = ] firefox.exe -> D:\Mozilla Firefox\firefox.exe -> Mozilla Corporation [Ver = 1.8.1.3: 2007030919 | Size = 7633008 bytes | Modified Date = 05/04/2007 23:35:40 | Attr = ] guard.exe -> d:\AVG Anti-Spyware 7.5\guard.exe -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 47 | Size = 204800 bytes | Modified Date = 28/09/2006 16:13:20 | Attr = ] jusched.exe -> %ProgramFiles%\Java\jre1.5.0_11\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 5.0.110.3 | Size = 75520 bytes | Modified Date = 15/12/2006 03:23:28 | Attr = ] nvsvc32.exe -> %System32%\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.10.9371 | Size = 159810 bytes | Modified Date = 22/10/2006 13:22:00 | Attr = ] soffice.bin -> %ProgramFiles%\OpenOffice.org 2.0\program\soffice.bin -> OpenOffice.org [Ver = 1.09.9005 | Size = 2478080 bytes | Modified Date = 24/02/2006 18:29:20 | Attr = ] soffice.exe -> %ProgramFiles%\OpenOffice.org 2.0\program\soffice.exe -> OpenOffice.org [Ver = 1.09.9005 | Size = 2334720 bytes | Modified Date = 24/02/2006 18:29:12 | Attr = ] starwindservice.exe -> d:\Alcohol 120\StarWind\StarWindService.exe -> Rocket Division Software [Ver = 2.6.1 Build 0x20050401 | Size = 217600 bytes | Modified Date = 01/04/2005 19:51:48 | Attr = ] teatimer.exe -> D:\Spybot - Search & Destroy\TeaTimer.exe -> Safer Networking Limited [Ver = 1, 4, 0, 2 | Size = 1415824 bytes | Modified Date = 31/05/2005 02:04:00 | Attr = ] vsserv.exe -> %ProgramFiles%\Softwin\BitDefender8\vsserv.exe -> SOFTWIN S.R.L. [Ver = 8, 1, 0, 0 | Size = 90112 bytes | Modified Date = 24/01/2007 21:32:14 | Attr = ] winpfind3u.exe -> %UserDesktop%\winpfind3u\WinPFind3u\WinPFind3U.exe -> OldTimer Tools [Ver = 1.0.34.0 | Size = 318976 bytes | Modified Date = 08/04/2007 19:02:38 | Attr = ] xcommsvr.exe -> %CommonProgramFiles%\Softwin\BitDefender Communicator\xcommsvr.exe -> Softwin [Ver = 1, 7, 0, 6 | Size = 69632 bytes | Modified Date = 24/02/2004 17:36:48 | Attr = ] [Win32 Services - Non-Microsoft Only] (AVG Anti-Spyware Guard) AVG Anti-Spyware Guard [Win32_Own | Auto | Running] -> d:\AVG Anti-Spyware 7.5\guard.exe -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 47 | Size = 204800 bytes | Modified Date = 28/09/2006 16:13:20 | Attr = ] (bdss) BitDefender Scan Server [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Softwin\BitDefender Scan Server\bdss.exe -> [Ver = | Size = 69632 bytes | Modified Date = 24/01/2007 21:32:16 | Attr = ] (dmadmin) Service d'administration du Gestionnaire de disque logique [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> VERITAS Software Corp. [Ver = 2195.6624.297.3 | Size = 147728 bytes | Modified Date = 19/06/2003 12:05:04 | Attr = ] (Event) Events Log [Win32_Own | Auto | Stopped] -> %System32%\drivers\csrss.exe -> File not found (gusvc) Google Updater Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> Google [Ver = 2.0.711.37800.beta | Size = 136120 bytes | Modified Date = 04/01/2007 03:40:22 | Attr = ] (NVSvc) NVIDIA Display Driver Service [Win32_Own | Auto | Running] -> %System32%\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.10.9371 | Size = 159810 bytes | Modified Date = 22/10/2006 13:22:00 | Attr = ] (rpcapd) Remote Packet Capture Protocol v.0 (experimental) [Win32_Own | Disabled | Stopped] -> %ProgramFiles%\WinPcap\rpcapd.exe -> CACE Technologies [Ver = 4.0.0.755 | Size = 93048 bytes | Modified Date = 25/01/2007 19:31:34 | Attr = ] (StarWindService) StarWind iSCSI Service [Win32_Own | Auto | Running] -> d:\Alcohol 120\StarWind\StarWindService.exe -> Rocket Division Software [Ver = 2.6.1 Build 0x20050401 | Size = 217600 bytes | Modified Date = 01/04/2005 19:51:48 | Attr = ] (VSSERV) BitDefender Virus Shield [Win32_Own | Auto | Running] -> %ProgramFiles%\Softwin\BitDefender8\vsserv.exe -> SOFTWIN S.R.L. [Ver = 8, 1, 0, 0 | Size = 90112 bytes | Modified Date = 24/01/2007 21:32:14 | Attr = ] (XCOMM) BitDefender Communicator [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Softwin\BitDefender Communicator\xcommsvr.exe -> Softwin [Ver = 1, 7, 0, 6 | Size = 69632 bytes | Modified Date = 24/02/2004 17:36:48 | Attr = ] [Registry - Non-Microsoft Only] < Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run !AVG Anti-Spyware -> D:\AVG Anti-Spyware 7.5\avgas.exe -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 50 | Size = 6266880 bytes | Modified Date = 07/10/2006 14:20:00 | Attr = ] a-squared -> D:\a-squared Anti-Malware\a2guard.exe -> Emsi Software GmbH [Ver = 2.1.0.73 | Size = 1164896 bytes | Modified Date = 28/03/2007 12:03:22 | Attr = ] BDMCon -> %ProgramFiles%\Softwin\BitDefender8\bdmcon.exe -> SOFTWIN S.R.L. [Ver = 8.1.0.3 | Size = 421888 bytes | Modified Date = 24/01/2007 21:31:38 | Attr = ] BDNewsAgent -> %ProgramFiles%\Softwin\BitDefender8\bdnagent.exe -> [Ver = | Size = 8192 bytes | Modified Date = 24/01/2007 21:31:40 | Attr = ] BDOESRV -> %ProgramFiles%\Softwin\BitDefender8\bdoesrv.exe -> SOFTWIN SRL [Ver = 8, 1, 0, 0 | Size = 90112 bytes | Modified Date = 24/01/2007 21:31:48 | Attr = ] NvCplDaemon -> %System32%\nvcpl.dll [RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup] -> NVIDIA Corporation [Ver = 6.14.10.9371 | Size = 7700480 bytes | Modified Date = 22/10/2006 13:22:00 | Attr = ] NvMediaCenter -> %System32%\nvmctray.dll [RUNDLL32.EXE C:\WINNT\system32\NvMcTray.dll,NvTaskbarInit] -> NVIDIA Corporation [Ver = 6.14.10.9371 | Size = 86016 bytes | Modified Date = 22/10/2006 13:22:00 | Attr = ] nwiz -> %System32%\nwiz.exe -> [Ver = | Size = 1622016 bytes | Modified Date = 22/10/2006 13:22:00 | Attr = ] PSDrvCheck -> %System32%\PSDrvCheck.exe -> [Ver = 1.0.0.56 | Size = 396800 bytes | Modified Date = 28/08/2003 12:47:40 | Attr = ] SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.5.0_11\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 5.0.110.3 | Size = 75520 bytes | Modified Date = 15/12/2006 03:23:28 | Attr = ] < Run [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run SpybotSD TeaTimer -> d:\Spybot - Search & Destroy\TeaTimer.exe -> Safer Networking Limited [Ver = 1, 4, 0, 2 | Size = 1415824 bytes | Modified Date = 31/05/2005 02:04:00 | Attr = ] < User Startup > -> C:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\Démarrage %UserStartup%\Raccourci vers alert.lnk -> D:\PC Alert III\alert.exe -> MICRO-STAR INT'L CO., LTD. [Ver = 3.4.3.8 | Size = 1774080 bytes | Modified Date = 15/11/2001 16:04:58 | Attr = ] < AppInit_DLLs [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs *AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls -> sockspy.dll -> %System32%\sockspy.dll -> [Ver = | Size = 61440 bytes | Modified Date = 24/01/2007 21:32:14 | Attr = ] sockspy.dll -> %System32%\sockspy.dll -> [Ver = | Size = 61440 bytes | Modified Date = 24/01/2007 21:32:14 | Attr = ] sockspy.dll -> %System32%\sockspy.dll -> [Ver = | Size = 61440 bytes | Modified Date = 24/01/2007 21:32:14 | Attr = ] sockspy.dll -> %System32%\sockspy.dll -> [Ver = | Size = 61440 bytes | Modified Date = 24/01/2007 21:32:14 | Attr = ] sockspy.dll -> %System32%\sockspy.dll -> [Ver = | Size = 61440 bytes | Modified Date = 24/01/2007 21:32:14 | Attr = ] sockspy.dll -> %System32%\sockspy.dll -> [Ver = | Size = 61440 bytes | Modified Date = 24/01/2007 21:32:14 | Attr = ] sockspy.dll -> %System32%\sockspy.dll -> [Ver = | Size = 61440 bytes | Modified Date = 24/01/2007 21:32:14 | Attr = ] sockspy.dll -> %System32%\sockspy.dll -> [Ver = | Size = 61440 bytes | Modified Date = 24/01/2007 21:32:14 | Attr = ] sockspy.dll -> %System32%\sockspy.dll -> [Ver = | Size = 61440 bytes | Modified Date = 24/01/2007 21:32:14 | Attr = ] sockspy.dll -> %System32%\sockspy.dll -> [Ver = | Size = 61440 bytes | Modified Date = 24/01/2007 21:32:14 | Attr = ] sockspy.dll -> %System32%\sockspy.dll -> [Ver = | Size = 61440 bytes | Modified Date = 24/01/2007 21:32:14 | Attr = ] sockspy.dll -> %System32%\sockspy.dll -> [Ver = | Size = 61440 bytes | Modified Date = 24/01/2007 21:32:14 | Attr = ] sockspy.dll -> %System32%\sockspy.dll -> [Ver = | Size = 61440 bytes | Modified Date = 24/01/2007 21:32:14 | Attr = ] sockspy.dll -> %System32%\sockspy.dll -> [Ver = | Size = 61440 bytes | Modified Date = 24/01/2007 21:32:14 | Attr = ] sockspy.dll -> %System32%\sockspy.dll -> [Ver = | Size = 61440 bytes | Modified Date = 24/01/2007 21:32:14 | Attr = ] sockspy.dll -> %System32%\sockspy.dll -> [Ver = | Size = 61440 bytes | Modified Date = 24/01/2007 21:32:14 | Attr = ] sockspy.dll -> %System32%\sockspy.dll -> [Ver = | Size = 61440 bytes | Modified Date = 24/01/2007 21:32:14 | Attr = ] < ShellExecuteHooks [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks {57B86673-276A-48B2-BAE7-C6DBB3020EB8} [HKLM] -> d:\AVG Anti-Spyware 7.5\shellexecutehook.dll [AVG Anti-Spyware 7.5] -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 47 | Size = 73728 bytes | Modified Date = 28/09/2006 16:13:28 | Attr = ] < SecurityProviders [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders < Winlogon settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon < Winlogon settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon < HOSTS File > (790 bytes) -> C:\WINNT\System32\drivers\etc\Hosts 127.0.0.1 localhost -> -> < Internet Explorer Settings > -> HKLM: Default_Page_URL -> http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome -> HKLM: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch -> HKLM: Local Page -> C:\WINNT\SYSTEM32\blank.htm -> HKLM: Search Page -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch -> HKLM: Start Page -> http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home -> HKLM: CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> HKLM: Search\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch -> HKLM: SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> HKCU: Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch -> HKCU: Local Page -> C:\WINNT\SYSTEM32\blank.htm -> HKCU: Search Page -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch -> HKCU: Start Page -> about:blank -> HKCU: ProxyEnable -> 0 -> < BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> %ProgramFiles%\Java\jre1.5.0_11\bin\ssv.dll [sSVHelper Class] -> Sun Microsystems, Inc. [Ver = 5.0.110.3 | Size = 440056 bytes | Modified Date = 15/12/2006 03:23:24 | Attr = ] < Internet Explorer ToolBars [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKLM] -> Reg Data - Key not found [Yahoo! Toolbar] -> File not found < Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ {08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.5.0_11\bin\npjpi150_11.dll [MenuText: Console Java (Sun)] -> Sun Microsystems, Inc. [Ver = 5.0.110.3 | Size = 75528 bytes | Modified Date = 15/12/2006 03:23:26 | Attr = ] {08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKCU] -> %ProgramFiles%\Java\jre1.5.0_11\bin\ssv.dll [MenuText: Console Java (Sun)] -> Sun Microsystems, Inc. [Ver = 5.0.110.3 | Size = 440056 bytes | Modified Date = 15/12/2006 03:23:24 | Attr = ] {85d1f590-48f4-11d9-9669-0800200c9a66} [HKLM] -> Reg Data - Key not found [MenuText: Uninstall BitDefender Online Scanner v8] -> File not found < DNS Name Servers [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ {571270EB-7A29-4CAF-AEF7-090D7346D530} -> () -> {63B72289-F0CD-4594-A305-4F81567A1A30} -> (Carte de bus ND010 Ethernet/Fast Ethernet PCI) -> < Default Protocols [HKCU] - Select to Repair > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults shell -> shell protocol not assigned -> < Protocol Handlers [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ ipp -> Reg Data - Key not found -> File not found msdaipp -> Reg Data - Key not found -> File not found < Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} -> BDSCANONLINE Control - CodeBase = http://bitdefender.bwm-mediasoft.com/scan8/oscan8.cab -> {6414512B-B978-451D-A0D8-FCFDF33E833C} -> WUWebControl Class - CodeBase = http://update.microsoft.com/windowsupdate/...b?1169836031859 -> {74D05D43-3236-11D4-BDCD-00C04F9A3B61} -> HouseCall Control - CodeBase = http://a840.g.akamai.net/7/840/537/2005111...all/xscan53.cab -> {8AD9C840-044E-11D1-B3E9-00805F499D93} -> Java Plug-in 1.5.0_11 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab -> {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} -> ActiveScan Installer Class - CodeBase = http://acs.pandasoftware.com/activescan/as5free/asinst.cab -> {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} -> a-squared Scanner - CodeBase = http://ax.emsisoft.com/asquared.cab -> {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_06 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab -> {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_11 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab -> {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_11 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab -> [Registry - Additional Scans - Non-Microsoft Only] < Security Settings > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UpdatesDisableNotify -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusDisableNotify -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallOverride -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\firewalldisableoverride -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\Start -> 3 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\ImagePath -> %SystemRoot%\system32\svchost.exe -k BITSgroup -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\DisplayName -> Service de transfert intelligent en arrière-plan -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\DependOnService -> Rpcss;SENS;Wmi; -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\DependOnGroup -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\Description -> Transfère des fichiers en tâche de fond en utilisant la bande passante du réseau lors de ses périodes d'inactivité. Si le service est arrêté, des fonctionnalités qui dépendent de BITS, telles que Windows Update et MSN Explorer ne pourront plus télécharger automatiquement des programmes et d'autres informations. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Parameters\\ServiceDll -> %SystemRoot%\System32\qmgr.dll -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Security\\Security -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Enum\ -> Root\LEGACY_BITS00 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Enum\\NextInstance -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnGroup -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnService -> Netman;WinMgmt; -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Description -> Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DisplayName -> Windows Firewall/Internet Connection Sharing (ICS) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ImagePath -> %SystemRoot%\system32\svchost.exe -k netsvcs -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Start -> 3 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\ -> Root\LEGACY_SHAREDACCESS00 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\NextInstance -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\\Epoch -> 11477 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ServiceDll -> %SystemRoot%\System32\ipnathlp.dll -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\\ServiceUpgrade -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\All -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Start -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ImagePath -> %systemroot%\system32\svchost.exe -k wugroup -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\DisplayName -> Mises à jour automatiques -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Description -> Active le téléchargement et l'installation des mises à jour Windows. Si ce service est désactivé, cet ordinateur ne pourra pas utiliser la fonctionnalité des mises à jour automatiques ou le site Windows Update. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\ServiceDll -> C:\WINNT\system32\wuauserv.dll -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\\Security -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ -> Root\LEGACY_WUAUSERV00 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\NextInstance -> 1 -> [Files/Folders - Created Within 90 days] !Submit -> %SystemDrive%\!Submit -> [Folder | Created Date = 28/01/2007 17:26:22 | Attr = ] AUTOEXEC.BAT -> %SystemDrive%\AUTOEXEC.BAT -> [Ver = | Size = 0 bytes | Created Date = 24/01/2007 19:42:54 | Attr = ] avenger -> %SystemDrive%\avenger -> [Folder | Created Date = 06/04/2007 06:25:33 | Attr = ] b48da1ca53575bea94a6b53607 -> %SystemDrive%\b48da1ca53575bea94a6b53607 -> [Folder | Created Date = 28/03/2007 13:49:02 | Attr = ] Bases -> %SystemDrive%\Bases -> [Folder | Created Date = 24/03/2007 17:58:10 | Attr = ] boot.ini -> %SystemDrive%\boot.ini -> [Ver = | Size = 202 bytes | Created Date = 24/01/2007 20:32:10 | Attr = HS] Config.Msi -> %SystemDrive%\Config.Msi -> [Folder | Created Date = 24/01/2007 21:06:18 | Attr = HS] CONFIG.SYS -> %SystemDrive%\CONFIG.SYS -> [Ver = | Size = 0 bytes | Created Date = 24/01/2007 19:42:54 | Attr = H ] diff.exe -> %SystemDrive%\diff.exe -> [Ver = | Size = 68096 bytes | Created Date = 25/03/2007 13:05:33 | Attr = ] Directx -> %SystemDrive%\Directx -> [Folder | Created Date = 28/01/2007 19:19:15 | Attr = ] Documents and Settings -> %SystemDrive%\Documents and Settings -> [Folder | Created Date = 24/01/2007 19:33:45 | Attr = ] Downloads -> %SystemDrive%\Downloads -> [Folder | Created Date = 24/03/2007 17:58:10 | Attr = ] getfile.dat -> %SystemDrive%\getfile.dat -> [Ver = | Size = 14 bytes | Created Date = 24/01/2007 20:37:35 | Attr = ] grep.exe -> %SystemDrive%\grep.exe -> [Ver = | Size = 103424 bytes | Created Date = 25/03/2007 13:05:33 | Attr = ] IO.SYS -> %SystemDrive%\IO.SYS -> [Ver = | Size = 0 bytes | Created Date = 24/01/2007 19:42:54 | Attr = RHS] Kaspersky -> %SystemDrive%\Kaspersky -> [Folder | Created Date = 24/03/2007 17:57:22 | Attr = ] MSDOS.SYS -> %SystemDrive%\MSDOS.SYS -> [Ver = | Size = 0 bytes | Created Date = 24/01/2007 19:42:54 | Attr = RHS] Myst V End Of Ages -> %SystemDrive%\Myst V End Of Ages -> [Folder | Created Date = 22/02/2007 19:57:57 | Attr = ] Nvidia Driver Geforce fx5200 -> %SystemDrive%\Nvidia Driver Geforce fx5200 -> [Folder | Created Date = 24/01/2007 20:04:23 | Attr = ] Program Files -> %ProgramFiles% -> [Folder | Created Date = 24/01/2007 19:34:09 | Attr = R ] reboot.cmd -> %SystemDrive%\reboot.cmd -> [Ver = | Size = 853 bytes | Created Date = 25/03/2007 13:05:33 | Attr = ] RECYCLER -> %SystemDrive%\RECYCLER -> [Folder | Created Date = 24/01/2007 20:41:49 | Attr = HS] System Volume Information -> %SystemDrive%\System Volume Information -> [Folder | Created Date = 08/11/1833 19:50:52 | Attr = HS] WINNT -> %SystemRoot% -> [Folder | Created Date = 24/01/2007 20:29:55 | Attr = ] $NtUpdateRollupPackUninstall$ -> %SystemRoot%\$NtUpdateRollupPackUninstall$ -> [Folder | Created Date = 28/03/2007 13:49:37 | Attr = H ] $SQLUninstallMDAC27SP1-KB927779-x86-FRA$ -> %SystemRoot%\$SQLUninstallMDAC27SP1-KB927779-x86-FRA$ -> [Folder | Created Date = 29/03/2007 19:09:06 | Attr = H ] addins -> %SystemRoot%\addins -> [Folder | Created Date = 24/01/2007 20:29:55 | Attr = ] alcrmv.exe -> %SystemRoot%\alcrmv.exe -> Avance Logic, Inc. [Ver = 1, 6, 0, 0 | Size = 151552 bytes | Created Date = 24/01/2007 20:00:18 | Attr = ] alcupd.exe -> %SystemRoot%\alcupd.exe -> Avance Logic, Inc. [Ver = 1, 6, 1, 0 | Size = 217088 bytes | Created Date = 24/01/2007 20:00:18 | Attr = ] AppPatch -> %SystemRoot%\AppPatch -> [Folder | Created Date = 24/01/2007 20:29:55 | Attr = ] AU_Backup -> %SystemRoot%\AU_Backup -> [Folder | Created Date = 27/01/2007 12:30:16 | Attr = ] AU_Log -> %SystemRoot%\AU_Log -> [Folder | Created Date = 27/01/2007 12:25:10 | Attr = ] AU_Temp -> %SystemRoot%\AU_Temp -> [Folder | Created Date = 15/03/2007 20:14:53 | Attr = ] avrack.ini -> %SystemRoot%\avrack.ini -> [Ver = | Size = 164 bytes | Created Date = 24/01/2007 20:00:19 | Attr = ] bdinit.ini -> %SystemRoot%\bdinit.ini -> [Ver = | Size = 10 bytes | Created Date = 16/03/2007 20:40:15 | Attr = ] BDOSCAN8 -> %SystemRoot%\BDOSCAN8 -> [Folder | Created Date = 20/03/2007 22:54:58 | Attr = ] BPMNT.dll -> %SystemRoot%\BPMNT.dll -> Trend Micro Inc. [Ver = 8.000-1001 | Size = 86094 bytes | Created Date = 27/01/2007 12:30:14 | Attr = ] Bulles de savon.bmp -> %SystemRoot%\Bulles de savon.bmp -> [Ver = | Size = 65978 bytes | Created Date = 24/01/2007 19:40:40 | Attr = ] Config -> %SystemRoot%\Config -> [Folder | Created Date = 24/01/2007 20:29:55 | Attr = ] Connection Wizard -> %SystemRoot%\Connection Wizard -> [Folder | Created Date = 24/01/2007 20:29:55 | Attr = ] control.ini -> %SystemRoot%\control.ini -> [Ver = | Size = 0 bytes | Created Date = 24/01/2007 19:42:54 | Attr = ] Cookies -> %SystemRoot%\Cookies -> [Folder | Created Date = 04/02/2007 17:41:36 | Attr = S] CSC -> %SystemRoot%\CSC -> [Folder | Created Date = 24/01/2007 19:51:32 | Attr = HS] Cursors -> %SystemRoot%\Cursors -> [Folder | Created Date = 24/01/2007 20:29:55 | Attr = ] Debug -> %SystemRoot%\Debug -> [Folder | Created Date = 24/01/2007 20:29:55 | Attr = ] desktop.ini -> %SystemRoot%\desktop.ini -> [Ver = | Size = 271 bytes | Created Date = 24/01/2007 19:42:12 | Attr = H ] Downloaded Installations -> %SystemRoot%\Downloaded Installations -> [Folder | Created Date = 22/02/2007 20:19:08 | Attr = ] Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Created Date = 24/01/2007 19:42:11 | Attr = S] Driver Cache -> %SystemRoot%\Driver Cache -> [Folder | Created Date = 24/01/2007 20:29:55 | Attr = ] Fichiers d'installation de Windows Update -> %SystemRoot%\Fichiers d'installation de Windows Update -> [Folder | Created Date = 24/02/2007 20:03:03 | Attr = ] folder.htt -> %SystemRoot%\folder.htt -> [Ver = | Size = 21844 bytes | Created Date = 24/01/2007 19:42:12 | Attr = H ] Fonts -> %SystemRoot%\Fonts -> [Folder | Created Date = 24/01/2007 20:29:55 | Attr = R S] GetServer.ini -> %SystemRoot%\GetServer.ini -> [Ver = | Size = 170 bytes | Created Date = 27/01/2007 12:25:11 | Attr = ] gmer.dll -> %SystemRoot%\gmer.dll -> [Ver = 1, 0, 12, 12086 | Size = 565311 bytes | Created Date = 03/04/2007 22:34:19 | Attr = ] gmer.exe -> %SystemRoot%\gmer.exe -> [Ver = 1, 0, 12, 12086 | Size = 573440 bytes | Created Date = 03/04/2007 22:34:18 | Attr = ] gmer.ini -> %SystemRoot%\gmer.ini -> [Ver = | Size = 250 bytes | Created Date = 03/04/2007 22:34:20 | Attr = ] gmer_uninstall.cmd -> %SystemRoot%\gmer_uninstall.cmd -> [Ver = | Size = 80 bytes | Created Date = 03/04/2007 22:34:19 | Attr = ] Granit vert.bmp -> %SystemRoot%\Granit vert.bmp -> [Ver = | Size = 26582 bytes | Created Date = 24/01/2007 19:40:40 | Attr = ] hcextoutput.dll -> %SystemRoot%\hcextoutput.dll -> [Ver = | Size = 71749 bytes | Created Date = 27/01/2007 12:30:15 | Attr = ] Help -> %SystemRoot%\Help -> [Folder | Created Date = 24/01/2007 20:29:55 | Attr = ] Historique -> %SystemRoot%\Historique -> [Folder | Created Date = 04/02/2007 17:41:36 | Attr = S] hpdj5100.his -> %SystemRoot%\hpdj5100.his -> [Ver = | Size = 180248 bytes | Created Date = 02/02/2007 09:09:32 | Attr = ] hpdj5100.ini -> %SystemRoot%\hpdj5100.ini -> [Ver = | Size = 11413 bytes | Created Date = 02/02/2007 09:09:32 | Attr = ] ime -> %SystemRoot%\ime -> [Folder | Created Date = 24/01/2007 19:43:24 | Attr = ] imsins.BAK -> %SystemRoot%\imsins.BAK -> [Ver = | Size = 1418 bytes | Created Date = 20/03/2007 22:34:52 | Attr = ] inf -> %SystemRoot%\inf -> [Folder | Created Date = 24/01/2007 20:29:55 | Attr = H ] Installer -> %SystemRoot%\Installer -> [Folder | Created Date = 24/01/2007 19:51:36 | Attr = HS] IsUn040c.exe -> %SystemRoot%\IsUn040c.exe -> InstallShield Software Corporation [Ver = 5, 50, 137, 0 | Size = 327168 bytes | Created Date = 02/02/2007 09:14:04 | Attr = ] IsUninst.exe -> %SystemRoot%\IsUninst.exe -> InstallShield Software Corporation [Ver = 5, 51, 138, 0 | Size = 306688 bytes | Created Date = 24/01/2007 19:55:54 | Attr = ] Jour de pêche.bmp -> %SystemRoot%\Jour de pêche.bmp -> [Ver = | Size = 17336 bytes | Created Date = 24/01/2007 19:40:40 | Attr = ] LPT$VPN.219 -> %SystemRoot%\LPT$VPN.219 -> [Ver = | Size = 25798821 bytes | Created Date = 27/01/2007 12:31:31 | Attr = ] Media -> %SystemRoot%\Media -> [Folder | Created Date = 24/01/2007 20:29:55 | Attr = ] meta4.exe -> %SystemRoot%\meta4.exe -> [Ver = | Size = 217073 bytes | Created Date = 25/02/2007 12:35:09 | Attr = ] Minidump -> %SystemRoot%\Minidump -> [Folder | Created Date = 28/02/2007 19:16:45 | Attr = ] MOTA113.exe -> %SystemRoot%\MOTA113.exe -> [Ver = | Size = 66560 bytes | Created Date = 25/02/2007 12:35:09 | Attr = ] mozver.dat -> %SystemRoot%\mozver.dat -> [Ver = | Size = 4243 bytes | Created Date = 24/01/2007 23:14:09 | Attr = ] msagent -> %SystemRoot%\msagent -> [Folder | Created Date = 24/01/2007 20:29:55 | Attr = ] msapps -> %SystemRoot%\msapps -> [Folder | Created Date = 24/01/2007 20:29:55 | Attr = ] msdownld.tmp -> %SystemRoot%\msdownld.tmp -> [Folder | Created Date = 24/02/2007 20:16:53 | Attr = H ] msiinst.tmp -> %SystemRoot%\msiinst.tmp -> [Folder | Created Date = 28/03/2007 13:49:33 | Attr = ] Mur de Santa Fe.bmp -> %SystemRoot%\Mur de Santa Fe.bmp -> [Ver = | Size = 65832 bytes | Created Date = 24/01/2007 19:40:40 | Attr = ] mww32 -> %SystemRoot%\mww32 -> [Folder | Created Date = 24/01/2007 19:43:24 | Attr = ] NeroDigital.ini -> %SystemRoot%\NeroDigital.ini -> [Ver = | Size = 49 bytes | Created Date = 30/01/2007 18:47:33 | Attr = ] nsreg.dat -> %SystemRoot%\nsreg.dat -> [Ver = | Size = 0 bytes | Created Date = 24/01/2007 21:41:47 | Attr = ] nview -> %SystemRoot%\nview -> [Folder | Created Date = 24/01/2007 20:04:47 | Attr = ] ODBC.INI -> %SystemRoot%\ODBC.INI -> [Ver = | Size = 207 bytes | Created Date = 29/01/2007 20:26:15 | Attr = ] ODBCINST.INI -> %SystemRoot%\ODBCINST.INI -> [Ver = | Size = 4429 bytes | Created Date = 24/01/2007 19:34:12 | Attr = ] Offline Web Pages -> %SystemRoot%\Offline Web Pages -> [Folder | Created Date = 24/01/2007 19:42:11 | Attr = R ] OpPrintServer.INI -> %SystemRoot%\OpPrintServer.INI -> [Ver = | Size = 0 bytes | Created Date = 07/03/2007 14:16:52 | Attr = ] PATCH.EXE -> %SystemRoot%\PATCH.EXE -> Trend Micro Inc. [Ver = 1,81,0,1011 | Size = 286720 bytes | Created Date = 27/01/2007 12:25:04 | Attr = ] PIF -> %SystemRoot%\PIF -> [Folder | Created Date = 21/03/2007 00:15:07 | Attr = H ] Plume.bmp -> %SystemRoot%\Plume.bmp -> [Ver = | Size = 16730 bytes | Created Date = 24/01/2007 19:40:40 | Attr = ] pss -> %SystemRoot%\pss -> [Folder | Created Date = 27/01/2007 13:08:31 | Attr = ] QTFont.for -> %SystemRoot%\QTFont.for -> [Ver = | Size = 1409 bytes | Created Date = 08/04/2007 18:27:29 | Attr = ] QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Created Date = 08/04/2007 18:27:29 | Attr = H ] RegisteredPackages -> %SystemRoot%\RegisteredPackages -> [Folder | Created Date = 29/01/2007 20:24:23 | Attr = ] Registration -> %SystemRoot%\Registration -> [Folder | Created Date = 24/01/2007 19:41:12 | Attr = ] REGLOCS.OLD -> %SystemRoot%\REGLOCS.OLD -> [Ver = | Size = 8192 bytes | Created Date = 07/03/2007 14:24:41 | Attr = ] repair -> %SystemRoot%\repair -> [Folder | Created Date = 24/01/2007 20:29:55 | Attr = ] report -> %SystemRoot%\report -> [Folder | Created Date = 27/01/2007 12:31:37 | Attr = ] Rhododendron.bmp -> %SystemRoot%\Rhododendron.bmp -> [Ver = | Size = 17362 bytes | Created Date = 24/01/2007 19:40:40 | Attr = ] Rivière Sumida.bmp -> %SystemRoot%\Rivière Sumida.bmp -> [Ver = | Size = 26680 bytes | Created Date = 24/01/2007 19:40:40 | Attr = ] Rosace bleue 16.bmp -> %SystemRoot%\Rosace bleue 16.bmp -> [Ver = | Size = 1272 bytes | Created Date = 24/01/2007 19:40:40 | Attr = ] RUNAWAY.INI -> %SystemRoot%\RUNAWAY.INI -> [Ver = | Size = 40 bytes | Created Date = 28/01/2007 19:27:38 | Attr = ] security -> %SystemRoot%\security -> [Folder | Created Date = 24/01/2007 20:29:55 | Attr = ] SET29.tmp -> %SystemRoot%\SET29.tmp -> [Ver = | Size = 14816 bytes | Created Date = 24/01/2007 19:33:58 | Attr = R ] SET51.tmp -> %SystemRoot%\SET51.tmp -> [Ver = | Size = 1135628 bytes | Created Date = 24/01/2007 19:33:59 | Attr = R ] setup.inf -> %SystemRoot%\setup.inf -> [Ver = | Size = 957 bytes | Created Date = 29/03/2007 18:27:38 | Attr = ] setup.rpt -> %SystemRoot%\setup.rpt -> [Ver = | Size = 283 bytes | Created Date = 29/03/2007 18:27:38 | Attr = ] ShellNew -> %SystemRoot%\ShellNew -> [Folder | Created Date = 24/01/2007 22:43:59 | Attr = ] SoftwareDistribution -> %SystemRoot%\SoftwareDistribution -> [Folder | Created Date = 26/01/2007 19:27:22 | Attr = ] Speech -> %SystemRoot%\Speech -> [Folder | Created Date = 24/01/2007 19:34:10 | Attr = ] Sun -> %SystemRoot%\Sun -> [Folder | Created Date = 14/02/2007 13:58:36 | Attr = ] super.chm -> %SystemRoot%\super.chm -> [Ver = | Size = 9292 bytes | Created Date = 25/02/2007 12:32:51 | Attr = H ] system -> %SystemRoot%\system -> [Folder | Created Date = 24/01/2007 20:29:55 | Attr = ] system32 -> %System32% -> [Folder | Created Date = 24/01/2007 20:29:55 | Attr = ] Tasks -> %SystemRoot%\Tasks -> [Folder | Created Date = 24/01/2007 19:41:59 | Attr = S] Tasse à café.bmp -> %SystemRoot%\Tasse à café.bmp -> [Ver = | Size = 17062 bytes | Created Date = 24/01/2007 19:40:40 | Attr = ] temp -> %SystemRoot%\temp -> [Folder | Created Date = 27/03/2007 18:46:09 | Attr = ] Temporary Internet Files -> %SystemRoot%\Temporary Internet Files -> [Folder | Created Date = 04/02/2007 17:41:36 | Attr = S] TMUPDATE.DLL -> %SystemRoot%\TMUPDATE.DLL -> Trend Micro Inc. [Ver = 1,81,0,1011 | Size = 507904 bytes | Created Date = 27/01/2007 12:25:04 | Attr = ] tsc.exe -> %SystemRoot%\tsc.exe -> Trend Micro Inc. [Ver = 5.0.0.1107 | Size = 229957 bytes | Created Date = 27/01/2007 12:30:15 | Attr = ] tsc.ini -> %SystemRoot%\tsc.ini -> [Ver = | Size = 823 bytes | Created Date = 27/01/2007 12:30:15 | Attr = ] tsc.ptn -> %SystemRoot%\tsc.ptn -> [Ver = | Size = 1992471 bytes | Created Date = 27/01/2007 12:30:15 | Attr = ] twain_32 -> %SystemRoot%\twain_32 -> [Folder | Created Date = 24/01/2007 20:29:55 | Attr = ] UNZIP.DLL -> %SystemRoot%\UNZIP.DLL -> Trend Micro Inc. [Ver = 1.32.0.1000 | Size = 69689 bytes | Created Date = 27/01/2007 12:25:04 | Attr = ] vb.ini -> %SystemRoot%\vb.ini -> [Ver = | Size = 36 bytes | Created Date = 24/01/2007 19:41:10 | Attr = ] vbaddin.ini -> %SystemRoot%\vbaddin.ini -> [Ver = | Size = 37 bytes | Created Date = 24/01/2007 19:41:10 | Attr = ] Vent de prairie.bmp -> %SystemRoot%\Vent de prairie.bmp -> [Ver = | Size = 65954 bytes | Created Date = 24/01/2007 19:40:40 | Attr = ] vpd.properties -> %SystemRoot%\vpd.properties -> [Ver = | Size = 4508 bytes | Created Date = 22/02/2007 20:02:51 | Attr = ] VPTNFILE.219 -> %SystemRoot%\VPTNFILE.219 -> [Ver = | Size = 25798821 bytes | Created Date = 27/01/2007 12:30:10 | Attr = ] vsapi32.dll -> %SystemRoot%\vsapi32.dll -> Trend Micro Inc. [Ver = 8.310-1002 | Size = 1101904 bytes | Created Date = 27/01/2007 12:30:14 | Attr = ] War3Unin.dat -> %SystemRoot%\War3Unin.dat -> [Ver = | Size = 15095 bytes | Created Date = 10/02/2007 17:12:07 | Attr = ] War3Unin.exe -> %SystemRoot%\War3Unin.exe -> Blizzard Entertainment [Ver = 1, 0, 0, 0 | Size = 126976 bytes | Created Date = 10/02/2007 17:12:03 | Attr = ] War3Unin.pif -> %SystemRoot%\War3Unin.pif -> [Ver = | Size = 2829 bytes | Created Date = 10/02/2007 17:12:03 | Attr = ] Web -> %SystemRoot%\Web -> [Folder | Created Date = 24/01/2007 20:29:55 | Attr = S] WMSysPr9.prx -> %SystemRoot%\WMSysPr9.prx -> [Ver = | Size = 316640 bytes | Created Date = 23/02/2007 14:25:22 | Attr = ] x2.64.exe -> %SystemRoot%\x2.64.exe -> [Ver = | Size = 502784 bytes | Created Date = 25/02/2007 12:35:09 | Attr = ] Zapotec.bmp -> %SystemRoot%\Zapotec.bmp -> [Ver = | Size = 9522 bytes | Created Date = 24/01/2007 19:40:41 | Attr = ] ~TempMui.inf -> %SystemRoot%\~TempMui.inf -> [Ver = | Size = 5538 bytes | Created Date = 29/01/2007 20:26:18 | Attr = ] desktop.ini -> %SystemRoot%\tasks\desktop.ini -> [Ver = | Size = 65 bytes | Created Date = 24/01/2007 19:41:59 | Attr = RH ] SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Created Date = 24/01/2007 19:42:37 | Attr = H ] $winnt$.inf -> %System32%\$winnt$.inf -> [Ver = | Size = 341 bytes | Created Date = 24/01/2007 20:32:06 | Attr = ] 12520437.cpx -> %System32%\12520437.cpx -> [Ver = | Size = 2151 bytes | Created Date = 29/01/2007 20:25:52 | Attr = ] 12520850.cpx -> %System32%\12520850.cpx -> [Ver = | Size = 2233 bytes | Created Date = 29/01/2007 20:25:52 | Attr = ] ac3DX.ax -> %System32%\ac3DX.ax -> [Ver = 1.01a | Size = 227328 bytes | Created Date = 25/02/2007 12:32:52 | Attr = RHS] ActiveScan -> %System32%\ActiveScan -> [Folder | Created Date = 04/04/2007 06:11:40 | Attr = ] amcompat.tlb -> %System32%\amcompat.tlb -> [Ver = | Size = 16832 bytes | Created Date = 24/01/2007 19:42:49 | Attr = ] amstream.dll -> %System32%\amstream.dll -> [Ver = | Size = 64512 bytes | Created Date = 29/01/2007 20:22:26 | Attr = ] appmgmt -> %System32%\appmgmt -> [Folder | Created Date = 02/02/2007 09:16:46 | Attr = ] asuninst.exe -> %System32%\asuninst.exe -> Panda Software [Ver = 1, 0, 0, 2 | Size = 73728 bytes | Created Date = 04/04/2007 06:12:22 | Attr = ] AUTOEXEC.NT -> %System32%\AUTOEXEC.NT -> [Ver = | Size = 531 bytes | Created Date = 24/01/2007 19:34:04 | Attr = ] AVCDX.ax -> %System32%\AVCDX.ax -> CoreCodec [Ver = 0, 0, 0, 4 | Size = 123904 bytes | Created Date = 25/02/2007 12:32:52 | Attr = RHS] avisynth.dll -> %System32%\avisynth.dll -> The Public [Ver = 2, 5, 7, 0 | Size = 306688 bytes | Created Date = 25/02/2007 12:35:08 | Attr = ] AVSredirect.dll -> %System32%\AVSredirect.dll -> [Ver = | Size = 27648 bytes | Created Date = 25/02/2007 12:35:09 | Attr = ] bedgsly.bat -> %System32%\bedgsly.bat -> [Ver = | Size = 129 bytes | Created Date = 20/03/2007 17:48:25 | Attr = ] BITS -> %System32%\BITS -> [Folder | Created Date = 28/03/2007 19:49:32 | Attr = ] bopomofo.uce -> %System32%\bopomofo.uce -> [Ver = | Size = 22984 bytes | Created Date = 24/01/2007 19:40:38 | Attr = ] CatRoot -> %System32%\CatRoot -> [Folder | Created Date = 24/01/2007 19:33:57 | Attr = ] cbrowser.dll -> %System32%\cbrowser.dll -> Sound Vision, Inc. [Ver = 1, 2, 0, 18 | Size = 126976 bytes | Created Date = 24/01/2007 20:53:26 | Attr = ] cliconf.chm -> %System32%\cliconf.chm -> [Ver = | Size = 71859 bytes | Created Date = 29/01/2007 20:26:08 | Attr = ] CNDCK170.dll -> %System32%\CNDCK170.dll -> Canon, Inc. [Ver = 2003, 7, 23, 1 | Size = 81920 bytes | Created Date = 07/03/2007 14:18:10 | Attr = ] CNDNDlg.exe -> %System32%\CNDNDlg.exe -> Canon Inc. [Ver = 2003, 4, 14, 1 | Size = 40960 bytes | Created Date = 07/03/2007 14:18:10 | Attr = ] CNDUK170.dll -> %System32%\CNDUK170.dll -> Canon, Inc. [Ver = 2003, 7, 23, 1 | Size = 159744 bytes | Created Date = 07/03/2007 14:18:10 | Attr = ] Com -> %System32%\Com -> [Folder | Created Date = 24/01/2007 19:40:32 | Attr = ] ComLib.dll -> %System32%\ComLib.dll -> Sound Vision [Ver = .0013x05 | Size = 40960 bytes | Created Date = 24/01/2007 20:53:26 | Attr = ] config -> %System32%\config -> [Folder | Created Date = 24/01/2007 20:29:55 | Attr = ] CONFIG.NT -> %System32%\CONFIG.NT -> [Ver = | Size = 3072 bytes | Created Date = 24/01/2007 19:42:54 | Attr = ] CONFIG.TMP -> %System32%\CONFIG.TMP -> [Ver = | Size = 3072 bytes | Created Date = 24/01/2007 19:34:05 | Attr = ] CoreAAC.ax -> %System32%\CoreAAC.ax -> [Ver = 1, 2, 0, 575 | Size = 175104 bytes | Created Date = 25/02/2007 12:32:52 | Attr = RHS] c_20127.nls -> %System32%\c_20127.nls -> [Ver = | Size = 66082 bytes | Created Date = 24/01/2007 19:34:07 | Attr = ] d3d9caps.dat -> %System32%\d3d9caps.dat -> [Ver = | Size = 664 bytes | Created Date = 29/01/2007 20:27:31 | Attr = ] desktop.ini -> %System32%\desktop.ini -> [Ver = | Size = 271 bytes | Created Date = 24/01/2007 19:42:12 | Attr = H ] devil.dll -> %System32%\devil.dll -> Abysmal Software [Ver = 1.6.6 | Size = 719872 bytes | Created Date = 25/02/2007 12:35:08 | Attr = ] dgrpsetu.dll -> %System32%\dgrpsetu.dll -> Digi [Ver = 2.2.1 | Size = 123904 bytes | Created Date = 24/01/2007 19:34:06 | Attr = ] dgsetup.dll -> %System32%\dgsetup.dll -> Digi International [Ver = v3.7.1.10 | Size = 86288 bytes | Created Date = 24/01/2007 19:34:06 | Attr = ] dhcp -> %System32%\dhcp -> [Folder | Created Date = 24/01/2007 20:29:55 | Attr = ] DiracSplitter.ax -> %System32%\DiracSplitter.ax -> Gabest [Ver = 1, 0, 0, 0 | Size = 179200 bytes | Created Date = 25/02/2007 12:32:52 | Attr = RHS] DirectX -> %System32%\DirectX -> [Folder | Created Date = 28/01/2007 19:21:51 | Attr = ] dllcache -> %System32%\dllcache -> [Folder | Created Date = 24/01/2007 20:29:55 | Attr = RHS] DonationCoder_urlsnooper_InstallInfo.dat -> %System32%\DonationCoder_urlsnooper_InstallInfo.dat -> [Ver = | Size = 46 bytes | Created Date = 21/02/2007 13:44:11 | Attr = ] dp.exe -> %System32%\dp.exe -> [Ver = | Size = 0 bytes | Created Date = 28/03/2007 11:12:16 | Attr = ] drivers -> %System32%\drivers -> [Folder | Created Date = 24/01/2007 20:29:55 | Attr = ] dsound.vxd -> %System32%\dsound.vxd -> [Ver = | Size = 49666 bytes | Created Date = 02/02/2007 19:06:09 | Attr = ] DTCLog -> %System32%\DTCLog -> [Folder | Created Date = 24/01/2007 19:41:01 | Attr = ] dumphive.exe -> %System32%\dumphive.exe -> [Ver = | Size = 51200 bytes | Created Date = 27/03/2007 18:14:13 | Attr = ] emptyregdb.dat -> %System32%\emptyregdb.dat -> [Ver = | Size = 15204 bytes | Created Date = 24/01/2007 19:41:40 | Attr = ] EqnClass.Dll -> %System32%\EqnClass.Dll -> Equinox Systems Inc. [Ver = 3.0d | Size = 176400 bytes | Created Date = 24/01/2007 19:34:06 | Attr = ] export -> %System32%\export -> [Folder | Created Date = 24/01/2007 20:29:55 | Attr = ] flvDX.dll -> %System32%\flvDX.dll -> Gabest [Ver = 1, 0, 0, 1 | Size = 163328 bytes | Created Date = 25/02/2007 12:32:52 | Attr = RHS] FNTCACHE.DAT -> %System32%\FNTCACHE.DAT -> [Ver = | Size = 126112 bytes | Created Date = 24/01/2007 19:33:44 | Attr = ] folder.htt -> %System32%\folder.htt -> [Ver = | Size = 21844 bytes | Created Date = 24/01/2007 19:42:12 | Attr = H ] gb2312.uce -> %System32%\gb2312.uce -> [Ver = | Size = 24006 bytes | Created Date = 24/01/2007 19:40:38 | Attr = ] GroupPolicy -> %System32%\GroupPolicy -> [Folder | Created Date = 24/01/2007 19:51:33 | Attr = H ] Help.ico -> %System32%\Help.ico -> [Ver = | Size = 1406 bytes | Created Date = 04/04/2007 06:11:45 | Attr = ] hticons.dll -> %System32%\hticons.dll -> Hilgraeve, Inc. [Ver = 5.00.2195.6684 | Size = 21776 bytes | Created Date = 24/01/2007 19:40:35 | Attr = ] HTML.OCX -> %System32%\HTML.OCX -> NetManage Inc. [Ver = 6.02.1194 | Size = 169472 bytes | Created Date = 25/01/2007 08:27:08 | Attr = ] hypertrm.dll -> %System32%\hypertrm.dll -> Hilgraeve, Inc. [Ver = 5.00.2195.7000 | Size = 583440 bytes | Created Date = 24/01/2007 19:40:35 | Attr = ] i420vfw.dll -> %System32%\i420vfw.dll -> www.helixcommunity.org [Ver = R1.02 | Size = 70656 bytes | Created Date = 25/02/2007 12:35:08 | Attr = ] ias -> %System32%\ias -> [Folder | Created Date = 24/01/2007 20:29:55 | Attr = ] ideograf.uce -> %System32%\ideograf.uce -> [Ver = | Size = 60458 bytes | Created Date = 24/01/2007 19:40:39 | Attr = ] ie_de -> %System32%\ie_de -> [Folder | Created Date = 24/01/2007 20:29:55 | Attr = ] ImageDrive.cpl -> %System32%\ImageDrive.cpl -> Ahead Software AG [Ver = 2, 23, 0, 14 | Size = 57344 bytes | Created Date = 29/01/2007 19:12:23 | Attr = ] imagr5.dll -> %System32%\imagr5.dll -> Pegasus Software,LLC [Ver = 5.00.304 | Size = 569344 bytes | Created Date = 29/01/2007 19:12:05 | Attr = ] imagx5.dll -> %System32%\imagx5.dll -> Pegasus Software, LLC [Ver = 5.00.014 | Size = 544768 bytes | Created Date = 29/01/2007 19:12:05 | Attr = ] ImagXpr5.dll -> %System32%\ImagXpr5.dll -> Pegasus Software, LLC [Ver = 5.00.009 | Size = 283920 bytes | Created Date = 29/01/2007 19:12:05 | Attr = ] imgadmin.ocx -> %System32%\imgadmin.ocx -> Eastman Software, Inc., A Kodak Business [Ver = 5.00.2134.1 | Size = 104208 bytes | Created Date = 24/01/2007 19:40:37 | Attr = ] imgcmn.dll -> %System32%\imgcmn.dll -> Eastman Software, Inc., A Kodak Business [Ver = 5.00.2134.1 | Size = 63760 bytes | Created Date = 24/01/2007 19:40:37 | Attr = ] imgedit.ocx -> %System32%\imgedit.ocx -> Eastman Software, Inc., A Kodak Business [Ver = 5.00.2195.6601 | Size = 311056 bytes | Created Date = 24/01/2007 19:40:34 | Attr = ] imgscan.ocx -> %System32%\imgscan.ocx -> Eastman Software, Inc., A Kodak Business [Ver = 5.00.2134.1 | Size = 119568 bytes | Created Date = 24/01/2007 19:40:37 | Attr = ] imgshl.dll -> %System32%\imgshl.dll -> Eastman Software, Inc., A Kodak Business [Ver = 5.00.2134.1 | Size = 13584 bytes | Created Date = 24/01/2007 19:40:37 | Attr = ] imgthumb.ocx -> %System32%\imgthumb.ocx -> Eastman Software, Inc., A Kodak Business [Ver = 5.00.2134.1 | Size = 108816 bytes | Created Date = 24/01/2007 19:40:37 | Attr = ] inetsrv -> %System32%\inetsrv -> [Folder | Created Date = 24/01/2007 19:43:23 | Attr = ] instcat.sql -> %System32%\instcat.sql -> [Ver = | Size = 766934 bytes | Created Date = 29/01/2007 20:26:10 | Attr = ] IOSUBSYS -> %System32%\IOSUBSYS -> [Folder | Created Date = 11/03/2007 19:17:43 | Attr = ] irxgskvw.PIF -> %System32%\irxgskvw.PIF -> [Ver = | Size = 2855 bytes | Created Date = 21/03/2007 23:23:32 | Attr = ] java.exe -> %System32%\java.exe -> Sun Microsystems, Inc. [Ver = 5.0.110.3 | Size = 49248 bytes | Created Date = 31/03/2007 07:47:58 | Attr = ] javaw.exe -> %System32%\javaw.exe -> Sun Microsystems, Inc. [Ver = 5.0.110.3 | Size = 53346 bytes | Created Date = 31/03/2007 07:47:58 | Attr = ] javaws.exe -> %System32%\javaws.exe -> Sun Microsystems, Inc. [Ver = 5.0.110.3 | Size = 127078 bytes | Created Date = 31/03/2007 07:47:58 | Attr = ] jpeg1x32.dll -> %System32%\jpeg1x32.dll -> Eastman Software, Inc., A Kodak Business [Ver = 5.00.2134.1 | Size = 27920 bytes | Created Date = 24/01/2007 19:40:37 | Attr = ] jpeg2x32.dll -> %System32%\jpeg2x32.dll -> Eastman Software, Inc., A Kodak Business [Ver = 5.00.2134.1 | Size = 38160 bytes | Created Date = 24/01/2007 19:40:37 | Attr = ] jpicpl32.cpl -> %System32%\jpicpl32.cpl -> Sun Microsystems, Inc. [Ver = 5.0.110.3 | Size = 49265 bytes | Created Date = 11/02/2007 12:15:23 | Attr = ] kanji_1.uce -> %System32%\kanji_1.uce -> [Ver = | Size = 6948 bytes | Created Date = 24/01/2007 19:40:39 | Attr = ] kanji_2.uce -> %System32%\kanji_2.uce -> [Ver = | Size = 8484 bytes | Created Date = 24/01/2007 19:40:39 | Attr = ] Kaspersky Lab -> %System32%\Kaspersky Lab -> [Folder | Created Date = 16/03/2007 20:49:37 | Attr = ] korean.uce -> %System32%\korean.uce -> [Ver = | Size = 12876 bytes | Created Date = 24/01/2007 19:40:39 | Attr = ] l3codeca.acm -> %System32%\l3codeca.acm -> Fraunhofer Institut Integrierte Schaltungen IIS [Ver = 1, 9, 0, 0305 | Size = 290816 bytes | Created Date = 23/02/2007 14:26:59 | Attr = ] l3codecx.ax -> %System32%\l3codecx.ax -> Fraunhofer Institut Integrierte Schaltungen IIS [Ver = 1, 5, 0, 50 | Size = 83456 bytes | Created Date = 29/01/2007 20:22:27 | Attr = ] Macromed -> %System32%\Macromed -> [Folder | Created Date = 24/01/2007 22:35:41 | Attr = ] mapisvc.inf -> %System32%\mapisvc.inf -> [Ver = | Size = 725 bytes | Created Date = 24/01/2007 19:41:47 | Attr = ] massvc32.exe -> %System32%\massvc32.exe -> [Ver = | Size = 0 bytes | Created Date = 18/03/2007 12:34:52 | Attr = ] MatroskaDX.ax -> %System32%\MatroskaDX.ax -> Gabest [Ver = 1, 0, 2, 9 | Size = 169472 bytes | Created Date = 25/02/2007 12:32:52 | Attr = RHS] mciqtz32.dll -> %System32%\mciqtz32.dll -> [Ver = | Size = 34304 bytes | Created Date = 29/01/2007 20:22:26 | Attr = ] Microsoft -> %System32%\Microsoft -> [Folder | Created Date = 24/01/2007 19:49:12 | Attr = ] mpeg2data.ax -> %System32%\mpeg2data.ax -> [Ver = | Size = 57856 bytes | Created Date = 02/02/2007 19:06:12 | Attr = ] mpg2splt.ax -> %System32%\mpg2splt.ax -> [Ver = | Size = 136192 bytes | Created Date = 29/01/2007 20:22:26 | Attr = ] msconfig.chm -> %System32%\msconfig.chm -> [Ver = | Size = 18069 bytes | Created Date = 27/01/2007 13:06:03 | Attr = ] msdmo.dll -> %System32%\msdmo.dll -> [Ver = | Size = 13312 bytes | Created Date = 29/01/2007 20:22:27 | Attr = ] msdtcprf.h -> %System32%\msdtcprf.h -> [Ver = | Size = 768 bytes | Created Date = 24/01/2007 19:40:36 | Attr = ] msdtcprf.ini -> %System32%\msdtcprf.ini -> [Ver = | Size = 3863 bytes | Created Date = 24/01/2007 19:40:36 | Attr = ] msdvbnp.ax -> %System32%\msdvbnp.ax -> [Ver = | Size = 52224 bytes | Created Date = 02/02/2007 19:06:12 | Attr = ] mui -> %System32%\mui -> [Folder | Created Date = 24/01/2007 20:29:55 | Attr = ] N067UFW.dll -> %System32%\N067UFW.dll -> CANON INC. [Ver = 1.010 | Size = 339968 bytes | Created Date = 24/01/2007 20:12:14 | Attr = R ] n2k.bmp -> %System32%\n2k.bmp -> [Ver = | Size = 2048 bytes | Created Date = 24/01/2007 19:40:47 | Attr = ] NeroCheck.exe -> %System32%\NeroCheck.exe -> Ahead Software Gmbh [Ver = 1, 0, 0, 2 | Size = 155648 bytes | Created Date = 29/01/2007 19:12:00 | Attr = ] NMOCOD.DLL -> %System32%\NMOCOD.DLL -> [Ver = | Size = 240640 bytes | Created Date = 25/01/2007 08:27:08 | Attr = ] NMORENU.DLL -> %System32%\NMORENU.DLL -> NetManage Inc. [Ver = 6.02.1198 | Size = 66560 bytes | Created Date = 25/01/2007 08:27:09 | Attr = ] NMSCKN.DLL -> %System32%\NMSCKN.DLL -> NetManage Inc. [Ver = 6.02.1194 | Size = 48128 bytes | Created Date = 25/01/2007 08:27:09 | Attr = ] NMW3VWN.DLL -> %System32%\NMW3VWN.DLL -> NetManage Inc. [Ver = 6.02.1194 | Size = 462848 bytes | Created Date = 25/01/2007 08:27:09 | Attr = ] npp -> %System32%\npp -> [Folder | Created Date = 24/01/2007 20:29:55 | Attr = ] nscompat.tlb -> %System32%\nscompat.tlb -> [Ver = | Size = 23392 bytes | Created Date = 24/01/2007 19:42:49 | Attr = ] nsp.dll -> %System32%\nsp.dll -> Intel Corp. [Ver = 4, 5, 2, 2 | Size = 114688 bytes | Created Date = 23/02/2007 14:25:13 | Attr = ] nspa6.dll -> %System32%\nspa6.dll -> Intel Corp. [Ver = 4, 5, 2, 2 | Size = 1429504 bytes | Created Date = 23/02/2007 14:25:17 | Attr = ] nspm5.dll -> %System32%\nspm5.dll -> Intel Corp. [Ver = 4, 5, 2, 2 | Size = 1335296 bytes | Created Date = 23/02/2007 14:25:19 | Attr = ] nspm6.dll -> %System32%\nspm6.dll -> Intel Corp. [Ver = 4, 5, 2, 2 | Size = 1404928 bytes | Created Date = 23/02/2007 14:25:19 | Attr = ] nspp6.dll -> %System32%\nspp6.dll -> Intel Corp. [Ver = 4, 5, 2, 2 | Size = 1318912 bytes | Created Date = 23/02/2007 14:25:18 | Attr = ] nsppx.dll -> %System32%\nsppx.dll -> Intel Corp. [Ver = 4, 5, 2, 2 | Size = 1306624 bytes | Created Date = 23/02/2007 14:25:16 | Attr = ] nspw7.dll -> %System32%\nspw7.dll -> Intel Corp. [Ver = 4, 5, 2, 2 | Size = 1441792 bytes | Created Date = 23/02/2007 14:25:13 | Attr = ] NtmsData -> %System32%\NtmsData -> [Folder | Created Date = 24/01/2007 19:49:57 | Attr = ] nvapps.xml -> %System32%\nvapps.xml -> [Ver = | Size = 88566 bytes | Created Date = 24/01/2007 20:04:49 | Attr = ] nvdisp.nvu -> %System32%\nvdisp.nvu -> [Ver = | Size = 17056 bytes | Created Date = 24/01/2007 20:04:47 | Attr = ] nvudisp.exe -> %System32%\nvudisp.exe -> NVIDIA Corporation [Ver = 1 , 0 , 1 , 55 | Size = 208896 bytes | Created Date = 24/01/2007 20:04:47 | Attr = ] NVUNINST.EXE -> %System32%\NVUNINST.EXE -> NVIDIA Corporation [Ver = 1 , 0 , 1 , 55 | Size = 208896 bytes | Created Date = 24/01/2007 20:04:39 | Attr = ] odbcconf.rsp -> %System32%\odbcconf.rsp -> [Ver = | Size = 28 bytes | Created Date = 29/01/2007 20:25:50 | Attr = ] oieng400.dll -> %System32%\oieng400.dll -> Eastman Software, Inc., A Kodak Business [Ver = 5.00.2195.6601 | Size = 444176 bytes | Created Date = 24/01/2007 19:40:34 | Attr = ] oiprt400.dll -> %System32%\oiprt400.dll -> Eastman Software, Inc., A Kodak Business [Ver = 5.00.2134.1 | Size = 13072 bytes | Created Date = 24/01/2007 19:40:37 | Attr = ] oislb400.dll -> %System32%\oislb400.dll -> Eastman Software, Inc., A Kodak Business [Ver = 5.00.2134.1 | Size = 21776 bytes | Created Date = 24/01/2007 19:40:37 | Attr = ] oissq400.dll -> %System32%\oissq400.dll -> Eastman Software, Inc., A Kodak Business [Ver = 5.00.2134.1 | Size = 13072 bytes | Created Date = 24/01/2007 19:40:37 | Attr = ] oitwa400.dll -> %System32%\oitwa400.dll -> Eastman Software, Inc., A Kodak Business [Ver = 5.00.2134.1 | Size = 25872 bytes | Created Date = 24/01/2007 19:40:37 | Attr = ] oiui400.dll -> %System32%\oiui400.dll -> Eastman Software, Inc., A Kodak Business [Ver = 5.00.2195.6601 | Size = 63760 bytes | Created Date = 24/01/2007 19:40:34 | Attr = ] os2 -> %System32%\os2 -> [Folder | Created Date = 24/01/2007 20:29:55 | Attr = ] Packet.dll -> %System32%\Packet.dll -> CACE Technologies [Ver = 4.0.0.755 | Size = 88952 bytes | Created Date = 25/01/2007 18:31:34 | Attr = ] pavas.ico -> %System32%\pavas.ico -> [Ver = | Size = 30590 bytes | Created Date = 04/04/2007 06:11:44 | Attr = ] Perflib_Perfdata_17c.dat -> %System32%\Perflib_Perfdata_17c.dat -> [Ver = | Size = 16384 bytes | Created Date = 25/03/2007 18:29:07 | Attr = ] Perflib_Perfdata_188.dat -> %System32%\Perflib_Perfdata_188.dat -> [Ver = | Size = 16384 bytes | Created Date = 25/03/2007 18:24:49 | Attr = ] Perflib_Perfdata_1c0.dat -> %System32%\Perflib_Perfdata_1c0.dat -> [Ver = | Size = 16384 bytes | Created Date = 26/03/2007 17:53:43 | Attr = ] Perflib_Perfdata_234.dat -> %System32%\Perflib_Perfdata_234.dat -> [Ver = | Size = 16384 bytes | Created Date = 27/03/2007 22:31:49 | Attr = ] Perflib_Perfdata_2c0.dat -> %System32%\Perflib_Perfdata_2c0.dat -> [Ver = | Size = 16384 bytes | Created Date = 13/02/2007 11:02:22 | Attr = ] Perflib_Perfdata_310.dat -> %System32%\Perflib_Perfdata_310.dat -> [Ver = | Size = 16384 bytes | Created Date = 29/03/2007 18:19:26 | Attr = ] Perflib_Perfdata_314.dat -> %System32%\Perflib_Perfdata_314.dat -> [Ver = | Size = 16384 bytes | Created Date = 28/03/2007 19:46:52 | Attr = ] Perflib_Perfdata_31c.dat -> %System32%\Perflib_Perfdata_31c.dat -> [Ver = | Size = 16384 bytes | Created Date = 25/03/2007 19:22:28 | Attr = ] Perflib_Perfdata_4d8.dat -> %System32%\Perflib_Perfdata_4d8.dat -> [Ver = | Size = 16384 bytes | Created Date = 28/02/2007 18:33:52 | Attr = ] Perflib_Perfdata_57c.dat -> %System32%\Perflib_Perfdata_57c.dat -> [Ver = | Size = 16384 bytes | Created Date = 25/03/2007 18:45:43 | Attr = ] Perflib_Perfdata_5b8.dat -> %System32%\Perflib_Perfdata_5b8.dat -> [Ver = | Size = 16384 bytes | Created Date = 19/03/2007 20:25:03 | Attr = ] Perflib_Perfdata_5c8.dat -> %System32%\Perflib_Perfdata_5c8.dat -> [Ver = | Size = 16384 bytes | Created Date = 25/03/2007 19:06:27 | Attr = ] Perflib_Perfdata_5d8.dat -> %System32%\Perflib_Perfdata_5d8.dat -> [Ver = | Size = 16384 bytes | Created Date = 22/03/2007 19:38:05 | Attr = ] Perflib_Perfdata_60c.dat -> %System32%\Perflib_Perfdata_60c.dat -> [Ver = | Size = 16384 bytes | Created Date = 22/03/2007 19:30:23 | Attr = ] Perflib_Perfdata_640.dat -> %System32%\Perflib_Perfdata_640.dat -> [Ver = | Size = 16384 bytes | Created Date = 20/03/2007 17:43:27 | Attr = ] PerfStringBackup.INI -> %System32%\PerfStringBackup.INI -> [Ver = | Size = 742792 bytes | Created Date = 24/01/2007 19:34:13 | Attr = ] picn20.dll -> %System32%\picn20.dll -> Pegasus Imaging Corp. [Ver = 1.0.0.54 | Size = 38912 bytes | Created Date = 29/01/2007 19:12:05 | Attr = ] pncrt.dll -> %System32%\pncrt.dll -> Real Networks, Inc [Ver = 6.0.0.0 | Size = 278528 bytes | Created Date = 02/02/2007 09:34:38 | Attr = ] pndx5016.dll -> %System32%\pndx5016.dll -> RealNetworks, Inc. [Ver = 5.0.0.0 | Size = 6656 bytes | Created Date = 02/02/2007 09:34:38 | Attr = ] pndx5032.dll -> %System32%\pndx5032.dll -> RealNetworks, Inc. [Ver = 5.0.0.0 | Size = 5632 bytes | Created Date = 02/02/2007 09:34:38 | Attr = ] Process.exe -> %System32%\Process.exe -> http://www.beyondlogic.org [Ver = 2, 0, 0, 0 | Size = 53248 bytes | Created Date = 27/03/2007 18:14:13 | Attr = ] PROTOCOL.INI -> %System32%\PROTOCOL.INI -> [Ver = | Size = 8 bytes | Created Date = 29/01/2007 20:26:47 | Attr = ] PSCLK170.dll -> %System32%\PSCLK170.dll -> Canon. Inc [Ver = 2003, 7, 24, 1 | Size = 81920 bytes | Created Date = 07/03/2007 14:18:10 | Attr = ] PSDrvCheck.CHS -> %System32%\PSDrvCheck.CHS -> [Ver = 1.0.0.56 | Size = 16384 bytes | Created Date = 23/02/2007 14:25:15 | Attr = ] PSDrvCheck.CHT -> %System32%\PSDrvCheck.CHT -> [Ver = 1.0.0.56 | Size = 26112 bytes | Created Date = 23/02/2007 14:25:15 | Attr = ] PSDrvCheck.DE -> %System32%\PSDrvCheck.DE -> [Ver = 1.0.0.56 | Size = 26624 bytes | Created Date = 23/02/2007 14:25:16 | Attr = ] PSDrvCheck.DEU -> %System32%\PSDrvCheck.DEU -> [Ver = 1.0.0.56 | Size = 26624 bytes | Created Date = 23/02/2007 14:25:19 | Attr = ] PSDrvCheck.ES -> %System32%\PSDrvCheck.ES -> [Ver = 1.0.0.56 | Size = 16896 bytes | Created Date = 23/02/2007 14:25:13 | Attr = ] PSDrvCheck.ESP -> %System32%\PSDrvCheck.ESP -> [Ver = 1.0.0.56 | Size = 16896 bytes | Created Date = 23/02/2007 14:25:19 | Attr = ] PSDrvCheck.exe -> %System32%\PSDrvCheck.exe -> [Ver = 1.0.0.56 | Size = 396800 bytes | Created Date = 23/02/2007 14:25:18 | Attr = ] PSDrvCheck.FR -> %System32%\PSDrvCheck.FR -> [Ver = 1.0.0.56 | Size = 26624 bytes | Created Date = 23/02/2007 14:25:12 | Attr = ] PSDrvCheck.FRA -> %System32%\PSDrvCheck.FRA -> [Ver = 1.0.0.56 | Size = 26624 bytes | Created Date = 23/02/2007 14:25:21 | Attr = ] PSDrvCheck.IT -> %System32%\PSDrvCheck.IT -> [Ver = 1.0.0.56 | Size = 26624 bytes | Created Date = 23/02/2007 14:25:11 | Attr = ] PSDrvCheck.ITA -> %System32%\PSDrvCheck.ITA -> [Ver = 1.0.0.56 | Size = 26624 bytes | Created Date = 23/02/2007 14:25:09 | Attr = ] PSDrvCheck.KOR -> %System32%\PSDrvCheck.KOR -> [Ver = 1.0.0.56 | Size = 16896 bytes | Created Date = 23/02/2007 14:25:14 | Attr = ] PSDrvCheck.NL -> %System32%\PSDrvCheck.NL -> [Ver = 1.0.0.56 | Size = 26624 bytes | Created Date = 23/02/2007 14:25:14 | Attr = ] PSDrvCheck.NLD -> %System32%\PSDrvCheck.NLD -> [Ver = 1.0.0.56 | Size = 26624 bytes | Created Date = 23/02/2007 14:25:21 | Attr = ] psisdecd.dll -> %System32%\psisdecd.dll -> [Ver = | Size = 354816 bytes | Created Date = 02/02/2007 19:06:12 | Attr = ] psisrndr.ax -> %System32%\psisrndr.ax -> [Ver = | Size = 30208 bytes | Created Date = 02/02/2007 19:06:12 | Attr = ] pthreadVC.dll -> %System32%\pthreadVC.dll -> [Ver = | Size = 53299 bytes | Created Date = 25/01/2007 18:31:36 | Attr = ] px.dll -> %System32%\px.dll -> Sonic Solutions [Ver = 3.2.46.500 | Size = 514808 bytes | Created Date = 11/03/2007 19:17:53 | Attr = ] pxdrv.dll -> %System32%\pxdrv.dll -> Sonic Solutions [Ver = 1.01.95a | Size = 477944 bytes | Created Date = 11/03/2007 19:17:53 | Attr = ] pxhpinst.exe -> %System32%\pxhpinst.exe -> Sonic Solutions [Ver = 3.00.41a | Size = 68344 bytes | Created Date = 11/03/2007 19:17:53 | Attr = ] pxmas.dll -> %System32%\pxmas.dll -> Sonic Solutions [Ver = 3.2.46.500 | Size = 183032 bytes | Created Date = 11/03/2007 19:17:53 | Attr = ] pxwave.dll -> %System32%\pxwave.dll -> Sonic Solutions [Ver = 3.2.46.500 | Size = 379640 bytes | Created Date = 11/03/2007 19:17:53 | Attr = ] qedwipes.dll -> %System32%\qedwipes.dll -> [Ver = | Size = 733184 bytes | Created Date = 29/01/2007 20:22:28 | Attr = ] qkiiw.bat -> %System32%\qkiiw.bat -> [Ver = | Size = 121 bytes | Created Date = 19/03/2007 21:36:24 | Attr = ] ras -> %System32%\ras -> [Folder | Created Date = 24/01/2007 20:29:55 | Attr = ] RealMediaDX.ax -> %System32%\RealMediaDX.ax -> Gabest [Ver = 1, 0, 1, 1 | Size = 161792 bytes | Created Date = 25/02/2007 12:32:52 | Attr = RHS] RLAPEDec.ax -> %System32%\RLAPEDec.ax -> RadLight [Ver = 1, 0, 0, 0 | Size = 54784 bytes | Created Date = 25/02/2007 12:32:52 | Attr = RHS] RLMPCDec.ax -> %System32%\RLMPCDec.ax -> RadLight [Ver = 1, 0, 0, 4 | Size = 37888 bytes | Created Date = 25/02/2007 12:32:52 | Attr = RHS] RLOgg.ax -> %System32%\RLOgg.ax -> RadLight [Ver = 1.0.0.2 | Size = 186880 bytes | Created Date = 25/02/2007 12:32:52 | Attr = RHS] RLSpeexDec.ax -> %System32%\RLSpeexDec.ax -> [Ver = 1, 0, 0, 0 | Size = 51712 bytes | Created Date = 25/02/2007 12:32:53 | Attr = RHS] RLTheoraDec.ax -> %System32%\RLTheoraDec.ax -> RadLight, LLC [Ver = 1, 0, 0, 3 | Size = 67584 bytes | Created Date = 25/02/2007 12:32:53 | Attr = RHS] RLVorbisDec.ax -> %System32%\RLVorbisDec.ax -> RadLight [Ver = 1, 0, 1, 1 | Size = 92672 bytes | Created Date = 25/02/2007 12:32:53 | Attr = RHS] rmoc3260.dll -> %System32%\rmoc3260.dll -> RealNetworks, Inc. [Ver = 6.0.9.2568 | Size = 185952 bytes | Created Date = 02/02/2007 09:34:38 | Attr = ] rocket -> %System32%\rocket -> [Folder | Created Date = 24/01/2007 19:43:24 | Attr = ] rpcproxy -> %System32%\rpcproxy -> [Folder | Created Date = 24/01/2007 19:43:23 | Attr = ] rtl70.bpl -> %System32%\rtl70.bpl -> Borland Software Corporation [Ver = 7.0.4.453 | Size = 778240 bytes | Created Date = 23/02/2007 14:24:33 | Attr = ] rxwas.bat -> %System32%\rxwas.bat -> [Ver = | Size = 121 bytes | Created Date = 18/03/2007 11:18:58 | Attr = ] sczihu.bat -> %System32%\sczihu.bat -> [Ver = | Size = 116 bytes | Created Date = 16/03/2007 23:37:42 | Attr = ] Setup -> %System32%\Setup -> [Folder | Created Date = 24/01/2007 20:29:55 | Attr = ] SG62CPL.DLL -> %System32%\SG62CPL.DLL -> CANON INC. [Ver = 6.2.2 | Size = 28720 bytes | Created Date = 24/01/2007 20:12:14 | Attr = R ] SG62UUD.DLL -> %System32%\SG62UUD.DLL -> CANON INC. [Ver = 1.0.0.3 | Size = 114688 bytes | Created Date = 24/01/2007 20:12:14 | Attr = R ] ShellDHCP -> %System32%\ShellDHCP -> [Folder | Created Date = 25/02/2007 12:35:06 | Attr = ] ShellExt -> %System32%\ShellExt -> [Folder | Created Date = 24/01/2007 20:29:55 | Attr = ] shiftjis.uce -> %System32%\shiftjis.uce -> [Ver = | Size = 16740 bytes | Created Date = 24/01/2007 19:40:40 | Attr = ] Shutdown.exe -> %System32%\Shutdown.exe -> [Ver = | Size = 35600 bytes | Created Date = 24/03/2007 18:35:56 | Attr = ] Smab.dll -> %System32%\Smab.dll -> [Ver = | Size = 845312 bytes | Created Date = 25/02/2007 12:35:07 | Attr = ] sockspy.dll -> %System32%\sockspy.dll -> [Ver = | Size = 61440 bytes | Created Date = 24/01/2007 20:32:13 | Attr = ] spool -> %System32%\spool -> [Folder | Created Date = 24/01/2007 20:29:55 | Attr = ] spxcoins.dll -> %System32%\spxcoins.dll -> Specialix International Ltd. [Ver = 1.0.0.0004 | Size = 150528 bytes | Created Date = 24/01/2007 19:34:06 | Attr = ] sqlsodbc.chm -> %System32%\sqlsodbc.chm -> [Ver = | Size = 46133 bytes | Created Date = 29/01/2007 20:26:13 | Attr = ] SrchSTS.exe -> %System32%\SrchSTS.exe -> S!Ri [Ver = | Size = 288417 bytes | Created Date = 27/03/2007 18:14:13 | Attr = ] subrange.uce -> %System32%\subrange.uce -> [Ver = | Size = 93702 bytes | Created Date = 24/01/2007 19:40:40 | Attr = ] swreg.exe -> %System32%\swreg.exe -> SteelWerX [Ver = 2.0.1.0 | Size = 135168 bytes | Created Date = 27/03/2007 18:14:13 | Attr = ] swsc.exe -> %System32%\swsc.exe -> [Ver = | Size = 40960 bytes | Created Date = 27/03/2007 18:14:13 | Attr = ] swxcacls.exe -> %System32%\swxcacls.exe -> SteelWerX [Ver = 1.0.1.1 | Size = 79360 bytes | Created Date = 27/03/2007 18:14:13 | Attr = ] SYSTEM.INI -> %System32%\SYSTEM.INI -> [Ver = | Size = 8 bytes | Created Date = 29/01/2007 20:26:46 | Attr = ] tifflt.dll -> %System32%\tifflt.dll -> Eastman Software, Inc., A Kodak Business [Ver = 5.00.2920.0000 | Size = 33552 bytes | Created Date = 24/01/2007 19:40:37 | Attr = ] tmp.reg -> %System32%\tmp.reg -> [Ver = | Size = 1422 bytes | Created Date = 26/03/2007 18:33:16 | Attr = ] tunes.bmp -> %System32%\tunes.bmp -> [Ver = | Size = 1584 bytes | Created Date = 24/01/2007 19:40:47 | Attr = ] UCS32P.DLL -> %System32%\UCS32P.DLL -> Canon [Ver = 1.9.1 | Size = 323644 bytes | Created Date = 24/01/2007 20:12:15 | Attr = R ] Uninstall.ico -> %System32%\Uninstall.ico -> [Ver = | Size = 2550 bytes | Created Date = 04/04/2007 06:11:45 | Attr = ] vcl70.bpl -> %System32%\vcl70.bpl -> Borland Software Corporation [Ver = 7.0.4.453 | Size = 1381376 bytes | Created Date = 23/02/2007 14:24:33 | Attr = ] vclx70.bpl -> %System32%\vclx70.bpl -> Borland Software Corporation [Ver = 7.0.4.453 | Size = 215040 bytes | Created Date = 23/02/2007 14:24:33 | Attr = ] vxblock.dll -> %System32%\vxblock.dll -> Sonic Solutions [Ver = 1.00.72a | Size = 39672 bytes | Created Date = 11/03/2007 19:17:53 | Attr = ] WanPacket.dll -> %System32%\WanPacket.dll -> CACE Technologies [Ver = 4.0.0.755 | Size = 68480 bytes | Created Date = 25/01/2007 18:31:34 | Attr = ] wbem -> %System32%\wbem -> [Folder | Created Date = 24/01/2007 20:29:55 | Attr = ] WIN.INI -> %System32%\WIN.INI -> [Ver = | Size = 8 bytes | Created Date = 29/01/2007 20:26:46 | Attr = ] Windows Media -> %System32%\Windows Media -> [Folder | Created Date = 28/03/2007 13:50:25 | Attr = ] wins -> %System32%\wins -> [Folder | Created Date = 24/01/2007 20:29:55 | Attr = ] wpcap.dll -> %System32%\wpcap.dll -> CACE Technologies [Ver = 4.0.0.755 | Size = 240496 bytes | Created Date = 25/01/2007 18:31:36 | Attr = ] x.264.exe -> %System32%\x.264.exe -> [Ver = | Size = 240128 bytes | Created Date = 25/02/2007 12:35:08 | Attr = ] xdll.bat -> %System32%\xdll.bat -> [Ver = | Size = 114 bytes | Created Date = 20/03/2007 17:48:14 | Attr = ] xiffr3_0.dll -> %System32%\xiffr3_0.dll -> Scansoft [Ver = 3. 0. 0. 18 | Size = 641808 bytes | Created Date = 24/01/2007 19:40:37 | Attr = ] yv12vfw.dll -> %System32%\yv12vfw.dll -> www.helixcommunity.org [Ver = R1.02 | Size = 70656 bytes | Created Date = 25/02/2007 12:35:08 | Attr = ] ZPORT4AS.dll -> %System32%\ZPORT4AS.dll -> [Ver = | Size = 11776 bytes | Created Date = 04/04/2007 06:12:21 | Attr = ] 12520437.cpx -> %System32%\dllcache\12520437.cpx -> [Ver = | Size = 2151 bytes | Created Date = 29/01/2007 20:25:52 | Attr = ] 12520850.cpx -> %System32%\dllcache\12520850.cpx -> [Ver = | Size = 2233 bytes | Created Date = 29/01/2007 20:25:52 | Attr = ] amstream.dll -> %System32%\dllcache\amstream.dll -> [Ver = | Size = 64512 bytes | Created Date = 29/01/2007 20:22:26 | Attr = ] dgrpsetu.dll -> %System32%\dllcache\dgrpsetu.dll -> Digi [Ver = 2.2.1 | Size = 123904 bytes | Created Date = 24/01/2007 19:34:06 | Attr = ] dgsetup.dll -> %System32%\dllcache\dgsetup.dll -> Digi International [Ver = v3.7.1.10 | Size = 86288 bytes | Created Date = 24/01/2007 19:34:06 | Attr = ] eqnclass.dll -> %System32%\dllcache\eqnclass.dll -> Equinox Systems Inc. [Ver = 3.0d | Size = 176400 bytes | Created Date = 24/01/2007 19:34:06 | Attr = ] fpencode.dll -> %System32%\dllcache\fpencode.dll -> [Ver = | Size = 94208 bytes | Created Date = 24/01/2007 19:43:46 | Attr = ] htrn_jis.dll -> %System32%\dllcache\htrn_jis.dll -> Hilgraeve, Inc. [Ver = 5.00.2195.6684 | Size = 11536 bytes | Created Date = 24/01/2007 19:40:34 | Attr = ] mciqtz32.dll -> %System32%\dllcache\mciqtz32.dll -> [Ver = | Size = 34304 bytes | Created Date = 29/01/2007 20:22:26 | Attr = ] mei32api.dll -> %System32%\dllcache\mei32api.dll -> IBM Corporation [Ver = 2.60.35 | Size = 31232 bytes | Created Date = 24/01/2007 19:44:03 | Attr = ] meiw0439.dll -> %System32%\dllcache\meiw0439.dll -> IBM Corporation [Ver = 2.60.35 | Size = 83968 bytes | Created Date = 24/01/2007 19:44:03 | Attr = ] mpg2splt.ax -> %System32%\dllcache\mpg2splt.ax -> [Ver = | Size = 136192 bytes | Created Date = 29/01/2007 20:22:26 | Attr = ] mwave.dll -> %System32%\dllcache\mwave.dll -> IBM Corporation [Ver = 2.60.35 | Size = 50688 bytes | Created Date = 24/01/2007 19:44:14 | Attr = ] mwavesrv.dll -> %System32%\dllcache\mwavesrv.dll -> IBM Corporation [Ver = 2.60.35 | Size = 129024 bytes | Created Date = 24/01/2007 19:44:14 | Attr = ] mwblw32.dll -> %System32%\dllcache\mwblw32.dll -> IBM Corporation [Ver = 2.60.35 | Size = 56832 bytes | Created Date = 24/01/2007 19:44:15 | Attr = ] mwci32.dll -> %System32%\dllcache\mwci32.dll -> IBM Corporation [Ver = 2.60.35 | Size = 51712 bytes | Created Date = 24/01/2007 19:44:15 | Attr = ] mwcicore.dll -> %System32%\dllcache\mwcicore.dll -> IBM Corporation [Ver = 2.60.35 | Size = 71680 bytes | Created Date = 24/01/2007 19:44:15 | Attr = ] mwcload.exe -> %System32%\dllcache\mwcload.exe -> IBM Corporation [Ver = 2.60.35 | Size = 56832 bytes | Created Date = 24/01/2007 19:44:15 | Attr = ] mwcloadw.exe -> %System32%\dllcache\mwcloadw.exe -> IBM Corporation [Ver = 2.60.35 | Size = 60928 bytes | Created Date = 24/01/2007 19:44:15 | Attr = ] mwclw32.dll -> %System32%\dllcache\mwclw32.dll -> IBM Corporation [Ver = 2.60.35 | Size = 90624 bytes | Created Date = 24/01/2007 19:44:16 | Attr = ] mwcnam32.dll -> %System32%\dllcache\mwcnam32.dll -> IBM Corporation [Ver = 2.60.35 | Size = 33280 bytes | Created Date = 24/01/2007 19:44:16 | Attr = ] mwcpa32.cpl -> %System32%\dllcache\mwcpa32.cpl -> IBM Corporation [Ver = 2.60.35 | Size = 94208 bytes | Created Date = 24/01/2007 19:44:16 | Attr = ] mwcpyrt.exe -> %System32%\dllcache\mwcpyrt.exe -> IBM Corporation [Ver = 2.60.35 | Size = 26112 bytes | Created Date = 24/01/2007 19:44:16 | Attr = ] mwcsw32.exe -> %System32%\dllcache\mwcsw32.exe -> IBM Corporation [Ver = 2.60.35 | Size = 160256 bytes | Created Date = 24/01/2007 19:44:16 | Attr = ] mwmdmsvc.exe -> %System32%\dllcache\mwmdmsvc.exe -> IBM Corporation [Ver = 2.60.35 | Size = 50688 bytes | Created Date = 24/01/2007 19:44:16 | Attr = ] mwmlw32.dll -> %System32%\dllcache\mwmlw32.dll -> IBM Corporation [Ver = 2.60.35 | Size = 262144 bytes | Created Date = 24/01/2007 19:44:16 | Attr = ] mwmmw32.dll -> %System32%\dllcache\mwmmw32.dll -> IBM Corporation [Ver = 2.60.35 | Size = 40448 bytes | Created Date = 24/01/2007 19:44:16 | Attr = ] mwmpw32.dll -> %System32%\dllcache\mwmpw32.dll -> IBM Corporation [Ver = 2.60.35 | Size = 164352 bytes | Created Date = 24/01/2007 19:44:16 | Attr = ] mwmw32.dll -> %System32%\dllcache\mwmw32.dll -> IBM Corporation [Ver = 2.60.35 | Size = 121344 bytes | Created Date = 24/01/2007 19:44:17 | Attr = ] mwrcov16.exe -> %System32%\dllcache\mwrcov16.exe -> IBM Corporation [Ver = 2.60:35 | Size = 42496 bytes | Created Date = 24/01/2007 19:44:17 | Attr = ] mwremind.exe -> %System32%\dllcache\mwremind.exe -> IBM Corporation [Ver = 2.60.35 | Size = 202752 bytes | Created Date = 24/01/2007 19:44:17 | Attr = ] mwsetupk.sys -> %System32%\dllcache\mwsetupk.sys -> IBM Corporation [Ver = 2.60.01.0 | Size = 5376 bytes | Created Date = 24/01/2007 19:44:17 | Attr = ] mwssw32.exe -> %System32%\dllcache\mwssw32.exe -> IBM Corporation [Ver = 2.60.35 | Size = 29184 bytes | Created Date = 24/01/2007 19:44:17 | Attr = ] mwwdm.sys -> %System32%\dllcache\mwwdm.sys -> IBM Corporation [Ver = 2.60.05.0 | Size = 39200 bytes | Created Date = 24/01/2007 19:44:17 | Attr = ] mwwdmhlp.dll -> %System32%\dllcache\mwwdmhlp.dll -> IBM Corporation [Ver = 2.60.35 | Size = 30720 bytes | Created Date = 24/01/2007 19:44:17 | Attr = ] mwwtt32.dll -> %System32%\dllcache\mwwtt32.dll -> IBM Corporation [Ver = 2.60.35 | Size = 108032 bytes | Created Date = 24/01/2007 19:44:17 | Attr = ] nt5.cat -> %System32%\dllcache\nt5.cat -> [Ver = | Size = 1847411 bytes | Created Date = 24/01/2007 19:33:57 | Attr = ] nt5inf.cat -> %System32%\dllcache\nt5inf.cat -> [Ver = | Size = 97252 bytes | Created Date = 24/01/2007 19:33:57 | Attr = ] odbcconf.rsp -> %System32%\dllcache\odbcconf.rsp -> [Ver = | Size = 28 bytes | Created Date = 29/01/2007 20:25:50 | Attr = ] pinball.exe -> %System32%\dllcache\pinball.exe -> Cinematronics [Ver = 5.00.2134.1 | Size = 305424 bytes | Created Date = 24/01/2007 19:40:51 | Attr = ] qtest32.exe -> %System32%\dllcache\qtest32.exe -> IBM Corporation [Ver = 2.60.35 | Size = 155648 bytes | Created Date = 24/01/2007 19:44:29 | Attr = ] qtestm32.dll -> %System32%\dllcache\qtestm32.dll -> IBM Corporation [Ver = 2.60.35 | Size = 31744 bytes | Created Date = 24/01/2007 19:44:29 | Attr = ] rtl8139.sys -> %System32%\dllcache\rtl8139.sys -> Realtek Semiconductor Corporation [Ver = 5.366.0818.1999 | Size = 18704 bytes | Created Date = 15/03/2007 19:12:18 | Attr = ] spxcoins.dll -> %System32%\dllcache\spxcoins.dll -> Specialix International Ltd. [Ver = 1.0.0.0004 | Size = 150528 bytes | Created Date = 24/01/2007 19:34:06 | Attr = ] srgb.icm -> %System32%\dllcache\srgb.icm -> [Ver = | Size = 3144 bytes | Created Date = 02/02/2007 09:12:39 | Attr = ] tcarc.sys -> %System32%\dllcache\tcarc.sys -> Thomas-Conrad Corporation [Ver = 1.10.0.0 | Size = 10800 bytes | Created Date = 24/01/2007 19:44:46 | Attr = ] tifflt.dll -> %System32%\dllcache\tifflt.dll -> Eastman Software, Inc., A Kodak Business [Ver = 5.00.2920.0000 | Size = 33552 bytes | Created Date = 24/01/2007 19:40:37 | Attr = ] wangimg.exe -> %System32%\dllcache\wangimg.exe -> Eastman Software, Inc., A Kodak Business [Ver = 5.00.2134.1 | Size = 7440 bytes | Created Date = 24/01/2007 19:44:52 | Attr = ] xiffr3_0.dll -> %System32%\dllcache\xiffr3_0.dll -> Scansoft [Ver = 3. 0. 0. 18 | Size = 641808 bytes | Created Date = 24/01/2007 19:40:37 | Attr = ] xilinxit.dll -> %System32%\dllcache\xilinxit.dll -> IBM Corporation [Ver = 2.60.35 | Size = 36352 bytes | Created Date = 24/01/2007 19:44:55 | Attr = ] ALCXWDM.SYS -> %System32%\drivers\ALCXWDM.SYS -> Avance Logic, Inc. [Ver = 5.10.3610 | Size = 285533 bytes | Created Date = 24/01/2007 20:00:19 | Attr = ] asapiW2k.sys -> %System32%\drivers\asapiW2k.sys -> VOB Computersysteme GmbH [Ver = 6, 0, 0, 1 | Size = 11264 bytes | Created Date = 23/02/2007 14:25:12 | Attr = ] atksgt.sys -> %System32%\drivers\atksgt.sys -> [Ver = | Size = 271360 bytes | Created Date = 03/02/2007 13:29:45 | Attr = ] AvgAsCln.sys -> %System32%\drivers\AvgAsCln.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 3968 bytes | Created Date = 19/03/2007 18:40:07 | Attr = ] cdr4_2k.sys -> %System32%\drivers\cdr4_2k.sys -> Sonic Solutions [Ver = 8.0.0.212 | Size = 2432 bytes | Created Date = 11/03/2007 19:17:54 | Attr = ] cdralw2k.sys -> %System32%\drivers\cdralw2k.sys -> Sonic Solutions [Ver = 8.0.0.212 | Size = 2560 bytes | Created Date = 11/03/2007 19:17:54 | Attr = ] disdn -> %System32%\drivers\disdn -> [Folder | Created Date = 24/01/2007 20:29:55 | Attr = ] etc -> %System32%\drivers\etc -> [Folder | Created Date = 24/01/2007 20:29:55 | Attr = ] fbxusb32.sys -> %System32%\drivers\fbxusb32.sys -> FreeBox SA [Ver = 1.3.0.0 | Size = 21344 bytes | Created Date = 24/01/2007 20:09:40 | Attr = R ] gmer.sys -> %System32%\drivers\gmer.sys -> GMER [Ver = 1, 0, 12, 3816 | Size = 68993 bytes | Created Date = 03/04/2007 22:34:19 | Attr = ] imagedrv.sys -> %System32%\drivers\imagedrv.sys -> Ahead Software AG and its licensors [Ver = 2.23.0.0 | Size = 89184 bytes | Created Date = 29/01/2007 19:12:23 | Attr = ] lirsgt.sys -> %System32%\drivers\lirsgt.sys -> [Ver = | Size = 18048 bytes | Created Date = 03/02/2007 13:29:44 | Attr = ] npf.sys -> %System32%\drivers\npf.sys -> CACE Technologies [Ver = 4.0.0.755 | Size = 42000 bytes | Created Date = 25/01/2007 18:31:34 | Attr = ] nwlnkcr.sys -> %System32%\drivers\nwlnkcr.sys -> [Ver = | Size = 18 bytes | Created Date = 31/03/2007 11:53:31 | Attr = ] rob_a.sys -> %System32%\drivers\rob_a.sys -> Pinnacle Systems GmbH [Ver = 1.0.2.8 | Size = 17664 bytes | Created Date = 02/02/2007 09:07:53 | Attr = R ] rob_v.sys -> %System32%\drivers\rob_v.sys -> Pinnacle Systems GmbH [Ver = 1.0.2.35 | Size = 125568 bytes | Created Date = 24/01/2007 20:20:32 | Attr = R ] RTL8139.sys -> %System32%\drivers\RTL8139.sys -> Realtek Semiconductor Corporation [Ver = 5.366.0818.1999 | Size = 18704 bytes | Created Date = 15/03/2007 19:12:18 | Attr = ] SECDRV.SYS -> %System32%\drivers\SECDRV.SYS -> Macrovision Europe Ltd [Ver = 3.18.000 | Size = 12400 bytes | Created Date = 25/01/2007 08:18:33 | Attr = ] sptd.sys -> %System32%\drivers\sptd.sys -> [Ver = | Size = 642560 bytes | Created Date = 25/01/2007 08:07:32 | Attr = ] sptd5725.sys -> %System32%\drivers\sptd5725.sys -> [Ver = | Size = 74192 bytes | Created Date = 25/01/2007 08:07:32 | Attr = ] SvStream.sys -> %System32%\drivers\SvStream.sys -> Sound Vision Inc. [Ver = 1, 1, 0, 9 | Size = 93144 bytes | Created Date = 24/01/2007 20:53:26 | Attr = ] vaxscsi.sys -> %System32%\drivers\vaxscsi.sys -> [Ver = | Size = 223128 bytes | Created Date = 25/01/2007 08:10:44 | Attr = ] VIAAGP1.SYS -> %System32%\drivers\VIAAGP1.SYS -> VIA Technologies, Inc. [Ver = 5.00.00.0405 | Size = 23730 bytes | Created Date = 24/01/2007 19:56:20 | Attr = R ] viaide.sys -> %System32%\drivers\viaide.sys -> VIA Technologies, Inc. [Ver = 5.00.2195.5110 | Size = 4795 bytes | Created Date = 24/01/2007 19:56:22 | Attr = R ] VIAPFD.SYS -> %System32%\drivers\VIAPFD.SYS -> VIA Technologies. Inc. [Ver = 5.00.2195.100 | Size = 3033 bytes | Created Date = 24/01/2007 19:55:55 | Attr = ] viausb.sys -> %System32%\drivers\viausb.sys -> VIA Technologies, Inc. [Ver = 1.08 | Size = 9038 bytes | Created Date = 24/01/2007 19:55:55 | Attr = ] [Files/Folders - Modified Within 90 days] !Submit -> %SystemDrive%\!Submit -> [Folder | Modified Date = 15/03/2007 20:38:30 | Attr = ] AUTOEXEC.BAT -> %SystemDrive%\AUTOEXEC.BAT -> [Ver = | Size = 0 bytes | Modified Date = 24/01/2007 20:42:56 | Attr = ] avenger -> %SystemDrive%\avenger -> [Folder | Modified Date = 06/04/2007 07:25:34 | Attr = ] b48da1ca53575bea94a6b53607 -> %SystemDrive%\b48da1ca53575bea94a6b53607 -> [Folder | Modified Date = 28/03/2007 14:49:14 | Attr = ] Bases -> %SystemDrive%\Bases -> [Folder | Modified Date = 24/03/2007 19:12:56 | Attr = ] boot.ini -> %SystemDrive%\boot.ini -> [Ver = | Size = 202 bytes | Modified Date = 05/04/2007 18:54:28 | Attr = HS] Config.Msi -> %SystemDrive%\Config.Msi -> [Folder | Modified Date = 31/03/2007 08:48:10 | Attr = HS] CONFIG.SYS -> %SystemDrive%\CONFIG.SYS -> [Ver = | Size = 0 bytes | Modified Date = 24/01/2007 20:42:56 | Attr = H ] Directx -> %SystemDrive%\Directx -> [Folder | Modified Date = 28/01/2007 20:19:36 | Attr = ] Documents and Settings -> %SystemDrive%\Documents and Settings -> [Folder | Modified Date = 26/02/2007 16:07:24 | Attr = ] Downloads -> %SystemDrive%\Downloads -> [Folder | Modified Date = 24/03/2007 19:12:38 | Attr = ] getfile.dat -> %SystemDrive%\getfile.dat -> [Ver = | Size = 14 bytes | Modified Date = 19/03/2007 21:12:34 | Attr = ] IO.SYS -> %SystemDrive%\IO.SYS -> [Ver = | Size = 0 bytes | Modified Date = 24/01/2007 20:42:56 | Attr = RHS] Kaspersky -> %SystemDrive%\Kaspersky -> [Folder | Modified Date = 25/03/2007 14:16:48 | Attr = ] MSDOS.SYS -> %SystemDrive%\MSDOS.SYS -> [Ver = | Size = 0 bytes | Modified Date = 24/01/2007 20:42:56 | Attr = RHS] Myst V End Of Ages -> %SystemDrive%\Myst V End Of Ages -> [Folder | Modified Date = 28/03/2007 10:45:22 | Attr = ] Nvidia Driver Geforce fx5200 -> %SystemDrive%\Nvidia Driver Geforce fx5200 -> [Folder | Modified Date = 24/01/2007 21:04:34 | Attr = ] Program Files -> %ProgramFiles% -> [Folder | Modified Date = 04/04/2007 23:08:46 | Attr = R ] RECYCLER -> %SystemDrive%\RECYCLER -> [Folder | Modified Date = 24/01/2007 21:41:50 | Attr = HS] System Volume Information -> %SystemDrive%\System Volume Information -> [Folder | Modified Date = 24/01/2007 20:49:16 | Attr = HS] WINNT -> %SystemRoot% -> [Folder | Modified Date = 08/04/2007 19:27:30 | Attr = ] $NtUpdateRollupPackUninstall$ -> %SystemRoot%\$NtUpdateRollupPackUninstall$ -> [Folder | Modified Date = 28/03/2007 14:50:02 | Attr = H ] $SQLUninstallMDAC27SP1-KB927779-x86-FRA$ -> %SystemRoot%\$SQLUninstallMDAC27SP1-KB927779-x86-FRA$ -> [Folder | Modified Date = 29/03/2007 20:09:10 | Attr = H ] addins -> %SystemRoot%\addins -> [Folder | Modified Date = 24/01/2007 21:30:32 | Attr = ] AppPatch -> %SystemRoot%\AppPatch -> [Folder | Modified Date = 08/04/2007 13:20:34 | Attr = ] AU_Backup -> %SystemRoot%\AU_Backup -> [Folder | Modified Date = 27/01/2007 13:30:18 | Attr = ] AU_Log -> %SystemRoot%\AU_Log -> [Folder | Modified Date = 27/01/2007 13:25:12 | Attr = ] AU_Temp -> %SystemRoot%\AU_Temp -> [Folder | Modified Date = 15/03/2007 21:15:00 | Attr = ] avrack.ini -> %SystemRoot%\avrack.ini -> [Ver = | Size = 164 bytes | Modified Date = 24/01/2007 21:47:52 | Attr = ] Awm4midi.ini -> %SystemRoot%\Awm4midi.ini -> [Ver = | Size = 276 bytes | Modified Date = 29/01/2007 21:29:58 | Attr = ] bdinit.ini -> %SystemRoot%\bdinit.ini -> [Ver = | Size = 10 bytes | Modified Date = 16/03/2007 21:40:16 | Attr = ] BDOSCAN8 -> %SystemRoot%\BDOSCAN8 -> [Folder | Modified Date = 20/03/2007 23:55:02 | Attr = ] BPMNT.dll -> %SystemRoot%\BPMNT.dll -> Trend Micro Inc. [Ver = 8.000-1001 | Size = 86094 bytes | Modified Date = 27/01/2007 13:30:16 | Attr = ] Config -> %SystemRoot%\Config -> [Folder | Modified Date = 24/01/2007 21:30:48 | Attr = ] Connection Wizard -> %SystemRoot%\Connection Wizard -> [Folder | Modified Date = 24/01/2007 21:29:56 | Attr = ] control.ini -> %SystemRoot%\control.ini -> [Ver = | Size = 0 bytes | Modified Date = 24/01/2007 20:42:56 | Attr = ] Cookies -> %SystemRoot%\Cookies -> [Folder | Modified Date = 17/03/2007 19:27:50 | Attr = S] CSC -> %SystemRoot%\CSC -> [Folder | Modified Date = 10/04/2007 09:03:02 | Attr = HS] Cursors -> %SystemRoot%\Cursors -> [Folder | Modified Date = 25/02/2007 13:26:38 | Attr = ] Debug -> %SystemRoot%\Debug -> [Folder | Modified Date = 10/04/2007 09:03:34 | Attr = ] desktop.ini -> %SystemRoot%\desktop.ini -> [Ver = | Size = 271 bytes | Modified Date = 24/01/2007 20:42:14 | Attr = H ] Downloaded Installations -> %SystemRoot%\Downloaded Installations -> [Folder | Modified Date = 22/02/2007 21:19:10 | Attr = ] Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Modified Date = 08/04/2007 13:20:14 | Attr = S] Driver Cache -> %SystemRoot%\Driver Cache -> [Folder | Modified Date = 24/01/2007 21:29:56 | Attr = ] Fichiers d'installation de Windows Update -> %SystemRoot%\Fichiers d'installation de Windows Update -> [Folder | Modified Date = 24/02/2007 21:16:52 | Attr = ] folder.htt -> %SystemRoot%\folder.htt -> [Ver = | Size = 21844 bytes | Modified Date = 24/01/2007 20:42:14 | Attr = H ] Fonts -> %SystemRoot%\Fonts -> [Folder | Modified Date = 23/02/2007 15:25:24 | Attr = R S] GetServer.ini -> %SystemRoot%\GetServer.ini -> [Ver = | Size = 170 bytes | Modified Date = 15/03/2007 21:15:00 | Attr = ] gmer.dll -> %SystemRoot%\gmer.dll -> [Ver = 1, 0, 12, 12086 | Size = 565311 bytes | Modified Date = 03/04/2007 23:34:20 | Attr = ] gmer.exe -> %SystemRoot%\gmer.exe -> [Ver = 1, 0, 12, 12086 | Size = 573440 bytes | Modified Date = 07/03/2007 15:52:36 | Attr = ] gmer.ini -> %SystemRoot%\gmer.ini -> [Ver = | Size = 250 bytes | Modified Date = 03/04/2007 23:35:16 | Attr = ] gmer_uninstall.cmd -> %SystemRoot%\gmer_uninstall.cmd -> [Ver = | Size = 80 bytes | Modified Date = 03/04/2007 23:34:20 | Attr = ] hcextoutput.dll -> %SystemRoot%\hcextoutput.dll -> [Ver = | Size = 71749 bytes | Modified Date = 27/01/2007 13:30:16 | Attr = ] Help -> %SystemRoot%\Help -> [Folder | Modified Date = 31/03/2007 18:44:28 | Attr = ] Historique -> %SystemRoot%\Historique -> [Folder | Modified Date = 04/02/2007 18:41:38 | Attr = S] hpdj5100.his -> %SystemRoot%\hpdj5100.his -> [Ver = | Size = 180248 bytes | Modified Date = 02/02/2007 10:16:08 | Attr = ] hpdj5100.ini -> %SystemRoot%\hpdj5100.ini -> [Ver = | Size = 11413 bytes | Modified Date = 02/02/2007 10:16:08 | Attr = ] ime -> %SystemRoot%\ime -> [Folder | Modified Date = 24/01/2007 20:43:26 | Attr = ] imsins.BAK -> %SystemRoot%\imsins.BAK -> [Ver = | Size = 1418 bytes | Modified Date = 29/03/2007 21:33:04 | Attr = ] inf -> %SystemRoot%\inf -> [Folder | Modified Date = 08/04/2007 00:59:36 | Attr = H ] Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 31/03/2007 08:48:10 | Attr = HS] LPT$VPN.219 -> %SystemRoot%\LPT$VPN.219 -> [Ver = | Size = 25798821 bytes | Modified Date = 27/01/2007 13:30:16 | Attr = ] Media -> %SystemRoot%\Media -> [Folder | Modified Date = 24/01/2007 23:44:10 | Attr = ] Minidump -> %SystemRoot%\Minidump -> [Folder | Modified Date = 17/03/2007 19:24:54 | Attr = ] mozver.dat -> %SystemRoot%\mozver.dat -> [Ver = | Size = 4243 bytes | Modified Date = 31/03/2007 08:48:16 | Attr = ] msagent -> %SystemRoot%\msagent -> [Folder | Modified Date = 29/03/2007 20:00:44 | Attr = ] msapps -> %SystemRoot%\msapps -> [Folder | Modified Date = 24/01/2007 23:20:32 | Attr = ] msdownld.tmp -> %SystemRoot%\msdownld.tmp -> [Folder | Modified Date = 25/02/2007 13:28:36 | Attr = H ] msiinst.tmp -> %SystemRoot%\msiinst.tmp -> [Folder | Modified Date = 28/03/2007 15:02:42 | Attr = ] mww32 -> %SystemRoot%\mww32 -> [Folder | Modified Date = 24/01/2007 20:43:26 | Attr = ] NeroDigital.ini -> %SystemRoot%\NeroDigital.ini -> [Ver = | Size = 49 bytes | Modified Date = 07/04/2007 23:52:24 | Attr = ] nsreg.dat -> %SystemRoot%\nsreg.dat -> [Ver = | Size = 0 bytes | Modified Date = 24/01/2007 22:41:48 | Attr = ] nview -> %SystemRoot%\nview -> [Folder | Modified Date = 24/01/2007 21:05:56 | Attr = ] ODBC.INI -> %SystemRoot%\ODBC.INI -> [Ver = | Size = 207 bytes | Modified Date = 11/03/2007 17:25:40 | Attr = ] ODBCINST.INI -> %SystemRoot%\ODBCINST.INI -> [Ver = | Size = 4429 bytes | Modified Date = 29/01/2007 21:26:16 | Attr = ] Offline Web Pages -> %SystemRoot%\Offline Web Pages -> [Folder | Modified Date = 24/01/2007 20:42:12 | Attr = R ] OpPrintServer.INI -> %SystemRoot%\OpPrintServer.INI -> [Ver = | Size = 0 bytes | Modified Date = 07/03/2007 15:16:54 | Attr = ] PATCH.EXE -> %SystemRoot%\PATCH.EXE -> Trend Micro Inc. [Ver = 1,81,0,1011 | Size = 286720 bytes | Modified Date = 27/01/2007 13:25:06 | Attr = ] PIF -> %SystemRoot%\PIF -> [Folder | Modified Date = 21/03/2007 01:15:08 | Attr = H ] pss -> %SystemRoot%\pss -> [Folder | Modified Date = 27/01/2007 15:06:58 | Attr = ] QTFont.for -> %SystemRoot%\QTFont.for -> [Ver = | Size = 1409 bytes | Modified Date = 08/04/2007 19:27:30 | Attr = ] QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Modified Date = 08/04/2007 19:27:30 | Attr = H ] RegisteredPackages -> %SystemRoot%\RegisteredPackages -> [Folder | Modified Date = 24/02/2007 21:18:34 | Attr = ] Registration -> %SystemRoot%\Registration -> [Folder | Modified Date = 24/01/2007 20:41:42 | Attr = ] REGLOCS.OLD -> %SystemRoot%\REGLOCS.OLD -> [Ver = | Size = 8192 bytes | Modified Date = 07/03/2007 15:24:42 | Attr = ] repair -> %SystemRoot%\repair -> [Folder | Modified Date = 24/01/2007 20:43:16 | Attr = ] report -> %SystemRoot%\report -> [Folder | Modified Date = 15/03/2007 21:15:18 | Attr = ] RUNAWAY.INI -> %SystemRoot%\RUNAWAY.INI -> [Ver = | Size = 40 bytes | Modified Date = 28/01/2007 20:27:40 | Attr = ] security -> %SystemRoot%\security -> [Folder | Modified Date = 08/04/2007 22:09:06 | Attr = ] setup.inf -> %SystemRoot%\setup.inf -> [Ver = | Size = 957 bytes | Modified Date = 29/03/2007 19:27:42 | Attr = ] setup.rpt -> %SystemRoot%\setup.rpt -> [Ver = | Size = 283 bytes | Modified Date = 29/03/2007 19:27:42 | Attr = ] ShellNew -> %SystemRoot%\ShellNew -> [Folder | Modified Date = 24/01/2007 23:44:00 | Attr = ] SoftwareDistribution -> %SystemRoot%\SoftwareDistribution -> [Folder | Modified Date = 04/04/2007 09:48:32 | Attr = ] Speech -> %SystemRoot%\Speech -> [Folder | Modified Date = 24/01/2007 20:34:12 | Attr = ] Sun -> %SystemRoot%\Sun -> [Folder | Modified Date = 14/02/2007 14:58:38 | Attr = ] system -> %SystemRoot%\system -> [Folder | Modified Date = 28/03/2007 17:04:00 | Attr = ] system.ini -> %SystemRoot%\system.ini -> [Ver = | Size = 227 bytes | Modified Date = 05/04/2007 18:54:28 | Attr = ] system32 -> %System32% -> [Folder | Modified Date = 10/04/2007 09:03:50 | Attr = ] Tasks -> %SystemRoot%\Tasks -> [Folder | Modified Date = 08/04/2007 14:47:20 | Attr = S] temp -> %SystemRoot%\temp -> [Folder | Modified Date = 10/04/2007 09:14:26 | Attr = ] Temporary Internet Files -> %SystemRoot%\Temporary Internet Files -> [Folder | Modified Date = 04/02/2007 18:41:38 | Attr = S] TMUPDATE.DLL -> %SystemRoot%\TMUPDATE.DLL -> Trend Micro Inc. [Ver = 1,81,0,1011 | Size = 507904 bytes | Modified Date = 27/01/2007 13:25:06 | Attr = ] tsc.exe -> %SystemRoot%\tsc.exe -> Trend Micro Inc. [Ver = 5.0.0.1107 | Size = 229957 bytes | Modified Date = 27/01/2007 13:30:16 | Attr = ] tsc.ini -> %SystemRoot%\tsc.ini -> [Ver = | Size = 823 bytes | Modified Date = 15/03/2007 22:37:30 | Attr = ] tsc.ptn -> %SystemRoot%\tsc.ptn -> [Ver = | Size = 1992471 bytes | Modified Date = 27/01/2007 13:30:18 | Attr = ] twain_32 -> %SystemRoot%\twain_32 -> [Folder | Modified Date = 07/03/2007 15:22:42 | Attr = ] UNZIP.DLL -> %SystemRoot%\UNZIP.DLL -> Trend Micro Inc. [Ver = 1.32.0.1000 | Size = 69689 bytes | Modified Date = 27/01/2007 13:25:06 | Attr = ] vb.ini -> %SystemRoot%\vb.ini -> [Ver = | Size = 36 bytes | Modified Date = 24/01/2007 20:41:12 | Attr = ] vbaddin.ini -> %SystemRoot%\vbaddin.ini -> [Ver = | Size = 37 bytes | Modified Date = 24/01/2007 20:41:12 | Attr = ] vpd.properties -> %SystemRoot%\vpd.properties -> [Ver = | Size = 4508 bytes | Modified Date = 22/02/2007 21:02:52 | Attr = ] VPTNFILE.219 -> %SystemRoot%\VPTNFILE.219 -> [Ver = | Size = 25798821 bytes | Modified Date = 27/01/2007 13:30:16 | Attr = ] vsapi32.dll -> %SystemRoot%\vsapi32.dll -> Trend Micro Inc. [Ver = 8.310-1002 | Size = 1101904 bytes | Modified Date = 27/01/2007 13:30:16 | Attr = ] War3Unin.dat -> %SystemRoot%\War3Unin.dat -> [Ver = | Size = 15095 bytes | Modified Date = 10/02/2007 18:22:56 | Attr = ] War3Unin.exe -> %SystemRoot%\War3Unin.exe -> Blizzard Entertainment [Ver = 1, 0, 0, 0 | Size = 126976 bytes | Modified Date = 10/02/2007 18:12:04 | Attr = ] War3Unin.pif -> %SystemRoot%\War3Unin.pif -> [Ver = | Size = 2829 bytes | Modified Date = 10/02/2007 18:12:04 | Attr = ] Web -> %SystemRoot%\Web -> [Folder | Modified Date = 29/03/2007 20:07:12 | Attr = S] win.ini -> %SystemRoot%\win.ini -> [Ver = | Size = 877 bytes | Modified Date = 10/04/2007 09:14:00 | Attr = ] WMSysPr9.prx -> %SystemRoot%\WMSysPr9.prx -> [Ver = | Size = 316640 bytes | Modified Date = 23/02/2007 15:26:58 | Attr = ] ~TempMui.inf -> %SystemRoot%\~TempMui.inf -> [Ver = | Size = 5538 bytes | Modified Date = 29/01/2007 21:26:20 | Attr = ] SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 10/04/2007 09:03:00 | Attr = H ] $winnt$.inf -> %System32%\$winnt$.inf -> [Ver = | Size = 341 bytes | Modified Date = 24/01/2007 20:33:56 | Attr = ] ActiveScan -> %System32%\ActiveScan -> [Folder | Modified Date = 08/04/2007 13:20:14 | Attr = ] amcompat.tlb -> %System32%\amcompat.tlb -> [Ver = | Size = 16832 bytes | Modified Date = 24/01/2007 20:42:50 | Attr = ] appmgmt -> %System32%\appmgmt -> [Folder | Modified Date = 02/02/2007 10:16:48 | Attr = ] bedgsly.bat -> %System32%\bedgsly.bat -> [Ver = | Size = 129 bytes | Modified Date = 20/03/2007 18:48:26 | Attr = ] BITS -> %System32%\BITS -> [Folder | Modified Date = 28/03/2007 20:49:34 | Attr = ] CatRoot -> %System32%\CatRoot -> [Folder | Modified Date = 28/01/2007 20:20:22 | Attr = ] Com -> %System32%\Com -> [Folder | Modified Date = 29/03/2007 20:04:24 | Attr = ] config -> %System32%\config -> [Folder | Modified Date = 04/04/2007 09:49:26 | Attr = ] CONFIG.NT -> %System32%\CONFIG.NT -> [Ver = | Size = 3072 bytes | Modified Date = 27/01/2007 19:29:26 | Attr = ] d3d9caps.dat -> %System32%\d3d9caps.dat -> [Ver = | Size = 664 bytes | Modified Date = 29/01/2007 21:27:32 | Attr = ] desktop.ini -> %System32%\desktop.ini -> [Ver = | Size = 271 bytes | Modified Date = 24/01/2007 20:42:14 | Attr = H ] dfrg.msc -> %System32%\dfrg.msc -> [Ver = | Size = 101376 bytes | Modified Date = 02/02/2007 20:01:52 | Attr = ] dhcp -> %System32%\dhcp -> [Folder | Modified Date = 24/01/2007 21:29:56 | Attr = ] DirectX -> %System32%\DirectX -> [Folder | Modified Date = 22/02/2007 21:08:56 | Attr = ] dllcache -> %System32%\dllcache -> [Folder | Modified Date = 03/04/2007 23:22:30 | Attr = RHS] DonationCoder_urlsnooper_InstallInfo.dat -> %System32%\DonationCoder_urlsnooper_InstallInfo.dat -> [Ver = | Size = 46 bytes | Modified Date = 21/02/2007 14:44:12 | Attr = ] dp.exe -> %System32%\dp.exe -> [Ver = | Size = 0 bytes | Modified Date = 28/03/2007 12:12:18 | Attr = ] drivers -> %System32%\drivers -> [Folder | Modified Date = 10/04/2007 09:04:56 | Attr = ] DTCLog -> %System32%\DTCLog -> [Folder | Modified Date = 24/01/2007 20:41:04 | Attr = ] emptyregdb.dat -> %System32%\emptyregdb.dat -> [Ver = | Size = 15204 bytes | Modified Date = 24/01/2007 20:41:42 | Attr = ] export -> %System32%\export -> [Folder | Modified Date = 24/01/2007 20:34:14 | Attr = ] FNTCACHE.DAT -> %System32%\FNTCACHE.DAT -> [Ver = | Size = 126112 bytes | Modified Date = 03/04/2007 23:22:44 | Attr = ] folder.htt -> %System32%\folder.htt -> [Ver = | Size = 21844 bytes | Modified Date = 24/01/2007 20:42:14 | Attr = H ] GroupPolicy -> %System32%\GroupPolicy -> [Folder | Modified Date = 24/01/2007 20:51:34 | Attr = H ] Help.ico -> %System32%\Help.ico -> [Ver = | Size = 1406 bytes | Modified Date = 08/04/2007 13:18:20 | Attr = ] ias -> %System32%\ias -> [Folder | Modified Date = 24/01/2007 21:31:28 | Attr = ] ie_de -> %System32%\ie_de -> [Folder | Modified Date = 24/01/2007 21:31:30 | Attr = ] inetsrv -> %System32%\inetsrv -> [Folder | Modified Date = 24/01/2007 20:43:24 | Attr = ] IOSUBSYS -> %System32%\IOSUBSYS -> [Folder | Modified Date = 08/04/2007 00:59:36 | Attr = ] irxgskvw.PIF -> %System32%\irxgskvw.PIF -> [Ver = | Size = 2855 bytes | Modified Date = 22/03/2007 00:23:34 | Attr = ] Kaspersky Lab -> %System32%\Kaspersky Lab -> [Folder | Modified Date = 16/03/2007 21:49:38 | Attr = ] Macromed -> %System32%\Macromed -> [Folder | Modified Date = 24/01/2007 23:35:42 | Attr = ] mapisvc.inf -> %System32%\mapisvc.inf -> [Ver = | Size = 725 bytes | Modified Date = 24/01/2007 20:41:48 | Attr = ] massvc32.exe -> %System32%\massvc32.exe -> [Ver = | Size = 0 bytes | Modified Date = 18/03/2007 13:34:54 | Attr = ] Microsoft -> %System32%\Microsoft -> [Folder | Modified Date = 27/03/2007 23:52:58 | Attr = ] mui -> %System32%\mui -> [Folder | Modified Date = 24/01/2007 21:29:56 | Attr = ] npp -> %System32%\npp -> [Folder | Modified Date = 24/01/2007 21:30:52 | Attr = ] nscompat.tlb -> %System32%\nscompat.tlb -> [Ver = | Size = 23392 bytes | Modified Date = 24/01/2007 20:42:50 | Attr = ] NtmsData -> %System32%\NtmsData -> [Folder | Modified Date = 09/04/2007 10:02:58 | Attr = ] nvapps.xml -> %System32%\nvapps.xml -> [Ver = | Size = 88566 bytes | Modified Date = 10/04/2007 09:03:24 | Attr = ] os2 -> %System32%\os2 -> [Folder | Modified Date = 24/01/2007 21:31:18 | Attr = ] Packet.dll -> %System32%\Packet.dll -> CACE Technologies [Ver = 4.0.0.755 | Size = 88952 bytes | Modified Date = 25/01/2007 19:31:34 | Attr = ] pavas.ico -> %System32%\pavas.ico -> [Ver = | Size = 30590 bytes | Modified Date = 08/04/2007 13:18:20 | Attr = ] perfc009.dat -> %System32%\perfc009.dat -> [Ver = | Size = 38036 bytes | Modified Date = 24/01/2007 21:44:50 | Attr = ] perfc00C.dat -> %System32%\perfc00C.dat -> [Ver = | Size = 45514 bytes | Modified Date = 24/01/2007 21:44:50 | Attr = ] perfh009.dat -> %System32%\perfh009.dat -> [Ver = | Size = 300378 bytes | Modified Date = 24/01/2007 21:44:50 | Attr = ] perfh00C.dat -> %System32%\perfh00C.dat -> [Ver = | Size = 354448 bytes | Modified Date = 24/01/2007 21:44:50 | Attr = ] Perflib_Perfdata_17c.dat -> %System32%\Perflib_Perfdata_17c.dat -> [Ver = | Size = 16384 bytes | Modified Date = 25/03/2007 19:29:08 | Attr = ] Perflib_Perfdata_188.dat -> %System32%\Perflib_Perfdata_188.dat -> [Ver = | Size = 16384 bytes | Modified Date = 25/03/2007 19:24:50 | Attr = ] Perflib_Perfdata_1c0.dat -> %System32%\Perflib_Perfdata_1c0.dat -> [Ver = | Size = 16384 bytes | Modified Date = 26/03/2007 18:53:44 | Attr = ] Perflib_Perfdata_234.dat -> %System32%\Perflib_Perfdata_234.dat -> [Ver = | Size = 16384 bytes | Modified Date = 27/03/2007 23:31:50 | Attr = ] Perflib_Perfdata_2c0.dat -> %System32%\Perflib_Perfdata_2c0.dat -> [Ver = | Size = 16384 bytes | Modified Date = 13/02/2007 12:02:26 | Attr = ] Perflib_Perfdata_310.dat -> %System32%\Perflib_Perfdata_310.dat -> [Ver = | Size = 16384 bytes | Modified Date = 29/03/2007 19:19:28 | Attr = ] Perflib_Perfdata_314.dat -> %System32%\Perflib_Perfdata_314.dat -> [Ver = | Size = 16384 bytes | Modified Date = 28/03/2007 20:46:54 | Attr = ] Perflib_Perfdata_31c.dat -> %System32%\Perflib_Perfdata_31c.dat -> [Ver = | Size = 16384 bytes | Modified Date = 25/03/2007 20:22:30 | Attr = ] Perflib_Perfdata_4d8.dat -> %System32%\Perflib_Perfdata_4d8.dat -> [Ver = | Size = 16384 bytes | Modified Date = 28/02/2007 19:33:54 | Attr = ] Perflib_Perfdata_57c.dat -> %System32%\Perflib_Perfdata_57c.dat -> [Ver = | Size = 16384 bytes | Modified Date = 25/03/2007 19:45:44 | Attr = ] Perflib_Perfdata_5b8.dat -> %System32%\Perflib_Perfdata_5b8.dat -> [Ver = | Size = 16384 bytes | Modified Date = 19/03/2007 21:25:04 | Attr = ] Perflib_Perfdata_5c8.dat -> %System32%\Perflib_Perfdata_5c8.dat -> [Ver = | Size = 16384 bytes | Modified Date = 25/03/2007 20:06:28 | Attr = ] Perflib_Perfdata_5d8.dat -> %System32%\Perflib_Perfdata_5d8.dat -> [Ver = | Size = 16384 bytes | Modified Date = 22/03/2007 20:38:06 | Attr = ] Perflib_Perfdata_60c.dat -> %System32%\Perflib_Perfdata_60c.dat -> [Ver = | Size = 16384 bytes | Modified Date = 22/03/2007 20:30:24 | Attr = ] Perflib_Perfdata_640.dat -> %System32%\Perflib_Perfdata_640.dat -> [Ver = | Size = 16384 bytes | Modified Date = 20/03/2007 18:43:28 | Attr = ] PerfStringBackup.INI -> %System32%\PerfStringBackup.INI -> [Ver = | Size = 742792 bytes | Modified Date = 24/01/2007 21:44:50 | Attr = ] PROTOCOL.INI -> %System32%\PROTOCOL.INI -> [Ver = | Size = 8 bytes | Modified Date = 29/01/2007 21:26:48 | Attr = ] pthreadVC.dll -> %System32%\pthreadVC.dll -> [Ver = | Size = 53299 bytes | Modified Date = 25/01/2007 19:31:36 | Attr = ] qkiiw.bat -> %System32%\qkiiw.bat -> [Ver = | Size = 121 bytes | Modified Date = 19/03/2007 22:36:26 | Attr = ] ras -> %System32%\ras -> [Folder | Modified Date = 24/01/2007 21:31:04 | Attr = ] rocket -> %System32%\rocket -> [Folder | Modified Date = 24/01/2007 20:43:26 | Attr = ] rpcproxy -> %System32%\rpcproxy -> [Folder | Modified Date = 24/01/2007 20:43:24 | Attr = ] rxwas.bat -> %System32%\rxwas.bat -> [Ver = | Size = 121 bytes | Modified Date = 18/03/2007 12:19:00 | Attr = ] sczihu.bat -> %System32%\sczihu.bat -> [Ver = | Size = 116 bytes | Modified Date = 17/03/2007 00:37:44 | Attr = ] Setup -> %System32%\Setup -> [Folder | Modified Date = 29/03/2007 20:04:24 | Attr = ] ShellDHCP -> %System32%\ShellDHCP -> [Folder | Modified Date = 04/03/2007 12:51:26 | Attr = ] ShellExt -> %System32%\ShellExt -> [Folder | Modified Date = 24/01/2007 21:29:56 | Attr = ] sockspy.dll -> %System32%\sockspy.dll -> [Ver = | Size = 61440 bytes | Modified Date = 24/01/2007 21:32:14 | Attr = ] spool -> %System32%\spool -> [Folder | Modified Date = 24/01/2007 21:29:56 | Attr = ] SYSTEM.INI -> %System32%\SYSTEM.INI -> [Ver = | Size = 8 bytes | Modified Date = 29/01/2007 21:26:48 | Attr = ] tmp.reg -> %System32%\tmp.reg -> [Ver = | Size = 1422 bytes | Modified Date = 30/03/2007 18:51:36 | Attr = ] Uninstall.ico -> %System32%\Uninstall.ico -> [Ver = | Size = 2550 bytes | Modified Date = 08/04/2007 13:18:20 | Attr = ] WanPacket.dll -> %System32%\WanPacket.dll -> CACE Technologies [Ver = 4.0.0.755 | Size = 68480 bytes | Modified Date = 25/01/2007 19:31:34 | Attr = ] wbem -> %System32%\wbem -> [Folder | Modified Date = 08/04/2007 13:20:48 | Attr = ] WIN.INI -> %System32%\WIN.INI -> [Ver = | Size = 8 bytes | Modified Date = 29/01/2007 21:26:48 | Attr = ] Windows Media -> %System32%\Windows Media -> [Folder | Modified Date = 28/03/2007 14:50:26 | Attr = ] wins -> %System32%\wins -> [Folder | Modified Date = 24/01/2007 21:29:56 | Attr = ] wpcap.dll -> %System32%\wpcap.dll -> CACE Technologies [Ver = 4.0.0.755 | Size = 240496 bytes | Modified Date = 25/01/2007 19:31:36 | Attr = ] xdll.bat -> %System32%\xdll.bat -> [Ver = | Size = 114 bytes | Modified Date = 20/03/2007 18:48:16 | Attr = ] tftp.exe -> %System32%\dllcache\tftp.exe -> [Ver = | Size = 18704 bytes | Modified Date = 26/03/2007 18:35:52 | Attr = ] atksgt.sys -> %System32%\drivers\atksgt.sys -> [Ver = | Size = 271360 bytes | Modified Date = 03/02/2007 14:29:46 | Attr = ] disdn -> %System32%\drivers\disdn -> [Folder | Modified Date = 24/01/2007 21:29:56 | Attr = ] etc -> %System32%\drivers\etc -> [Folder | Modified Date = 28/03/2007 16:14:44 | Attr = ] gmer.sys -> %System32%\drivers\gmer.sys -> GMER [Ver = 1, 0, 12, 3816 | Size = 68993 bytes | Modified Date = 03/04/2007 23:34:20 | Attr = ] lirsgt.sys -> %System32%\drivers\lirsgt.sys -> [Ver = | Size = 18048 bytes | Modified Date = 03/02/2007 14:29:46 | Attr = ] npf.sys -> %System32%\drivers\npf.sys -> CACE Technologies [Ver = 4.0.0.755 | Size = 42000 bytes | Modified Date = 25/01/2007 19:31:34 | Attr = ] nwlnkcr.sys -> %System32%\drivers\nwlnkcr.sys -> [Ver = | Size = 18 bytes | Modified Date = 08/04/2007 12:48:06 | Attr = ] SECDRV.SYS -> %System32%\drivers\SECDRV.SYS -> Macrovision Europe Ltd [Ver = 3.18.000 | Size = 12400 bytes | Modified Date = 25/01/2007 09:18:34 | Attr = ] sptd.sys -> %System32%\drivers\sptd.sys -> [Ver = | Size = 642560 bytes | Modified Date = 25/01/2007 09:07:34 | Attr = ] sptd5725.sys -> %System32%\drivers\sptd5725.sys -> [Ver = | Size = 74192 bytes | Modified Date = 25/01/2007 09:07:34 | Attr = ] vaxscsi.sys -> %System32%\drivers\vaxscsi.sys -> [Ver = | Size = 223128 bytes | Modified Date = 25/01/2007 09:10:46 | Attr = ] [File String Scan - Non-Microsoft Only] UPX0 , -> %SystemRoot%\SET51.tmp -> [Ver = | Size = 1135628 bytes | Modified Date = 19/06/2003 12:05:04 | Attr = R ] UPX! , UPX0 , -> %SystemRoot%\tsc.exe -> Trend Micro Inc. [Ver = 5.0.0.1107 | Size = 229957 bytes | Modified Date = 27/01/2007 13:30:16 | Attr = ] UPX! , aspack , -> %SystemRoot%\vsapi32.dll -> Trend Micro Inc. [Ver = 8.310-1002 | Size = 1101904 bytes | Modified Date = 27/01/2007 13:30:16 | Attr = ] UPX! , UPX0 , -> %System32%\ac3DX.ax -> [Ver = 1.01a | Size = 227328 bytes | Modified Date = 12/09/2006 13:46:24 | Attr = RHS] UPX! , UPX0 , -> %System32%\AVCDX.ax -> CoreCodec [Ver = 0, 0, 0, 4 | Size = 123904 bytes | Modified Date = 13/01/2006 01:23:26 | Attr = RHS] UPX! , UPX0 , -> %System32%\avisynth.dll -> The Public [Ver = 2, 5, 7, 0 | Size = 306688 bytes | Modified Date = 12/11/2006 14:44:10 | Attr = ] UPX! , UPX0 , -> %System32%\CoreAAC.ax -> [Ver = 1, 2, 0, 575 | Size = 175104 bytes | Modified Date = 16/08/2006 16:53:32 | Attr = RHS] UPX! , UPX0 , -> %System32%\DiracSplitter.ax -> Gabest [Ver = 1, 0, 0, 0 | Size = 179200 bytes | Modified Date = 18/01/2005 01:26:36 | Attr = RHS] UPX! , UPX0 , -> %System32%\flvDX.dll -> Gabest [Ver = 1, 0, 0, 1 | Size = 163328 bytes | Modified Date = 03/05/2006 12:06:54 | Attr = RHS] UPX! , UPX0 , -> %System32%\i420vfw.dll -> www.helixcommunity.org [Ver = R1.02 | Size = 70656 bytes | Modified Date = 03/01/2004 01:08:00 | Attr = ] UPX! , UPX0 , -> %System32%\MatroskaDX.ax -> Gabest [Ver = 1, 0, 2, 9 | Size = 169472 bytes | Modified Date = 10/03/2006 23:48:48 | Attr = RHS] UPX! , UPX0 , -> %System32%\RealMediaDX.ax -> Gabest [Ver = 1, 0, 1, 1 | Size = 161792 bytes | Modified Date = 25/11/2005 22:46:34 | Attr = RHS] UPX! , UPX0 , -> %System32%\RLAPEDec.ax -> RadLight [Ver = 1, 0, 0, 0 | Size = 54784 bytes | Modified Date = 21/11/2003 01:00:00 | Attr = RHS] UPX! , UPX0 , -> %System32%\RLMPCDec.ax -> RadLight [Ver = 1, 0, 0, 4 | Size = 37888 bytes | Modified Date = 27/04/2004 01:00:00 | Attr = RHS] UPX! , UPX0 , -> %System32%\RLOgg.ax -> RadLight [Ver = 1.0.0.2 | Size = 186880 bytes | Modified Date = 13/02/2005 01:00:00 | Attr = RHS] UPX! , UPX0 , -> %System32%\RLSpeexDec.ax -> [Ver = 1, 0, 0, 0 | Size = 51712 bytes | Modified Date = 13/02/2005 01:00:00 | Attr = RHS] UPX! , UPX0 , -> %System32%\RLTheoraDec.ax -> RadLight, LLC [Ver = 1, 0, 0, 3 | Size = 67584 bytes | Modified Date = 13/02/2005 01:00:00 | Attr = RHS] UPX! , UPX0 , -> %System32%\RLVorbisDec.ax -> RadLight [Ver = 1, 0, 1, 1 | Size = 92672 bytes | Modified Date = 06/02/2005 01:00:00 | Attr = RHS] Thawte Consulting , -> %System32%\rmoc3260.dll -> RealNetworks, Inc. [Ver = 6.0.9.2568 | Size = 185952 bytes | Modified Date = 07/10/2006 06:18:32 | Attr = ] UPX! , UPX0 , -> %System32%\SrchSTS.exe -> S!Ri [Ver = | Size = 288417 bytes | Modified Date = 27/04/2006 17:49:30 | Attr = ] UPX! , UPX0 , -> %System32%\swreg.exe -> SteelWerX [Ver = 2.0.1.0 | Size = 135168 bytes | Modified Date = 29/08/2006 19:43:54 | Attr = ] UPX! , UPX0 , -> %System32%\swsc.exe -> [Ver = | Size = 40960 bytes | Modified Date = 09/01/2006 10:36:06 | Attr = ] UPX! , UPX0 , -> %System32%\swxcacls.exe -> SteelWerX [Ver = 1.0.1.1 | Size = 79360 bytes | Modified Date = 01/12/2006 06:20:34 | Attr = ] winsync , -> %System32%\wbdbase.deu -> [Ver = | Size = 1309184 bytes | Modified Date = 16/12/1999 10:00:00 | Attr = ] UPX! , UPX0 , -> %System32%\x.264.exe -> [Ver = | Size = 240128 bytes | Modified Date = 10/11/2005 14:16:02 | Attr = ] UPX! , UPX0 , -> %System32%\yv12vfw.dll -> www.helixcommunity.org [Ver = R1.02 | Size = 70656 bytes | Modified Date = 03/01/2004 01:08:00 | Attr = ] < End of report > merci et à bientôt

salut charles ingals et rebelote avec le fichier csrss.exe bloqué par bitdefender ainsi qu'un nouveau du nom de c:\winnt\eraseme0589.exe. ces bebettes se réactivent à chaque fois et je commence à déprimer sévèrement. Faut il que je commence à sauvegarder ce que je veux garder de mon disque? ou y a t il encore un espoir? merci doc.

et diaghelp C:\WINNT\System32/drivers\nwlnkcr.sys -->05/04/2007 07:22:09 C:\WINNT\System32/drivers\gmer.sys -->03/04/2007 23:34:19 C:\WINNT\System32/drivers\atksgt.sys -->03/02/2007 14:29:45 C:\WINNT\System32/drivers\lirsgt.sys -->03/02/2007 14:29:44 C:\WINNT\System32/drivers\npf.sys -->25/01/2007 19:31:34 C:\WINNT\System32/drivers\SECDRV.SYS -->25/01/2007 09:18:32 C:\WINNT\System32/drivers\vaxscsi.sys -->25/01/2007 09:10:44 C:\WINNT\System32\nvapps.xml -->06/04/2007 07:25:02 C:\WINNT\System32\asfiles.txt -->04/04/2007 07:17:35 C:\WINNT\System32\Uninstall.ico -->04/04/2007 07:11:45 C:\WINNT\System32\pavas.ico -->04/04/2007 07:11:45 C:\WINNT\System32\Help.ico -->04/04/2007 07:11:45 C:\WINNT\System32\FNTCACHE.DAT -->03/04/2007 23:22:42 C:\WINNT\System32\jupdate-1.5.0_11-b03.log -->31/03/2007 08:47:54 C:\WINNT\System32\tmp.txt -->30/03/2007 18:51:34 C:\WINNT\System32\tmp.reg -->30/03/2007 18:51:34 C:\WINNT\System32\Perflib_Perfdata_310.dat -->29/03/2007 19:19:26 C:\WINNT\System32\Perflib_Perfdata_314.dat -->28/03/2007 20:46:52 C:\WINNT\System32\dp.exe -->28/03/2007 12:12:16 C:\WINNT\System32\Perflib_Perfdata_234.dat -->27/03/2007 23:31:49 C:\WINNT\System32\Perflib_Perfdata_1c0.dat -->26/03/2007 18:53:43 C:\WINNT\System32\sfc.dll -->26/03/2007 18:35:49 C:\WINNT\System32\Perflib_Perfdata_31c.dat -->25/03/2007 20:22:28 C:\WINNT\System32\Perflib_Perfdata_5c8.dat -->25/03/2007 20:06:27 C:\WINNT\System32\Perflib_Perfdata_57c.dat -->25/03/2007 19:45:43 C:\WINNT\System32\Perflib_Perfdata_17c.dat -->25/03/2007 19:29:07 C:\WINNT\System32\Perflib_Perfdata_188.dat -->25/03/2007 19:24:49 C:\WINNT\System32\Perflib_Perfdata_5d8.dat -->22/03/2007 20:38:05 C:\WINNT\System32\Perflib_Perfdata_60c.dat -->22/03/2007 20:30:23 C:\WINNT\System32\irxgskvw.PIF -->22/03/2007 00:23:32 C:\WINNT\System32\bedgsly.bat -->20/03/2007 18:48:25 C:\WINNT\System32\xdll.bat -->20/03/2007 18:48:14 C:\WINNT\ntbtlog.txt -->06/04/2007 07:27:27 C:\WINNT\WindowsUpdate.log -->06/04/2007 07:24:12 C:\WINNT\SchedLgU.Txt -->06/04/2007 07:22:37 C:\WINNT\ShellIconCache -->06/04/2007 00:43:42 C:\WINNT\win.ini -->05/04/2007 22:07:00 C:\WINNT\system.ini -->05/04/2007 18:54:26 C:\WINNT\setupapi.log -->04/04/2007 07:12:32 C:\WINNT\gmer.ini -->03/04/2007 23:35:15 C:\WINNT\gmer_uninstall.cmd -->03/04/2007 23:34:19 C:\WINNT\gmer.dll -->03/04/2007 23:34:19 C:\WINNT\iis5.log -->03/04/2007 22:57:56 C:\WINNT\KB925902.log -->03/04/2007 22:57:55 C:\WINNT\imsins.log -->03/04/2007 22:57:55 C:\WINNT\comsetup.log -->03/04/2007 22:57:55 C:\WINNT\ockodak.log -->03/04/2007 22:57:54 C:\WINNT\alcrmv.exe |24/01/2007 21:00:18 C:\WINNT\alcupd.exe |24/01/2007 21:00:18 C:\WINNT\bdoscandel.exe |04/03/2005 15:10:36 C:\WINNT\gmer.exe |03/04/2007 23:34:18 C:\WINNT\IsUn040c.exe |02/02/2007 10:14:04 C:\WINNT\IsUninst.exe |24/01/2007 20:55:54 C:\WINNT\meta4.exe |25/02/2007 13:35:09 C:\WINNT\MOTA113.exe |25/02/2007 13:35:09 C:\WINNT\PATCH.EXE |27/01/2007 13:25:04 C:\WINNT\runtsckl.exe |02/11/2005 19:07:12 C:\WINNT\tsc.exe |27/01/2007 13:30:15 C:\WINNT\twunk_16.exe |16/12/1999 10:00:00 C:\WINNT\twunk_32.exe |16/12/1999 10:00:00 C:\WINNT\War3Unin.exe |10/02/2007 18:12:03 C:\WINNT\x2.64.exe |25/02/2007 13:35:09 C:\WINNT\AuHCcup1.dll |23/07/1999 11:53:20 C:\WINNT\BPMNT.dll |27/01/2007 13:30:14 C:\WINNT\gmer.dll |03/04/2007 23:34:19 C:\WINNT\hcextoutput.dll |27/01/2007 13:30:15 C:\WINNT\loadhttp.dll |15/10/2002 15:29:40 C:\WINNT\patchw32.dll |14/12/2001 14:34:46 C:\WINNT\TMUPDATE.DLL |27/01/2007 13:25:04 C:\WINNT\twain.dll |16/12/1999 10:00:00 C:\WINNT\twain_32.dll |16/12/1999 10:00:00 C:\WINNT\UNZIP.DLL |27/01/2007 13:25:04 C:\WINNT\vsapi32.dll |27/01/2007 13:30:14 C:\WINNT\system32\append.exe |16/12/1999 10:00:00 C:\WINNT\system32\asuninst.exe |04/04/2007 07:12:22 C:\WINNT\system32\CNDNDlg.exe |07/03/2007 15:18:10 C:\WINNT\system32\debug.exe |16/12/1999 10:00:00 C:\WINNT\system32\dfrgfat.exe |19/06/2003 12:05:04 C:\WINNT\system32\dfrgntfs.exe |19/06/2003 12:05:04 C:\WINNT\system32\dmadmin.exe |19/06/2003 12:05:04 C:\WINNT\system32\dmremote.exe |19/06/2003 12:05:04 C:\WINNT\system32\dosx.exe |16/12/1999 10:00:00 C:\WINNT\system32\dp.exe |28/03/2007 12:12:16 C:\WINNT\system32\dumphive.exe |27/03/2007 19:14:13 C:\WINNT\system32\dvdplay.exe |15/12/1999 01:30:38 C:\WINNT\system32\edlin.exe |16/12/1999 10:00:00 C:\WINNT\system32\exe2bin.exe |16/12/1999 10:00:00 C:\WINNT\system32\fastopen.exe |16/12/1999 10:00:00 C:\WINNT\system32\java.exe |31/03/2007 08:47:58 C:\WINNT\system32\javaw.exe |31/03/2007 08:47:58 C:\WINNT\system32\javaws.exe |31/03/2007 08:47:58 C:\WINNT\system32\keystone.exe |22/10/2006 13:22:00 C:\WINNT\system32\massvc32.exe |18/03/2007 13:34:52 C:\WINNT\system32\mem.exe |16/12/1999 10:00:00 C:\WINNT\system32\mscdexnt.exe |16/12/1999 10:00:00 C:\WINNT\system32\msswchx.exe |19/06/2003 12:05:04 C:\WINNT\system32\NeroCheck.exe |29/01/2007 20:12:00 C:\WINNT\system32\nlsfunc.exe |16/12/1999 10:00:00 C:\WINNT\system32\nvappbar.exe |22/10/2006 13:22:00 C:\WINNT\system32\nvcolor.exe |22/10/2006 13:22:00 C:\WINNT\system32\nvcplui.exe |22/10/2006 13:22:00 C:\WINNT\system32\nvdspsch.exe |22/10/2006 13:22:00 C:\WINNT\system32\nvsvc32.exe |22/10/2006 13:22:00 C:\WINNT\system32\nvudisp.exe |24/01/2007 21:04:47 C:\WINNT\system32\NVUNINST.EXE |24/01/2007 21:04:39 C:\WINNT\system32\nw16.exe |16/12/1999 10:00:00 C:\WINNT\system32\nwiz.exe |22/10/2006 13:22:00 C:\WINNT\system32\Process.exe |27/03/2007 19:14:13 C:\WINNT\system32\PSDrvCheck.exe |23/02/2007 15:25:18 C:\WINNT\system32\pxhpinst.exe |11/03/2007 20:17:53 C:\WINNT\system32\redir.exe |16/12/1999 10:00:00 C:\WINNT\system32\setver.exe |16/12/1999 10:00:00 C:\WINNT\system32\share.exe |16/12/1999 10:00:00 C:\WINNT\system32\Shutdown.exe |24/03/2007 19:35:56 C:\WINNT\system32\SrchSTS.exe |27/03/2007 19:14:13 C:\WINNT\system32\swreg.exe |27/03/2007 19:14:13 C:\WINNT\system32\swsc.exe |27/03/2007 19:14:13 C:\WINNT\system32\swxcacls.exe |27/03/2007 19:14:13 C:\WINNT\system32\vwipxspx.exe |16/12/1999 10:00:00 C:\WINNT\system32\x.264.exe |25/02/2007 13:35:08 C:\WINNT\system32\amstream.dll |29/01/2007 21:22:26 C:\WINNT\system32\atmfd.dll |19/06/2003 12:05:04 C:\WINNT\system32\atmlib.dll |19/06/2003 12:05:04 C:\WINNT\system32\avisynth.dll |25/02/2007 13:35:08 C:\WINNT\system32\AVSredirect.dll |25/02/2007 13:35:09 C:\WINNT\system32\cbrowser.dll |24/01/2007 21:53:26 C:\WINNT\system32\CNDCK170.dll |07/03/2007 15:18:10 C:\WINNT\system32\CNDUK170.dll |07/03/2007 15:18:10 C:\WINNT\system32\ComLib.dll |24/01/2007 21:53:26 C:\WINNT\system32\devil.dll |25/02/2007 13:35:08 C:\WINNT\system32\dfrgres.dll |16/12/1999 10:00:00 C:\WINNT\system32\dfrgsnap.dll |19/06/2003 12:05:04 C:\WINNT\system32\dfrgui.dll |16/12/1999 10:00:00 C:\WINNT\system32\dgrpsetu.dll |24/01/2007 20:34:06 C:\WINNT\system32\dgsetup.dll |24/01/2007 20:34:06 C:\WINNT\system32\dmconfig.dll |19/06/2003 12:05:04 C:\WINNT\system32\dmintf.dll |19/06/2003 12:05:04 C:\WINNT\system32\dmserver.dll |19/06/2003 12:05:04 C:\WINNT\system32\dmutil.dll |19/06/2003 12:05:04 C:\WINNT\system32\efsadu.dll |16/12/1999 10:00:00 C:\WINNT\system32\EqnClass.Dll |24/01/2007 20:34:06 C:\WINNT\system32\flvDX.dll |25/02/2007 13:32:52 C:\WINNT\system32\hpzcoi08.dll |26/03/2003 08:21:58 C:\WINNT\system32\hpzcon08.dll |26/03/2003 08:23:10 C:\WINNT\system32\hpzlnt08.dll |26/03/2003 08:32:24 C:\WINNT\system32\hticons.dll |24/01/2007 20:40:35 C:\WINNT\system32\hypertrm.dll |24/01/2007 20:40:35 C:\WINNT\system32\i420vfw.dll |25/02/2007 13:35:08 C:\WINNT\system32\iccvid.dll |16/12/1999 10:00:00 C:\WINNT\system32\imagr5.dll |29/01/2007 20:12:05 C:\WINNT\system32\imagx5.dll |29/01/2007 20:12:05 C:\WINNT\system32\ImagXpr5.dll |29/01/2007 20:12:05 C:\WINNT\system32\imgcmn.dll |24/01/2007 20:40:37 C:\WINNT\system32\imgshl.dll |24/01/2007 20:40:37 C:\WINNT\system32\ir32_32.dll |16/12/1999 10:00:00 C:\WINNT\system32\ir41_qc.dll |16/12/1999 10:00:00 C:\WINNT\system32\ir41_qcx.dll |16/12/1999 10:00:00 C:\WINNT\system32\ir50_32.dll |16/12/1999 10:00:00 C:\WINNT\system32\ir50_qc.dll |16/12/1999 10:00:00 C:\WINNT\system32\ir50_qcx.dll |16/12/1999 10:00:00 C:\WINNT\system32\jpeg1x32.dll |24/01/2007 20:40:37 C:\WINNT\system32\jpeg2x32.dll |24/01/2007 20:40:37 C:\WINNT\system32\mciqtz32.dll |29/01/2007 21:22:26 C:\WINNT\system32\meter.dll |11/07/2002 11:38:14 C:\WINNT\system32\msdmo.dll |29/01/2007 21:22:27 C:\WINNT\system32\msencode.dll |30/08/2002 19:24:06 C:\WINNT\system32\msswch.dll |19/06/2003 12:05:04 C:\WINNT\system32\MusInputMod.dll |11/07/2002 11:39:36 C:\WINNT\system32\N067UFW.dll |24/01/2007 21:12:14 C:\WINNT\system32\NMOCOD.DLL |25/01/2007 09:27:08 C:\WINNT\system32\NMORENU.DLL |25/01/2007 09:27:09 C:\WINNT\system32\NMSCKN.DLL |25/01/2007 09:27:09 C:\WINNT\system32\NMW3VWN.DLL |25/01/2007 09:27:09 C:\WINNT\system32\nsp.dll |23/02/2007 15:25:13 C:\WINNT\system32\nspa6.dll |23/02/2007 15:25:17 C:\WINNT\system32\nspm5.dll |23/02/2007 15:25:19 C:\WINNT\system32\nspm6.dll |23/02/2007 15:25:19 C:\WINNT\system32\nspp6.dll |23/02/2007 15:25:18 C:\WINNT\system32\nsppx.dll |23/02/2007 15:25:16 C:\WINNT\system32\nspw7.dll |23/02/2007 15:25:13 C:\WINNT\system32\nv4_disp.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvapi.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvcod.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvcodins.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvcpl.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvcpluir.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvdisps.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvdispsr.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvexpbar.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvgames.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvgamesr.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvhwvid.dll |22/10/2006 13:22:00 C:\WINNT\system32\nview.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvmccs.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvmccsrs.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvmccss.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvmccssr.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvmctray.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvmobls.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvmoblsr.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvnt4cpl.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvoglnt.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvrsar.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvrscs.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvrsda.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvrsde.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvrsel.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvrseng.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvrses.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvrsesm.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvrsfi.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvrsfr.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvrshe.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvrshu.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvrsit.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvrsja.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvrsko.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvrsnl.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvrsno.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvrspl.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvrspt.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvrsptb.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvrsru.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvrssk.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvrssl.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvrssv.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvrstr.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvrszhc.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvrszht.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvshell.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvvitvs.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvvitvsr.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvwddi.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvwdmcpl.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvwimg.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvwrsar.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvwrscs.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvwrsda.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvwrsde.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvwrsel.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvwrseng.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvwrses.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvwrsesm.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvwrsfi.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvwrsfr.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvwrshe.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvwrshu.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvwrsit.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvwrsja.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvwrsko.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvwrsnl.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvwrsno.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvwrspl.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvwrspt.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvwrsptb.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvwrsru.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvwrssk.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvwrssl.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvwrssv.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvwrstr.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvwrszhc.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvwrszht.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvwss.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvwssr.dll |22/10/2006 13:22:00 C:\WINNT\system32\oieng400.dll |24/01/2007 20:40:34 C:\WINNT\system32\oiprt400.dll |24/01/2007 20:40:37 C:\WINNT\system32\oislb400.dll |24/01/2007 20:40:37 C:\WINNT\system32\oissq400.dll |24/01/2007 20:40:37 C:\WINNT\system32\oitwa400.dll |24/01/2007 20:40:37 C:\WINNT\system32\oiui400.dll |24/01/2007 20:40:34 C:\WINNT\system32\Packet.dll |25/01/2007 19:31:34 C:\WINNT\system32\picn20.dll |29/01/2007 20:12:05 C:\WINNT\system32\pncrt.dll |02/02/2007 10:34:38 C:\WINNT\system32\pndx5016.dll |02/02/2007 10:34:38 C:\WINNT\system32\pndx5032.dll |02/02/2007 10:34:38 C:\WINNT\system32\PSCLK170.dll |07/03/2007 15:18:10 C:\WINNT\system32\psisdecd.dll |02/02/2007 20:06:12 C:\WINNT\system32\pthreadVC.dll |25/01/2007 19:31:36 C:\WINNT\system32\px.dll |11/03/2007 20:17:53 C:\WINNT\system32\pxdrv.dll |11/03/2007 20:17:53 C:\WINNT\system32\pxmas.dll |11/03/2007 20:17:53 C:\WINNT\system32\pxwave.dll |11/03/2007 20:17:53 C:\WINNT\system32\qcut.dll |16/12/1999 10:00:00 C:\WINNT\system32\qedwipes.dll |29/01/2007 21:22:28 C:\WINNT\system32\rmoc3260.dll |02/02/2007 10:34:38 C:\WINNT\system32\SG62CPL.DLL |24/01/2007 21:12:14 C:\WINNT\system32\SG62UUD.DLL |24/01/2007 21:12:14 C:\WINNT\system32\Smab.dll |25/02/2007 13:35:07 C:\WINNT\system32\sockspy.dll |24/01/2007 21:32:13 C:\WINNT\system32\spxcoins.dll |24/01/2007 20:34:06 C:\WINNT\system32\tifflt.dll |24/01/2007 20:40:37 C:\WINNT\system32\tsbyuv.dll |15/12/1999 01:30:06 C:\WINNT\system32\tsd32.dll |16/12/1999 10:00:00 C:\WINNT\system32\UCS32P.DLL |24/01/2007 21:12:15 C:\WINNT\system32\vxblock.dll |11/03/2007 20:17:53 C:\WINNT\system32\WanPacket.dll |25/01/2007 19:31:34 C:\WINNT\system32\wavdest.dll |02/09/1998 10:24:30 C:\WINNT\system32\WBCustomizer.dll |08/01/2001 14:47:44 C:\WINNT\system32\win87em.dll |16/12/1999 10:00:00 C:\WINNT\system32\wpcap.dll |25/01/2007 19:31:36 C:\WINNT\system32\xcomm.dll |02/10/2003 13:15:34 C:\WINNT\system32\xiffr3_0.dll |24/01/2007 20:40:37 C:\WINNT\system32\xreglib.dll |06/12/2002 18:37:06 C:\WINNT\system32\yv12vfw.dll |25/02/2007 13:35:08 C:\WINNT\system32\ZPORT4AS.dll |04/04/2007 07:12:21 Le volume dans le lecteur C s'appelle Vingt Doses Le numéro de série du volume est F06D-02CC Répertoire de C:\WINNT\system32 19/06/2003 12:05 5 392 csrss.exe 1 fichier(s) 5 392 octets 0 Rép(s) 4 936 925 184 octets libres Contenu de Downloaded Program Files Le volume dans le lecteur C s'appelle Vingt Doses Le numéro de série du volume est F06D-02CC Répertoire de C:\WINNT\Downloaded Program Files 04/04/2007 09:30 <DIR> . 04/04/2007 09:30 <DIR> .. 24/08/2006 08:28 141 424 asinst.dll 22/08/2006 09:06 537 asinst.inf 13/11/2006 20:48 946 296 asquared.ocx 07/12/2004 17:07 32 bdcore.dll 01/03/2005 15:08 118 784 bdupd.dll 25/02/2007 13:31 65 desktop.ini 01/03/2005 15:08 53 248 ipsupd.dll 08/08/2006 12:45 576 kavwebscan.inf 16/03/2005 12:34 7 407 lang.ini 07/12/2004 17:07 32 libfn.dll 14/03/2005 14:38 126 live.ini 01/03/2005 12:15 1 246 oscan8.inf 16/03/2005 12:31 475 136 oscan8.ocx 14/03/2005 14:58 7 073 scanoptions.tsi 26/05/2005 05:19 291 wuweb.inf 02/11/2005 19:01 1 777 xscan.inf 02/11/2005 19:07 435 712 xscan53.ocx 17 fichier(s) 2 189 762 octets Total des fichiers listés : 17 fichier(s) 2 189 762 octets 2 Rép(s) 4 936 859 648 octets libres Recherche de rootkit! (Merci S!Ri) Recherche d'infections connues catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006 http://www.gmer.net scanning hidden processes ... scanning hidden services ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 Le volume dans le lecteur C s'appelle Vingt Doses Le numéro de série du volume est F06D-02CC Répertoire de C:\Program Files 04/04/2007 23:08 <DIR> . 04/04/2007 23:08 <DIR> .. 24/01/2007 20:40 <DIR> Accessoires 11/02/2007 13:23 <DIR> AddOnsOO2 25/01/2007 13:32 <DIR> Adobe 25/02/2007 13:35 <DIR> AviSynth 2.5 24/02/2007 20:44 <DIR> Common Files 24/01/2007 20:41 <DIR> ComPlus Applications 28/01/2007 20:21 <DIR> directx 20/03/2007 23:42 <DIR> Fichiers communs 11/03/2007 20:17 <DIR> Google 02/02/2007 10:16 <DIR> Hewlett-Packard 04/04/2007 08:02 <DIR> Internet Explorer 31/03/2007 08:47 <DIR> Java 24/01/2007 20:40 <DIR> Lecteur Windows Media 02/02/2007 10:39 <DIR> Media Player Classic 24/01/2007 23:20 <DIR> microsoft frontpage 24/01/2007 23:34 <DIR> Microsoft Office 28/03/2007 14:50 <DIR> NetMeeting 11/02/2007 13:24 <DIR> OOoHG 11/02/2007 13:19 <DIR> OpenOffice.org 2.0 30/03/2007 13:33 <DIR> Optimisation Windows 29/03/2007 20:07 <DIR> Outlook Express 14/03/2007 22:02 <DIR> Picasa2 23/02/2007 15:25 <DIR> Pinnacle 24/01/2007 21:22 <DIR> Softwin 23/02/2007 15:25 <DIR> VOB 29/03/2007 20:08 <DIR> Windows Media Player 24/01/2007 20:40 <DIR> Windows NT 21/02/2007 14:41 <DIR> WinPcap 26/02/2007 19:52 <DIR> Yahoo! 0 fichier(s) 0 octets 31 Rép(s) 4 936 806 400 octets libres Le volume dans le lecteur C s'appelle Vingt Doses Le numéro de série du volume est F06D-02CC Répertoire de C:\Program Files\fichiers communs 20/03/2007 23:42 <DIR> . 20/03/2007 23:42 <DIR> .. 25/01/2007 09:00 <DIR> Adobe 29/01/2007 20:12 <DIR> Ahead 07/03/2007 15:11 <DIR> InstallShield 11/02/2007 13:14 <DIR> Java 25/02/2007 13:31 <DIR> Microsoft Shared 02/02/2007 10:15 <DIR> MSSoap 24/01/2007 20:34 <DIR> ODBC 25/02/2007 13:31 <DIR> Services 24/01/2007 21:21 <DIR> Softwin 29/03/2007 20:07 <DIR> System 0 fichier(s) 0 octets 12 Rép(s) 4 936 806 400 octets libres Le volume dans le lecteur C s'appelle Vingt Doses Le numéro de série du volume est F06D-02CC Répertoire de C:\Program Files\fichiers communs\Microsoft Shared\Web Folders 04/04/2007 08:01 <DIR> . 04/04/2007 08:01 <DIR> .. 04/11/1999 02:38 561 210 MSONSEXT.DLL 03/06/1999 21:09 122 937 MSOWS409.DLL 07/03/2001 16:00 127 033 MSOWS40c.DLL 3 fichier(s) 811 180 octets 2 Rép(s) 4 936 740 864 octets libres Le volume dans le lecteur C s'appelle Vingt Doses Le numéro de série du volume est F06D-02CC Répertoire de C:\Program Files\common files 24/02/2007 20:44 <DIR> . 24/02/2007 20:44 <DIR> .. 24/02/2007 20:53 <DIR> System 0 fichier(s) 0 octets 3 Rép(s) 4 936 802 304 octets libres Le volume dans le lecteur C s'appelle Vingt Doses Le numéro de série du volume est F06D-02CC Répertoire de C:\ 11/11/2001 00:00 68 096 diff.exe 27/08/2006 14:10 103 424 grep.exe 2 fichier(s) 171 520 octets 0 Rép(s) 4 936 802 304 octets libres c:\Documents and Settings\Administrateur\.housecall6.6\getMac.exe c:\Documents and Settings\Administrateur\.housecall6.6\patch.exe c:\Documents and Settings\Administrateur\.housecall6.6\tsc.exe c:\Documents and Settings\Administrateur\Bureau\a2AntiMalwareSetup.exe c:\Documents and Settings\Administrateur\Bureau\Antisasser-FR.exe c:\Documents and Settings\Administrateur\Bureau\ATF-Cleaner.exe c:\Documents and Settings\Administrateur\Bureau\avg-anti-spyware_avg_anti-spyware_francais_27645.exe c:\Documents and Settings\Administrateur\Bureau\BattleLANv04.exe c:\Documents and Settings\Administrateur\Bureau\BigFix1.6b.exe c:\Documents and Settings\Administrateur\Bureau\blbeta.exe c:\Documents and Settings\Administrateur\Bureau\clamwin-0.90.1-setup.exe c:\Documents and Settings\Administrateur\Bureau\ComboFix.exe c:\Documents and Settings\Administrateur\Bureau\HijackThis.exe c:\Documents and Settings\Administrateur\Bureau\mwav.exe c:\Documents and Settings\Administrateur\Bureau\sd4hide.exe c:\Documents and Settings\Administrateur\Bureau\spywarefighter.exe c:\Documents and Settings\Administrateur\Bureau\URLSnooper.exe c:\Documents and Settings\Administrateur\Bureau\Windows2000-KB828028-x86-FRA.EXE c:\Documents and Settings\Administrateur\Bureau\Windows2000-KB835732-x86-FRA(2).EXE c:\Documents and Settings\Administrateur\Bureau\Windows2000-KB835732-x86-FRA.EXE c:\Documents and Settings\Administrateur\Bureau\Windows2000-KB891861-v2-x86-FRA.EXE c:\Documents and Settings\Administrateur\Bureau\Arret_Demarrage\Arrêt programmé.exe c:\Documents and Settings\Administrateur\Bureau\avenger\avenger.exe c:\Documents and Settings\Administrateur\Bureau\DiagHelp\DiagHelp\catchme.exe c:\Documents and Settings\Administrateur\Bureau\DiagHelp\DiagHelp\diff.exe c:\Documents and Settings\Administrateur\Bureau\DiagHelp\DiagHelp\dumphive.exe c:\Documents and Settings\Administrateur\Bureau\DiagHelp\DiagHelp\FilesInfoCmd.exe c:\Documents and Settings\Administrateur\Bureau\DiagHelp\DiagHelp\Fport.exe c:\Documents and Settings\Administrateur\Bureau\DiagHelp\DiagHelp\grep.exe c:\Documents and Settings\Administrateur\Bureau\DiagHelp\DiagHelp\LFiles.exe c:\Documents and Settings\Administrateur\Bureau\DiagHelp\DiagHelp\LISTDLLS.exe c:\Documents and Settings\Administrateur\Bureau\DiagHelp\DiagHelp\pslist.exe c:\Documents and Settings\Administrateur\Bureau\DiagHelp\DiagHelp\streams.exe c:\Documents and Settings\Administrateur\Bureau\DiagHelp\DiagHelp\swreg.exe c:\Documents and Settings\Administrateur\Bureau\gmer\gmer.exe c:\Documents and Settings\Administrateur\Bureau\OptimisationWindows3-0-4\setup.exe c:\Documents and Settings\Administrateur\Bureau\regsearch\regsearch.exe c:\Documents and Settings\Administrateur\Bureau\RootkitRevealer\RootkitRevealer.exe c:\Documents and Settings\Administrateur\Bureau\SDFix\Catchme.exe c:\Documents and Settings\Administrateur\Bureau\SDFix\apps\cliptext.exe c:\Documents and Settings\Administrateur\Bureau\SDFix\apps\download.exe c:\Documents and Settings\Administrateur\Bureau\SDFix\apps\LS.exe c:\Documents and Settings\Administrateur\Bureau\SDFix\apps\MD5File.exe c:\Documents and Settings\Administrateur\Bureau\SDFix\apps\MoveEx.exe c:\Documents and Settings\Administrateur\Bureau\SDFix\apps\RegDACL.exe c:\Documents and Settings\Administrateur\Bureau\SDFix\apps\RestartIt!.exe c:\Documents and Settings\Administrateur\Bureau\SDFix\apps\sc.exe c:\Documents and Settings\Administrateur\Bureau\SDFix\apps\SF.exe c:\Documents and Settings\Administrateur\Bureau\SDFix\apps\swreg.exe c:\Documents and Settings\Administrateur\Bureau\SDFix\apps\swsc.exe c:\Documents and Settings\Administrateur\Bureau\SDFix\apps\unzip.exe c:\Documents and Settings\Administrateur\Bureau\SDFix\apps\zip.exe c:\Documents and Settings\Administrateur\Bureau\SDFix\apps\Replace\W2K.exe c:\Documents and Settings\Administrateur\Bureau\SDFix\apps\Replace\XP.exe c:\Documents and Settings\Administrateur\Bureau\SDFix\backups\attrib.exe c:\Documents and Settings\Administrateur\Bureau\SDFix\backups\find.exe c:\Documents and Settings\Administrateur\Bureau\SDFix\backups\findstr.exe c:\Documents and Settings\Administrateur\Bureau\SDFix\backups\regedit.exe c:\Documents and Settings\Administrateur\Bureau\SDFix\backups_old1\attrib.exe c:\Documents and Settings\Administrateur\Bureau\SDFix\backups_old1\find.exe c:\Documents and Settings\Administrateur\Bureau\SDFix\backups_old1\findstr.exe c:\Documents and Settings\Administrateur\Bureau\SDFix\backups_old1\regedit.exe c:\Documents and Settings\Administrateur\Bureau\SDFix\backups_old2\attrib.exe c:\Documents and Settings\Administrateur\Bureau\SDFix\backups_old2\find.exe c:\Documents and Settings\Administrateur\Bureau\SDFix\backups_old2\findstr.exe c:\Documents and Settings\Administrateur\Bureau\SDFix\backups_old2\regedit.exe c:\Documents and Settings\Administrateur\Bureau\SDFix\backups_old3\attrib.exe c:\Documents and Settings\Administrateur\Bureau\SDFix\backups_old3\find.exe c:\Documents and Settings\Administrateur\Bureau\SDFix\backups_old3\findstr.exe c:\Documents and Settings\Administrateur\Bureau\SDFix\backups_old3\regedit.exe c:\Documents and Settings\Administrateur\Bureau\SDFix\backups_old4\attrib.exe c:\Documents and Settings\Administrateur\Bureau\SDFix\backups_old4\find.exe c:\Documents and Settings\Administrateur\Bureau\SDFix\backups_old4\findstr.exe c:\Documents and Settings\Administrateur\Bureau\SDFix\backups_old4\regedit.exe c:\Documents and Settings\Administrateur\Bureau\Util\Wu\Win2k\1_Maj critiques\Fr\WU\Software\fr\com_microsoft.internetexplorer50x\x86win2k\com_microsoft.Q318089_W2K_IE5_5218\vbs51nfr.exe c:\Documents and Settings\Administrateur\Bureau\Util\Wu\Win2k\1_Maj critiques\Fr\WU\Software\fr\com_microsoft.internetexplorer50x\x86win2k\com_microsoft.Q330994_OEPatch31_IE55SP2\q330994.exe c:\Documents and Settings\Administrateur\Bureau\Util\Wu\Win2k\1_Maj critiques\Fr\WU\Software\fr\com_microsoft.internetexplorer50x\x86win2k\com_microsoft.Q822925_IE501_SP4\q822925.exe c:\Documents and Settings\Administrateur\Bureau\Util\Wu\Win2k\1_Maj critiques\Fr\WU\Software\fr\com_microsoft.internetexplorer55x\x86win2k\com_microsoft.Q330994_OEPatch31_IE55SP2\q330994.exe c:\Documents and Settings\Administrateur\Bureau\Util\Wu\Win2k\1_Maj critiques\Fr\WU\Software\fr\com_microsoft.internetexplorer55x\x86win2k\com_microsoft.Q822925_IE_55SP2\q822925.exe c:\Documents and Settings\Administrateur\Bureau\Util\Wu\Win2k\1_Maj critiques\Fr\WU\Software\fr\com_microsoft.internetexplorer6x\x86win2k\com_microsoft.813951_urlmon_5995\q813951.exe c:\Documents and Settings\Administrateur\Bureau\Util\Wu\Win2k\1_Maj critiques\Fr\WU\Software\fr\com_microsoft.internetexplorer6x\x86win2k\com_microsoft.Q318089_W2K_XP_IE6_5226\vbs56nfr.exe c:\Documents and Settings\Administrateur\Bureau\Util\Wu\Win2k\1_Maj critiques\Fr\WU\Software\fr\com_microsoft.internetexplorer6x\x86win2k\com_microsoft.Q330994_OEPatch_IE6SP1_32\q330994.exe c:\Documents and Settings\Administrateur\Bureau\Util\Wu\Win2k\1_Maj critiques\Fr\WU\Software\fr\com_microsoft.internetexplorer6x\x86win2k\com_microsoft.Q822925_IE6_SP1\q822925.exe c:\Documents and Settings\Administrateur\Bureau\Util\Wu\Win2k\1_Maj critiques\Fr\WU\Software\fr\com_microsoft.windows2000\x86win2k\com_microsoft.817787_WMZ_MSRC_1640_WMP71\WindowsMedia71-KB817787-x86-FRA.exe c:\Documents and Settings\Administrateur\Bureau\Util\Wu\Win2k\1_Maj critiques\Fr\WU\Software\fr\com_microsoft.windows2000\x86win2k\com_microsoft.819696_nonDirectX_9_0B_CRITICAL\DirectX9-KB819696-x86-FRA.exe c:\Documents and Settings\Administrateur\Bureau\Util\Wu\Win2k\1_Maj critiques\Fr\WU\Software\fr\com_microsoft.windows2000\x86win2k\com_microsoft.823559_W2K_SP5_WinSE_48630\Windows2000-KB823559-x86-FRA.exe c:\Documents and Settings\Administrateur\Bureau\Util\Wu\Win2k\1_Maj critiques\Fr\WU\Software\fr\com_microsoft.windows2000\x86win2k\com_microsoft.823980_W2K_SP5_WinSE_48715_Critical\Windows2000-KB823980-x86-FRA.exe c:\Documents and Settings\Administrateur\Bureau\Util\Wu\Win2k\1_Maj critiques\Fr\WU\Software\fr\com_microsoft.windows2000\x86win2k\com_microsoft.824105_W2K_SP5_WinSE_48089_Critical\Windows2000-KB824105-x86-FRA.exe c:\Documents and Settings\Administrateur\Bureau\Util\Wu\Win2k\1_Maj critiques\Fr\WU\Software\fr\com_microsoft.windows2000\x86win2k\com_microsoft.824146_W2K_SP5_WinSE_49650\Windows2000-KB824146-x86-FRA.exe c:\Documents and Settings\Administrateur\Bureau\Util\Wu\Win2k\1_Maj critiques\Fr\WU\Software\fr\com_microsoft.windows2000\x86win2k\com_microsoft.IIS_SecPatch_IIS5_5415\Q321599_W2K.exe c:\Documents and Settings\Administrateur\Bureau\Util\Wu\Win2k\1_Maj critiques\Fr\WU\Software\fr\com_microsoft.windows2000\x86win2k\com_microsoft.Jscript_ win2K_55_6001\js55nfr.exe c:\Documents and Settings\Administrateur\Bureau\Util\Wu\Win2k\1_Maj critiques\Fr\WU\Software\fr\com_microsoft.windows2000\x86win2k\com_microsoft.Jscript_ win2K_XP_56_6003\js56nfr.exe c:\Documents and Settings\Administrateur\Bureau\Util\Wu\Win2k\1_Maj critiques\Fr\WU\Software\fr\com_microsoft.windows2000\x86win2k\com_microsoft.Jscript_Win2K_51_5999\js51nfr.exe c:\Documents and Settings\Administrateur\Bureau\Util\Wu\Win2k\1_Maj critiques\Fr\WU\Software\fr\com_microsoft.windows2000\x86win2k\com_microsoft.Q261255_SP1_4094\q261255.exe c:\Documents and Settings\Administrateur\Bureau\Util\Wu\Win2k\1_Maj critiques\Fr\WU\Software\fr\com_microsoft.windows2000\x86win2k\com_microsoft.Q270676_SP2_CORP_4127\Q270676.EXE c:\Documents and Settings\Administrateur\Bureau\Util\Wu\Win2k\1_Maj critiques\Fr\WU\Software\fr\com_microsoft.windows2000\x86win2k\com_microsoft.Q274372_SP2_W2k_CORP_4280\Q274372.EXE c:\Documents and Settings\Administrateur\Bureau\Util\Wu\Win2k\1_Maj critiques\Fr\WU\Software\fr\com_microsoft.windows2000\x86win2k\com_microsoft.Q280838_SP2_W2k_4305\Q280838.EXE c:\Documents and Settings\Administrateur\Bureau\Util\Wu\Win2k\1_Maj critiques\Fr\WU\Software\fr\com_microsoft.windows2000\x86win2k\com_microsoft.Q296185_W2K_SP3_CORP_4594\q296185_W2K.exe c:\Documents and Settings\Administrateur\Bureau\Util\Wu\Win2k\1_Maj critiques\Fr\WU\Software\fr\com_microsoft.windows2000\x86win2k\com_microsoft.Q299553_W2K_SP3_CORP_4674\Q299553.EXE c:\Documents and Settings\Administrateur\Bureau\Util\Wu\Win2k\1_Maj critiques\Fr\WU\Software\fr\com_microsoft.windows2000\x86win2k\com_microsoft.Q311967_W2K_SP3_5304\Q311967.exe c:\Documents and Settings\Administrateur\Bureau\Util\Wu\Win2k\1_Maj critiques\Fr\WU\Software\fr\com_microsoft.windows2000\x86win2k\com_microsoft.Q312897_VS_NET_JA_5433\NDP10_SP_Q321897_Ja.exe c:\Documents and Settings\Administrateur\Bureau\Util\Wu\Win2k\1_Maj critiques\Fr\WU\Software\fr\com_microsoft.windows2000\x86win2k\com_microsoft.Q313450_W2K_Cons_5256\Q313450SP3.exe c:\Documents and Settings\Administrateur\Bureau\Util\Wu\Win2k\1_Maj critiques\Fr\WU\Software\fr\com_microsoft.windows2000\x86win2k\com_microsoft.Q313829_W2K_5282\Q313829.exe c:\Documents and Settings\Administrateur\Bureau\Util\Wu\Win2k\1_Maj critiques\Fr\WU\Software\fr\com_microsoft.windows2000\x86win2k\com_microsoft.Q314147_W2K_5265\Q314147_W2K.exe c:\Documents and Settings\Administrateur\Bureau\Util\Wu\Win2k\1_Maj critiques\Fr\WU\Software\fr\com_microsoft.windows2000\x86win2k\com_microsoft.Q317244_XML40_5255\Q317244.exe c:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\QuickTime 7.1.3.100\QuickTimeInstallerAdmin.exe bonne journée et à plus

salut charles ingals merci pour le script voila ce qu'il a generé Logfile of The Avenger version 1, by Swandog46 Running from registry key: \Registry\Machine\System\CurrentControlSet\Services\ywfigpvw ******************* Script file located at: \??\C:\WINNT\csvacnnh.txt Script file opened successfully. Script file read successfully Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: Registry key \Registry\Machine\System\CurrentControlSet\Services\mchInjDrv not found! Unload of driver mchInjDrv failed! Could not process line: mchInjDrv Status: 0xc0000034 Registry key HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_EVENT deleted successfully. Registry key HKLM\SYSTEM\ControlSet002\Enum\Root\LEGACY_EVENT deleted successfully. Registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_EVENT not found! Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_EVENT failed! Could not process line: HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_EVENT Status: 0xc0000034 Registry key HKLM\SYSTEM\ControlSet001\Services\Event deleted successfully. Registry key HKLM\SYSTEM\ControlSet002\Services\Event deleted successfully. Registry key HKLM\SYSTEM\CurrentControlSet\Services\Event not found! Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Services\Event failed! Could not process line: HKLM\SYSTEM\CurrentControlSet\Services\Event Status: 0xc0000034 File C:\Winnt\System32\drivers\mchInjDrv.sys not found! Deletion of file C:\Winnt\System32\drivers\mchInjDrv.sys failed! Could not process line: C:\Winnt\System32\drivers\mchInjDrv.sys Status: 0xc0000034 File C:\WINNT\System32\tj deleted successfully. File C:\WINNT\System32\.exe deleted successfully. Completed script processing. ******************* Finished! Terminate. encore des fichiers qu'il ne peut effacer ou trouver. normal? à + je lance diaghelp

ok je l'attends avec impatience! t'es vraiment une star charles ingals (pas que du petit écran) merki pour tout c'est moi qui vais te payer le voyage (mais pas trop loin!!!) @ +

Re, je suis un peu vert car aucune trace des 2 fichiers ds le dossier c:\winnt\system32\drivers alors que tout est coché ds les proprietés des dossiers?!?!? c'est le même style que csrss.exe! je déprime...

he ben j'avais pas remarqué que le log de regsearch etait si long yen a pour des heures à eplucher ça non? j'admire... sinon j'ai fait une mauvaise manip pour le ntbtlog j'ai pas effacé le bon (j'ai effacé sous la racine de c ntbtlog_check.txt) mais le ntbtlog.txt qui est sous c:\winnt semble bon vu la date et l'heure affichée en début de texte(il a remplacè l'ancien?) je le copie quand même tu me diras si c'est pas bon Service Pack 4 4 5 2007 18:55:15.500 Pilote charg‚ \WINNT\System32\ntoskrnl.exe Pilote charg‚ \WINNT\System32\hal.dll Pilote charg‚ \WINNT\System32\BOOTVID.dll Pilote charg‚ sptd.sys Pilote charg‚ \WINNT\System32\Drivers\SPTD5725.SYS Pilote charg‚ ACPI.sys Pilote charg‚ \WINNT\system32\DRIVERS\WMILIB.SYS Pilote charg‚ pci.sys Pilote charg‚ isapnp.sys Pilote charg‚ pciide.sys Pilote charg‚ \WINNT\system32\DRIVERS\PCIIDEX.SYS Pilote charg‚ MountMgr.sys Pilote charg‚ ftdisk.sys Pilote charg‚ Diskperf.sys Pilote charg‚ dmload.sys Pilote charg‚ dmio.sys Pilote charg‚ PartMgr.sys Pilote charg‚ viaide.sys Pilote charg‚ sfsync02.sys Pilote charg‚ imagedrv.sys Pilote charg‚ \WINNT\system32\DRIVERS\SCSIPORT.SYS Pilote charg‚ atapi.sys Pilote charg‚ disk.sys Pilote charg‚ \WINNT\system32\DRIVERS\CLASSPNP.SYS Pilote charg‚ fltmgr.sys Pilote charg‚ PxHelp20.sys Pilote charg‚ KSecDD.sys Pilote charg‚ Ntfs.sys Pilote charg‚ NDIS.sys Pilote charg‚ viaagp1.sys Pilote charg‚ sfhlp02.sys Pilote charg‚ sfdrv01.sys Pilote charg‚ Mup.sys Pilote charg‚ \SystemRoot\system32\DRIVERS\nv4_mini.sys Pilote charg‚ \SystemRoot\system32\drivers\rob_v.sys Pilote charg‚ \SystemRoot\system32\DRIVERS\rob_a.sys Pilote charg‚ \SystemRoot\system32\DRIVERS\RTL8139.SYS Pilote charg‚ \SystemRoot\system32\DRIVERS\i8042prt.sys Pilote charg‚ \SystemRoot\system32\DRIVERS\mouclass.sys Pilote charg‚ \SystemRoot\system32\DRIVERS\kbdclass.sys Pilote charg‚ \SystemRoot\system32\DRIVERS\cdrom.sys Pilote charg‚ \SystemRoot\system32\DRIVERS\uhcd.sys Pilote charg‚ \SystemRoot\system32\drivers\ALCXWDM.SYS Pilote charg‚ \SystemRoot\System32\Drivers\vaxscsi.sys Pilote charg‚ \SystemRoot\system32\DRIVERS\fdc.sys Pilote charg‚ \SystemRoot\system32\DRIVERS\serial.sys Pilote charg‚ \SystemRoot\system32\DRIVERS\serenum.sys Pilote charg‚ \SystemRoot\system32\DRIVERS\parport.sys Pilote charg‚ \SystemRoot\system32\DRIVERS\gameenum.sys Pilote charg‚ \SystemRoot\system32\DRIVERS\audstub.sys Pilote charg‚ \SystemRoot\system32\DRIVERS\rasl2tp.sys Pilote charg‚ \SystemRoot\system32\DRIVERS\ndistapi.sys Pilote charg‚ \SystemRoot\system32\DRIVERS\ndiswan.sys Pilote charg‚ \SystemRoot\system32\DRIVERS\raspptp.sys Pilote charg‚ \SystemRoot\system32\DRIVERS\ptilink.sys Pilote charg‚ \SystemRoot\system32\DRIVERS\raspti.sys Pilote charg‚ \SystemRoot\system32\DRIVERS\parallel.sys Pilote charg‚ \SystemRoot\system32\DRIVERS\swenum.sys Pilote charg‚ \SystemRoot\system32\DRIVERS\update.sys Pilote charg‚ \SystemRoot\system32\DRIVERS\usbhub.sys Pilote charg‚ \SystemRoot\system32\DRIVERS\flpydisk.sys Pilote charg‚ \SystemRoot\System32\Drivers\NDProxy.SYS Pilote charg‚ \SystemRoot\System32\Drivers\EFS.SYS Le pilote n'a pas ‚t‚ charg‚ \SystemRoot\System32\Drivers\NDProxy.SYS Pilote charg‚ \SystemRoot\system32\DRIVERS\hidusb.sys Pilote charg‚ \SystemRoot\system32\DRIVERS\usbscan.sys Le pilote n'a pas ‚t‚ charg‚ \SystemRoot\System32\Drivers\lbrtfdc.SYS Le pilote n'a pas ‚t‚ charg‚ \SystemRoot\System32\Drivers\Sfloppy.SYS Le pilote n'a pas ‚t‚ charg‚ \SystemRoot\System32\Drivers\Changer.SYS Le pilote n'a pas ‚t‚ charg‚ \SystemRoot\System32\Drivers\Cdaudio.SYS Pilote charg‚ \SystemRoot\System32\Drivers\Fs_Rec.SYS Pilote charg‚ \SystemRoot\System32\Drivers\Null.SYS Pilote charg‚ \SystemRoot\System32\Drivers\Beep.SYS Pilote charg‚ \SystemRoot\System32\DRIVERS\AvgAsCln.sys Pilote charg‚ \SystemRoot\System32\Drivers\VIAPFD.SYS Le pilote n'a pas ‚t‚ charg‚ \SystemRoot\System32\Drivers\sglfb.SYS Le pilote n'a pas ‚t‚ charg‚ \SystemRoot\System32\Drivers\tga.SYS Pilote charg‚ \SystemRoot\System32\drivers\vga.sys Pilote charg‚ \SystemRoot\System32\Drivers\mnmdd.SYS Pilote charg‚ \SystemRoot\System32\Drivers\Msfs.SYS Pilote charg‚ \SystemRoot\System32\Drivers\Npfs.SYS Pilote charg‚ \SystemRoot\system32\DRIVERS\rasacd.sys Pilote charg‚ \SystemRoot\system32\DRIVERS\msgpc.sys Pilote charg‚ \SystemRoot\system32\DRIVERS\tcpip.sys Pilote charg‚ \SystemRoot\system32\DRIVERS\wanarp.sys Pilote charg‚ \SystemRoot\system32\DRIVERS\netbt.sys Pilote charg‚ \SystemRoot\system32\DRIVERS\netbios.sys Le pilote n'a pas ‚t‚ charg‚ \SystemRoot\System32\Drivers\PCIDump.SYS Le pilote n'a pas ‚t‚ charg‚ \SystemRoot\system32\DRIVERS\redbook.sys Pilote charg‚ \SystemRoot\system32\DRIVERS\rdbss.sys Pilote charg‚ \SystemRoot\system32\DRIVERS\mrxsmb.sys Pilote charg‚ \??\d:\AVG Anti-Spyware 7.5\guard.sys Pilote charg‚ \SystemRoot\System32\drivers\afd.sys Pilote charg‚ \SystemRoot\System32\Drivers\ParVdm.SYS Pilote charg‚ \SystemRoot\system32\DRIVERS\atksgt.sys Pilote charg‚ \SystemRoot\system32\drivers\wdmaud.sys Pilote charg‚ \SystemRoot\system32\drivers\sysaudio.sys Pilote charg‚ \SystemRoot\system32\drivers\swmidi.sys Pilote charg‚ \SystemRoot\system32\drivers\DMusic.sys Pilote charg‚ \SystemRoot\system32\drivers\kmixer.sys Pilote charg‚ \??\C:\Program Files\Softwin\BitDefender8\filespy.sys Pilote charg‚ \SystemRoot\System32\Drivers\Fips.SYS Pilote charg‚ \SystemRoot\system32\DRIVERS\lirsgt.sys Le pilote n'a pas ‚t‚ charg‚ \SystemRoot\system32\DRIVERS\rdbss.sys Le pilote n'a pas ‚t‚ charg‚ \SystemRoot\system32\DRIVERS\mrxsmb.sys Pilote charg‚ \SystemRoot\system32\DRIVERS\srv.sys Le pilote n'a pas ‚t‚ charg‚ \??\C:\Program Files\Softwin\BitDefender8\regspy.sys Pilote charg‚ \??\C:\WINNT\system32\drivers\SECDRV.SYS Pilote charg‚ \SystemRoot\System32\Drivers\Cdfs.SYS Pilote charg‚ \SystemRoot\System32\Drivers\Fastfat.SYS Pilote charg‚ \SystemRoot\system32\DRIVERS\ipsec.sys Le pilote n'a pas ‚t‚ charg‚ \??\C:\Program Files\Softwin\BitDefender8\regspy.sys Pilote charg‚ \??\D:\PC Alert III\NTGLM7X.sys Pilote charg‚ \??\C:\WINNT\system32\Drivers\mchInjDrv.sys j'avais oublié MERCI et à +

re charle ingals voici le rapport regsearch : Windows Registry Editor Version 5.00 ; Registry Search 2.0 by Bobbi Flekman © 2005 ; Version: 2.0.2.0 ; Results at 05/04/2007 18:46:15 for strings: ; 'event' ; 'events log' ; Strings excluded from search: ; (None) ; Search in: ; Registry Keys Registry Values Registry Data ; HKEY_LOCAL_MACHINE HKEY_USERS [HKEY_LOCAL_MACHINE\SOFTWARE\Canon\ZoomBrowser EX Public\Search\kwd_event] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{1BE1F766-5536-11D1-B726-00C04FB926AF}] "LocalService"="EventSystem" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{D0565000-9DF4-11D1-A281-00C04FCA0AA7}] @="Event Object Change" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{D3938AB0-5B9D-11D1-8DD2-00AA004ABD5E}] @="SENS Subscriber for EventSystem EventObjectChange events" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{D5978620-5B9F-11D1-8DD2-00AA004ABD5E}] @="SENS Network Events" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{D5978630-5B9F-11D1-8DD2-00AA004ABD5E}] @="SENS Logon Events" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{D5978640-5B9F-11D1-8DD2-00AA004ABD5E}] @="SENS OnNow Events" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{ECABB0C3-7F19-11D2-978E-0000F8757E2A}] @="ComEvents.ComServiceEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{06290BD9-48AA-11D2-8432-006008C3FBFC}] @="Constructor for Scriptlet Event Handler" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{06290BD9-48AA-11D2-8432-006008C3FBFC}\ProgID] @="ScriptletHandler.Event" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0725C3CB-FEFB-11D0-99F9-00C04FC2F8EC}] @="WMI Event Provider" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1BE1F766-5536-11D1-B726-00C04FB926AF}] @="EventSystemTier2" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{266C72E7-62E8-11D1-AD89-00C04FD8FDFF}] @="Microsoft WBEM Active Scripting Event Consumer Provider" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3DD82D10-E6F1-11D2-B139-00105A1F77A1}] @="WBEM Power Event Provider" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4E14FBA2-2E22-11D1-9964-00C04FBBB345}] @="Event System" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4E14FBA2-2E22-11D1-9964-00C04FBBB345}\ProgID] @="EventSystem.EventSystem.1" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4E14FBA2-2E22-11D1-9964-00C04FBBB345}\VersionIndependentProgID] @="EventSystem.EventSystem" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{50B4791F-4731-11D0-8912-00C04FC2A0CA}\ProgID] @="DirectAnimation.DAEvent.1" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{50B4791F-4731-11D0-8912-00C04FC2A0CA}\VersionIndependentProgID] @="DirectAnimation.DAEvent" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5D08B586-343A-11D0-AD46-00C04FD8FDFF}] @="Microsoft WBEM Event Subsystem" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6BC0969F-0CE6-11D1-BAAE-00C04FC2E20D}] @="IAS NT Event Log Class" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6BC0969F-0CE6-11D1-BAAE-00C04FC2E20D}\ProgID] @="IAS.NTEventLog.1" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6BC0969F-0CE6-11D1-BAAE-00C04FC2E20D}\VersionIndependentProgID] @="IAS.NTEventLog" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6C19BE35-7500-11D1-AD94-00C04FD8FDFF}] @="Microsoft WBEM Event filter marshaling proxy" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7087EBD9-B9CE-11d1-8F62-00C04FB611C7}] @="TimerEventManager" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7542E960-79C7-11D1-88F9-0080C7D771BF}] @="Event Subscription" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7542E960-79C7-11D1-88F9-0080C7D771BF}\ProgID] @="EventSystem.EventSubscription" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7542E960-79C7-11D1-88F9-0080C7D771BF}\VersionIndependentProgID] @="EventSystem.EventSubscription.1" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AB944620-79C6-11D1-88F9-0080C7D771BF}] @="Event Publisher" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AB944620-79C6-11D1-88F9-0080C7D771BF}\ProgID] @="EventSystem.EventPublisher.1" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AB944620-79C6-11D1-88F9-0080C7D771BF}\VersionIndependentProgID] @="EventSystem.EventPublisher" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C7A3A54B-0250-11D3-9CD1-00105A1F4801}] @="Microsoft WBEM SMTP Event Consumer Provider" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CDBEC9C0-7A68-11D1-88F9-0080C7D771BF}] @="Event Class" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CDBEC9C0-7A68-11D1-88F9-0080C7D771BF}\ProgID] @="EventSystem.EventClass" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CDBEC9C0-7A68-11D1-88F9-0080C7D771BF}\VersionIndependentProgID] @="EventSystem.EventClass.1" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D0565000-9DF4-11D1-A281-00C04FCA0AA7}] @="EventSystem.EventObjectChange" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D3938AB0-5B9D-11D1-8DD2-00AA004ABD5E}] @="SENS Subscriber for EventSystem EventObjectChange events" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D5978620-5B9F-11D1-8DD2-00AA004ABD5E}] @="SENS Network Events" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D5978620-5B9F-11D1-8DD2-00AA004ABD5E}\ProgID] @="SENS Network Events.1" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D5978620-5B9F-11D1-8DD2-00AA004ABD5E}\VersionIndependentProgID] @="SENS Network Events" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D5978630-5B9F-11D1-8DD2-00AA004ABD5E}] @="SENS Logon Events" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D5978630-5B9F-11D1-8DD2-00AA004ABD5E}\ProgID] @="SENS Logon Events.1" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D5978630-5B9F-11D1-8DD2-00AA004ABD5E}\VersionIndependentProgID] @="SENS Logon Events" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D5978640-5B9F-11D1-8DD2-00AA004ABD5E}] @="SENS OnNow Events" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D5978640-5B9F-11D1-8DD2-00AA004ABD5E}\ProgID] @="SENS OnNow Events.1" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D5978640-5B9F-11D1-8DD2-00AA004ABD5E}\VersionIndependentProgID] @="SENS OnNow Events" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ecabafbc-7f19-11d2-978e-0000f8757e2a}\ProgID] @="EventPublisher.EventPublisher.1" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ecabb0ab-7f19-11d2-978e-0000f8757e2a}] @="MTSEvents Class" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ecabb0ab-7f19-11d2-978e-0000f8757e2a}\ProgID] @="MTS.MTSEvents.1" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ecabb0ab-7f19-11d2-978e-0000f8757e2a}\VersionIndependentProgID] @="MTS.MTSEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ECABB0C3-7F19-11D2-978E-0000F8757E2A}] @="ComEvents.ComServiceEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ECABB0C3-7F19-11D2-978E-0000F8757E2A}\ProgID] @="ComEvents.ComServiceEvents.1" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ECABB0C3-7F19-11D2-978E-0000F8757E2A}\VersionIndependentProgID] @="ComEvents.ComServiceEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F55C5B4C-517D-11D1-AB57-00C04FD9159E}] @="Microsoft WBEM NT Eventlog Event Provider" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F55C5B4C-517D-11D1-AB57-00C04FD9159E}\ProgID] @="WBEM.NT.EVENTLOG.EVENT.PROVIDER.0" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F55C5B4C-517D-11D1-AB57-00C04FD9159E}\VersionIndependentProgID] @="WBEM.NT.EVENTLOG.EVENT.PROVIDER" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FA77A74E-E109-11D0-AD6E-00C04FD8FDFF}] @="WBEM Registry Event Provider" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FD4F53E0-65DC-11D1-AB64-00C04FD9159E}] @="Microsoft WBEM NT Eventlog Instance Provider" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FD4F53E0-65DC-11D1-AB64-00C04FD9159E}\ProgID] @="WBEM.NT.EVENTLOG.INSTANCE.PROVIDER.0" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FD4F53E0-65DC-11D1-AB64-00C04FD9159E}\VersionIndependentProgID] @="WBEM.NT.EVENTLOG.INSTANCE.PROVIDER" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ComEvents.ComServiceEvents] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ComEvents.ComServiceEvents] @="ComEvents.ComServiceEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ComEvents.ComServiceEvents\CLSID] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ComEvents.ComServiceEvents\CurVer] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ComEvents.ComServiceEvents\CurVer] @="ComEvents.ComServiceEvents.1" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ComEvents.ComServiceEvents.1] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ComEvents.ComServiceEvents.1] @="ComEvents.ComServiceEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ComEvents.ComServiceEvents.1\CLSID] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DirectAnimation.DAEvent] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DirectAnimation.DAEvent\CLSID] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DirectAnimation.DAEvent.1] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DirectAnimation.DAEvent.1\CLSID] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\EventPublisher.EventPublisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\EventPublisher.EventPublisher] @="EventPublisher Class" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\EventPublisher.EventPublisher\CurVer] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\EventPublisher.EventPublisher\CurVer] @="EventPublisher.EventPublisher.1" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\EventPublisher.EventPublisher.1] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\EventPublisher.EventPublisher.1] @="EventPublisher Class" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\EventPublisher.EventPublisher.1\CLSID] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\EventSystem.EventClass] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\EventSystem.EventClass] @="Event Class" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\EventSystem.EventClass\CLSID] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\EventSystem.EventClass.1] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\EventSystem.EventClass.1] @="Event Class" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\EventSystem.EventClass.1\CLSID] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\EventSystem.EventClass.1\CurVer] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\EventSystem.EventClass.1\CurVer] @="EventSystem.EventClass" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\EventSystem.EventPublisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\EventSystem.EventPublisher] @="Event Publisher" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\EventSystem.EventPublisher\CLSID] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\EventSystem.EventPublisher\CurVer] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\EventSystem.EventPublisher\CurVer] @="EventSystem.EventPublisher.1" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\EventSystem.EventPublisher.1] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\EventSystem.EventPublisher.1] @="Event Publisher" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\EventSystem.EventPublisher.1\CLSID] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\EventSystem.EventSubscription] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\EventSystem.EventSubscription] @="Event Subscription" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\EventSystem.EventSubscription\CLSID] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\EventSystem.EventSubscription.1] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\EventSystem.EventSubscription.1] @="Event Subscription" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\EventSystem.EventSubscription.1\CLSID] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\EventSystem.EventSubscription.1\CurVer] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\EventSystem.EventSubscription.1\CurVer] @="EventSystem.EventSubscription" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\EventSystem.EventSystem] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\EventSystem.EventSystem] @="Event System" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\EventSystem.EventSystem\CLSID] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\EventSystem.EventSystem\CurVer] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\EventSystem.EventSystem\CurVer] @="EventSystem.EventSystem.1" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\EventSystem.EventSystem.1] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\EventSystem.EventSystem.1] @="Event System" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\EventSystem.EventSystem.1\CLSID] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IAS.NTEventLog] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IAS.NTEventLog] @="IAS NT Event Log Class" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IAS.NTEventLog\CLSID] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IAS.NTEventLog\CurVer] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IAS.NTEventLog\CurVer] @="IAS.NTEventLog.1" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IAS.NTEventLog.1] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IAS.NTEventLog.1] @="IAS NT Event Log Class" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IAS.NTEventLog.1\CLSID] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{00000266-0000-0010-8000-00AA006D2EA4}] @="RecordsetEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{00000400-0000-0010-8000-00AA006D2EA4}] @="ConnectionEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{0287BFEA-6093-4D3C-98D6-B8BD566B224A}] @="_IDataTransferEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{02BF25D4-8C17-4B23-BC80-D3488ABDDC6B}] @="DQTActiveXPluginEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{0343E2F4-86F6-11D1-B760-00C04FB926AF}] @="IEventControl" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{0343E2F5-86F6-11D1-B760-00C04FB926AF}] @="IMultiInterfaceEventControl" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{05589FA3-C356-11CE-BF01-00AA0055595A}] @="DActiveMovieEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{06DD38D2-D187-11CF-A80D-00C04FD74AD8}] @="DActiveXPluginEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{0705D0A4-9AD9-11D5-A2F5-00105A1F6B57}] @="_DAXCIGEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{0713E8A4-850A-101B-AFC0-4210102A8DA7}] @="ITreeViewEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{0713E8D1-850A-101B-AFC0-4210102A8DA7}] @="IProgressBarEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{07DB96D0-91D8-11D1-ADE1-0000F87734F0}] @="_RefDialEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{07F82098-0ED1-4EE9-99B4-4B55E6EA203A}] @="_IEventsToast" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{0E269CD0-10D4-4121-9C22-9C85D625650D}] @="ITPrivateEvent" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{0F504B94-6E42-42E6-99E0-E20FAFE52AB4}] @="IUserEventTimer" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{0FB77D50-1B66-4B2F-9245-9B1340E3C12B}] @="_IKAVWebScanEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1208D09A-A197-11D1-B7A7-00C04FB926AF}] @="IEventPropertyBag" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1611FDDA-445B-11D2-85DE-00C04FA35C89}] @="_SearchAssistantEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{166A20C0-AE10-11D1-ADEB-0000F87734F0}] @="_WebGateEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1896E50A-DC8F-4E80-BF5A-91F75057E3C6}] @="_IASInstaladorEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1B490296-50DF-11D1-8B44-00C04FC3183B}] @="DPreviewEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1C15D480-911D-11D2-B632-00C04F79498E}] @="IMSVidDeviceEvent" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1C15D485-911D-11D2-B632-00C04F79498E}] @="IMSVidTunerEvent" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1C15D486-911D-11D2-B632-00C04F79498E}] @="IMSVidAnalogTunerEvent" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1DC9CA50-06EF-11D2-8415-006008C3FBFC}] @="ITridentEventSink" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1DF04FC2-002F-4EEB-81F5-AD5E97A253D4}] @="_DRecordingEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1EFB6595-857C-11D1-B16A-00C0F0283628}] @="ITabStripEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1F6D88A2-98D2-11D1-ADE3-0000F87734F0}] @="_INSHandlerEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1FF6AA72-5842-11CF-A707-00AA00C0098D}] @="HTMLTextContainerEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{20DD1B9D-87C4-11D1-8BE3-0000F8754DA1}] @="DDTPickerEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{2179C5D2-EBFF-11CF-B6FD-00AA00B4E220}] @="DNSOPlayEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{2288B787-C5AE-4E8B-A886-162E318B057C}] @="_IEventsMainPluginWindow2" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{232E4569-87C3-11D1-8BE3-0000F8754DA1}] @="DMonthViewEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{24785B20-135E-11D1-A2A7-00A0C9082766}] @="IADCEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{2583251F-0A04-11D3-886B-00C04F72F303}] @="ISetupBasicFeatureStateEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{25959BEE-E700-11D2-A7AF-00C04F806200}] @="_DMsieEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{26AE5141-8010-46EA-861C-F9FC0F8B61D9}] @="DirectPlayVoiceEvent8" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{27395F87-0C0C-101B-A3C9-08002B2F49FB}] @="DPicClipEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{27D54D92-0EBE-11D2-8B22-00600806D9B6}] @="ISWbemEventSource" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{297F3032-BD11-11D1-A0A7-00805FC147D3}] @="ITACDGroupEvent" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{297F3033-BD11-11D1-A0A7-00805FC147D3}] @="ITQueueEvent" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{297F3034-BD11-11D1-A0A7-00805FC147D3}] @="ITAgentHandlerEvent" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{2B323CDA-50E3-11D3-9466-00A0C9700498}] @="_IYAcsEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{2BCC9863-C5CA-4784-8C19-F61002356D10}] @="_DLEDMeterEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{2C247F22-8591-11D1-B16A-00C0F0283628}] @="ImageListEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{2C6C9F62-1447-4CDA-8000-B8C97EB4D30B}] @="_INeroAudioTrackEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{2D3A4C40-E711-11D0-94AB-0080C74C7E95}] @="_MediaPlayerEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{2E6A14E2-571C-11D3-B652-00C04F79498E}] @="IMSVidOutputDeviceEvent" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3050F25B-98B5-11CF-BB82-00AA00BDCE0B}] @="HTMLImgEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3050F260-98B5-11CF-BB82-00AA00BDCE0B}] @="HTMLDocumentEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3050F29D-98B5-11CF-BB82-00AA00BDCE0B}] @="HTMLAnchorEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3050F2A7-98B5-11CF-BB82-00AA00BDCE0B}] @="HTMLInputTextElementEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3050F2AF-98B5-11CF-BB82-00AA00BDCE0B}] @="HTMLInputFileElementEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3050F2B3-98B5-11CF-BB82-00AA00BDCE0B}] @="HTMLButtonElementEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3050F2B8-98B5-11CF-BB82-00AA00BDCE0B}] @="HTMLMarqueeElementEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3050F2BD-98B5-11CF-BB82-00AA00BDCE0B}] @="HTMLOptionButtonElementEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3050F2C3-98B5-11CF-BB82-00AA00BDCE0B}] @="HTMLInputImageEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3050F302-98B5-11CF-BB82-00AA00BDCE0B}] @="HTMLSelectElementEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3050F329-98B5-11CF-BB82-00AA00BDCE0B}] @="HTMLLabelEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3050F32D-98B5-11CF-BB82-00AA00BDCE0B}] @="IHTMLEventObj" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3050F33C-98B5-11CF-BB82-00AA00BDCE0B}] @="HTMLElementEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3050F364-98B5-11CF-BB82-00AA00BDCE0B}] @="HTMLFormElementEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3050F366-98B5-11CF-BB82-00AA00BDCE0B}] @="HTMLAreaEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3050F3BA-98B5-11CF-BB82-00AA00BDCE0B}] @="HTMLMapEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3050F3C4-98B5-11CF-BB82-00AA00BDCE0B}] @="HTMLObjectElementEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3050F3CB-98B5-11CF-BB82-00AA00BDCE0B}] @="HTMLStyleElementEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3050F3CC-98B5-11CF-BB82-00AA00BDCE0B}] @="HTMLLinkElementEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3050F3E2-98B5-11CF-BB82-00AA00BDCE0B}] @="HTMLScriptEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3050F407-98B5-11CF-BB82-00AA00BDCE0B}] @="HTMLTableEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3050F48B-98B5-11CF-BB82-00AA00BDCE0B}] @="IHTMLEventObj2" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3050F4C7-98B5-11CF-BB82-00AA00BDCE0B}] @="HTMLPersistEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3050F4EA-98B5-11CF-BB82-00AA00BDCE0B}] @="HTMLControlElementEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3050F4FF-98B5-11CF-BB82-00AA00BDCE0B}] @="IHTCEventBehavior" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3050F558-98B5-11CF-BB82-00AA00BDCE0B}] @="DispCEventObj" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3050F574-98B5-11CF-BB82-00AA00BDCE0B}] @="DispHTCEventBehavior" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3050F60F-98B5-11CF-BB82-00AA00BDCE0B}] @="HTMLElementEvents2" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3050F610-98B5-11CF-BB82-00AA00BDCE0B}] @="HTMLAnchorEvents2" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3050F611-98B5-11CF-BB82-00AA00BDCE0B}] @="HTMLAreaEvents2" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3050F612-98B5-11CF-BB82-00AA00BDCE0B}] @="HTMLControlElementEvents2" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3050F613-98B5-11CF-BB82-00AA00BDCE0B}] @="HTMLDocumentEvents2" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3050F614-98B5-11CF-BB82-00AA00BDCE0B}] @="HTMLFormElementEvents2" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3050F615-98B5-11CF-BB82-00AA00BDCE0B}] @="HTMLStyleElementEvents2" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3050F616-98B5-11CF-BB82-00AA00BDCE0B}] @="HTMLImgEvents2" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3050F617-98B5-11CF-BB82-00AA00BDCE0B}] @="HTMLButtonElementEvents2" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3050F618-98B5-11CF-BB82-00AA00BDCE0B}] @="HTMLInputTextElementEvents2" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3050F619-98B5-11CF-BB82-00AA00BDCE0B}] @="HTMLOptionButtonElementEvents2" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3050F61A-98B5-11CF-BB82-00AA00BDCE0B}] @="HTMLInputFileElementEvents2" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3050F61B-98B5-11CF-BB82-00AA00BDCE0B}] @="HTMLInputImageEvents2" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3050F61C-98B5-11CF-BB82-00AA00BDCE0B}] @="HTMLLabelEvents2" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3050F61D-98B5-11CF-BB82-00AA00BDCE0B}] @="HTMLLinkElementEvents2" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3050F61E-98B5-11CF-BB82-00AA00BDCE0B}] @="HTMLMapEvents2" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3050F61F-98B5-11CF-BB82-00AA00BDCE0B}] @="HTMLMarqueeElementEvents2" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3050F620-98B5-11CF-BB82-00AA00BDCE0B}] @="HTMLObjectElementEvents2" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3050F621-98B5-11CF-BB82-00AA00BDCE0B}] @="HTMLScriptEvents2" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3050F622-98B5-11CF-BB82-00AA00BDCE0B}] @="HTMLSelectElementEvents2" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3050F623-98B5-11CF-BB82-00AA00BDCE0B}] @="HTMLTableEvents2" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3050F624-98B5-11CF-BB82-00AA00BDCE0B}] @="HTMLTextContainerEvents2" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3050F625-98B5-11CF-BB82-00AA00BDCE0B}] @="HTMLWindowEvents2" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3050F674-98B5-11CF-BB82-00AA00BDCE0B}] @="LayoutRectEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3050F680-98B5-11CF-BB82-00AA00BDCE0B}] @="IHTMLEventObj3" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3050F6BD-98B5-11CF-BB82-00AA00BDCE0B}] @="HTMLNamespaceEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3050F7FF-98B5-11CF-BB82-00AA00BDCE0B}] @="HTMLFrameSiteEvents2" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3050F800-98B5-11CF-BB82-00AA00BDCE0B}] @="HTMLFrameSiteEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3050F814-98B5-11CF-BB82-00AA00BDCE0B}] @="IHTMLEventObj4" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3130E57C-140F-427E-AB34-99C96CAEF9A0}] @="_IEventsWindowCreation" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3194B4CC-EF32-11D1-93AE-00AA00BA3258}] @="IEventSourceCallback" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3325E057-E758-49E2-B74F-DD98D72174D7}] @="_IEventsPluginHost" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{333C7BC6-460F-11D0-BC04-0080C7055A83}] @="ITDCCtlEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{34A715A0-6587-11D0-924A-0020AFC7AC4D}] @="DWebBrowserEvents2" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{34F65748-C76B-44DB-98F4-20EA3FF82F22}] @="_IYFTEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{35053A21-8589-11D1-B16A-00C0F0283628}] @="IProgressBarEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3584F274-61EA-11D2-8BD9-00C04FC2F51D}] @="_IDAViewerControlEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{369303C1-D7AC-11D0-89D5-00A0C90833E6}] @="ISGrfxCtlEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{36BE4BF6-F6C1-40FD-BDFE-919730A93B2A}] @="_IEventsAddressBook" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{373FF7F2-EB8B-11CD-8820-08002B2F4F5A}] @="ISliderEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{37B0353A-A4C8-11D2-B634-00C04F79498E}] @="IMSVidFilePlaybackEvent" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{37B0353B-A4C8-11D2-B634-00C04F79498E}] @="IMSVidPlaybackEvent" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{37B0353E-A4C8-11D2-B634-00C04F79498E}] @="IMSVidInputDeviceEvent" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{37B03541-A4C8-11D2-B634-00C04F79498E}] @="IMSVidAudioRendererEvent" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{37B03545-A4C8-11D2-B634-00C04F79498E}] @="IMSVidVideoRendererEvent" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{38CB4F18-F113-4432-9BF6-D3BCCCCC7F8D}] @="_ISeleccionEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{39A2C2A7-4778-11D2-9BDB-204C4F4F5020}] @="_IDirectControlEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{39A2C2AA-4778-11D2-9BDB-204C4F4F5020}] @="_IDirectContainerEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3A6AD9E2-23B9-11CF-AD60-00AA00A74CCD}] @="ITransactionOutcomeEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3B21263F-26E8-489D-AAC4-924F7EFD9511}] @="IBroadcastEvent" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3D0CE316-411A-43CB-9399-FFDCB28B3D29}] @="_IYbSkinControlEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3DA2AA3C-3D96-11D2-9BD2-204C4F4F5020}] @="_IAsyncPProtEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3E9BAF2C-7A79-11D2-9334-0000F875AE17}] @="_INetMeetingEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3EFAA427-272F-11D2-836F-0000F87A7782}] @="XMLDOMDocumentEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{41054FAD-F598-11D1-8232-00A0C9A7872D}] @="IEventHandler" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{42819D07-27DC-4413-BBBC-DE895C5B18C0}] @="_DCurveEditEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{44F876D8-8391-11D0-B16F-00AA00BA3258}] @="IMtsEventsPriv" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{4524AAA5-7E2C-11D6-B1B8-0050BAE10642}] @="_DSelectMicEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{4539E412-7813-11D2-B25F-00A0C90D6111}] @="TIMEMediaPlayerEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{4A6B0E15-2E38-11D1-9965-00C04FBBB345}] @="IEventSubscription" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{4A6B0E16-2E38-11D1-9965-00C04FBBB345}] @="IEventSubscription2" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{4B106873-DD36-11D0-8B44-00A024DD9EFF}] @="_DTSHOOTEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{4E14FB9F-2E22-11D1-9964-00C04FBBB345}] @="IEventSystem" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{4EF6100A-AF88-11D0-9846-00C04FC29993}] @="FontEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{4F241DB2-EE9F-11D0-9824-006097C99E51}] @="IMMSeqEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{50B4791E-4731-11D0-8912-00C04FC2A0CA}] @="IDAEvent" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{50CE8A7D-9C28-4DA8-9042-CDFA7116F979}] @="IMSVidStreamBufferSourceEvent" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{55136806-B2DE-11D1-B9F2-00A0C98BC547}] @="DShellNameSpaceEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{55522D2C-8DA4-4FB3-AB1F-3E9A904E36A1}] @="_DCoverEdCtrlEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{5630AF82-ECE9-11D2-A369-6C4209C10000}] @="_DAwm4MidiEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{56A868A2-0AD4-11CE-B03A-0020AF0BA770}] @="IMediaEventSink" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{56A868B6-0AD4-11CE-B03A-0020AF0BA770}] @="IMediaEvent" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{580ACAF8-FA1C-11D0-AD72-00C04FD8FDFF}] @="IWbemEventProviderQuerySink" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{588D5040-CF28-11D1-8CD3-00A0C959BC0A}] @="_DHTMLEditEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{58D6F4B0-181D-11D1-9E88-00C04FDCAB92}] @="DThumbCtlEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{58DA8D8C-9D6A-101B-AFC0-4210102A8DA7}] @="ListViewEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{58DA8D91-9D6A-101B-AFC0-4210102A8DA7}] @="ImageListEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{5AFC314A-4BCC-11D1-BF80-00805FC147D3}] @="ITAgentEvent" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{5AFC314B-4BCC-11D1-BF80-00805FC147D3}] @="ITAgentSessionEvent" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{5BB8F7F5-EA91-48AA-8575-84D1C5838D19}] @="_ISOSEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{5D4B65F9-E51C-11D1-A02F-00C04FB6809F}] @="ITCallInfoChangeEvent" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{603C7E7F-87C2-11D1-8BE3-0000F8754DA1}] @="DUpDownEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{60890160-69F0-11D1-B758-00A0C90564FE}] @="DSearchCommandEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{609B954B-4FB6-11D1-9971-00C04FBBB345}] @="IEventSystemTier2" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{609B9555-4FB6-11D1-9971-00C04FBBB345}] @="IEventClassTier2" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{609B9557-4FB6-11D1-9971-00C04FBBB345}] @="IEventSubscriptionTier2" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{612A8626-0FB3-11CE-8747-524153480004}] @="IToolbarEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{614E1495-1014-44F8-B350-5344C0770C1E}] @="_IQTControlEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{62112AA2-EBE4-11CF-A5FB-0020AFE7292D}] @="DShellFolderViewEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{62F47097-95C9-11D0-835D-00AA003CCABD}] @="ITCallStateEvent" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{631F7D96-D993-11D2-B339-00105A1F4AAF}] @="IWbemEventProviderSecurity" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{63CDBCB0-C1B1-11D0-9336-00A0C90DCAA9}] @="IBindEventHandler" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{64B8F404-A4AE-11D1-B7B6-00C04FB926AF}] @="IEventSystemTier2Factory" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{66833FE5-8583-11D1-B16A-00C0F0283628}] @="IToolbarEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{683130A4-2E50-11D2-98A5-00C04F8EE1C4}] @="IComUserEvent" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{683130A5-2E50-11D2-98A5-00C04F8EE1C4}] @="IComThreadEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{683130A6-2E50-11D2-98A5-00C04F8EE1C4}] @="IComAppEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{683130A7-2E50-11D2-98A5-00C04F8EE1C4}] @="IComInstanceEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{683130A8-2E50-11D2-98A5-00C04F8EE1C4}] @="IComTransactionEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{683130A9-2E50-11D2-98A5-00C04F8EE1C4}] @="IComMethodEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{683130AA-2E50-11D2-98A5-00C04F8EE1C4}] @="IComObjectEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{683130AB-2E50-11D2-98A5-00C04F8EE1C4}] @="IComResourceEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{683130AC-2E50-11D2-98A5-00C04F8EE1C4}] @="IComSecurityEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{683130AD-2E50-11D2-98A5-00C04F8EE1C4}] @="IComObjectPoolEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{683130AE-2E50-11D2-98A5-00C04F8EE1C4}] @="IComObjectPoolEvents2" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{683130AF-2E50-11D2-98A5-00C04F8EE1C4}] @="IComObjectConstructionEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{683130B0-2E50-11D2-98A5-00C04F8EE1C4}] @="IComActivityEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{683130B1-2E50-11D2-98A5-00C04F8EE1C4}] @="IComIdentityEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{683130B2-2E50-11D2-98A5-00C04F8EE1C4}] @="IComQCEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{683130B3-2E50-11D2-98A5-00C04F8EE1C4}] @="IComExceptionEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{683130B4-2E50-11D2-98A5-00C04F8EE1C4}] @="ILBEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{683130B5-2E50-11D2-98A5-00C04F8EE1C4}] @="IComCRMEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{68481420-0280-11D3-9D8E-00C04F72D980}] @="ITunerEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{69C7C394-905C-11D2-91AD-00C04FA37E1F}] @="IMMCCtrlEvent" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6A87113B-B6F2-40C8-98D7-9D19F8B9EE11}] @="_IIStitchEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6B7E6391-850A-101B-AFC0-4210102A8DA7}] @="IStatusBarEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6C736DC1-AB0D-11D0-A2AD-00A0C90F27E8}] @="ISystemDebugEventFire" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6C736DEE-AB0E-11D0-A2AD-00A0C90F27E8}] @="ISystemDebugEventFireAuto" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6E35779B-305C-11D2-98A5-00C04F8EE1C4}] @="IComLceEventDispatcher" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6E449681-C509-11CF-AAFA-00AA00B6015C}] @="DInstallEngineCtlEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{706BC692-B613-4B6E-97E7-2C2104C1D06E}] @="_IQTObjectEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{73B1F259-0F7D-46DF-827D-1D013548ED6F}] @="_IReportHebrewEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{74AF3E45-019E-11D5-9574-0050BAE2D732}] @="_DUniversalTunerEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{755F9DA7-7508-11D1-AD94-00C04FD8FDFF}] @="IWbemEventProviderRequirements" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{75718CA0-F029-11D1-A1AC-00C04FB6C223}] @="ISWbemSinkEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{777C89F8-5C36-11D5-ABAF-00B0D02332EB}] @="ISetupBasicFeatureStateEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{777C8A01-5C36-11D5-ABAF-00B0D02332EB}] @="ISetupTransferEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{777C8A02-5C36-11D5-ABAF-00B0D02332EB}] @="ISetupTransferEvents2" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{7A2E9A9E-0D87-46D9-84B1-21B30AE4BD66}] @="_INeroFreestyleTrackEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{7B79E0BC-3B0B-4A06-8C3D-A85A3DF03BDD}] @="_IEventsColors" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{7DC919C5-94D3-11D4-821C-D08D42000000}] @="_INeroDriveEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{7F9A2D71-59B0-4940-9D7D-4001B53D82D2}] @="_DAxisEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{80D3BFAC-57D9-11D2-A04A-00C04FB6809F}] @="ITDigitDetectionEvent" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{80D3BFAD-57D9-11D2-A04A-00C04FB6809F}] @="ITDigitGenerationEvent" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{811675CF-023E-4903-B6E9-DA28895373B7}] @="_IReporteEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{831CE2D1-83B5-11D1-BB5C-00C04FB6809F}] @="ITAddressEvent" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{83EA33C0-CD14-11D2-A252-00104BD35090}] @="IWSHRemoteEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{847B4DF6-4B61-11D2-9BDB-204C4F4F5020}] @="_IRadioViewEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{84DE8F05-AADB-454D-B137-E7C6EF77F7B2}] @="_IEventsConversationWindow" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{85E2439E-0E23-11D3-9D8E-00C04F72D980}] @="ISignalEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{87C56C39-6038-4EF6-ACF7-03302E618FE2}] @="_INeroFileProducerEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{89131312-7806-11D2-8BEE-00C04FC2F51D}] @="_IDAViewEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{895801DF-3DD6-11D1-8F30-00C04FB6809F}] @="ITCallNotificationEvent" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{8BB35070-2DAD-11D3-A580-00C04F8EF6E3}] @="ITParticipantEvent" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{8C445A90-9D0A-11D3-A8FB-444553540000}] @="_IImagXpressEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{8E3867A2-8586-11D1-B16A-00C0F0283628}] @="IStatusBarEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{90D6AF82-0648-11D2-B719-00C04F8EE1C4}] @="AsyncIEventSourceCallback" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{90D6AF83-0648-11D2-B719-00C04F8EE1C4}] @="IEventCall" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{918AD776-E077-4E5A-9FA9-E3983CFDCED0}] @="_IEventsMessenger2" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{96A0A4E0-D062-11CF-94B6-00AA0060275C}] @="HTMLWindowEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{97EFC58A-F423-49CD-AFD6-89250AB0363B}] @="_IEventsContentTabPluginServices" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9BBC41B5-4A28-4999-A48E-56BE1EA542AF}] @="_IIASEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9C2263B1-3E3C-11D2-9BD3-204C4F4F5020}] @="_IRadioPlayerEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9D39223F-AE8E-11D4-8FD3-00D0B7730277}] @="_IWcViewerEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9E1229EF-D6EC-4059-B8A2-F4DF9F3AB9F6}] @="_IEventsWindow" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9ED94442-E5E8-101B-B9B5-444553540000}] @="ITabStripEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9F34325B-7E62-11D2-9457-00C04F8EC888}] @="ITTAPIDispatchEventNotification" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9F6438FE-A461-4034-823F-4BDDBCE566F5}] @="_DSliderAxEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{A0E8F279-888C-11D1-B763-00C04FB926AF}] @="IEventSystemPersistable" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{A0E8F27A-888C-11D1-B763-00C04FB926AF}] @="IEventSystemInitialize" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{A3C15451-5B92-11D1-8F4E-00C04FB6809F}] @="ITCallHubEvent" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{A553F3F0-3805-11D0-B6B2-00AA003240C7}] @="IWbemEventSubsystem_m4" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{A5657E5C-7BAE-4E81-9C17-284655918763}] @="IEventClassParallelFiringTimeout" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{A6423D46-852F-47A6-90D3-AD180FFA0885}] @="_DLEDMeterEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{A6D897FF-0A95-11D1-B0BA-006008166E11}] @="DWebBridgeEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AA7E2068-CB55-11D2-8094-00104B1F9838}] @="ISetupTransferEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AC48FFDE-F8C4-11D1-A030-00C04FB6809F}] @="ITRequestEvent" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{ADB880A3-D8FF-11CF-9377-00AA003B7A11}] @="_HHCtrlEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AE3138BE-55B3-4F4E-AF9E-EC0216D832CD}] @="_IEventsContactList" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AEB84C82-95DC-11D0-B7FC-B61140119C4A}] @="_DDMViewEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B09DE714-87C1-11D1-8BE3-0000F8754DA1}] @="DAnimationEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B0A6BAE1-AAF0-11D0-A152-00A0C908DB96}] @="IMMSeqMgrEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B0EDF164-910A-11D2-B632-00C04F79498E}] @="_IMSVidCtlEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B4F7A674-9B83-49CB-A357-C63B871BE958}] @="IMSVidWebDVDEvent" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B6CD6553-E9CB-11D0-821F-00A0C91F9CA0}] @="DActiveMovieEvents2" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B7FC355D-8CE7-11CF-9754-00AA00C00908}] @="DHTMLEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B7FC35B7-8CE7-11CF-9754-00AA00C00908}] @="DNMOleControlEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B90E525A-574A-11D1-8E7B-00C04FC29D46}] @="IDA2Event" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B93D9411-C3D1-47E4-A895-C838F5C8F28D}] @="_IEventsSecondaryWindow" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{BA24E1DA-9E87-4502-9AF0-B5DDFA6D6B23}] @="ISetupTransferEvents3" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{BAA342A0-2DED-11D0-86F4-00A0C913F750}] @="IImageDecodeEventSink" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{BACEDF4D-74AB-11D0-B162-00AA00BA3258}] @="IMtsEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{BB24BBEF-1EEC-422B-A397-EDBC31FB3A56}] @="_mbEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{BC583EE7-EDBD-4071-9216-E8CBD4D16A1B}] @="_DBDSCANONLINEEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{BD1041AF-0726-4E67-B6E6-0C5EC8ADD828}] @="_IEventsConversationPluginServices" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{BD671561-BE43-4BD5-8250-F7555A2EA706}] @="_IEventsCustomMenu" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{BDC217C7-ED16-11CD-956C-0000C04E4C0A}] @="DSSTabCtlEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{BDD1F04A-858B-11D1-B16A-00C0F0283628}] @="ListViewEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{BE6115A1-7DE5-48DC-AD2A-25060E00FCE2}] @="ISetupTransferEvents2" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{C1FB73D0-EC3A-4BA2-B512-8CDB9187B6D1}] @="IHWEventHandler" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{C3701885-B39B-11D1-9D68-00C04FC30DF6}] @="_InstallEvent" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{C3701885-B39B-11EE-9D68-00C04FC30DF6}] @="_InfoReadyEvent" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{C3A9F406-2222-436D-86D5-BA3229279EFB}] @="IMSEventBinder" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{C40CB31E-8E51-470E-A7B4-39F017F4C04B}] @="_DEffectEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{C47195ED-CD7A-11D1-8EA3-00C04F9900D7}] @="_SysColorEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{C4D651F0-7697-11D1-A1E9-00A0C90F2731}] @="EventParameter" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{C4D651F1-7697-11D1-A1E9-00A0C90F2731}] @="EventParameters" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{C4D651F2-7697-11D1-A1E9-00A0C90F2731}] @="EventInfo" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{C572C17E-A55C-4605-9B18-5E11ABBF7043}] @="IStatusDisplayEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{C74190B5-8589-11D1-B16A-00C0F0283628}] @="ITreeViewEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{CCAD6A47-5701-4018-B1A5-654672FDC4B6}] @="IScriptEventHandler" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{CD6C7867-5864-11D0-ABF0-0020AF6B0B7A}] @="_DTVEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{CDCD32BA-617E-41D9-ADCE-01455E52647E}] @="_IEventsContactListUI" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{CF4B37DA-48E6-4C76-BB9A-B878469918DB}] @="_DLevelSliderEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{CFA3357C-AD77-11D1-BB68-00C04FB6809F}] @="ITQOSEvent" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{CFCDAA02-8BE4-11CF-B84B-0020AFBBCCFA}] @="DRealAudioEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D12DBEC0-C3C7-11D3-87A8-009027A35D73}] @="IYAcsUI1Events" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D1CA9B18-9ED2-43B5-8759-7A5C892D4C5C}] @="DirectXEvent8" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D1FC78E8-B380-11D1-ADC5-006008A5848C}] @="_DHTMLSafeEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D27CDB6D-AE6D-11CF-96B8-444553540000}] @="_IShockwaveFlashEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D2C8FD3A-88CF-4FAF-AD78-DFF019BD030C}] @="_IYCallControlEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D3AEAFBC-0749-4DA7-9E75-30277323B00F}] @="_DKnobEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D464A8C3-5BC8-48FB-B1F6-7EA0A32E9BB8}] @="IQTEventListeners" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D4D8791C-BEB1-4EF3-ABE5-4F0A4FB490CD}] @="_IControlConexionEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D56C3DC1-8482-11D0-B170-00AA00BA3258}] @="IMtsEventInfo" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D7A7D7C2-D47F-11D0-89D3-00A0C90833E6}] @="IPathCtlEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D952F7F3-936E-4C23-9A80-14C0EC1BFD5A}] @="IInternalEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D9E17CED-E662-4176-95A2-A50F4EB4DD8C}] @="IZbAppNotificationEventSink" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{DA538EE2-F4DE-11D1-B6BB-00805FC79216}] @="IEventProperty" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{DBC8C1D5-130F-49DA-BB96-420CC7C834EF}] @="_IEventsMainPluginWindow" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{DCE2F8B2-A520-11D4-8FD0-00D0B7730277}] @="_IWcUploadEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{DD9DA665-8594-11D1-B16A-00C0F0283628}] @="DImageComboEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{DEFECE96-1C6C-498E-ADDA-C1029DBB0C95}] @="IASquaredScanFormEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E01AA5D1-DE68-4D4B-8919-D46269BEA613}] @="_IListaEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E245105B-B06E-11D0-AD61-00C04FD8FDFF}] @="IWbemEventProvider" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E246107A-B06E-11D0-AD61-00C04FD8FDFF}] @="IWbemEventConsumerProvider" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E341516B-2E32-11D1-9964-00C04FBBB345}] @="IEventPublisher" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E5D12C4F-7B4F-11D3-B5C9-0050045C3C96}] @="_IMessengerEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E7C4BE81-7960-11D0-B727-00AA00B4E220}] @="DNSPlayEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E955E672-7FC9-4634-8074-36CB33C3322F}] @="_IEventsFileTransferManager" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E9EAD8E6-2A25-410E-9B58-A9FBEF1DD1A2}] @="IUserEventTimerCallback" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{EAB22AC2-30C1-11CF-A7EB-0000C05BAE0B}] @="DWebBrowserEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{EC1831E1-C231-11D3-87A8-009027A35D73}] @="_IYSliderEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{EC9E51C1-4E5D-11D3-9144-00104BA11C5E}] @="IDiscMasterProgressEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{EDDB9426-3B91-11D1-8F30-00C04FB6809F}] @="ITTAPIEventNotification" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F08DF953-8592-11D1-B16A-00C0F0283628}] @="ISliderEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F10FB760-2AFB-48B4-AD2E-800865A23232}] @="IQTEventObject" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F1CB0608-EC04-11D1-93AE-00AA00BA3258}] @="IEventServer" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F3FBC8E6-93A3-11D4-8217-A85459000000}] @="_INeroEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F4854D48-937A-11D1-BB58-00C04FB6809F}] @="ITTAPIObjectEvent" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F4A07D63-2E25-11D1-9964-00C04FBBB345}] @="IEnumEventObject" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F4A07D70-2E25-11D1-9964-00C04FBBB345}] @="IEventObjectChange" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F5BE8BD4-7DE6-11D0-91FE-00C04FD701A5}] @="_AgentEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F794A01F-2A0D-46A8-9CEF-D5678A413BEF}] @="DirectPlay8LobbyEvent" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F798A36B-B05B-4BBE-9703-EAEA7D61CD51}] @="IMSVidStreamBufferSinkEvent" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F805B114-C3F4-4E1E-B016-349D3F42CE11}] @="_DAxisEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F89AC270-D4EB-11D1-B682-00805FC79216}] @="IEventObjectCollection" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F9043C87-F6F2-101A-A3C9-08002B2F49FB}] @="ICommonDialogEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F97F4E15-B787-4212-80D1-D380CBBF982E}] @="IWinHttpRequestEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F97F7F83-C244-40F3-A1A9-F3B169BD3B36}] @="_IQTUIPanelEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F9DCCD1D-E6B9-45ED-B3E2-C32414C71FA4}] @="DirectPlay8Event" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{FAFA35B0-8B72-11D2-90B2-00C04FC2C602}] @="DirectXEvent" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{FB2B72A0-7A68-11D1-88F9-0080C7D771BF}] @="IEventClass" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{FB2B72A1-7A68-11D1-88F9-0080C7D771BF}] @="IEventClass2" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{FD179532-D86E-11D0-89D6-00A0C90833E6}] @="ISpriteCtlEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{FE387539-44A3-11D1-B5B7-0000C09000C4}] @="DFlatSBEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{FE4106E0-399A-11D0-A48C-00A0C90A8F39}] @="DShellWindowsEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{FE8287E8-5F43-11D3-ABCA-00105A5C1F46}] @="_DXscanEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{FF36B87F-EC3A-11D0-8EE4-00C04FB6809F}] @="ITCallMediaEvent" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MTS.MTSEvents] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MTS.MTSEvents] @="MTSEvents Class" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MTS.MTSEvents\CurVer] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MTS.MTSEvents\CurVer] @="MTS.MTSEvents.1" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MTS.MTSEvents.1] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MTS.MTSEvents.1] @="MTSEvents Class" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MTS.MTSEvents.1\CLSID] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ScriptletHandler.Event] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ScriptletHandler.Event] @="Constructor for Scriptlet Event Handler" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ScriptletHandler.Event\CLSID] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SENS Logon Events] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SENS Logon Events] @="SENS Logon Events" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SENS Logon Events\CLSID] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SENS Logon Events\CurVer] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SENS Logon Events\CurVer] @="SENS Logon Events.1" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SENS Logon Events.1] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SENS Logon Events.1] @="SENS Logon Events" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SENS Logon Events.1\CLSID] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SENS Network Events] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SENS Network Events] @="SENS Network Events" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SENS Network Events\CLSID] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SENS Network Events\CurVer] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SENS Network Events\CurVer] @="SENS Network Events.1" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SENS Network Events.1] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SENS Network Events.1] @="SENS Network Events" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SENS Network Events.1\CLSID] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SENS OnNow Events] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SENS OnNow Events] @="SENS OnNow Events" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SENS OnNow Events\CLSID] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SENS OnNow Events\CurVer] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SENS OnNow Events\CurVer] @="SENS OnNow Events.1" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SENS OnNow Events.1] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SENS OnNow Events.1] @="SENS OnNow Events" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SENS OnNow Events.1\CLSID] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\RealNetworks\RealMediaSDK\6.0\Preferences\PluginHandlerData\PluginInfo2] @="ble under the RealNetworks Public Source License.~Description~SHelix DNA RealMedia File Format Plugin~FileExtensions~Sra|rm|rmd|rmj|rms|mnd|rmc|rmvb|mns|mrc|rax|rvx|rv~FileMime~Saudio/x-pn-realaudio|application/x-pn-realmedia|video/x-pn-realvideo-encrypted|audio/x-pn-realaudio-encrypted|application/vnd.rn-realmedia-secure|application/x-musicnet-download|application/vnd.rn-realmedia-vbr|application/x-musicnet-stream~FileOpenNames~SRealMedia Files (*.ra, *.rm, *.rmj, *.rms, *.mnd, *.rmc, *.rmvb, *.mns, *.mrc, *.rax, *.rvx, *.rv)~PlgCopy~Shttp://www.helixcommunity.org~PluginFilename~Srmfformat.dll~PluginType~SPLUGIN_FILE_FORMAT}{IndexNumber~N0~LoadMultiple~N1~Version~N0~Copyright~S© 1995-2003 RealNetworks, Inc. All rights reserved.~Description~SRealPlayer Secure Media Plugin~FileExtensions~Srmx~FileMime~Sapplication/x-pn-container~FileOpenNames~SRealPlayer Secure Media Clip (*.rmx)~PlgCopy~Shttp://www.real.com~PluginFilename~Srmxfpln.dll~PluginType~SPLUGIN_FILE_FORMAT}{IndexNumber~N0~LoadMultiple~N1~Renderer_Granularity~N100~Version~N268450324~Copyright~S© 1995-2002 RealNetworks, Inc. All rights reserved.~Description~SEncrypted Real Media Renderer Plugin~PlgCopy~Shttp://www.real.com~PluginFilename~Srmxrend.dll~PluginType~SPLUGIN_RENDERER~RendererMime~Saudio/x-pn-encrypted-ra}{IndexNumber~N0~LoadMultiple~N1~Version~N-1610611281~AuthenticationProtocolID~SRN5~Copyright~SCopyright© RealNetworks, Inc. 1995-2004, All rights reserved.~Description~SRealNetworks RN5 Authenticator~PlgCopy~Shttp://www.real.com~PluginFilename~Srn5auth.dll~PluginID~Srn-auth-rn5~PluginType~SAuthenticator}{IndexNumber~N0~LoadMultiple~N1~Version~N-1610611279~Copyright~SCopyright© RealNetworks, Inc. 1995-2004. All rights reserved. Source code for this program is available under the RealNetworks Public Source License.~Description~SHelix RealText File Format Plugin~FileExtensions~Srtx|rt|txt~FileMime~Sapplication/vnd.rn-realtext|text/vnd.rn-realtext|application/x-pn-realtext|text/plain~FileOpenNames~SRealText File Format (*.rt)~PlgCopy~Shttp://www.helixcommunity.org~PluginFilename~Srtfformat.dll~PluginType~SPLUGIN_FILE_FORMAT}{IndexNumber~N0~LoadMultiple~N1~Renderer_Granularity~N50~Version~N-1610611486~Copyright~SCopyright© RealNetworks, Inc. 1995-2004, All rights reserved.~Description~SRealNetworks RealText Renderer Plugin~PlgCopy~Shttp://www.real.com~PluginFilename~Srtrender.dll~PluginType~SPLUGIN_RENDERER~RendererMime~Sapplication/vnd.rn-realtext|application/x-pn-realtext|text/plain}{Bandwidth.000~N1930~Bandwidth.001~N144~Bandwidth.002~N70~Bandwidth.003~N43~Bandwidth.004~N36~Bandwidth.005~N24~Bandwidth.006~N18~CodecCount~N7~IndexNumber~N0~LoadMultiple~N1~Priority.000~N1930~Priority.001~N144~Priority.002~N70~Priority.003~N43~Priority.004~N36~Priority.005~N24~Priority.006~N18~Renderer_Granularity~N10~Version~N-1610611092~Copyright~SCopyright© RealNetworks, Inc. 1995-2004. All rights reserved. Portions Copyright 1998 Intel Corporation. All rights reserved.~Description~SRealNetworks RealVideo Renderer Plugin~PlgCopy~Shttp://www.helixcommunity.org~PluginFilename~Srvrender.dll~PluginType~SPLUGIN_RENDERER~RendererMime~Svideo/x-pn-realvideo|video/x-pn-multirate-realvideo~Codec.000~Bpnrv~Codec.001~Bpnrv~Codec.002~Bpnrv~Codec.003~Bpnrv~Codec.004~Bpnrv~Codec.005~Bpnrv~Codec.006~Bpnrv}{IndexNumber~N1~LoadMultiple~N1~Renderer_Granularity~N50~Version~N-1610611092~Copyright~SCopyright© RealNetworks, Inc. 1995-2004, All rights reserved.~Description~SRealNetworks RealVideo Image Map Renderer Plugin~PlgCopy~Shttp://www.real.com~PluginFilename~Srvrender.dll~PluginType~SPLUGIN_RENDERER~RendererMime~Sapplication/x-pn-imagemap|image_map/x-pn-realvideo}{IndexNumber~N0~LoadMultiple~N1~Renderer_Granularity~N0~Version~N-1610612363~Copyright~SCopyright© RealNetworks, Inc. 1995-2004. All rights reserved. Source code for this program is available under the RealNetworks Public Source License.~Description~SHelix DNA SDP Renderer Plugin~PlgCopy~Shttp://www.helixcommunity.org~PluginFilename~Ssdpplin.dll~PluginType~SPLUGIN_RENDERER~RendererMime~Sapplication/sdp}{IndexNumber~N1~LoadMultiple~N1~Version~N-1610612363~Copyright~SCopyright© RealNetworks, Inc. 1995-2004. All rights reserved. Source code for this program is available under the RealNetworks Public Source License.~Description~SHelix DNA SDP File Format Plugin~FileExtensions~Ssdp~FileMime~Sapplication/sdp~FileOpenNames~SSDP File (*.sdp)~PlgCopy~Shttp://www.helixcommunity.org~PluginFilename~Ssdpplin.dll~PluginType~SPLUGIN_FILE_FORMAT}{IndexNumber~N0~LoadMultiple~N1~Renderer_Granularity~N50~Version~N268450262~Copyright~S© 1995-2002 RealNetworks, Inc. All rights reserved.~Description~SRealNetworks File Renderer Utility Toolkit~PlgCopy~Shttp://www.real.com~PluginFilename~Ssecurity.dll~PluginType~SPLUGIN_RENDERER~RendererMime~Snotavalidmimetype/x-pn-henceweshouldneverbeloaded}{IndexNumber~N0~LoadMultiple~N1~Version~N-1610610624~Copyright~SCopyright© RealNetworks, Inc. 1995-2004. All rights reserved. Source code for this program is available under the RealNetworks Public Source License.~Description~SHelix DNA SMIL File Format Plugin~FileExtensions~Ssmi|smil~FileMime~Sapplication/smil~FileOpenNames~SSMIL File Format (*.smi,*.smil)~PlgCopy~Shttp://www.helixcommunity.org~PluginFilename~Ssmlfformat.dll~PluginType~SPLUGIN_FILE_FORMAT}{IndexNumber~N0~LoadMultiple~N1~Renderer_Granularity~N67~Version~N-1610612722~Copyright~SCopyright© RealNetworks, Inc. 1995-2004. All rights reserved. Source code for this program is available under the RealNetworks Public Source License.~Description~SHelix DNA SMIL Renderer Plugin~PlgCopy~Shttp://www.helixcommunity.org~PluginFilename~Ssmlrender.dll~PluginType~SPLUGIN_RENDERER~RendererMime~Sapplication/rma-driver|application/smil|application/smil|application/smil}{IndexNumber~N1~LoadMultiple~N1~Renderer_Granularity~N66~Version~N-1610612719~Copyright~SCopyright© RealNetworks, Inc. 1995-2004. All rights reserved. Source code for this program is available under the RealNetworks Public Source License.~Description~SHelix DNA SMIL Renderer Plugin~PlgCopy~Shttp://www.helixcommunity.org~PluginFilename~Ssmlrender.dll~PluginType~SPLUGIN_RENDERER~RendererMime~Sapplication/vnd.rn-rmadriver|application/rma-driver}{IndexNumber~N2~LoadMultiple~N1~Version~N-1610612736~Copyright~SCopyright© RealNetworks, Inc. 1995-2004. All rights reserved. Source code for this program is available under the RealNetworks Public Source License.~Description~SHelix DNA Brush File Format Plugin~FileExtensions~Sbsh~FileMime~Stext/brush~FileOpenNames~SBrush Files (*.bsh)~PlgCopy~Shttp://www.helixcommunity.org~PluginFilename~Ssmlrender.dll~PluginType~SPLUGIN_FILE_FORMAT}{IndexNumber~N3~LoadMultiple~N1~Renderer_Granularity~N200~Version~N-1610612736~Copyright~SCopyright© RealNetworks, Inc. 1995-2004. All rights reserved. Source code for this program is available under the RealNetworks Public Source License.~Description~SHelix DNA Brush Renderer Plugin~PlgCopy~Shttp://www.helixcommunity.org~PluginFilename~Ssmlrender.dll~PluginType~SPLUGIN_RENDERER~RendererMime~Sapplication/vnd.rn-brushstream}{IndexNumber~N0~LoadMultiple~N1~Renderer_Granularity~N100~Version~N-1610611320~Copyright~SCopyright© RealNetworks, Inc. 1995-2004. All rights reserved. Source code for this program is available under the RealNetworks Public Source License.~Description~SHelix DNA Synchronized Renderer Plugin~PlgCopy~Shttp://www.helixcommunity.org~PluginFilename~Ssmmrender.dll~PluginType~SPLUGIN_RENDERER~RendererMime~Sapplication/x-pn-realevent|syncMM/x-pn-realvideo|application/x-pn-realad}{IndexNumber~N0~LoadMultiple~N1~Version~N-1610610716~Copyright~SCopyright© RealNetworks, Inc. 1995-2004. All rights reserved. Source code for this program is available under the RealNetworks Public Source License.~Description~SHelix DNA Local File System~FileProtocol~Sfile~FileShort~Spn-local~PlgCopy~Shttp://www.helixcommunity.org~PluginFilename~Ssmplfsys.dll~PluginType~SPLUGIN_FILE_SYSTEM}{IndexNumber~N0~LoadMultiple~N1~Version~N-1610611276~Copyright~SCopyright© RealNetworks, Inc. 1995-2004, All rights reserved.~Description~SRealNetworks Macromedia Flash 4 File Format Plugin~FileExtensions~Sswf~FileMime~Sapplication/x-shockwave-flash~FileOpenNames~SMacromedia Flash (*.swf)~PlgCopy~Shttp://www.real.com~PluginFilename~Sswfformat.dll~PluginType~SPLUGIN_FILE_FORMAT}{IndexNumber~N0~LoadMultiple~N1~Renderer_Granularity~N100~Version~N-1610611483~Copyright~SContains Macromedia® Flash Player technology by Macromedia, Inc. Copyright© 1995-2000 Macromedia, Inc. All rights reserved. Copyright© 1995-2004 RealNetworks, Inc. All rights reserved.~Description~SRealNetworks Renderer Plugin for Macromedia Flash 4~PlgCopy~Shttp://www.real.com~PluginFilename~Sswfrender.dll~PluginType~SPLUGIN_RENDERER~RendererMime~Sapplication/x-shockwave-flash|application/x-shockwave-flash2}{IndexNumber~N0~LoadMultiple~N1~Version~N268450232~Copyright~S© 1995-2002 RealNetworks, Inc. All rights reserved.~Description~SRealNetworks Local TFile System~FileProtocol~Stfile~FileShort~Stfile-local~PlgCopy~Shttp://www.real.com~PluginFilename~Stfilesys.dll~PluginType~SPLUGIN_FILE_SYSTEM}{IndexNumber~N0~LoadMultiple~N1~Renderer_Granularity~N20~Version~N1610644538~Copyright~SCopyright© RealNetworks, Inc. 1995-2004. All rights reserved. Source code for this program is available under the RealNetworks Public Source License.~Description~STheora Video Renderer~PlgCopy~Shttp://www.helixcommunity.org~PluginFilename~Stheorarend.dll~PluginType~SPLUGIN_RENDERER~RendererMime~Svideo/x-rn-theora}{IndexNumber~N0~LoadMultiple~N1~Renderer_Granularity~N20~Version~N-1610612736~Copyright~SCopyright© RealNetworks, Inc. 1995-2004. All rights reserved. Source code for this program is available under the RealNetworks Public Source License.~Description~SRealNetworks ICM Video Renderer Plugin~PlgCopy~Shttp://www.helixcommunity.org~PluginFilename~Svidplin.dll~PluginType~SPLUGIN_RENDERER~RendererMime~Svideo/x-pn-ic" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{4E14FB90-2E22-11D1-9964-00C04FBBB345}\1.0] @="EventSystem 1.0 Type Library" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{BACEDF3E-74AB-11D0-B162-00AA00BA3258}\1.0] @="Legacy MTSEvents 1.0 Type Library" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{D597DEED-5B9F-11D1-8DD2-00AA004ABD5E}\1.0] @="SENS Events Type Library" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Advanced INF Setup\IE5BAK\RegBackup.map] "17269d56ff42389e"=",33,HKLM,System\\CurrentControlSet\\Services\\Eventlog\\Application\\IExplore,EventMessageFile," "9e4965dda6299331"=",33,HKLM,System\\CurrentControlSet\\Services\\Eventlog\\Application\\IExplore,TypesSupported," [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EventSystem] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EventSystem\{26c409cc-ae86-11d1-b616-00805fc79216}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EventSystem\{26c409cc-ae86-11d1-b616-00805fc79216}\EventClasses] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EventSystem\{26c409cc-ae86-11d1-b616-00805fc79216}\EventClasses\{D0565000-9DF4-11D1-A281-00C04FCA0AA7}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EventSystem\{26c409cc-ae86-11d1-b616-00805fc79216}\EventClasses\{D0565000-9DF4-11D1-A281-00C04FCA0AA7}] "EventClassID"="{D0565000-9DF4-11D1-A281-00C04FCA0AA7}" "EventClassName"="EventSystem.EventObjectChange" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EventSystem\{26c409cc-ae86-11d1-b616-00805fc79216}\EventClasses\{D5978620-5B9F-11D1-8DD2-00AA004ABD5E}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EventSystem\{26c409cc-ae86-11d1-b616-00805fc79216}\EventClasses\{D5978620-5B9F-11D1-8DD2-00AA004ABD5E}] "EventClassID"="{D5978620-5B9F-11D1-8DD2-00AA004ABD5E}" "EventClassName"="SENS Network Events" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EventSystem\{26c409cc-ae86-11d1-b616-00805fc79216}\EventClasses\{D5978630-5B9F-11D1-8DD2-00AA004ABD5E}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EventSystem\{26c409cc-ae86-11d1-b616-00805fc79216}\EventClasses\{D5978630-5B9F-11D1-8DD2-00AA004ABD5E}] "EventClassID"="{D5978630-5B9F-11D1-8DD2-00AA004ABD5E}" "EventClassName"="SENS Logon Events" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EventSystem\{26c409cc-ae86-11d1-b616-00805fc79216}\EventClasses\{D5978640-5B9F-11D1-8DD2-00AA004ABD5E}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EventSystem\{26c409cc-ae86-11d1-b616-00805fc79216}\EventClasses\{D5978640-5B9F-11D1-8DD2-00AA004ABD5E}] "EventClassID"="{D5978640-5B9F-11D1-8DD2-00AA004ABD5E}" "EventClassName"="SENS OnNow Events" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EventSystem\{26c409cc-ae86-11d1-b616-00805fc79216}\EventClasses\{ECABB0C3-7F19-11D2-978E-0000F8757E2A}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EventSystem\{26c409cc-ae86-11d1-b616-00805fc79216}\EventClasses\{ECABB0C3-7F19-11D2-978E-0000F8757E2A}] "EventClassID"="{ECABB0C3-7F19-11D2-978E-0000F8757E2A}" "EventClassName"="ComEvents.ComServiceEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EventSystem\{26c409cc-ae86-11d1-b616-00805fc79216}\Subscriptions] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EventSystem\{26c409cc-ae86-11d1-b616-00805fc79216}\Subscriptions\{6295DF30-35EE-11D1-8707-00C04FD93327}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EventSystem\{26c409cc-ae86-11d1-b616-00805fc79216}\Subscriptions\{6295DF30-35EE-11D1-8707-00C04FD93327}] "EventClassID"="{D5978620-5B9F-11D1-8DD2-00AA004ABD5E}" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EventSystem\{26c409cc-ae86-11d1-b616-00805fc79216}\Subscriptions\{D789AB02-5B9F-11D1-8DD2-00AA004ABD5E}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EventSystem\{26c409cc-ae86-11d1-b616-00805fc79216}\Subscriptions\{D789AB02-5B9F-11D1-8DD2-00AA004ABD5E}] "SubscriptionName"="SENS EventSystem Subscription Changed" "EventClassID"="{D0565000-9DF4-11D1-A281-00C04FCA0AA7}" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EventSystem\{26c409cc-ae86-11d1-b616-00805fc79216}\Subscriptions\{D789AB02-5B9F-11D1-8DD2-00AA004ABD5E}\PublisherProperties] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EventSystem\{26c409cc-ae86-11d1-b616-00805fc79216}\Subscriptions\{D789AB02-5B9F-11D1-8DD2-00AA004ABD5E}\PublisherProperties] "Criteria"="EventClassID={D5978620-5B9F-11D1-8DD2-00AA004ABD5E} OR EventClassID={D5978630-5B9F-11D1-8DD2-00AA004ABD5E} OR EventClassID={D5978640-5B9F-11D1-8DD2-00AA004ABD5E}" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EventSystem\{26c409cc-ae86-11d1-b616-00805fc79216}\Subscriptions\{3CE5891C-0268-4DA9-BFBE-F81CF6EAE7E3}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EventSystem\{26c409cc-ae86-11d1-b616-00805fc79216}\Subscriptions\{3CE5891C-0268-4DA9-BFBE-F81CF6EAE7E3}] "EventClassID"="{D5978630-5B9F-11D1-8DD2-00AA004ABD5E}" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MMC\NodeTypes\{7AB4A1FC-E403-11D0-9A97-00C04FD8DBF7}] @="Event Viewer Scope Node" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MMC\NodeTypes\{7D7FE374-E403-11D0-9A97-00C04FD8DBF7}] @="Event Viewer Result Node" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MMC\NodeTypes\{DC1C6BEC-4E2A-11D0-B702-00C04FD8DBF7}] @="Event Viewer Root Node" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MMC\SnapIns\{975797FC-4E2A-11D0-B702-00C04FD8DBF7}\NodeTypes\{7AB4A1FC-E403-11D0-9A97-00C04FD8DBF7}] @="Event Viewer Scope Node" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MMC\SnapIns\{975797FC-4E2A-11D0-B702-00C04FD8DBF7}\NodeTypes\{7D7FE374-E403-11D0-9A97-00C04FD8DBF7}] @="Event Viewer Result Node" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MMC\SnapIns\{975797FC-4E2A-11D0-B702-00C04FD8DBF7}\NodeTypes\{DC1C6BEC-4E2A-11D0-B702-00C04FD8DBF7}] @="Event Viewer Root Node" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows 2000\SP5\KB835732\Filelist\26] "FileName"="EVENTLOG.DLL" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows 2000\SP5\KB835732\Filelist\74] "FileName"="EVENTLOG.DLL" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows 2000\SP5\Update Rollup 1\Filelist\267] "FileName"="EVENTLOG.DLL" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows 2000\SP5\Update Rollup 1\Filelist\79] "FileName"="EVENTLOG.DLL" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM] "EnableEvents"="1" ; Contents of value: ; C:\WINNT\system32\WBEM\CimWin32.MOF ; C:\WINNT\system32\WBEM\RegEvent.mof ; C:\WINNT\system32\WBEM\NTEvt.mof ; C:\WINNT\system32\WBEM\WMI.mof ; C:\WINNT\system32\WBEM\secrcw32.mof ; C:\WINNT\system32\WBEM\dsprov.mof ; C:\WINNT\system32\WBEM\msi.mof ; C:\WINNT\system32\WBEM\CimWin32.MFL ; C:\WINNT\system32\WBEM\msi.mfl ; C:\WINNT\system32\WBEM\NTEvt.mfl ; C:\WINNT\system32\WBEM\secrcw32.mfl ; C:\Program Files\Fichiers communs\Microsoft Shared\MSInfo\ieinfo5.mof ; "Autorecover MOFs"=hex(7):43,00,3a,00,5c,00,57,00,49,00,4e,00,4e,00,54,00,5c,\ 00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,57,00,42,00,45,00,\ 4d,00,5c,00,43,00,69,00,6d,00,57,00,69,00,6e,00,33,00,32,00,2e,00,4d,00,4f,\ 00,46,00,00,00,43,00,3a,00,5c,00,57,00,49,00,4e,00,4e,00,54,00,5c,00,73,00,\ 79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,57,00,42,00,45,00,4d,00,5c,\ 00,52,00,65,00,67,00,45,00,76,00,65,00,6e,00,74,00,2e,00,6d,00,6f,00,66,00,\ 00,00,43,00,3a,00,5c,00,57,00,49,00,4e,00,4e,00,54,00,5c,00,73,00,79,00,73,\ 00,74,00,65,00,6d,00,33,00,32,00,5c,00,57,00,42,00,45,00,4d,00,5c,00,4e,00,\ 54,00,45,00,76,00,74,00,2e,00,6d,00,6f,00,66,00,00,00,43,00,3a,00,5c,00,57,\ 00,49,00,4e,00,4e,00,54,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,\ 32,00,5c,00,57,00,42,00,45,00,4d,00,5c,00,57,00,4d,00,49,00,2e,00,6d,00,6f,\ 00,66,00,00,00,43,00,3a,00,5c,00,57,00,49,00,4e,00,4e,00,54,00,5c,00,73,00,\ 79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,57,00,42,00,45,00,4d,00,5c,\ 00,73,00,65,00,63,00,72,00,63,00,77,00,33,00,32,00,2e,00,6d,00,6f,00,66,00,\ 00,00,43,00,3a,00,5c,00,57,00,49,00,4e,00,4e,00,54,00,5c,00,73,00,79,00,73,\ 00,74,00,65,00,6d,00,33,00,32,00,5c,00,57,00,42,00,45,00,4d,00,5c,00,64,00,\ 73,00,70,00,72,00,6f,00,76,00,2e,00,6d,00,6f,00,66,00,00,00,43,00,3a,00,5c,\ 00,57,00,49,00,4e,00,4e,00,54,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,\ 33,00,32,00,5c,00,57,00,42,00,45,00,4d,00,5c,00,6d,00,73,00,69,00,2e,00,6d,\ 00,6f,00,66,00,00,00,43,00,3a,00,5c,00,57,00,49,00,4e,00,4e,00,54,00,5c,00,\ 73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,57,00,42,00,45,00,4d,\ 00,5c,00,43,00,69,00,6d,00,57,00,69,00,6e,00,33,00,32,00,2e,00,4d,00,46,00,\ 4c,00,00,00,43,00,3a,00,5c,00,57,00,49,00,4e,00,4e,00,54,00,5c,00,73,00,79,\ 00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,57,00,42,00,45,00,4d,00,5c,00,\ 6d,00,73,00,69,00,2e,00,6d,00,66,00,6c,00,00,00,43,00,3a,00,5c,00,57,00,49,\ 00,4e,00,4e,00,54,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,57,00,42,00,45,00,4d,00,5c,00,4e,00,54,00,45,00,76,00,74,00,2e,00,6d,\ 00,66,00,6c,00,00,00,43,00,3a,00,5c,00,57,00,49,00,4e,00,4e,00,54,00,5c,00,\ 73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,57,00,42,00,45,00,4d,\ 00,5c,00,73,00,65,00,63,00,72,00,63,00,77,00,33,00,32,00,2e,00,6d,00,66,00,\ 6c,00,00,00,43,00,3a,00,5c,00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,20,\ 00,46,00,69,00,6c,00,65,00,73,00,5c,00,46,00,69,00,63,00,68,00,69,00,65,00,\ 72,00,73,00,20,00,63,00,6f,00,6d,00,6d,00,75,00,6e,00,73,00,5c,00,4d,00,69,\ 00,63,00,72,00,6f,00,73,00,6f,00,66,00,74,00,20,00,53,00,68,00,61,00,72,00,\ 65,00,64,00,5c,00,4d,00,53,00,49,00,6e,00,66,00,6f,00,5c,00,69,00,65,00,69,\ 00,6e,00,66,00,6f,00,35,00,2e,00,6d,00,6f,00,66,00,00,00,00,00 "Low Threshold On Events (B)"="1000000" "High Threshold On Events (B)"="2000000" "Max Wait On Events (ms)"="2000" ; Contents of value: ; "List of event-active namespaces"=hex:00,00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\EventHandlers] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\EventHandlers\MixedContentOnArrival] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\EventHandlers\PlayCDAudioOnArrival] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\EventHandlers\PlayDVDMovieOnArrival] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\EventHandlers\PlayVideoFilesOnArrival] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\EventHandlers\ShowPicturesOnArrival] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders] "D:\\Canon\\ZoomBrowser EX\\PhotoRecord\\art\\clipart\\events\\"="" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3A7EF95B66D6C1D4FBB7BF469304D69E] "D2F65FEBDE656714FB27B7864D3A9BD8"="D:\\Canon\\ZoomBrowser EX\\PhotoRecord\\art\\clipart\\events\\" "00000000000000000000000000000000"="D:\\Canon\\ZoomBrowser EX\\PhotoRecord\\art\\clipart\\events\\" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8C95DA1271F9E2C45A369188E2A2AF87] "2077E8159C817FC4B92CEEAEE9527236"="C:\\Program Files\\OpenOffice.org 2.0\\share\\dtd\\officedocument\\1_0\\event.dtd" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A9C3F7B2CA980DD4EA20205F2871110D] "2077E8159C817FC4B92CEEAEE9527236"="C:\\Program Files\\OpenOffice.org 2.0\\share\\registry\\schema\\org\\openoffice\\Office\\Events.xcs" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\StillImage\Registered Applications] "Imaging"="\"C:\\Program Files\\Windows NT\\Accessoires\\ImageVue\\KodakImg.exe\" /StiDevice:%1 /StiEvent:%2" "Photoshop"="D:\\Photoshop 7.0\\Photoshop.exe /StiDevice:%1 /StiEvent:%2" "Canon ZoomBrowser EX"="D:\\Canon\\ZoomBrowser EX\\Program\\ZoomBrowser.exe /StiDevice:%1 /StiEvent:%2" "Picasa2"="C:\\Program Files\\Picasa2\\PicasaMediaDetector.exe /StiDevice:%1 /StiEvent:%2" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Reporting\EventCache] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Providers\LanMan Print Services\Servers\.\Providers] "EventLog"=dword:0000001b [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost] ; Contents of value: ; EventSystem ; Ias ; Iprip ; Irmon ; Netman ; Nwsapagent ; Rasauto ; Rasman ; Remoteaccess ; SENS ; Sharedaccess ; Tapisrv ; Ntmssvc ; WZCSVC ; "netsvcs"=hex(7):45,00,76,00,65,00,6e,00,74,00,53,00,79,00,73,00,74,00,65,00,\ 6d,00,00,00,49,00,61,00,73,00,00,00,49,00,70,00,72,00,69,00,70,00,00,00,49,\ 00,72,00,6d,00,6f,00,6e,00,00,00,4e,00,65,00,74,00,6d,00,61,00,6e,00,00,00,\ 4e,00,77,00,73,00,61,00,70,00,61,00,67,00,65,00,6e,00,74,00,00,00,52,00,61,\ 00,73,00,61,00,75,00,74,00,6f,00,00,00,52,00,61,00,73,00,6d,00,61,00,6e,00,\ 00,00,52,00,65,00,6d,00,6f,00,74,00,65,00,61,00,63,00,63,00,65,00,73,00,73,\ 00,00,00,53,00,45,00,4e,00,53,00,00,00,53,00,68,00,61,00,72,00,65,00,64,00,\ 61,00,63,00,63,00,65,00,73,00,73,00,00,00,54,00,61,00,70,00,69,00,73,00,72,\ 00,76,00,00,00,4e,00,74,00,6d,00,73,00,73,00,76,00,63,00,00,00,57,00,5a,00,\ 43,00,53,00,56,00,43,00,00,00,00,00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain] "Logoff"="ChainWlxLogoffEvent" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet] "Logoff"="CryptnetWlxLogoffEvent" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll] "Logon"="WinlogonLogonEvent" "Logoff"="WinlogonLogoffEvent" "ScreenSaver"="WinlogonScreenSaverEvent" "Startup"="WinlogonStartupEvent" "Shutdown"="WinlogonShutdownEvent" "StartShell"="WinlogonStartShellEvent" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy] "Logoff"="WLEventLogoff" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn] "Lock"="SensLockEvent" "Logon"="SensLogonEvent" "Logoff"="SensLogoffEvent" "StartScreenSaver"="SensStartScreenSaverEvent" "StopScreenSaver"="SensStopScreenSaverEvent" "Startup"="SensStartupEvent" "Shutdown"="SensShutdownEvent" "StartShell"="SensStartShellEvent" "Unlock"="SensUnlockEvent" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wzcnotif] "Logon"="WZCEventLogon" "Logoff"="WZCEventLogoff" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{6BDD1FC6-810F-11D0-BEC7-08002BE2092F}00\Events] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{6BDD1FC6-810F-11D0-BEC7-08002BE2092F}00\Events\PushButtonPushed1] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{6BDD1FC6-810F-11D0-BEC7-08002BE2092F}00\Events\PushButtonPushed2] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{6BDD1FC6-810F-11D0-BEC7-08002BE2092F}00\Events\PushButtonPushed3] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{6BDD1FC6-810F-11D0-BEC7-08002BE2092F}01\Events] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{6BDD1FC6-810F-11D0-BEC7-08002BE2092F}01\Events\CameraDetected] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\ContentIndex] "EventLogFlags"=dword:00000002 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CrashControl] "LogEvent"=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Print\Providers] "EventLog"=dword:0000001b [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\EventLog] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network\EventLog] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SecurePipeServers\winreg\AllowedPaths] ; Contents of value: ; System\CurrentControlSet\Control\ProductOptions ; System\CurrentControlSet\Control\Print\Printers ; System\CurrentControlSet\Control\Server Applications ; System\CurrentControlSet\Services\Eventlog ; Software\Microsoft\OLAP Server ; Software\Microsoft\Windows NT\CurrentVersion ; "Machine"=hex(7):53,00,79,00,73,00,74,00,65,00,6d,00,5c,00,43,00,75,00,72,00,\ 72,00,65,00,6e,00,74,00,43,00,6f,00,6e,00,74,00,72,00,6f,00,6c,00,53,00,65,\ 00,74,00,5c,00,43,00,6f,00,6e,00,74,00,72,00,6f,00,6c,00,5c,00,50,00,72,00,\ 6f,00,64,00,75,00,63,00,74,00,4f,00,70,00,74,00,69,00,6f,00,6e,00,73,00,00,\ 00,53,00,79,00,73,00,74,00,65,00,6d,00,5c,00,43,00,75,00,72,00,72,00,65,00,\ 6e,00,74,00,43,00,6f,00,6e,00,74,00,72,00,6f,00,6c,00,53,00,65,00,74,00,5c,\ 00,43,00,6f,00,6e,00,74,00,72,00,6f,00,6c,00,5c,00,50,00,72,00,69,00,6e,00,\ 74,00,5c,00,50,00,72,00,69,00,6e,00,74,00,65,00,72,00,73,00,00,00,53,00,79,\ 00,73,00,74,00,65,00,6d,00,5c,00,43,00,75,00,72,00,72,00,65,00,6e,00,74,00,\ 43,00,6f,00,6e,00,74,00,72,00,6f,00,6c,00,53,00,65,00,74,00,5c,00,43,00,6f,\ 00,6e,00,74,00,72,00,6f,00,6c,00,5c,00,53,00,65,00,72,00,76,00,65,00,72,00,\ 20,00,41,00,70,00,70,00,6c,00,69,00,63,00,61,00,74,00,69,00,6f,00,6e,00,73,\ 00,00,00,53,00,79,00,73,00,74,00,65,00,6d,00,5c,00,43,00,75,00,72,00,72,00,\ 65,00,6e,00,74,00,43,00,6f,00,6e,00,74,00,72,00,6f,00,6c,00,53,00,65,00,74,\ 00,5c,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,73,00,5c,00,45,00,76,00,\ 65,00,6e,00,74,00,6c,00,6f,00,67,00,00,00,53,00,6f,00,66,00,74,00,77,00,61,\ 00,72,00,65,00,5c,00,4d,00,69,00,63,00,72,00,6f,00,73,00,6f,00,66,00,74,00,\ 5c,00,4f,00,4c,00,41,00,50,00,20,00,53,00,65,00,72,00,76,00,65,00,72,00,00,\ 00,53,00,6f,00,66,00,74,00,77,00,61,00,72,00,65,00,5c,00,4d,00,69,00,63,00,\ 72,00,6f,00,73,00,6f,00,66,00,74,00,5c,00,57,00,69,00,6e,00,64,00,6f,00,77,\ 00,73,00,20,00,4e,00,54,00,5c,00,43,00,75,00,72,00,72,00,65,00,6e,00,74,00,\ 56,00,65,00,72,00,73,00,69,00,6f,00,6e,00,00,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SecurityProviders\SCHANNEL] "EventLogging"=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\ServiceGroupOrder] ; Contents of value: ; System Reserved ; Boot Bus Extender ; System Bus Extender ; SCSI miniport ; port ; Primary disk ; SCSI class ; SCSI CDROM class ; FSFilter Infrastructure ; FSFilter System ; FSFilter Bottom ; FSFilter Copy Protection ; FSFilter Security Enhancer ; FSFilter Open File ; FSFilter Physical Quota Management ; FSFilter Encryption ; FSFilter Compression ; FSFilter HSM ; FSFilter Cluster File System ; FSFilter System Recovery ; FSFilter Quota Management ; FSFilter Content Screener ; FSFilter Continuous Backup ; FSFilter Replication ; FSFilter Anti-Virus ; FSFilter Undelete ; FSFilter Activity Monitor ; FSFilter Top ; filter ; boot file system ; Base ; Pointer Port ; Keyboard Port ; Pointer Class ; Keyboard Class ; Video Init ; Video ; Video Save ; file system ; Event log ; Streams Drivers ; NDIS Wrapper ; PNP_TDI ; NDIS ; TDI ; NetBIOSGroup ; PlugPlay ; SpoolerGroup ; NetDDEGroup ; Parallel arbitrator ; extended base ; RemoteValidation ; PCI Configuration ; "List"=hex(7):53,00,79,00,73,00,74,00,65,00,6d,00,20,00,52,00,65,00,73,00,65,\ 00,72,00,76,00,65,00,64,00,00,00,42,00,6f,00,6f,00,74,00,20,00,42,00,75,00,\ 73,00,20,00,45,00,78,00,74,00,65,00,6e,00,64,00,65,00,72,00,00,00,53,00,79,\ 00,73,00,74,00,65,00,6d,00,20,00,42,00,75,00,73,00,20,00,45,00,78,00,74,00,\ 65,00,6e,00,64,00,65,00,72,00,00,00,53,00,43,00,53,00,49,00,20,00,6d,00,69,\ 00,6e,00,69,00,70,00,6f,00,72,00,74,00,00,00,70,00,6f,00,72,00,74,00,00,00,\ 50,00,72,00,69,00,6d,00,61,00,72,00,79,00,20,00,64,00,69,00,73,00,6b,00,00,\ 00,53,00,43,00,53,00,49,00,20,00,63,00,6c,00,61,00,73,00,73,00,00,00,53,00,\ 43,00,53,00,49,00,20,00,43,00,44,00,52,00,4f,00,4d,00,20,00,63,00,6c,00,61,\ 00,73,00,73,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,\ 49,00,6e,00,66,00,72,00,61,00,73,00,74,00,72,00,75,00,63,00,74,00,75,00,72,\ 00,65,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,53,00,\ 79,00,73,00,74,00,65,00,6d,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,65,\ 00,72,00,20,00,42,00,6f,00,74,00,74,00,6f,00,6d,00,00,00,46,00,53,00,46,00,\ 69,00,6c,00,74,00,65,00,72,00,20,00,43,00,6f,00,70,00,79,00,20,00,50,00,72,\ 00,6f,00,74,00,65,00,63,00,74,00,69,00,6f,00,6e,00,00,00,46,00,53,00,46,00,\ 69,00,6c,00,74,00,65,00,72,00,20,00,53,00,65,00,63,00,75,00,72,00,69,00,74,\ 00,79,00,20,00,45,00,6e,00,68,00,61,00,6e,00,63,00,65,00,72,00,00,00,46,00,\ 53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,4f,00,70,00,65,00,6e,00,20,\ 00,46,00,69,00,6c,00,65,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,65,00,\ 72,00,20,00,50,00,68,00,79,00,73,00,69,00,63,00,61,00,6c,00,20,00,51,00,75,\ 00,6f,00,74,00,61,00,20,00,4d,00,61,00,6e,00,61,00,67,00,65,00,6d,00,65,00,\ 6e,00,74,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,45,\ 00,6e,00,63,00,72,00,79,00,70,00,74,00,69,00,6f,00,6e,00,00,00,46,00,53,00,\ 46,00,69,00,6c,00,74,00,65,00,72,00,20,00,43,00,6f,00,6d,00,70,00,72,00,65,\ 00,73,00,73,00,69,00,6f,00,6e,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,\ 65,00,72,00,20,00,48,00,53,00,4d,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,\ 00,65,00,72,00,20,00,43,00,6c,00,75,00,73,00,74,00,65,00,72,00,20,00,46,00,\ 69,00,6c,00,65,00,20,00,53,00,79,00,73,00,74,00,65,00,6d,00,00,00,46,00,53,\ 00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,53,00,79,00,73,00,74,00,65,00,\ 6d,00,20,00,52,00,65,00,63,00,6f,00,76,00,65,00,72,00,79,00,00,00,46,00,53,\ 00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,51,00,75,00,6f,00,74,00,61,00,\ 20,00,4d,00,61,00,6e,00,61,00,67,00,65,00,6d,00,65,00,6e,00,74,00,00,00,46,\ 00,53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,43,00,6f,00,6e,00,74,00,\ 65,00,6e,00,74,00,20,00,53,00,63,00,72,00,65,00,65,00,6e,00,65,00,72,00,00,\ 00,46,00,53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,43,00,6f,00,6e,00,\ 74,00,69,00,6e,00,75,00,6f,00,75,00,73,00,20,00,42,00,61,00,63,00,6b,00,75,\ 00,70,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,52,00,\ 65,00,70,00,6c,00,69,00,63,00,61,00,74,00,69,00,6f,00,6e,00,00,00,46,00,53,\ 00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,41,00,6e,00,74,00,69,00,2d,00,\ 56,00,69,00,72,00,75,00,73,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,65,\ 00,72,00,20,00,55,00,6e,00,64,00,65,00,6c,00,65,00,74,00,65,00,00,00,46,00,\ 53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,41,00,63,00,74,00,69,00,76,\ 00,69,00,74,00,79,00,20,00,4d,00,6f,00,6e,00,69,00,74,00,6f,00,72,00,00,00,\ 46,00,53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,54,00,6f,00,70,00,00,\ 00,66,00,69,00,6c,00,74,00,65,00,72,00,00,00,62,00,6f,00,6f,00,74,00,20,00,\ 66,00,69,00,6c,00,65,00,20,00,73,00,79,00,73,00,74,00,65,00,6d,00,00,00,42,\ 00,61,00,73,00,65,00,00,00,50,00,6f,00,69,00,6e,00,74,00,65,00,72,00,20,00,\ 50,00,6f,00,72,00,74,00,00,00,4b,00,65,00,79,00,62,00,6f,00,61,00,72,00,64,\ 00,20,00,50,00,6f,00,72,00,74,00,00,00,50,00,6f,00,69,00,6e,00,74,00,65,00,\ 72,00,20,00,43,00,6c,00,61,00,73,00,73,00,00,00,4b,00,65,00,79,00,62,00,6f,\ 00,61,00,72,00,64,00,20,00,43,00,6c,00,61,00,73,00,73,00,00,00,56,00,69,00,\ 64,00,65,00,6f,00,20,00,49,00,6e,00,69,00,74,00,00,00,56,00,69,00,64,00,65,\ 00,6f,00,00,00,56,00,69,00,64,00,65,00,6f,00,20,00,53,00,61,00,76,00,65,00,\ 00,00,66,00,69,00,6c,00,65,00,20,00,73,00,79,00,73,00,74,00,65,00,6d,00,00,\ 00,45,00,76,00,65,00,6e,00,74,00,20,00,6c,00,6f,00,67,00,00,00,53,00,74,00,\ 72,00,65,00,61,00,6d,00,73,00,20,00,44,00,72,00,69,00,76,00,65,00,72,00,73,\ 00,00,00,4e,00,44,00,49,00,53,00,20,00,57,00,72,00,61,00,70,00,70,00,65,00,\ 72,00,00,00,50,00,4e,00,50,00,5f,00,54,00,44,00,49,00,00,00,4e,00,44,00,49,\ 00,53,00,00,00,54,00,44,00,49,00,00,00,4e,00,65,00,74,00,42,00,49,00,4f,00,\ 53,00,47,00,72,00,6f,00,75,00,70,00,00,00,50,00,6c,00,75,00,67,00,50,00,6c,\ 00,61,00,79,00,00,00,53,00,70,00,6f,00,6f,00,6c,00,65,00,72,00,47,00,72,00,\ 6f,00,75,00,70,00,00,00,4e,00,65,00,74,00,44,00,44,00,45,00,47,00,72,00,6f,\ 00,75,00,70,00,00,00,50,00,61,00,72,00,61,00,6c,00,6c,00,65,00,6c,00,20,00,\ 61,00,72,00,62,00,69,00,74,00,72,00,61,00,74,00,6f,00,72,00,00,00,65,00,78,\ 00,74,00,65,00,6e,00,64,00,65,00,64,00,20,00,62,00,61,00,73,00,65,00,00,00,\ 52,00,65,00,6d,00,6f,00,74,00,65,00,56,00,61,00,6c,00,69,00,64,00,61,00,74,\ 00,69,00,6f,00,6e,00,00,00,50,00,43,00,49,00,20,00,43,00,6f,00,6e,00,66,00,\ 69,00,67,00,75,00,72,00,61,00,74,00,69,00,6f,00,6e,00,00,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_EVENT] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_EVENT00] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_EVENT00] "Service"="Event" "DeviceDesc"="Events Log" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_EVENTSYSTEM] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_EVENTSYSTEM00] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_EVENTSYSTEM00] "Service"="EventSystem" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_EVENTSYSTEM00\Control] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_EVENTSYSTEM00\Control] "ActiveService"="EventSystem" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Event] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Event] "DisplayName"="Events Log" "Description"="Enables event logs messages issued by Windows-based programs and components to be viewed in Event Viewer. This service cannot be stopped." [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Event\Security] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Event\Enum] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Event\Enum] "0"="Root\\LEGACY_EVENT\00" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog] "Group"="Event log" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application] ; Contents of value: ; WSH ; WinMgmt ; Winlogon ; Windows 3.1 Migration ; VBRuntime ; Userinit ; Userenv ; Tlntsvr ; SysmonLog ; SpoolerCtrs ; Software Installation ; SclgNtfy ; SceSrv ; SceCli ; RPC ; PlugPlayManager ; PerfProc ; PerfOS ; PerfNet ; Perfmon ; Perflib ; PerfDisk ; Perfctrs ; Offline Files ; Oakley ; Ntbackup.ini ; ntbackup ; NeroCheck ; MsiInstaller ; MSDTC Client ; MSDTC ; mnmsrvc ; LoadPerf ; IPSECPolicyStorage ; IExplore ; hpmon ; Folder Redirection ; File Deployment ; EventSystem ; ESENT ; DrWatson ; DiskQuota ; COM+ ; Ci ; Chkdsk ; Autochk ; Application Management ; APGTS ; Application ; "Sources"=hex(7):57,00,53,00,48,00,00,00,57,00,69,00,6e,00,4d,00,67,00,6d,00,\ 74,00,00,00,57,00,69,00,6e,00,6c,00,6f,00,67,00,6f,00,6e,00,00,00,57,00,69,\ 00,6e,00,64,00,6f,00,77,00,73,00,20,00,33,00,2e,00,31,00,20,00,4d,00,69,00,\ 67,00,72,00,61,00,74,00,69,00,6f,00,6e,00,00,00,56,00,42,00,52,00,75,00,6e,\ 00,74,00,69,00,6d,00,65,00,00,00,55,00,73,00,65,00,72,00,69,00,6e,00,69,00,\ 74,00,00,00,55,00,73,00,65,00,72,00,65,00,6e,00,76,00,00,00,54,00,6c,00,6e,\ 00,74,00,73,00,76,00,72,00,00,00,53,00,79,00,73,00,6d,00,6f,00,6e,00,4c,00,\ 6f,00,67,00,00,00,53,00,70,00,6f,00,6f,00,6c,00,65,00,72,00,43,00,74,00,72,\ 00,73,00,00,00,53,00,6f,00,66,00,74,00,77,00,61,00,72,00,65,00,20,00,49,00,\ 6e,00,73,00,74,00,61,00,6c,00,6c,00,61,00,74,00,69,00,6f,00,6e,00,00,00,53,\ 00,63,00,6c,00,67,00,4e,00,74,00,66,00,79,00,00,00,53,00,63,00,65,00,53,00,\ 72,00,76,00,00,00,53,00,63,00,65,00,43,00,6c,00,69,00,00,00,52,00,50,00,43,\ 00,00,00,50,00,6c,00,75,00,67,00,50,00,6c,00,61,00,79,00,4d,00,61,00,6e,00,\ 61,00,67,00,65,00,72,00,00,00,50,00,65,00,72,00,66,00,50,00,72,00,6f,00,63,\ 00,00,00,50,00,65,00,72,00,66,00,4f,00,53,00,00,00,50,00,65,00,72,00,66,00,\ 4e,00,65,00,74,00,00,00,50,00,65,00,72,00,66,00,6d,00,6f,00,6e,00,00,00,50,\ 00,65,00,72,00,66,00,6c,00,69,00,62,00,00,00,50,00,65,00,72,00,66,00,44,00,\ 69,00,73,00,6b,00,00,00,50,00,65,00,72,00,66,00,63,00,74,00,72,00,73,00,00,\ 00,4f,00,66,00,66,00,6c,00,69,00,6e,00,65,00,20,00,46,00,69,00,6c,00,65,00,\ 73,00,00,00,4f,00,61,00,6b,00,6c,00,65,00,79,00,00,00,4e,00,74,00,62,00,61,\ 00,63,00,6b,00,75,00,70,00,2e,00,69,00,6e,00,69,00,00,00,6e,00,74,00,62,00,\ 61,00,63,00,6b,00,75,00,70,00,00,00,4e,00,65,00,72,00,6f,00,43,00,68,00,65,\ 00,63,00,6b,00,00,00,4d,00,73,00,69,00,49,00,6e,00,73,00,74,00,61,00,6c,00,\ 6c,00,65,00,72,00,00,00,4d,00,53,00,44,00,54,00,43,00,20,00,43,00,6c,00,69,\ 00,65,00,6e,00,74,00,00,00,4d,00,53,00,44,00,54,00,43,00,00,00,6d,00,6e,00,\ 6d,00,73,00,72,00,76,00,63,00,00,00,4c,00,6f,00,61,00,64,00,50,00,65,00,72,\ 00,66,00,00,00,49,00,50,00,53,00,45,00,43,00,50,00,6f,00,6c,00,69,00,63,00,\ 79,00,53,00,74,00,6f,00,72,00,61,00,67,00,65,00,00,00,49,00,45,00,78,00,70,\ 00,6c,00,6f,00,72,00,65,00,00,00,68,00,70,00,6d,00,6f,00,6e,00,00,00,46,00,\ 6f,00,6c,00,64,00,65,00,72,00,20,00,52,00,65,00,64,00,69,00,72,00,65,00,63,\ 00,74,00,69,00,6f,00,6e,00,00,00,46,00,69,00,6c,00,65,00,20,00,44,00,65,00,\ 70,00,6c,00,6f,00,79,00,6d,00,65,00,6e,00,74,00,00,00,45,00,76,00,65,00,6e,\ 00,74,00,53,00,79,00,73,00,74,00,65,00,6d,00,00,00,45,00,53,00,45,00,4e,00,\ 54,00,00,00,44,00,72,00,57,00,61,00,74,00,73,00,6f,00,6e,00,00,00,44,00,69,\ 00,73,00,6b,00,51,00,75,00,6f,00,74,00,61,00,00,00,43,00,4f,00,4d,00,2b,00,\ 00,00,43,00,69,00,00,00,43,00,68,00,6b,00,64,00,73,00,6b,00,00,00,41,00,75,\ 00,74,00,6f,00,63,00,68,00,6b,00,00,00,41,00,70,00,70,00,6c,00,69,00,63,00,\ 61,00,74,00,69,00,6f,00,6e,00,20,00,4d,00,61,00,6e,00,61,00,67,00,65,00,6d,\ 00,65,00,6e,00,74,00,00,00,41,00,50,00,47,00,54,00,53,00,00,00,41,00,70,00,\ 70,00,6c,00,69,00,63,00,61,00,74,00,69,00,6f,00,6e,00,00,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\APGTS] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\APGTS] ; Contents of value: ; C:\WINNT\help\TShoot.ocx "EventMessageFile"=hex(2):43,00,3a,00,5c,00,57,00,49,00,4e,00,4e,00,54,00,5c,\ 00,68,00,65,00,6c,00,70,00,5c,00,54,00,53,00,68,00,6f,00,6f,00,74,00,2e,00,\ 6f,00,63,00,78,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\Application] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\Application Management] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\Application Management] ; Contents of value: ; %SystemRoot%\System32\appmgmts.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,61,00,70,00,70,00,6d,00,67,00,6d,00,74,00,73,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\Autochk] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\Autochk] ; Contents of value: ; %SystemRoot%\System32\winlogon.exe "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,77,00,69,00,6e,00,6c,00,6f,00,67,00,6f,00,6e,00,2e,00,65,00,78,00,65,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\Chkdsk] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\Chkdsk] ; Contents of value: ; %SystemRoot%\System32\ulib.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,75,00,6c,00,69,00,62,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\Ci] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\Ci] ; Contents of value: ; %SystemRoot%\System32\query.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,71,00,75,00,65,00,72,00,79,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\COM+] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\COM+] ; Contents of value: ; C:\WINNT\system32\comsvcs.dll "EventMessageFile"=hex(2):43,00,3a,00,5c,00,57,00,49,00,4e,00,4e,00,54,00,5c,\ 00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,63,00,6f,00,6d,00,\ 73,00,76,00,63,00,73,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\DiskQuota] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\DiskQuota] "EventMessageFile"="%SystemRoot%\\System32\\dskquota.dll" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\DrWatson] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\DrWatson] ; Contents of value: ; %SystemRoot%\System32\drwtsn32.exe "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,64,00,72,00,77,00,74,00,73,00,6e,00,33,00,32,00,2e,00,65,00,78,00,65,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\ESENT] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\ESENT] ; Contents of value: ; C:\WINNT\system32\ESENT.dll "EventMessageFile"=hex(2):43,00,3a,00,5c,00,57,00,49,00,4e,00,4e,00,54,00,5c,\ 00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,45,00,53,00,45,00,\ 4e,00,54,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\EventSystem] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\EventSystem] ; Contents of value: ; C:\WINNT\system32\es.dll "EventMessageFile"=hex(2):43,00,3a,00,5c,00,57,00,49,00,4e,00,4e,00,54,00,5c,\ 00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,65,00,73,00,2e,00,\ 64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\File Deployment] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\File Deployment] ; Contents of value: ; %SystemRoot%\System32\fdeploy.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,66,00,64,00,65,00,70,00,6c,00,6f,00,79,00,2e,00,64,00,6c,00,6c,00,00,\ 00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\Folder Redirection] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\Folder Redirection] ; Contents of value: ; %SystemRoot%\System32\fdeploy.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,66,00,64,00,65,00,70,00,6c,00,6f,00,79,00,2e,00,64,00,6c,00,6c,00,00,\ 00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\hpmon] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\hpmon] ; Contents of value: ; %SystemRoot%\System32\hpmon.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,68,00,70,00,6d,00,6f,00,6e,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\IExplore] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\IExplore] "EventMessageFile"="C:\\Program Files\\Internet Explorer\\DW15.EXE" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\IPSECPolicyStorage] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\IPSECPolicyStorage] "EventMessageFile"="%SystemRoot%\\System32\\polstore.dll" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\LoadPerf] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\LoadPerf] ; Contents of value: ; %SystemRoot%\System32\loadperf.dll;%SystemRoot%\System32\sp2res.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,6c,00,6f,00,61,00,64,00,70,00,65,00,72,00,66,00,2e,00,64,00,6c,00,6c,\ 00,3b,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,\ 25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,70,\ 00,32,00,72,00,65,00,73,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\mnmsrvc] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\mnmsrvc] "EventMessageFile"="%SystemRoot%\\System32\\nmevtmsg.dll" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\MSDTC] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\MSDTC] ; Contents of value: ; C:\WINNT\system32\MSDTCPRX.DLL "EventMessageFile"=hex(2):43,00,3a,00,5c,00,57,00,49,00,4e,00,4e,00,54,00,5c,\ 00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,4d,00,53,00,44,00,\ 54,00,43,00,50,00,52,00,58,00,2e,00,44,00,4c,00,4c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\MSDTC Client] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\MSDTC Client] ; Contents of value: ; C:\WINNT\system32\MSDTCPRX.DLL "EventMessageFile"=hex(2):43,00,3a,00,5c,00,57,00,49,00,4e,00,4e,00,54,00,5c,\ 00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,4d,00,53,00,44,00,\ 54,00,43,00,50,00,52,00,58,00,2e,00,44,00,4c,00,4c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\MsiInstaller] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\MsiInstaller] "EventMessageFile"="C:\\WINNT\\system32\\msi.dll" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\NeroCheck] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\NeroCheck] "EventMessageFile"="C:\\WINNT\\system32\\NeroCheck.exe" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\ntbackup] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\ntbackup] ; Contents of value: ; %SystemRoot%\System32\ntbackup.exe "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,6e,00,74,00,62,00,61,00,63,00,6b,00,75,00,70,00,2e,00,65,00,78,00,65,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\Ntbackup.ini] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\Ntbackup.ini] "EventMessageFile"="C:\\WINNT\\system32\\ntbackup.exe" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\Oakley] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\Oakley] "EventMessageFile"="%SystemRoot%\\System32\\oakley.dll" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\Offline Files] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\Offline Files] "EventMessageFile"="%SystemRoot%\\System32\\cscui.dll" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\Perfctrs] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\Perfctrs] ; Contents of value: ; %SystemRoot%\System32\perfctrs.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,70,00,65,00,72,00,66,00,63,00,74,00,72,00,73,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\PerfDisk] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\PerfDisk] ; Contents of value: ; %SystemRoot%\System32\perfdisk.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,70,00,65,00,72,00,66,00,64,00,69,00,73,00,6b,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\Perflib] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\Perflib] ; Contents of value: ; %SystemRoot%\System32\prflbmsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,70,00,72,00,66,00,6c,00,62,00,6d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\Perfmon] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\Perfmon] ; Contents of value: ; %SystemRoot%\System32\perfmon.exe "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,70,00,65,00,72,00,66,00,6d,00,6f,00,6e,00,2e,00,65,00,78,00,65,00,00,\ 00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\PerfNet] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\PerfNet] ; Contents of value: ; %SystemRoot%\System32\perfnet.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,70,00,65,00,72,00,66,00,6e,00,65,00,74,00,2e,00,64,00,6c,00,6c,00,00,\ 00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\PerfOS] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\PerfOS] ; Contents of value: ; %SystemRoot%\System32\perfOS.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,70,00,65,00,72,00,66,00,4f,00,53,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\PerfProc] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\PerfProc] ; Contents of value: ; %SystemRoot%\System32\perfproc.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,70,00,65,00,72,00,66,00,70,00,72,00,6f,00,63,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\PlugPlayManager] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\PlugPlayManager] ; Contents of value: ; %SystemRoot%\System32\umpnpmgr.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,75,00,6d,00,70,00,6e,00,70,00,6d,00,67,00,72,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\RPC] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\RPC] ; Contents of value: ; %SystemRoot%\System32\sp3res.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,73,00,70,00,33,00,72,00,65,00,73,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\SceCli] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\SceCli] ; Contents of value: ; %SystemRoot%\System32\scecli.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,73,00,63,00,65,00,63,00,6c,00,69,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\SceSrv] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\SceSrv] ; Contents of value: ; %SystemRoot%\System32\scesrv.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,73,00,63,00,65,00,73,00,72,00,76,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\SclgNtfy] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\SclgNtfy] ; Contents of value: ; %SystemRoot%\System32\sclgntfy.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\Software Installation] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\Software Installation] ; Contents of value: ; %SystemRoot%\System32\appmgr.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,61,00,70,00,70,00,6d,00,67,00,72,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\SpoolerCtrs] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\SpoolerCtrs] ; Contents of value: ; %SystemRoot%\System32\winspool.drv "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,77,00,69,00,6e,00,73,00,70,00,6f,00,6f,00,6c,00,2e,00,64,00,72,00,76,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\SysmonLog] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\SysmonLog] ; Contents of value: ; %SystemRoot%\System32\smlogsvc.exe "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,73,00,6d,00,6c,00,6f,00,67,00,73,00,76,00,63,00,2e,00,65,00,78,00,65,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\Tlntsvr] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\Tlntsvr] ; Contents of value: ; %SystemRoot%\System32\tlntsvr.exe "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,74,00,6c,00,6e,00,74,00,73,00,76,00,72,00,2e,00,65,00,78,00,65,00,00,\ 00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\Userenv] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\Userenv] ; Contents of value: ; %SystemRoot%\System32\userenv.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,75,00,73,00,65,00,72,00,65,00,6e,00,76,00,2e,00,64,00,6c,00,6c,00,00,\ 00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\Userinit] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\Userinit] ; Contents of value: ; %SystemRoot%\System32\userinit.exe "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,75,00,73,00,65,00,72,00,69,00,6e,00,69,00,74,00,2e,00,65,00,78,00,65,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\VBRuntime] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\VBRuntime] "EventMessageFile"="C:\\WINNT\\system32\\MSVBVM60.DLL" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\Windows 3.1 Migration] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\Windows 3.1 Migration] ; Contents of value: ; %SystemRoot%\System32\advapi32.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,61,00,64,00,76,00,61,00,70,00,69,00,33,00,32,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\Winlogon] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\Winlogon] ; Contents of value: ; %SystemRoot%\System32\winlogon.exe;%SystemRoot%\System32\sp3res.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,77,00,69,00,6e,00,6c,00,6f,00,67,00,6f,00,6e,00,2e,00,65,00,78,00,65,\ 00,3b,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,\ 25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,70,\ 00,33,00,72,00,65,00,73,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\WinMgmt] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\WinMgmt] "EventMessageFile"="C:\\WINNT\\system32\\WBEM\\WinMgmtR.dll" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\WSH] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\WSH] ; Contents of value: ; %SystemRoot%\System32\wshext.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,77,00,73,00,68,00,65,00,78,00,74,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Security] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Security\DS] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Security\DS\ObjectNames] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Security\LSA] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Security\LSA\ObjectNames] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Security\NetDDE Object] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Security\NetDDE Object\ObjectNames] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Security\SC Manager] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Security\SC Manager\ObjectNames] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Security\Security] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Security\Security] ; Contents of value: ; %SystemRoot%\System32\MsAuditE.dll;%SystemRoot%\System32\sp2res.dll;%SystemRoot%\System32\sp3res.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,4d,00,73,00,41,00,75,00,64,00,69,00,74,00,45,00,2e,00,64,00,6c,00,6c,\ 00,3b,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,\ 25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,70,\ 00,32,00,72,00,65,00,73,00,2e,00,64,00,6c,00,6c,00,3b,00,25,00,53,00,79,00,\ 73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,\ 00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,70,00,33,00,72,00,65,00,73,00,\ 2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Security\Security\ObjectNames] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Security\Security\ObjectNames] "Event"=dword:00001120 "EventPair"=dword:00001130 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Security\Security Account Manager] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Security\Security Account Manager\ObjectNames] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Security\Spooler] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Security\Spooler\ObjectNames] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System] ; Contents of value: ; WZCSVC ; Workstation ; Wmi ; WindowsMedia ; Windows Update Agent ; Windows Script Host ; Windows Installer 3.1 ; Windows Installer 3.0 ; Windows File Protection ; Win32k ; weitekp9_detect ; wdvga_detect ; W32Time ; VgaSave ; vaxscsi ; UPS ; ultra66 ; udfs ; TermService ; tdi ; TCPMon ; Tcpip ; sym_hi ; symc8xx ; symc810 ; StillImage ; Srv ; sptd ; sparrow ; sndblst ; Simbad ; sglfb ; sfloppy ; Service Control Manager ; Server ; serial ; scsiport ; Schedule ; Schannel ; SCardSvr ; Save Dump ; SAM ; s3legacy_detect ; rtl8139 ; RSVP ; Removable Storage Service ; RemoteAccess ; redbook ; Rdbss ; RasMan ; RasAuto ; qv_detect ; ql2100 ; ql1240 ; ql10wnt ; ql1080 ; Print ; PptpMiniport ; PolicyAgent ; pcmcia ; pciide ; pci ; parvdm ; parport ; parallel ; Outlook Express 6 ; OSPFMib ; OSPF ; nv ; null ; NtServicePack ; NTMS ; ntfs ; npfs ; Netlogon ; NetDDE ; NetBT ; NetBIOS ; NdisWan ; ndis ; ncrc710 ; Mup ; msfs ; msadlib ; MrxSmb ; mraid35x ; mouclass ; Modem ; mga_detect ; MDAC ; LsaSrv ; lp6nds35 ; LmHosts ; LDMS ; LDM ; lbrtfdc ; Kerberos ; kbdclass ; isapnp ; IPXSAP ; IPXRouterManager ; IPXRIP ; IPXCP ; ipsraidn ; IPSEC ; IPRouterManager ; IPRIP2 ; IPNATHLP ; IPBOOTP ; Internet Explorer 6 ; intelide ; ini910u ; Imagedrv ; i8042prt ; ftdisk ; fs_rec ; flpydisk ; flashpnt ; fireport ; Fips ; fdc ; fd16_700 ; fbxusb ; fastfat ; eventlog ; et4000_detect ; efs ; Dnscache ; Dnsapi ; dmio ; dmboot ; Distributed Link Tracking Client ; diskperf ; disk ; Dhcp ; DfsSvc ; DfsDriver ; deckzpsx ; DCOM ; dac960nt ; cpqfws2e ; cpqfcalm ; cpqarry2 ; cpqarray ; Clussvc ; cirrus_detect ; changer ; cdrom ; cdfs ; cdaudio ; cd20xrnt ; buslogic ; Browser ; BITS ; beep ; Atmarpc ; ati_detect ; atdisk ; atapi ; AsyncMac ; asc3550 ; asc3350p ; asc ; Application Popup ; amsint ; ami0nt ; Alerter ; aic78xx ; aic78u2 ; aic116x ; aha154x ; adpu160m ; acpiec ; acpi ; abp480n5 ; abiosdsk ; System ; "Sources"=hex(7):57,00,5a,00,43,00,53,00,56,00,43,00,00,00,57,00,6f,00,72,00,\ 6b,00,73,00,74,00,61,00,74,00,69,00,6f,00,6e,00,00,00,57,00,6d,00,69,00,00,\ 00,57,00,69,00,6e,00,64,00,6f,00,77,00,73,00,4d,00,65,00,64,00,69,00,61,00,\ 00,00,57,00,69,00,6e,00,64,00,6f,00,77,00,73,00,20,00,55,00,70,00,64,00,61,\ 00,74,00,65,00,20,00,41,00,67,00,65,00,6e,00,74,00,00,00,57,00,69,00,6e,00,\ 64,00,6f,00,77,00,73,00,20,00,53,00,63,00,72,00,69,00,70,00,74,00,20,00,48,\ 00,6f,00,73,00,74,00,00,00,57,00,69,00,6e,00,64,00,6f,00,77,00,73,00,20,00,\ 49,00,6e,00,73,00,74,00,61,00,6c,00,6c,00,65,00,72,00,20,00,33,00,2e,00,31,\ 00,00,00,57,00,69,00,6e,00,64,00,6f,00,77,00,73,00,20,00,49,00,6e,00,73,00,\ 74,00,61,00,6c,00,6c,00,65,00,72,00,20,00,33,00,2e,00,30,00,00,00,57,00,69,\ 00,6e,00,64,00,6f,00,77,00,73,00,20,00,46,00,69,00,6c,00,65,00,20,00,50,00,\ 72,00,6f,00,74,00,65,00,63,00,74,00,69,00,6f,00,6e,00,00,00,57,00,69,00,6e,\ 00,33,00,32,00,6b,00,00,00,77,00,65,00,69,00,74,00,65,00,6b,00,70,00,39,00,\ 5f,00,64,00,65,00,74,00,65,00,63,00,74,00,00,00,77,00,64,00,76,00,67,00,61,\ 00,5f,00,64,00,65,00,74,00,65,00,63,00,74,00,00,00,57,00,33,00,32,00,54,00,\ 69,00,6d,00,65,00,00,00,56,00,67,00,61,00,53,00,61,00,76,00,65,00,00,00,76,\ 00,61,00,78,00,73,00,63,00,73,00,69,00,00,00,55,00,50,00,53,00,00,00,75,00,\ 6c,00,74,00,72,00,61,00,36,00,36,00,00,00,75,00,64,00,66,00,73,00,00,00,54,\ 00,65,00,72,00,6d,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,00,00,74,00,\ 64,00,69,00,00,00,54,00,43,00,50,00,4d,00,6f,00,6e,00,00,00,54,00,63,00,70,\ 00,69,00,70,00,00,00,73,00,79,00,6d,00,5f,00,68,00,69,00,00,00,73,00,79,00,\ 6d,00,63,00,38,00,78,00,78,00,00,00,73,00,79,00,6d,00,63,00,38,00,31,00,30,\ 00,00,00,53,00,74,00,69,00,6c,00,6c,00,49,00,6d,00,61,00,67,00,65,00,00,00,\ 53,00,72,00,76,00,00,00,73,00,70,00,74,00,64,00,00,00,73,00,70,00,61,00,72,\ 00,72,00,6f,00,77,00,00,00,73,00,6e,00,64,00,62,00,6c,00,73,00,74,00,00,00,\ 53,00,69,00,6d,00,62,00,61,00,64,00,00,00,73,00,67,00,6c,00,66,00,62,00,00,\ 00,73,00,66,00,6c,00,6f,00,70,00,70,00,79,00,00,00,53,00,65,00,72,00,76,00,\ 69,00,63,00,65,00,20,00,43,00,6f,00,6e,00,74,00,72,00,6f,00,6c,00,20,00,4d,\ 00,61,00,6e,00,61,00,67,00,65,00,72,00,00,00,53,00,65,00,72,00,76,00,65,00,\ 72,00,00,00,73,00,65,00,72,00,69,00,61,00,6c,00,00,00,73,00,63,00,73,00,69,\ 00,70,00,6f,00,72,00,74,00,00,00,53,00,63,00,68,00,65,00,64,00,75,00,6c,00,\ 65,00,00,00,53,00,63,00,68,00,61,00,6e,00,6e,00,65,00,6c,00,00,00,53,00,43,\ 00,61,00,72,00,64,00,53,00,76,00,72,00,00,00,53,00,61,00,76,00,65,00,20,00,\ 44,00,75,00,6d,00,70,00,00,00,53,00,41,00,4d,00,00,00,73,00,33,00,6c,00,65,\ 00,67,00,61,00,63,00,79,00,5f,00,64,00,65,00,74,00,65,00,63,00,74,00,00,00,\ 72,00,74,00,6c,00,38,00,31,00,33,00,39,00,00,00,52,00,53,00,56,00,50,00,00,\ 00,52,00,65,00,6d,00,6f,00,76,00,61,00,62,00,6c,00,65,00,20,00,53,00,74,00,\ 6f,00,72,00,61,00,67,00,65,00,20,00,53,00,65,00,72,00,76,00,69,00,63,00,65,\ 00,00,00,52,00,65,00,6d,00,6f,00,74,00,65,00,41,00,63,00,63,00,65,00,73,00,\ 73,00,00,00,72,00,65,00,64,00,62,00,6f,00,6f,00,6b,00,00,00,52,00,64,00,62,\ 00,73,00,73,00,00,00,52,00,61,00,73,00,4d,00,61,00,6e,00,00,00,52,00,61,00,\ 73,00,41,00,75,00,74,00,6f,00,00,00,71,00,76,00,5f,00,64,00,65,00,74,00,65,\ 00,63,00,74,00,00,00,71,00,6c,00,32,00,31,00,30,00,30,00,00,00,71,00,6c,00,\ 31,00,32,00,34,00,30,00,00,00,71,00,6c,00,31,00,30,00,77,00,6e,00,74,00,00,\ 00,71,00,6c,00,31,00,30,00,38,00,30,00,00,00,50,00,72,00,69,00,6e,00,74,00,\ 00,00,50,00,70,00,74,00,70,00,4d,00,69,00,6e,00,69,00,70,00,6f,00,72,00,74,\ 00,00,00,50,00,6f,00,6c,00,69,00,63,00,79,00,41,00,67,00,65,00,6e,00,74,00,\ 00,00,70,00,63,00,6d,00,63,00,69,00,61,00,00,00,70,00,63,00,69,00,69,00,64,\ 00,65,00,00,00,70,00,63,00,69,00,00,00,70,00,61,00,72,00,76,00,64,00,6d,00,\ 00,00,70,00,61,00,72,00,70,00,6f,00,72,00,74,00,00,00,70,00,61,00,72,00,61,\ 00,6c,00,6c,00,65,00,6c,00,00,00,4f,00,75,00,74,00,6c,00,6f,00,6f,00,6b,00,\ 20,00,45,00,78,00,70,00,72,00,65,00,73,00,73,00,20,00,36,00,00,00,4f,00,53,\ 00,50,00,46,00,4d,00,69,00,62,00,00,00,4f,00,53,00,50,00,46,00,00,00,6e,00,\ 76,00,00,00,6e,00,75,00,6c,00,6c,00,00,00,4e,00,74,00,53,00,65,00,72,00,76,\ 00,69,00,63,00,65,00,50,00,61,00,63,00,6b,00,00,00,4e,00,54,00,4d,00,53,00,\ 00,00,6e,00,74,00,66,00,73,00,00,00,6e,00,70,00,66,00,73,00,00,00,4e,00,65,\ 00,74,00,6c,00,6f,00,67,00,6f,00,6e,00,00,00,4e,00,65,00,74,00,44,00,44,00,\ 45,00,00,00,4e,00,65,00,74,00,42,00,54,00,00,00,4e,00,65,00,74,00,42,00,49,\ 00,4f,00,53,00,00,00,4e,00,64,00,69,00,73,00,57,00,61,00,6e,00,00,00,6e,00,\ 64,00,69,00,73,00,00,00,6e,00,63,00,72,00,63,00,37,00,31,00,30,00,00,00,4d,\ 00,75,00,70,00,00,00,6d,00,73,00,66,00,73,00,00,00,6d,00,73,00,61,00,64,00,\ 6c,00,69,00,62,00,00,00,4d,00,72,00,78,00,53,00,6d,00,62,00,00,00,6d,00,72,\ 00,61,00,69,00,64,00,33,00,35,00,78,00,00,00,6d,00,6f,00,75,00,63,00,6c,00,\ 61,00,73,00,73,00,00,00,4d,00,6f,00,64,00,65,00,6d,00,00,00,6d,00,67,00,61,\ 00,5f,00,64,00,65,00,74,00,65,00,63,00,74,00,00,00,4d,00,44,00,41,00,43,00,\ 00,00,4c,00,73,00,61,00,53,00,72,00,76,00,00,00,6c,00,70,00,36,00,6e,00,64,\ 00,73,00,33,00,35,00,00,00,4c,00,6d,00,48,00,6f,00,73,00,74,00,73,00,00,00,\ 4c,00,44,00,4d,00,53,00,00,00,4c,00,44,00,4d,00,00,00,6c,00,62,00,72,00,74,\ 00,66,00,64,00,63,00,00,00,4b,00,65,00,72,00,62,00,65,00,72,00,6f,00,73,00,\ 00,00,6b,00,62,00,64,00,63,00,6c,00,61,00,73,00,73,00,00,00,69,00,73,00,61,\ 00,70,00,6e,00,70,00,00,00,49,00,50,00,58,00,53,00,41,00,50,00,00,00,49,00,\ 50,00,58,00,52,00,6f,00,75,00,74,00,65,00,72,00,4d,00,61,00,6e,00,61,00,67,\ 00,65,00,72,00,00,00,49,00,50,00,58,00,52,00,49,00,50,00,00,00,49,00,50,00,\ 58,00,43,00,50,00,00,00,69,00,70,00,73,00,72,00,61,00,69,00,64,00,6e,00,00,\ 00,49,00,50,00,53,00,45,00,43,00,00,00,49,00,50,00,52,00,6f,00,75,00,74,00,\ 65,00,72,00,4d,00,61,00,6e,00,61,00,67,00,65,00,72,00,00,00,49,00,50,00,52,\ 00,49,00,50,00,32,00,00,00,49,00,50,00,4e,00,41,00,54,00,48,00,4c,00,50,00,\ 00,00,49,00,50,00,42,00,4f,00,4f,00,54,00,50,00,00,00,49,00,6e,00,74,00,65,\ 00,72,00,6e,00,65,00,74,00,20,00,45,00,78,00,70,00,6c,00,6f,00,72,00,65,00,\ 72,00,20,00,36,00,00,00,69,00,6e,00,74,00,65,00,6c,00,69,00,64,00,65,00,00,\ 00,69,00,6e,00,69,00,39,00,31,00,30,00,75,00,00,00,49,00,6d,00,61,00,67,00,\ 65,00,64,00,72,00,76,00,00,00,69,00,38,00,30,00,34,00,32,00,70,00,72,00,74,\ 00,00,00,66,00,74,00,64,00,69,00,73,00,6b,00,00,00,66,00,73,00,5f,00,72,00,\ 65,00,63,00,00,00,66,00,6c,00,70,00,79,00,64,00,69,00,73,00,6b,00,00,00,66,\ 00,6c,00,61,00,73,00,68,00,70,00,6e,00,74,00,00,00,66,00,69,00,72,00,65,00,\ 70,00,6f,00,72,00,74,00,00,00,46,00,69,00,70,00,73,00,00,00,66,00,64,00,63,\ 00,00,00,66,00,64,00,31,00,36,00,5f,00,37,00,30,00,30,00,00,00,66,00,62,00,\ 78,00,75,00,73,00,62,00,00,00,66,00,61,00,73,00,74,00,66,00,61,00,74,00,00,\ 00,65,00,76,00,65,00,6e,00,74,00,6c,00,6f,00,67,00,00,00,65,00,74,00,34,00,\ 30,00,30,00,30,00,5f,00,64,00,65,00,74,00,65,00,63,00,74,00,00,00,65,00,66,\ 00,73,00,00,00,44,00,6e,00,73,00,63,00,61,00,63,00,68,00,65,00,00,00,44,00,\ 6e,00,73,00,61,00,70,00,69,00,00,00,64,00,6d,00,69,00,6f,00,00,00,64,00,6d,\ 00,62,00,6f,00,6f,00,74,00,00,00,44,00,69,00,73,00,74,00,72,00,69,00,62,00,\ 75,00,74,00,65,00,64,00,20,00,4c,00,69,00,6e,00,6b,00,20,00,54,00,72,00,61,\ 00,63,00,6b,00,69,00,6e,00,67,00,20,00,43,00,6c,00,69,00,65,00,6e,00,74,00,\ 00,00,64,00,69,00,73,00,6b,00,70,00,65,00,72,00,66,00,00,00,64,00,69,00,73,\ 00,6b,00,00,00,44,00,68,00,63,00,70,00,00,00,44,00,66,00,73,00,53,00,76,00,\ 63,00,00,00,44,00,66,00,73,00,44,00,72,00,69,00,76,00,65,00,72,00,00,00,64,\ 00,65,00,63,00,6b,00,7a,00,70,00,73,00,78,00,00,00,44,00,43,00,4f,00,4d,00,\ 00,00,64,00,61,00,63,00,39,00,36,00,30,00,6e,00,74,00,00,00,63,00,70,00,71,\ 00,66,00,77,00,73,00,32,00,65,00,00,00,63,00,70,00,71,00,66,00,63,00,61,00,\ 6c,00,6d,00,00,00,63,00,70,00,71,00,61,00,72,00,72,00,79,00,32,00,00,00,63,\ 00,70,00,71,00,61,00,72,00,72,00,61,00,79,00,00,00,43,00,6c,00,75,00,73,00,\ 73,00,76,00,63,00,00,00,63,00,69,00,72,00,72,00,75,00,73,00,5f,00,64,00,65,\ 00,74,00,65,00,63,00,74,00,00,00,63,00,68,00,61,00,6e,00,67,00,65,00,72,00,\ 00,00,63,00,64,00,72,00,6f,00,6d,00,00,00,63,00,64,00,66,00,73,00,00,00,63,\ 00,64,00,61,00,75,00,64,00,69,00,6f,00,00,00,63,00,64,00,32,00,30,00,78,00,\ 72,00,6e,00,74,00,00,00,62,00,75,00,73,00,6c,00,6f,00,67,00,69,00,63,00,00,\ 00,42,00,72,00,6f,00,77,00,73,00,65,00,72,00,00,00,42,00,49,00,54,00,53,00,\ 00,00,62,00,65,00,65,00,70,00,00,00,41,00,74,00,6d,00,61,00,72,00,70,00,63,\ 00,00,00,61,00,74,00,69,00,5f,00,64,00,65,00,74,00,65,00,63,00,74,00,00,00,\ 61,00,74,00,64,00,69,00,73,00,6b,00,00,00,61,00,74,00,61,00,70,00,69,00,00,\ 00,41,00,73,00,79,00,6e,00,63,00,4d,00,61,00,63,00,00,00,61,00,73,00,63,00,\ 33,00,35,00,35,00,30,00,00,00,61,00,73,00,63,00,33,00,33,00,35,00,30,00,70,\ 00,00,00,61,00,73,00,63,00,00,00,41,00,70,00,70,00,6c,00,69,00,63,00,61,00,\ 74,00,69,00,6f,00,6e,00,20,00,50,00,6f,00,70,00,75,00,70,00,00,00,61,00,6d,\ 00,73,00,69,00,6e,00,74,00,00,00,61,00,6d,00,69,00,30,00,6e,00,74,00,00,00,\ 41,00,6c,00,65,00,72,00,74,00,65,00,72,00,00,00,61,00,69,00,63,00,37,00,38,\ 00,78,00,78,00,00,00,61,00,69,00,63,00,37,00,38,00,75,00,32,00,00,00,61,00,\ 69,00,63,00,31,00,31,00,36,00,78,00,00,00,61,00,68,00,61,00,31,00,35,00,34,\ 00,78,00,00,00,61,00,64,00,70,00,75,00,31,00,36,00,30,00,6d,00,00,00,61,00,\ 63,00,70,00,69,00,65,00,63,00,00,00,61,00,63,00,70,00,69,00,00,00,61,00,62,\ 00,70,00,34,00,38,00,30,00,6e,00,35,00,00,00,61,00,62,00,69,00,6f,00,73,00,\ 64,00,73,00,6b,00,00,00,53,00,79,00,73,00,74,00,65,00,6d,00,00,00,00,00 "EventMessageFile"="%systemroot%\\system32\\stisvc.exe" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\abiosdsk] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\abiosdsk] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\abp480n5] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\abp480n5] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\acpi] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\acpi] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\Drivers\acpi.sys "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,3b,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,\ 25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,72,\ 00,69,00,76,00,65,00,72,00,73,00,5c,00,61,00,63,00,70,00,69,00,2e,00,73,00,\ 79,00,73,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\acpiec] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\acpiec] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\Drivers\acpiec.sys "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,3b,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,\ 25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,72,\ 00,69,00,76,00,65,00,72,00,73,00,5c,00,61,00,63,00,70,00,69,00,65,00,63,00,\ 2e,00,73,00,79,00,73,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\adpu160m] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\adpu160m] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\aha154x] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\aha154x] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\aic116x] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\aic116x] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\aic78u2] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\aic78u2] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\aic78xx] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\aic78xx] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\Alerter] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\Alerter] ; Contents of value: ; %SystemRoot%\System32\netmsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,6e,00,65,00,74,00,6d,00,73,00,67,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\ami0nt] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\ami0nt] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\amsint] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\amsint] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\Application Popup] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\Application Popup] ; Contents of value: ; %SystemRoot%\System32\ntdll.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,6e,00,74,00,64,00,6c,00,6c,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\asc] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\asc] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\asc3350p] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\asc3350p] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\asc3550] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\asc3550] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\AsyncMac] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\AsyncMac] ; Contents of value: ; %SystemRoot%\System32\mprmsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,6d,00,70,00,72,00,6d,00,73,00,67,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\atapi] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\atapi] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\atdisk] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\atdisk] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\ati_detect] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\ati_detect] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\ati_det.sys "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,3b,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,\ 25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,64,00,72,\ 00,69,00,76,00,65,00,72,00,73,00,5c,00,61,00,74,00,69,00,5f,00,64,00,65,00,\ 74,00,2e,00,73,00,79,00,73,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\Atmarpc] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\Atmarpc] ; Contents of value: ; %SystemRoot%\System32\netevent.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,6e,00,65,00,74,00,65,00,76,00,65,00,6e,00,74,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\beep] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\beep] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\BITS] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\BITS] ; Contents of value: ; %systemroot%\system32\xpob2res.dll "EventMessageFile"=hex(2):25,00,73,00,79,00,73,00,74,00,65,00,6d,00,72,00,6f,\ 00,6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,78,00,70,00,6f,00,62,00,32,00,72,00,65,00,73,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\Browser] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\Browser] ; Contents of value: ; %SystemRoot%\System32\netevent.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,6e,00,65,00,74,00,65,00,76,00,65,00,6e,00,74,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\buslogic] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\buslogic] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\cd20xrnt] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\cd20xrnt] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\cdaudio] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\cdaudio] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\cdfs] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\cdfs] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\cdrom] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\cdrom] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\changer] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\changer] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\cirrus_detect] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\cirrus_detect] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\cirrus_det.sys "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,3b,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,\ 25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,64,00,72,\ 00,69,00,76,00,65,00,72,00,73,00,5c,00,63,00,69,00,72,00,72,00,75,00,73,00,\ 5f,00,64,00,65,00,74,00,2e,00,73,00,79,00,73,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\Clussvc] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\Clussvc] ; Contents of value: ; %systemroot%\cluster\clussvc.exe;%SystemRoot%\System32\sp3res.dll "EventMessageFile"=hex(2):25,00,73,00,79,00,73,00,74,00,65,00,6d,00,72,00,6f,\ 00,6f,00,74,00,25,00,5c,00,63,00,6c,00,75,00,73,00,74,00,65,00,72,00,5c,00,\ 63,00,6c,00,75,00,73,00,73,00,76,00,63,00,2e,00,65,00,78,00,65,00,3b,00,25,\ 00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,00,\ 53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,70,00,33,00,72,\ 00,65,00,73,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\cpqarray] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\cpqarray] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\cpqarry2] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\cpqarry2] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\cpqfcalm] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\cpqfcalm] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\cpqfws2e] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\cpqfws2e] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\dac960nt] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\dac960nt] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\DCOM] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\DCOM] ; Contents of value: ; %SystemRoot%\System32\netevent.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,6e,00,65,00,74,00,65,00,76,00,65,00,6e,00,74,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\deckzpsx] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\deckzpsx] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\DfsDriver] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\DfsDriver] ; Contents of value: ; %SystemRoot%\System32\netevent.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,6e,00,65,00,74,00,65,00,76,00,65,00,6e,00,74,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\DfsSvc] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\DfsSvc] ; Contents of value: ; %SystemRoot%\System32\netevent.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,6e,00,65,00,74,00,65,00,76,00,65,00,6e,00,74,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\Dhcp] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\Dhcp] ; Contents of value: ; %SystemRoot%\System32\dhcpcsvc.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,64,00,68,00,63,00,70,00,63,00,73,00,76,00,63,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\disk] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\disk] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\diskperf] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\diskperf] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\Distributed Link Tracking Client] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\Distributed Link Tracking Client] ; Contents of value: ; %SystemRoot%\System32\netevent.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,6e,00,65,00,74,00,65,00,76,00,65,00,6e,00,74,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\dmboot] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\dmboot] ; Contents of value: ; %SystemRoot%\System32\Drivers\dmboot.sys;%SystemRoot%\System32\sp2res.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,44,00,72,00,69,00,76,00,65,00,72,00,73,00,5c,00,64,00,6d,00,62,00,6f,\ 00,6f,00,74,00,2e,00,73,00,79,00,73,00,3b,00,25,00,53,00,79,00,73,00,74,00,\ 65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,\ 00,6d,00,33,00,32,00,5c,00,73,00,70,00,32,00,72,00,65,00,73,00,2e,00,64,00,\ 6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\dmio] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\dmio] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\Drivers\dmio.sys "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,3b,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,\ 25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,72,\ 00,69,00,76,00,65,00,72,00,73,00,5c,00,64,00,6d,00,69,00,6f,00,2e,00,73,00,\ 79,00,73,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\Dnsapi] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\Dnsapi] ; Contents of value: ; %SystemRoot%\System32\netevent.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,6e,00,65,00,74,00,65,00,76,00,65,00,6e,00,74,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\Dnscache] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\Dnscache] ; Contents of value: ; %SystemRoot%\System32\netevent.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,6e,00,65,00,74,00,65,00,76,00,65,00,6e,00,74,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\efs] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\efs] ; Contents of value: ; %SystemRoot%\System32\lsasrv.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,6c,00,73,00,61,00,73,00,72,00,76,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\et4000_detect] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\et4000_detect] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\et4000_det.sys "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,3b,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,\ 25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,64,00,72,\ 00,69,00,76,00,65,00,72,00,73,00,5c,00,65,00,74,00,34,00,30,00,30,00,30,00,\ 5f,00,64,00,65,00,74,00,2e,00,73,00,79,00,73,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\eventlog] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\eventlog] ; Contents of value: ; %SystemRoot%\System32\netevent.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,6e,00,65,00,74,00,65,00,76,00,65,00,6e,00,74,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\fastfat] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\fastfat] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\fbxusb] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\fbxusb] ; Contents of value: ; %SystemRoot%\System32\netevent.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,6e,00,65,00,74,00,65,00,76,00,65,00,6e,00,74,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\fd16_700] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\fd16_700] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\fdc] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\fdc] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\Drivers\fdc.sys "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,3b,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,\ 25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,72,\ 00,69,00,76,00,65,00,72,00,73,00,5c,00,66,00,64,00,63,00,2e,00,73,00,79,00,\ 73,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\Fips] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\Fips] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\Drivers\fips.sys "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,3b,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,\ 25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,72,\ 00,69,00,76,00,65,00,72,00,73,00,5c,00,66,00,69,00,70,00,73,00,2e,00,73,00,\ 79,00,73,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\fireport] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\fireport] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\flashpnt] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\flashpnt] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\flpydisk] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\flpydisk] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\Drivers\flpydisk.sys "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,3b,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,\ 25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,72,\ 00,69,00,76,00,65,00,72,00,73,00,5c,00,66,00,6c,00,70,00,79,00,64,00,69,00,\ 73,00,6b,00,2e,00,73,00,79,00,73,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\fs_rec] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\fs_rec] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\ftdisk] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\ftdisk] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\Drivers\FtDisk.sys "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,3b,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,\ 25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,72,\ 00,69,00,76,00,65,00,72,00,73,00,5c,00,46,00,74,00,44,00,69,00,73,00,6b,00,\ 2e,00,73,00,79,00,73,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\i8042prt] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\i8042prt] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\i8042prt.sys "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,3b,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,\ 25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,64,00,72,\ 00,69,00,76,00,65,00,72,00,73,00,5c,00,69,00,38,00,30,00,34,00,32,00,70,00,\ 72,00,74,00,2e,00,73,00,79,00,73,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\Imagedrv] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\Imagedrv] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\ini910u] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\ini910u] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\intelide] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\intelide] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\Drivers\IntelIde.sys "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,3b,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,\ 25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,72,\ 00,69,00,76,00,65,00,72,00,73,00,5c,00,49,00,6e,00,74,00,65,00,6c,00,49,00,\ 64,00,65,00,2e,00,73,00,79,00,73,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\Internet Explorer 6] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\Internet Explorer 6] ; Contents of value: ; %SystemRoot%\System32\spmsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,73,00,70,00,6d,00,73,00,67,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\IPBOOTP] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\IPBOOTP] ; Contents of value: ; %SystemRoot%\System32\ipbootp.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,69,00,70,00,62,00,6f,00,6f,00,74,00,70,00,2e,00,64,00,6c,00,6c,00,00,\ 00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\IPNATHLP] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\IPNATHLP] ; Contents of value: ; %SystemRoot%\System32\ipnathlp.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,69,00,70,00,6e,00,61,00,74,00,68,00,6c,00,70,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\IPRIP2] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\IPRIP2] ; Contents of value: ; %SystemRoot%\System32\iprip2.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,69,00,70,00,72,00,69,00,70,00,32,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\IPRouterManager] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\IPRouterManager] ; Contents of value: ; %SystemRoot%\System32\mprmsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,6d,00,70,00,72,00,6d,00,73,00,67,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\IPSEC] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\IPSEC] ; Contents of value: ; %SystemRoot%\System32\netevent.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,6e,00,65,00,74,00,65,00,76,00,65,00,6e,00,74,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\ipsraidn] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\ipsraidn] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\IPXCP] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\IPXCP] ; Contents of value: ; %SystemRoot%\System32\mprmsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,6d,00,70,00,72,00,6d,00,73,00,67,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\IPXRIP] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\IPXRIP] ; Contents of value: ; %SystemRoot%\System32\mprmsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,6d,00,70,00,72,00,6d,00,73,00,67,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\IPXRouterManager] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\IPXRouterManager] ; Contents of value: ; %SystemRoot%\System32\mprmsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,6d,00,70,00,72,00,6d,00,73,00,67,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\IPXSAP] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\IPXSAP] ; Contents of value: ; %SystemRoot%\System32\mprmsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,6d,00,70,00,72,00,6d,00,73,00,67,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\isapnp] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\isapnp] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\isapnp.sys "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,3b,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,\ 25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,64,00,72,\ 00,69,00,76,00,65,00,72,00,73,00,5c,00,69,00,73,00,61,00,70,00,6e,00,70,00,\ 2e,00,73,00,79,00,73,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\kbdclass] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\kbdclass] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\kbdclass.sys "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,3b,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,\ 25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,64,00,72,\ 00,69,00,76,00,65,00,72,00,73,00,5c,00,6b,00,62,00,64,00,63,00,6c,00,61,00,\ 73,00,73,00,2e,00,73,00,79,00,73,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\Kerberos] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\Kerberos] ; Contents of value: ; %SystemRoot%\System32\kerberos.dll;%SystemRoot%\System32\sp3res.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,6b,00,65,00,72,00,62,00,65,00,72,00,6f,00,73,00,2e,00,64,00,6c,00,6c,\ 00,3b,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,\ 25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,70,\ 00,33,00,72,00,65,00,73,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\lbrtfdc] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\lbrtfdc] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\Drivers\lbrtfdc.sys "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,3b,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,\ 25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,72,\ 00,69,00,76,00,65,00,72,00,73,00,5c,00,6c,00,62,00,72,00,74,00,66,00,64,00,\ 63,00,2e,00,73,00,79,00,73,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\LDM] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\LDM] ; Contents of value: ; %SystemRoot%\System32\dmadmin.exe "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,64,00,6d,00,61,00,64,00,6d,00,69,00,6e,00,2e,00,65,00,78,00,65,00,00,\ 00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\LDMS] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\LDMS] ; Contents of value: ; %SystemRoot%\System32\dmserver.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,64,00,6d,00,73,00,65,00,72,00,76,00,65,00,72,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\LmHosts] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\LmHosts] ; Contents of value: ; %SystemRoot%\System32\netevent.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,6e,00,65,00,74,00,65,00,76,00,65,00,6e,00,74,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\lp6nds35] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\lp6nds35] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\LsaSrv] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\LsaSrv] ; Contents of value: ; %SystemRoot%\System32\lsasrv.dll;%SystemRoot%\System32\sp3res.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,6c,00,73,00,61,00,73,00,72,00,76,00,2e,00,64,00,6c,00,6c,00,3b,00,25,\ 00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,00,\ 53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,70,00,33,00,72,\ 00,65,00,73,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\MDAC] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\MDAC] ; Contents of value: ; %SystemRoot%\System32\spmsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,73,00,70,00,6d,00,73,00,67,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\mga_detect] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\mga_detect] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\mga_det.sys "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,3b,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,\ 25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,64,00,72,\ 00,69,00,76,00,65,00,72,00,73,00,5c,00,6d,00,67,00,61,00,5f,00,64,00,65,00,\ 74,00,2e,00,73,00,79,00,73,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\Modem] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\Modem] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\Drivers\Modem.sys "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,3b,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,\ 25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,72,\ 00,69,00,76,00,65,00,72,00,73,00,5c,00,4d,00,6f,00,64,00,65,00,6d,00,2e,00,\ 73,00,79,00,73,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\mouclass] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\mouclass] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\mouclass.sys "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,3b,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,\ 25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,64,00,72,\ 00,69,00,76,00,65,00,72,00,73,00,5c,00,6d,00,6f,00,75,00,63,00,6c,00,61,00,\ 73,00,73,00,2e,00,73,00,79,00,73,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\mraid35x] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\mraid35x] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\MrxSmb] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\MrxSmb] ; Contents of value: ; %SystemRoot%\System32\netevent.dll;%SystemRoot%\System32\iologmsg.dll;%SystemRoot%\System32\sp3res.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,6e,00,65,00,74,00,65,00,76,00,65,00,6e,00,74,00,2e,00,64,00,6c,00,6c,\ 00,3b,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,\ 25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,69,00,6f,\ 00,6c,00,6f,00,67,00,6d,00,73,00,67,00,2e,00,64,00,6c,00,6c,00,3b,00,25,00,\ 53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,00,53,\ 00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,70,00,33,00,72,00,\ 65,00,73,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\msadlib] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\msadlib] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\msfs] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\msfs] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\Mup] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\Mup] ; Contents of value: ; %SystemRoot%\System32\netevent.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,6e,00,65,00,74,00,65,00,76,00,65,00,6e,00,74,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\ncrc710] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\ncrc710] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\ndis] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\ndis] ; Contents of value: ; %SystemRoot%\System32\netevent.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,6e,00,65,00,74,00,65,00,76,00,65,00,6e,00,74,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\NdisWan] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\NdisWan] ; Contents of value: ; %SystemRoot%\System32\mprmsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,6d,00,70,00,72,00,6d,00,73,00,67,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\NetBIOS] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\NetBIOS] ; Contents of value: ; %SystemRoot%\System32\iologmsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,69,00,6f,00,6c,00,6f,00,67,00,6d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\NetBT] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\NetBT] ; Contents of value: ; %SystemRoot%\System32\netevent.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,6e,00,65,00,74,00,65,00,76,00,65,00,6e,00,74,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\NetDDE] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\NetDDE] ; Contents of value: ; %SystemRoot%\System32\netdde.exe "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,6e,00,65,00,74,00,64,00,64,00,65,00,2e,00,65,00,78,00,65,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\Netlogon] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\Netlogon] ; Contents of value: ; %SystemRoot%\System32\netmsg.dll;%SystemRoot%\System32\sp3res.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,6e,00,65,00,74,00,6d,00,73,00,67,00,2e,00,64,00,6c,00,6c,00,3b,00,25,\ 00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,00,\ 53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,70,00,33,00,72,\ 00,65,00,73,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\npfs] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\npfs] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\ntfs] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\ntfs] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\NTMS] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\NTMS] ; Contents of value: ; %SystemRoot%\system32\NtmsEvt.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,4e,00,74,00,6d,00,73,00,45,00,76,00,74,00,2e,00,64,00,6c,00,6c,00,00,\ 00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\NtServicePack] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\NtServicePack] ; Contents of value: ; %SystemRoot%\System32\spmsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,73,00,70,00,6d,00,73,00,67,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\null] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\null] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\nv] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\nv] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\nv4_mini.sys "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,3b,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,\ 25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,64,00,72,\ 00,69,00,76,00,65,00,72,00,73,00,5c,00,6e,00,76,00,34,00,5f,00,6d,00,69,00,\ 6e,00,69,00,2e,00,73,00,79,00,73,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\OSPF] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\OSPF] ; Contents of value: ; %SystemRoot%\System32\ospf.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,6f,00,73,00,70,00,66,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\OSPFMib] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\OSPFMib] ; Contents of value: ; %SystemRoot%\System32\ospfmib.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,6f,00,73,00,70,00,66,00,6d,00,69,00,62,00,2e,00,64,00,6c,00,6c,00,00,\ 00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\Outlook Express 6] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\Outlook Express 6] ; Contents of value: ; %SystemRoot%\System32\spmsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,73,00,70,00,6d,00,73,00,67,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\parallel] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\parallel] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\parallel.sys "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,3b,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,\ 25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,64,00,72,\ 00,69,00,76,00,65,00,72,00,73,00,5c,00,70,00,61,00,72,00,61,00,6c,00,6c,00,\ 65,00,6c,00,2e,00,73,00,79,00,73,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\parport] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\parport] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\parport.sys "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,3b,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,\ 25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,64,00,72,\ 00,69,00,76,00,65,00,72,00,73,00,5c,00,70,00,61,00,72,00,70,00,6f,00,72,00,\ 74,00,2e,00,73,00,79,00,73,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\parvdm] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\parvdm] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\Drivers\ParVdm.sys "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,3b,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,\ 25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,72,\ 00,69,00,76,00,65,00,72,00,73,00,5c,00,50,00,61,00,72,00,56,00,64,00,6d,00,\ 2e,00,73,00,79,00,73,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\pci] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\pci] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\Drivers\Pci.sys "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,3b,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,\ 25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,72,\ 00,69,00,76,00,65,00,72,00,73,00,5c,00,50,00,63,00,69,00,2e,00,73,00,79,00,\ 73,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\pciide] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\pciide] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\Drivers\PciIde.sys "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,3b,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,\ 25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,72,\ 00,69,00,76,00,65,00,72,00,73,00,5c,00,50,00,63,00,69,00,49,00,64,00,65,00,\ 2e,00,73,00,79,00,73,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\pcmcia] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\pcmcia] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\Drivers\Pcmcia.sys "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,3b,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,\ 25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,72,\ 00,69,00,76,00,65,00,72,00,73,00,5c,00,50,00,63,00,6d,00,63,00,69,00,61,00,\ 2e,00,73,00,79,00,73,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\PolicyAgent] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\PolicyAgent] ; Contents of value: ; %SystemRoot%\System32\polagent.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,70,00,6f,00,6c,00,61,00,67,00,65,00,6e,00,74,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\PptpMiniport] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\PptpMiniport] ; Contents of value: ; %SystemRoot%\System32\netevent.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,6e,00,65,00,74,00,65,00,76,00,65,00,6e,00,74,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\Print] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\Print] ; Contents of value: ; %SystemRoot%\System32\LocalSpl.dll;%SystemRoot%\System32\sp3res.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,4c,00,6f,00,63,00,61,00,6c,00,53,00,70,00,6c,00,2e,00,64,00,6c,00,6c,\ 00,3b,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,\ 25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,70,\ 00,33,00,72,00,65,00,73,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\ql1080] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\ql1080] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\ql10wnt] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\ql10wnt] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\ql1240] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\ql1240] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\ql2100] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\ql2100] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\qv_detect] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\qv_detect] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\qv_det.sys "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,3b,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,\ 25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,64,00,72,\ 00,69,00,76,00,65,00,72,00,73,00,5c,00,71,00,76,00,5f,00,64,00,65,00,74,00,\ 2e,00,73,00,79,00,73,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\RasAuto] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\RasAuto] ; Contents of value: ; %SystemRoot%\System32\mprmsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,6d,00,70,00,72,00,6d,00,73,00,67,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\RasMan] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\RasMan] ; Contents of value: ; %SystemRoot%\System32\mprmsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,6d,00,70,00,72,00,6d,00,73,00,67,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\Rdbss] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\Rdbss] ; Contents of value: ; %SystemRoot%\System32\netevent.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,6e,00,65,00,74,00,65,00,76,00,65,00,6e,00,74,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\redbook] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\redbook] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\redbook.sys "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,3b,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,\ 25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,64,00,72,\ 00,69,00,76,00,65,00,72,00,73,00,5c,00,72,00,65,00,64,00,62,00,6f,00,6f,00,\ 6b,00,2e,00,73,00,79,00,73,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\RemoteAccess] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\RemoteAccess] ; Contents of value: ; %SystemRoot%\System32\mprmsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,6d,00,70,00,72,00,6d,00,73,00,67,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\Removable Storage Service] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\Removable Storage Service] ; Contents of value: ; %SystemRoot%\System32\NTMSEVT.DLL "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,4e,00,54,00,4d,00,53,00,45,00,56,00,54,00,2e,00,44,00,4c,00,4c,00,00,\ 00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\RSVP] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\RSVP] ; Contents of value: ; %SystemRoot%\System32\rsvpmsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,72,00,73,00,76,00,70,00,6d,00,73,00,67,00,2e,00,64,00,6c,00,6c,00,00,\ 00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\rtl8139] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\rtl8139] ; Contents of value: ; %SystemRoot%\System32\netevent.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,6e,00,65,00,74,00,65,00,76,00,65,00,6e,00,74,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\s3legacy_detect] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\s3legacy_detect] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\s3legacy_det.sys "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,3b,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,\ 25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,64,00,72,\ 00,69,00,76,00,65,00,72,00,73,00,5c,00,73,00,33,00,6c,00,65,00,67,00,61,00,\ 63,00,79,00,5f,00,64,00,65,00,74,00,2e,00,73,00,79,00,73,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\SAM] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\SAM] ; Contents of value: ; %SystemRoot%\System32\samsrv.dll;%SystemRoot%\System32\sp3res.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,73,00,61,00,6d,00,73,00,72,00,76,00,2e,00,64,00,6c,00,6c,00,3b,00,25,\ 00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,00,\ 53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,70,00,33,00,72,\ 00,65,00,73,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\Save Dump] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\Save Dump] ; Contents of value: ; %SystemRoot%\System32\SaveDump.exe "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,53,00,61,00,76,00,65,00,44,00,75,00,6d,00,70,00,2e,00,65,00,78,00,65,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\SCardSvr] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\SCardSvr] ; Contents of value: ; %SystemRoot%\System32\SCardSvr.exe "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,53,00,43,00,61,00,72,00,64,00,53,00,76,00,72,00,2e,00,65,00,78,00,65,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\Schannel] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\Schannel] ; Contents of value: ; %SystemRoot%\system32\lsasrv.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,6c,00,73,00,61,00,73,00,72,00,76,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\Schedule] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\Schedule] ; Contents of value: ; %SystemRoot%\System32\netevent.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,6e,00,65,00,74,00,65,00,76,00,65,00,6e,00,74,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\scsiport] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\scsiport] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\serial] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\serial] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\serial.sys "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,3b,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,\ 25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,64,00,72,\ 00,69,00,76,00,65,00,72,00,73,00,5c,00,73,00,65,00,72,00,69,00,61,00,6c,00,\ 2e,00,73,00,79,00,73,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\Server] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\Server] ; Contents of value: ; %SystemRoot%\System32\netevent.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,6e,00,65,00,74,00,65,00,76,00,65,00,6e,00,74,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\Service Control Manager] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\Service Control Manager] ; Contents of value: ; %systemroot%\system32\netevent.dll;%systemroot%\system32\sp3res.dll "EventMessageFile"=hex(2):25,00,73,00,79,00,73,00,74,00,65,00,6d,00,72,00,6f,\ 00,6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,6e,00,65,00,74,00,65,00,76,00,65,00,6e,00,74,00,2e,00,64,00,6c,00,6c,\ 00,3b,00,25,00,73,00,79,00,73,00,74,00,65,00,6d,00,72,00,6f,00,6f,00,74,00,\ 25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,70,\ 00,33,00,72,00,65,00,73,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\sfloppy] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\sfloppy] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\sglfb] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\sglfb] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\Drivers\sglfb.sys "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,3b,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,\ 25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,72,\ 00,69,00,76,00,65,00,72,00,73,00,5c,00,73,00,67,00,6c,00,66,00,62,00,2e,00,\ 73,00,79,00,73,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\Simbad] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\Simbad] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\sndblst] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\sndblst] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\sparrow] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\sparrow] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\sptd] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\sptd] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\Srv] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\Srv] ; Contents of value: ; %SystemRoot%\System32\netevent.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,6e,00,65,00,74,00,65,00,76,00,65,00,6e,00,74,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\StillImage] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\StillImage] ; Contents of value: ; %SystemRoot%\System32\stisvc.exe "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,73,00,74,00,69,00,73,00,76,00,63,00,2e,00,65,00,78,00,65,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\symc810] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\symc810] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\symc8xx] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\symc8xx] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\sym_hi] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\sym_hi] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\System] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\Tcpip] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\Tcpip] ; Contents of value: ; %SystemRoot%\System32\netevent.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,6e,00,65,00,74,00,65,00,76,00,65,00,6e,00,74,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\TCPMon] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\TCPMon] "EventMessageFile"="%SystemRoot%\\System32\\tcpmon.dll" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\tdi] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\tdi] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\TermService] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\TermService] ; Contents of value: ; %SystemRoot%\System32\termsrv.exe;%SystemRoot%\System32\ntdll.dll;%SystemRoot%\System32\sp3res.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,74,00,65,00,72,00,6d,00,73,00,72,00,76,00,2e,00,65,00,78,00,65,00,3b,\ 00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,\ 5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,6e,00,74,00,64,\ 00,6c,00,6c,00,2e,00,64,00,6c,00,6c,00,3b,00,25,00,53,00,79,00,73,00,74,00,\ 65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,\ 00,6d,00,33,00,32,00,5c,00,73,00,70,00,33,00,72,00,65,00,73,00,2e,00,64,00,\ 6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\udfs] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\udfs] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\ultra66] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\ultra66] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\UPS] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\UPS] ; Contents of value: ; %SystemRoot%\System32\netmsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,6e,00,65,00,74,00,6d,00,73,00,67,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\vaxscsi] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\vaxscsi] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\VgaSave] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\VgaSave] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\Drivers\vga.sys "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,3b,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,\ 25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,72,\ 00,69,00,76,00,65,00,72,00,73,00,5c,00,76,00,67,00,61,00,2e,00,73,00,79,00,\ 73,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\W32Time] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\W32Time] ; Contents of value: ; %SystemRoot%\System32\w32time.dll;%SystemRoot%\System32\sp3res.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,77,00,33,00,32,00,74,00,69,00,6d,00,65,00,2e,00,64,00,6c,00,6c,00,3b,\ 00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,\ 5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,70,00,33,\ 00,72,00,65,00,73,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\wdvga_detect] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\wdvga_detect] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\wdvga_det.sys "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,3b,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,\ 25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,64,00,72,\ 00,69,00,76,00,65,00,72,00,73,00,5c,00,77,00,64,00,76,00,67,00,61,00,5f,00,\ 64,00,65,00,74,00,2e,00,73,00,79,00,73,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\weitekp9_detect] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\weitekp9_detect] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\weitekp9_det.sys "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,3b,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,\ 25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,64,00,72,\ 00,69,00,76,00,65,00,72,00,73,00,5c,00,77,00,65,00,69,00,74,00,65,00,6b,00,\ 70,00,39,00,5f,00,64,00,65,00,74,00,2e,00,73,00,79,00,73,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\Win32k] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\Win32k] ; Contents of value: ; %SystemRoot%\System32\win32k.sys "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,77,00,69,00,6e,00,33,00,32,00,6b,00,2e,00,73,00,79,00,73,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\Windows File Protection] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\Windows File Protection] ; Contents of value: ; %SystemRoot%\System32\sfc.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,73,00,66,00,63,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\Windows Installer 3.0] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\Windows Installer 3.0] ; Contents of value: ; %SystemRoot%\System32\spmsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,73,00,70,00,6d,00,73,00,67,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\Windows Installer 3.1] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\Windows Installer 3.1] ; Contents of value: ; %SystemRoot%\System32\spmsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,73,00,70,00,6d,00,73,00,67,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\Windows Script Host] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\Windows Script Host] ; Contents of value: ; %SystemRoot%\System32\wshext.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,77,00,73,00,68,00,65,00,78,00,74,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\Windows Update Agent] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\Windows Update Agent] ; Contents of value: ; %SystemRoot%\system32\wuaucpl.cpl "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,77,00,75,00,61,00,75,00,63,00,70,00,6c,00,2e,00,63,00,70,00,6c,00,00,\ 00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\WindowsMedia] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\WindowsMedia] ; Contents of value: ; %SystemRoot%\System32\spmsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,73,00,70,00,6d,00,73,00,67,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\Wmi] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\Wmi] ; Contents of value: ; %SystemRoot%\System32\netevent.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,6e,00,65,00,74,00,65,00,76,00,65,00,6e,00,74,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\Workstation] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\Workstation] ; Contents of value: ; %SystemRoot%\System32\netmsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,6e,00,65,00,74,00,6d,00,73,00,67,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\WZCSVC] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\WZCSVC] ; Contents of value: ; %SystemRoot%\System32\wzcsvc.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,77,00,7a,00,63,00,73,00,76,00,63,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventSystem] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventSystem\Parameters] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventSystem\Security] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventSystem\Enum] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventSystem\Enum] "0"="Root\\LEGACY_EVENTSYSTEM\00" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NdisTapi\Parameters] "AsyncEventQueueSize"=dword:00000300 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Npfs\Aliases] ; Contents of value: ; srvsvc ; wkssvc ; eventlog ; browser ; msgsvc ; svcctl ; w32time ; "ntsvcs"=hex(7):73,00,72,00,76,00,73,00,76,00,63,00,00,00,77,00,6b,00,73,00,73,\ 00,76,00,63,00,00,00,65,00,76,00,65,00,6e,00,74,00,6c,00,6f,00,67,00,00,00,\ 62,00,72,00,6f,00,77,00,73,00,65,00,72,00,00,00,6d,00,73,00,67,00,73,00,76,\ 00,63,00,00,00,73,00,76,00,63,00,63,00,74,00,6c,00,00,00,77,00,33,00,32,00,\ 74,00,69,00,6d,00,65,00,00,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RemoteAccess\Policy\Pipelines1] "Events"="" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RemoteAccess\Policy\Pipelines1\Stages1] "Events"="" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RemoteAccess\Policy\Pipelines1\Stages1\RequestHandlers\12] "Events"="1" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RemoteAccess\Policy\Pipelines1\Stages2] "Events"="" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RemoteAccess\Policy\Pipelines1\Stages2\RequestHandlers1] "Events"="1" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RemoteAccess\Policy\Pipelines1\Stages2\RequestHandlers3] "Events"="1 4" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RemoteAccess\Policy\Pipelines1\Stages3] "Events"="" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RemoteAccess\Policy\Pipelines1\Stages3\RequestHandlers7] "Events"="1 2" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RemoteAccess\Policy\Pipelines1\Stages4] "Events"="" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RemoteAccess\Policy\Pipelines1\Stages4\RequestHandlers6] "Events"="1 2" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RemoteAccess\Policy\Pipelines2] "Events"="" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RemoteAccess\Policy\Pipelines2\Stages5] "Events"="" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RemoteAccess\Policy\Pipelines2\Stages5\RequestHandlers\10] "Events"="1" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RemoteAccess\Policy\Pipelines3] "Events"="" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RemoteAccess\Policy\Pipelines3\Stages6] "Events"="" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RemoteAccess\Policy\Pipelines3\Stages6\RequestHandlers4] "Events"="1 4" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RemoteAccess\Policy\Pipelines3\Stages6\RequestHandlers\11] "Events"="1" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RemoteAccess\Policy\Pipelines3\Stages7] "Events"="" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RemoteAccess\Policy\Pipelines3\Stages7\RequestHandlers2] "Events"="1" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RemoteAccess\Policy\Pipelines3\Stages7\RequestHandlers9] "Events"="1 4" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RemoteAccess\Policy\Pipelines3\Stages8] "Events"="" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RemoteAccess\Policy\Pipelines3\Stages8\RequestHandlers5] "Events"="1" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SENS] ; Contents of value: ; EventSystem ; "DependOnService"=hex(7):45,00,76,00,65,00,6e,00,74,00,53,00,79,00,73,00,74,00,\ 65,00,6d,00,00,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess] "Description"="Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network." [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{6BDD1FC6-810F-11D0-BEC7-08002BE2092F}00\Events] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{6BDD1FC6-810F-11D0-BEC7-08002BE2092F}00\Events\PushButtonPushed1] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{6BDD1FC6-810F-11D0-BEC7-08002BE2092F}00\Events\PushButtonPushed2] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{6BDD1FC6-810F-11D0-BEC7-08002BE2092F}00\Events\PushButtonPushed3] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{6BDD1FC6-810F-11D0-BEC7-08002BE2092F}01\Events] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{6BDD1FC6-810F-11D0-BEC7-08002BE2092F}01\Events\CameraDetected] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\ContentIndex] "EventLogFlags"=dword:00000002 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\CrashControl] "LogEvent"=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Print\Providers] "EventLog"=dword:0000001b [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\SafeBoot\Minimal\EventLog] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\SafeBoot\Network\EventLog] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\SecurePipeServers\winreg\AllowedPaths] ; Contents of value: ; System\CurrentControlSet\Control\ProductOptions ; System\CurrentControlSet\Control\Print\Printers ; System\CurrentControlSet\Control\Server Applications ; System\CurrentControlSet\Services\Eventlog ; Software\Microsoft\OLAP Server ; Software\Microsoft\Windows NT\CurrentVersion ; "Machine"=hex(7):53,00,79,00,73,00,74,00,65,00,6d,00,5c,00,43,00,75,00,72,00,\ 72,00,65,00,6e,00,74,00,43,00,6f,00,6e,00,74,00,72,00,6f,00,6c,00,53,00,65,\ 00,74,00,5c,00,43,00,6f,00,6e,00,74,00,72,00,6f,00,6c,00,5c,00,50,00,72,00,\ 6f,00,64,00,75,00,63,00,74,00,4f,00,70,00,74,00,69,00,6f,00,6e,00,73,00,00,\ 00,53,00,79,00,73,00,74,00,65,00,6d,00,5c,00,43,00,75,00,72,00,72,00,65,00,\ 6e,00,74,00,43,00,6f,00,6e,00,74,00,72,00,6f,00,6c,00,53,00,65,00,74,00,5c,\ 00,43,00,6f,00,6e,00,74,00,72,00,6f,00,6c,00,5c,00,50,00,72,00,69,00,6e,00,\ 74,00,5c,00,50,00,72,00,69,00,6e,00,74,00,65,00,72,00,73,00,00,00,53,00,79,\ 00,73,00,74,00,65,00,6d,00,5c,00,43,00,75,00,72,00,72,00,65,00,6e,00,74,00,\ 43,00,6f,00,6e,00,74,00,72,00,6f,00,6c,00,53,00,65,00,74,00,5c,00,43,00,6f,\ 00,6e,00,74,00,72,00,6f,00,6c,00,5c,00,53,00,65,00,72,00,76,00,65,00,72,00,\ 20,00,41,00,70,00,70,00,6c,00,69,00,63,00,61,00,74,00,69,00,6f,00,6e,00,73,\ 00,00,00,53,00,79,00,73,00,74,00,65,00,6d,00,5c,00,43,00,75,00,72,00,72,00,\ 65,00,6e,00,74,00,43,00,6f,00,6e,00,74,00,72,00,6f,00,6c,00,53,00,65,00,74,\ 00,5c,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,73,00,5c,00,45,00,76,00,\ 65,00,6e,00,74,00,6c,00,6f,00,67,00,00,00,53,00,6f,00,66,00,74,00,77,00,61,\ 00,72,00,65,00,5c,00,4d,00,69,00,63,00,72,00,6f,00,73,00,6f,00,66,00,74,00,\ 5c,00,4f,00,4c,00,41,00,50,00,20,00,53,00,65,00,72,00,76,00,65,00,72,00,00,\ 00,53,00,6f,00,66,00,74,00,77,00,61,00,72,00,65,00,5c,00,4d,00,69,00,63,00,\ 72,00,6f,00,73,00,6f,00,66,00,74,00,5c,00,57,00,69,00,6e,00,64,00,6f,00,77,\ 00,73,00,20,00,4e,00,54,00,5c,00,43,00,75,00,72,00,72,00,65,00,6e,00,74,00,\ 56,00,65,00,72,00,73,00,69,00,6f,00,6e,00,00,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\SecurityProviders\SCHANNEL] "EventLogging"=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\ServiceGroupOrder] ; Contents of value: ; System Reserved ; Boot Bus Extender ; System Bus Extender ; SCSI miniport ; port ; Primary disk ; SCSI class ; SCSI CDROM class ; FSFilter Infrastructure ; FSFilter System ; FSFilter Bottom ; FSFilter Copy Protection ; FSFilter Security Enhancer ; FSFilter Open File ; FSFilter Physical Quota Management ; FSFilter Encryption ; FSFilter Compression ; FSFilter HSM ; FSFilter Cluster File System ; FSFilter System Recovery ; FSFilter Quota Management ; FSFilter Content Screener ; FSFilter Continuous Backup ; FSFilter Replication ; FSFilter Anti-Virus ; FSFilter Undelete ; FSFilter Activity Monitor ; FSFilter Top ; filter ; boot file system ; Base ; Pointer Port ; Keyboard Port ; Pointer Class ; Keyboard Class ; Video Init ; Video ; Video Save ; file system ; Event log ; Streams Drivers ; NDIS Wrapper ; PNP_TDI ; NDIS ; TDI ; NetBIOSGroup ; PlugPlay ; SpoolerGroup ; NetDDEGroup ; Parallel arbitrator ; extended base ; RemoteValidation ; PCI Configuration ; "List"=hex(7):53,00,79,00,73,00,74,00,65,00,6d,00,20,00,52,00,65,00,73,00,65,\ 00,72,00,76,00,65,00,64,00,00,00,42,00,6f,00,6f,00,74,00,20,00,42,00,75,00,\ 73,00,20,00,45,00,78,00,74,00,65,00,6e,00,64,00,65,00,72,00,00,00,53,00,79,\ 00,73,00,74,00,65,00,6d,00,20,00,42,00,75,00,73,00,20,00,45,00,78,00,74,00,\ 65,00,6e,00,64,00,65,00,72,00,00,00,53,00,43,00,53,00,49,00,20,00,6d,00,69,\ 00,6e,00,69,00,70,00,6f,00,72,00,74,00,00,00,70,00,6f,00,72,00,74,00,00,00,\ 50,00,72,00,69,00,6d,00,61,00,72,00,79,00,20,00,64,00,69,00,73,00,6b,00,00,\ 00,53,00,43,00,53,00,49,00,20,00,63,00,6c,00,61,00,73,00,73,00,00,00,53,00,\ 43,00,53,00,49,00,20,00,43,00,44,00,52,00,4f,00,4d,00,20,00,63,00,6c,00,61,\ 00,73,00,73,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,\ 49,00,6e,00,66,00,72,00,61,00,73,00,74,00,72,00,75,00,63,00,74,00,75,00,72,\ 00,65,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,53,00,\ 79,00,73,00,74,00,65,00,6d,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,65,\ 00,72,00,20,00,42,00,6f,00,74,00,74,00,6f,00,6d,00,00,00,46,00,53,00,46,00,\ 69,00,6c,00,74,00,65,00,72,00,20,00,43,00,6f,00,70,00,79,00,20,00,50,00,72,\ 00,6f,00,74,00,65,00,63,00,74,00,69,00,6f,00,6e,00,00,00,46,00,53,00,46,00,\ 69,00,6c,00,74,00,65,00,72,00,20,00,53,00,65,00,63,00,75,00,72,00,69,00,74,\ 00,79,00,20,00,45,00,6e,00,68,00,61,00,6e,00,63,00,65,00,72,00,00,00,46,00,\ 53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,4f,00,70,00,65,00,6e,00,20,\ 00,46,00,69,00,6c,00,65,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,65,00,\ 72,00,20,00,50,00,68,00,79,00,73,00,69,00,63,00,61,00,6c,00,20,00,51,00,75,\ 00,6f,00,74,00,61,00,20,00,4d,00,61,00,6e,00,61,00,67,00,65,00,6d,00,65,00,\ 6e,00,74,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,45,\ 00,6e,00,63,00,72,00,79,00,70,00,74,00,69,00,6f,00,6e,00,00,00,46,00,53,00,\ 46,00,69,00,6c,00,74,00,65,00,72,00,20,00,43,00,6f,00,6d,00,70,00,72,00,65,\ 00,73,00,73,00,69,00,6f,00,6e,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,\ 65,00,72,00,20,00,48,00,53,00,4d,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,\ 00,65,00,72,00,20,00,43,00,6c,00,75,00,73,00,74,00,65,00,72,00,20,00,46,00,\ 69,00,6c,00,65,00,20,00,53,00,79,00,73,00,74,00,65,00,6d,00,00,00,46,00,53,\ 00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,53,00,79,00,73,00,74,00,65,00,\ 6d,00,20,00,52,00,65,00,63,00,6f,00,76,00,65,00,72,00,79,00,00,00,46,00,53,\ 00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,51,00,75,00,6f,00,74,00,61,00,\ 20,00,4d,00,61,00,6e,00,61,00,67,00,65,00,6d,00,65,00,6e,00,74,00,00,00,46,\ 00,53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,43,00,6f,00,6e,00,74,00,\ 65,00,6e,00,74,00,20,00,53,00,63,00,72,00,65,00,65,00,6e,00,65,00,72,00,00,\ 00,46,00,53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,43,00,6f,00,6e,00,\ 74,00,69,00,6e,00,75,00,6f,00,75,00,73,00,20,00,42,00,61,00,63,00,6b,00,75,\ 00,70,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,52,00,\ 65,00,70,00,6c,00,69,00,63,00,61,00,74,00,69,00,6f,00,6e,00,00,00,46,00,53,\ 00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,41,00,6e,00,74,00,69,00,2d,00,\ 56,00,69,00,72,00,75,00,73,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,65,\ 00,72,00,20,00,55,00,6e,00,64,00,65,00,6c,00,65,00,74,00,65,00,00,00,46,00,\ 53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,41,00,63,00,74,00,69,00,76,\ 00,69,00,74,00,79,00,20,00,4d,00,6f,00,6e,00,69,00,74,00,6f,00,72,00,00,00,\ 46,00,53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,54,00,6f,00,70,00,00,\ 00,66,00,69,00,6c,00,74,00,65,00,72,00,00,00,62,00,6f,00,6f,00,74,00,20,00,\ 66,00,69,00,6c,00,65,00,20,00,73,00,79,00,73,00,74,00,65,00,6d,00,00,00,42,\ 00,61,00,73,00,65,00,00,00,50,00,6f,00,69,00,6e,00,74,00,65,00,72,00,20,00,\ 50,00,6f,00,72,00,74,00,00,00,4b,00,65,00,79,00,62,00,6f,00,61,00,72,00,64,\ 00,20,00,50,00,6f,00,72,00,74,00,00,00,50,00,6f,00,69,00,6e,00,74,00,65,00,\ 72,00,20,00,43,00,6c,00,61,00,73,00,73,00,00,00,4b,00,65,00,79,00,62,00,6f,\ 00,61,00,72,00,64,00,20,00,43,00,6c,00,61,00,73,00,73,00,00,00,56,00,69,00,\ 64,00,65,00,6f,00,20,00,49,00,6e,00,69,00,74,00,00,00,56,00,69,00,64,00,65,\ 00,6f,00,00,00,56,00,69,00,64,00,65,00,6f,00,20,00,53,00,61,00,76,00,65,00,\ 00,00,66,00,69,00,6c,00,65,00,20,00,73,00,79,00,73,00,74,00,65,00,6d,00,00,\ 00,45,00,76,00,65,00,6e,00,74,00,20,00,6c,00,6f,00,67,00,00,00,53,00,74,00,\ 72,00,65,00,61,00,6d,00,73,00,20,00,44,00,72,00,69,00,76,00,65,00,72,00,73,\ 00,00,00,4e,00,44,00,49,00,53,00,20,00,57,00,72,00,61,00,70,00,70,00,65,00,\ 72,00,00,00,50,00,4e,00,50,00,5f,00,54,00,44,00,49,00,00,00,4e,00,44,00,49,\ 00,53,00,00,00,54,00,44,00,49,00,00,00,4e,00,65,00,74,00,42,00,49,00,4f,00,\ 53,00,47,00,72,00,6f,00,75,00,70,00,00,00,50,00,6c,00,75,00,67,00,50,00,6c,\ 00,61,00,79,00,00,00,53,00,70,00,6f,00,6f,00,6c,00,65,00,72,00,47,00,72,00,\ 6f,00,75,00,70,00,00,00,4e,00,65,00,74,00,44,00,44,00,45,00,47,00,72,00,6f,\ 00,75,00,70,00,00,00,50,00,61,00,72,00,61,00,6c,00,6c,00,65,00,6c,00,20,00,\ 61,00,72,00,62,00,69,00,74,00,72,00,61,00,74,00,6f,00,72,00,00,00,65,00,78,\ 00,74,00,65,00,6e,00,64,00,65,00,64,00,20,00,62,00,61,00,73,00,65,00,00,00,\ 52,00,65,00,6d,00,6f,00,74,00,65,00,56,00,61,00,6c,00,69,00,64,00,61,00,74,\ 00,69,00,6f,00,6e,00,00,00,50,00,43,00,49,00,20,00,43,00,6f,00,6e,00,66,00,\ 69,00,67,00,75,00,72,00,61,00,74,00,69,00,6f,00,6e,00,00,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_EVENT] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_EVENT00] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_EVENT00] "Service"="Event" "DeviceDesc"="Events Log" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_EVENTSYSTEM] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_EVENTSYSTEM00] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_EVENTSYSTEM00] "Service"="EventSystem" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Event] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Event] "DisplayName"="Events Log" "Description"="Enables event logs messages issued by Windows-based programs and components to be viewed in Event Viewer. This service cannot be stopped." [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Event\Security] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog] "Group"="Event log" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application] ; Contents of value: ; WSH ; WinMgmt ; Winlogon ; Windows 3.1 Migration ; VBRuntime ; Userinit ; Userenv ; Tlntsvr ; SysmonLog ; SpoolerCtrs ; Software Installation ; SclgNtfy ; SceSrv ; SceCli ; RPC ; PlugPlayManager ; PerfProc ; PerfOS ; PerfNet ; Perfmon ; Perflib ; PerfDisk ; Perfctrs ; Offline Files ; Oakley ; Ntbackup.ini ; ntbackup ; NeroCheck ; MsiInstaller ; MSDTC Client ; MSDTC ; mnmsrvc ; LoadPerf ; IPSECPolicyStorage ; IExplore ; hpmon ; Folder Redirection ; File Deployment ; EventSystem ; ESENT ; DrWatson ; DiskQuota ; COM+ ; Ci ; Chkdsk ; Autochk ; Application Management ; APGTS ; Application ; "Sources"=hex(7):57,00,53,00,48,00,00,00,57,00,69,00,6e,00,4d,00,67,00,6d,00,\ 74,00,00,00,57,00,69,00,6e,00,6c,00,6f,00,67,00,6f,00,6e,00,00,00,57,00,69,\ 00,6e,00,64,00,6f,00,77,00,73,00,20,00,33,00,2e,00,31,00,20,00,4d,00,69,00,\ 67,00,72,00,61,00,74,00,69,00,6f,00,6e,00,00,00,56,00,42,00,52,00,75,00,6e,\ 00,74,00,69,00,6d,00,65,00,00,00,55,00,73,00,65,00,72,00,69,00,6e,00,69,00,\ 74,00,00,00,55,00,73,00,65,00,72,00,65,00,6e,00,76,00,00,00,54,00,6c,00,6e,\ 00,74,00,73,00,76,00,72,00,00,00,53,00,79,00,73,00,6d,00,6f,00,6e,00,4c,00,\ 6f,00,67,00,00,00,53,00,70,00,6f,00,6f,00,6c,00,65,00,72,00,43,00,74,00,72,\ 00,73,00,00,00,53,00,6f,00,66,00,74,00,77,00,61,00,72,00,65,00,20,00,49,00,\ 6e,00,73,00,74,00,61,00,6c,00,6c,00,61,00,74,00,69,00,6f,00,6e,00,00,00,53,\ 00,63,00,6c,00,67,00,4e,00,74,00,66,00,79,00,00,00,53,00,63,00,65,00,53,00,\ 72,00,76,00,00,00,53,00,63,00,65,00,43,00,6c,00,69,00,00,00,52,00,50,00,43,\ 00,00,00,50,00,6c,00,75,00,67,00,50,00,6c,00,61,00,79,00,4d,00,61,00,6e,00,\ 61,00,67,00,65,00,72,00,00,00,50,00,65,00,72,00,66,00,50,00,72,00,6f,00,63,\ 00,00,00,50,00,65,00,72,00,66,00,4f,00,53,00,00,00,50,00,65,00,72,00,66,00,\ 4e,00,65,00,74,00,00,00,50,00,65,00,72,00,66,00,6d,00,6f,00,6e,00,00,00,50,\ 00,65,00,72,00,66,00,6c,00,69,00,62,00,00,00,50,00,65,00,72,00,66,00,44,00,\ 69,00,73,00,6b,00,00,00,50,00,65,00,72,00,66,00,63,00,74,00,72,00,73,00,00,\ 00,4f,00,66,00,66,00,6c,00,69,00,6e,00,65,00,20,00,46,00,69,00,6c,00,65,00,\ 73,00,00,00,4f,00,61,00,6b,00,6c,00,65,00,79,00,00,00,4e,00,74,00,62,00,61,\ 00,63,00,6b,00,75,00,70,00,2e,00,69,00,6e,00,69,00,00,00,6e,00,74,00,62,00,\ 61,00,63,00,6b,00,75,00,70,00,00,00,4e,00,65,00,72,00,6f,00,43,00,68,00,65,\ 00,63,00,6b,00,00,00,4d,00,73,00,69,00,49,00,6e,00,73,00,74,00,61,00,6c,00,\ 6c,00,65,00,72,00,00,00,4d,00,53,00,44,00,54,00,43,00,20,00,43,00,6c,00,69,\ 00,65,00,6e,00,74,00,00,00,4d,00,53,00,44,00,54,00,43,00,00,00,6d,00,6e,00,\ 6d,00,73,00,72,00,76,00,63,00,00,00,4c,00,6f,00,61,00,64,00,50,00,65,00,72,\ 00,66,00,00,00,49,00,50,00,53,00,45,00,43,00,50,00,6f,00,6c,00,69,00,63,00,\ 79,00,53,00,74,00,6f,00,72,00,61,00,67,00,65,00,00,00,49,00,45,00,78,00,70,\ 00,6c,00,6f,00,72,00,65,00,00,00,68,00,70,00,6d,00,6f,00,6e,00,00,00,46,00,\ 6f,00,6c,00,64,00,65,00,72,00,20,00,52,00,65,00,64,00,69,00,72,00,65,00,63,\ 00,74,00,69,00,6f,00,6e,00,00,00,46,00,69,00,6c,00,65,00,20,00,44,00,65,00,\ 70,00,6c,00,6f,00,79,00,6d,00,65,00,6e,00,74,00,00,00,45,00,76,00,65,00,6e,\ 00,74,00,53,00,79,00,73,00,74,00,65,00,6d,00,00,00,45,00,53,00,45,00,4e,00,\ 54,00,00,00,44,00,72,00,57,00,61,00,74,00,73,00,6f,00,6e,00,00,00,44,00,69,\ 00,73,00,6b,00,51,00,75,00,6f,00,74,00,61,00,00,00,43,00,4f,00,4d,00,2b,00,\ 00,00,43,00,69,00,00,00,43,00,68,00,6b,00,64,00,73,00,6b,00,00,00,41,00,75,\ 00,74,00,6f,00,63,00,68,00,6b,00,00,00,41,00,70,00,70,00,6c,00,69,00,63,00,\ 61,00,74,00,69,00,6f,00,6e,00,20,00,4d,00,61,00,6e,00,61,00,67,00,65,00,6d,\ 00,65,00,6e,00,74,00,00,00,41,00,50,00,47,00,54,00,53,00,00,00,41,00,70,00,\ 70,00,6c,00,69,00,63,00,61,00,74,00,69,00,6f,00,6e,00,00,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\APGTS] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\APGTS] ; Contents of value: ; C:\WINNT\help\TShoot.ocx "EventMessageFile"=hex(2):43,00,3a,00,5c,00,57,00,49,00,4e,00,4e,00,54,00,5c,\ 00,68,00,65,00,6c,00,70,00,5c,00,54,00,53,00,68,00,6f,00,6f,00,74,00,2e,00,\ 6f,00,63,00,78,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\Application] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\Application Management] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\Application Management] ; Contents of value: ; %SystemRoot%\System32\appmgmts.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,61,00,70,00,70,00,6d,00,67,00,6d,00,74,00,73,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\Autochk] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\Autochk] ; Contents of value: ; %SystemRoot%\System32\winlogon.exe "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,77,00,69,00,6e,00,6c,00,6f,00,67,00,6f,00,6e,00,2e,00,65,00,78,00,65,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\Chkdsk] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\Chkdsk] ; Contents of value: ; %SystemRoot%\System32\ulib.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,75,00,6c,00,69,00,62,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\Ci] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\Ci] ; Contents of value: ; %SystemRoot%\System32\query.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,71,00,75,00,65,00,72,00,79,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\COM+] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\COM+] ; Contents of value: ; C:\WINNT\system32\comsvcs.dll "EventMessageFile"=hex(2):43,00,3a,00,5c,00,57,00,49,00,4e,00,4e,00,54,00,5c,\ 00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,63,00,6f,00,6d,00,\ 73,00,76,00,63,00,73,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\DiskQuota] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\DiskQuota] "EventMessageFile"="%SystemRoot%\\System32\\dskquota.dll" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\DrWatson] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\DrWatson] ; Contents of value: ; %SystemRoot%\System32\drwtsn32.exe "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,64,00,72,00,77,00,74,00,73,00,6e,00,33,00,32,00,2e,00,65,00,78,00,65,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\ESENT] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\ESENT] ; Contents of value: ; C:\WINNT\system32\ESENT.dll "EventMessageFile"=hex(2):43,00,3a,00,5c,00,57,00,49,00,4e,00,4e,00,54,00,5c,\ 00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,45,00,53,00,45,00,\ 4e,00,54,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\EventSystem] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\EventSystem] ; Contents of value: ; C:\WINNT\system32\es.dll "EventMessageFile"=hex(2):43,00,3a,00,5c,00,57,00,49,00,4e,00,4e,00,54,00,5c,\ 00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,65,00,73,00,2e,00,\ 64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\File Deployment] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\File Deployment] ; Contents of value: ; %SystemRoot%\System32\fdeploy.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,66,00,64,00,65,00,70,00,6c,00,6f,00,79,00,2e,00,64,00,6c,00,6c,00,00,\ 00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\Folder Redirection] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\Folder Redirection] ; Contents of value: ; %SystemRoot%\System32\fdeploy.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,66,00,64,00,65,00,70,00,6c,00,6f,00,79,00,2e,00,64,00,6c,00,6c,00,00,\ 00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\hpmon] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\hpmon] ; Contents of value: ; %SystemRoot%\System32\hpmon.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,68,00,70,00,6d,00,6f,00,6e,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\IExplore] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\IExplore] "EventMessageFile"="C:\\Program Files\\Internet Explorer\\DW15.EXE" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\IPSECPolicyStorage] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\IPSECPolicyStorage] "EventMessageFile"="%SystemRoot%\\System32\\polstore.dll" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\LoadPerf] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\LoadPerf] ; Contents of value: ; %SystemRoot%\System32\loadperf.dll;%SystemRoot%\System32\sp2res.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,6c,00,6f,00,61,00,64,00,70,00,65,00,72,00,66,00,2e,00,64,00,6c,00,6c,\ 00,3b,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,\ 25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,70,\ 00,32,00,72,00,65,00,73,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\mnmsrvc] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\mnmsrvc] "EventMessageFile"="%SystemRoot%\\System32\\nmevtmsg.dll" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\MSDTC] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\MSDTC] ; Contents of value: ; C:\WINNT\system32\MSDTCPRX.DLL "EventMessageFile"=hex(2):43,00,3a,00,5c,00,57,00,49,00,4e,00,4e,00,54,00,5c,\ 00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,4d,00,53,00,44,00,\ 54,00,43,00,50,00,52,00,58,00,2e,00,44,00,4c,00,4c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\MSDTC Client] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\MSDTC Client] ; Contents of value: ; C:\WINNT\system32\MSDTCPRX.DLL "EventMessageFile"=hex(2):43,00,3a,00,5c,00,57,00,49,00,4e,00,4e,00,54,00,5c,\ 00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,4d,00,53,00,44,00,\ 54,00,43,00,50,00,52,00,58,00,2e,00,44,00,4c,00,4c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\MsiInstaller] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\MsiInstaller] "EventMessageFile"="C:\\WINNT\\system32\\msi.dll" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\NeroCheck] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\NeroCheck] "EventMessageFile"="C:\\WINNT\\system32\\NeroCheck.exe" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\ntbackup] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\ntbackup] ; Contents of value: ; %SystemRoot%\System32\ntbackup.exe "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,6e,00,74,00,62,00,61,00,63,00,6b,00,75,00,70,00,2e,00,65,00,78,00,65,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\Ntbackup.ini] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\Ntbackup.ini] "EventMessageFile"="C:\\WINNT\\system32\\ntbackup.exe" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\Oakley] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\Oakley] "EventMessageFile"="%SystemRoot%\\System32\\oakley.dll" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\Offline Files] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\Offline Files] "EventMessageFile"="%SystemRoot%\\System32\\cscui.dll" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\Perfctrs] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\Perfctrs] ; Contents of value: ; %SystemRoot%\System32\perfctrs.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,70,00,65,00,72,00,66,00,63,00,74,00,72,00,73,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\PerfDisk] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\PerfDisk] ; Contents of value: ; %SystemRoot%\System32\perfdisk.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,70,00,65,00,72,00,66,00,64,00,69,00,73,00,6b,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\Perflib] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\Perflib] ; Contents of value: ; %SystemRoot%\System32\prflbmsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,70,00,72,00,66,00,6c,00,62,00,6d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\Perfmon] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\Perfmon] ; Contents of value: ; %SystemRoot%\System32\perfmon.exe "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,70,00,65,00,72,00,66,00,6d,00,6f,00,6e,00,2e,00,65,00,78,00,65,00,00,\ 00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\PerfNet] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\PerfNet] ; Contents of value: ; %SystemRoot%\System32\perfnet.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,70,00,65,00,72,00,66,00,6e,00,65,00,74,00,2e,00,64,00,6c,00,6c,00,00,\ 00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\PerfOS] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\PerfOS] ; Contents of value: ; %SystemRoot%\System32\perfOS.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,70,00,65,00,72,00,66,00,4f,00,53,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\PerfProc] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\PerfProc] ; Contents of value: ; %SystemRoot%\System32\perfproc.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,70,00,65,00,72,00,66,00,70,00,72,00,6f,00,63,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\PlugPlayManager] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\PlugPlayManager] ; Contents of value: ; %SystemRoot%\System32\umpnpmgr.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,75,00,6d,00,70,00,6e,00,70,00,6d,00,67,00,72,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\RPC] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\RPC] ; Contents of value: ; %SystemRoot%\System32\sp3res.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,73,00,70,00,33,00,72,00,65,00,73,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\SceCli] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\SceCli] ; Contents of value: ; %SystemRoot%\System32\scecli.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,73,00,63,00,65,00,63,00,6c,00,69,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\SceSrv] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\SceSrv] ; Contents of value: ; %SystemRoot%\System32\scesrv.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,73,00,63,00,65,00,73,00,72,00,76,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\SclgNtfy] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\SclgNtfy] ; Contents of value: ; %SystemRoot%\System32\sclgntfy.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\Software Installation] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\Software Installation] ; Contents of value: ; %SystemRoot%\System32\appmgr.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,61,00,70,00,70,00,6d,00,67,00,72,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\SpoolerCtrs] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\SpoolerCtrs] ; Contents of value: ; %SystemRoot%\System32\winspool.drv "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,77,00,69,00,6e,00,73,00,70,00,6f,00,6f,00,6c,00,2e,00,64,00,72,00,76,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\SysmonLog] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\SysmonLog] ; Contents of value: ; %SystemRoot%\System32\smlogsvc.exe "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,73,00,6d,00,6c,00,6f,00,67,00,73,00,76,00,63,00,2e,00,65,00,78,00,65,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\Tlntsvr] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\Tlntsvr] ; Contents of value: ; %SystemRoot%\System32\tlntsvr.exe "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,74,00,6c,00,6e,00,74,00,73,00,76,00,72,00,2e,00,65,00,78,00,65,00,00,\ 00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\Userenv] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\Userenv] ; Contents of value: ; %SystemRoot%\System32\userenv.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,75,00,73,00,65,00,72,00,65,00,6e,00,76,00,2e,00,64,00,6c,00,6c,00,00,\ 00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\Userinit] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\Userinit] ; Contents of value: ; %SystemRoot%\System32\userinit.exe "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,75,00,73,00,65,00,72,00,69,00,6e,00,69,00,74,00,2e,00,65,00,78,00,65,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\VBRuntime] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\VBRuntime] "EventMessageFile"="C:\\WINNT\\system32\\MSVBVM60.DLL" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\Windows 3.1 Migration] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\Windows 3.1 Migration] ; Contents of value: ; %SystemRoot%\System32\advapi32.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,61,00,64,00,76,00,61,00,70,00,69,00,33,00,32,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\Winlogon] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\Winlogon] ; Contents of value: ; %SystemRoot%\System32\winlogon.exe;%SystemRoot%\System32\sp3res.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,77,00,69,00,6e,00,6c,00,6f,00,67,00,6f,00,6e,00,2e,00,65,00,78,00,65,\ 00,3b,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,\ 25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,70,\ 00,33,00,72,00,65,00,73,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\WinMgmt] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\WinMgmt] "EventMessageFile"="C:\\WINNT\\system32\\WBEM\\WinMgmtR.dll" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\WSH] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\WSH] ; Contents of value: ; %SystemRoot%\System32\wshext.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,77,00,73,00,68,00,65,00,78,00,74,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Security] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Security\DS] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Security\DS\ObjectNames] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Security\LSA] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Security\LSA\ObjectNames] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Security\NetDDE Object] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Security\NetDDE Object\ObjectNames] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Security\SC Manager] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Security\SC Manager\ObjectNames] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Security\Security] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Security\Security] ; Contents of value: ; %SystemRoot%\System32\MsAuditE.dll;%SystemRoot%\System32\sp2res.dll;%SystemRoot%\System32\sp3res.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,4d,00,73,00,41,00,75,00,64,00,69,00,74,00,45,00,2e,00,64,00,6c,00,6c,\ 00,3b,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,\ 25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,70,\ 00,32,00,72,00,65,00,73,00,2e,00,64,00,6c,00,6c,00,3b,00,25,00,53,00,79,00,\ 73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,\ 00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,70,00,33,00,72,00,65,00,73,00,\ 2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Security\Security\ObjectNames] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Security\Security\ObjectNames] "Event"=dword:00001120 "EventPair"=dword:00001130 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Security\Security Account Manager] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Security\Security Account Manager\ObjectNames] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Security\Spooler] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Security\Spooler\ObjectNames] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System] ; Contents of value: ; WZCSVC ; Workstation ; Wmi ; WindowsMedia ; Windows Update Agent ; Windows Script Host ; Windows Installer 3.1 ; Windows Installer 3.0 ; Windows File Protection ; Win32k ; weitekp9_detect ; wdvga_detect ; W32Time ; VgaSave ; vaxscsi ; UPS ; ultra66 ; udfs ; TermService ; tdi ; TCPMon ; Tcpip ; sym_hi ; symc8xx ; symc810 ; StillImage ; Srv ; sptd ; sparrow ; sndblst ; Simbad ; sglfb ; sfloppy ; Service Control Manager ; Server ; serial ; scsiport ; Schedule ; Schannel ; SCardSvr ; Save Dump ; SAM ; s3legacy_detect ; rtl8139 ; RSVP ; Removable Storage Service ; RemoteAccess ; redbook ; Rdbss ; RasMan ; RasAuto ; qv_detect ; ql2100 ; ql1240 ; ql10wnt ; ql1080 ; Print ; PptpMiniport ; PolicyAgent ; pcmcia ; pciide ; pci ; parvdm ; parport ; parallel ; Outlook Express 6 ; OSPFMib ; OSPF ; nv ; null ; NtServicePack ; NTMS ; ntfs ; npfs ; Netlogon ; NetDDE ; NetBT ; NetBIOS ; NdisWan ; ndis ; ncrc710 ; Mup ; msfs ; msadlib ; MrxSmb ; mraid35x ; mouclass ; Modem ; mga_detect ; MDAC ; LsaSrv ; lp6nds35 ; LmHosts ; LDMS ; LDM ; lbrtfdc ; Kerberos ; kbdclass ; isapnp ; IPXSAP ; IPXRouterManager ; IPXRIP ; IPXCP ; ipsraidn ; IPSEC ; IPRouterManager ; IPRIP2 ; IPNATHLP ; IPBOOTP ; Internet Explorer 6 ; intelide ; ini910u ; Imagedrv ; i8042prt ; ftdisk ; fs_rec ; flpydisk ; flashpnt ; fireport ; Fips ; fdc ; fd16_700 ; fbxusb ; fastfat ; eventlog ; et4000_detect ; efs ; Dnscache ; Dnsapi ; dmio ; dmboot ; Distributed Link Tracking Client ; diskperf ; disk ; Dhcp ; DfsSvc ; DfsDriver ; deckzpsx ; DCOM ; dac960nt ; cpqfws2e ; cpqfcalm ; cpqarry2 ; cpqarray ; Clussvc ; cirrus_detect ; changer ; cdrom ; cdfs ; cdaudio ; cd20xrnt ; buslogic ; Browser ; BITS ; beep ; Atmarpc ; ati_detect ; atdisk ; atapi ; AsyncMac ; asc3550 ; asc3350p ; asc ; Application Popup ; amsint ; ami0nt ; Alerter ; aic78xx ; aic78u2 ; aic116x ; aha154x ; adpu160m ; acpiec ; acpi ; abp480n5 ; abiosdsk ; System ; "Sources"=hex(7):57,00,5a,00,43,00,53,00,56,00,43,00,00,00,57,00,6f,00,72,00,\ 6b,00,73,00,74,00,61,00,74,00,69,00,6f,00,6e,00,00,00,57,00,6d,00,69,00,00,\ 00,57,00,69,00,6e,00,64,00,6f,00,77,00,73,00,4d,00,65,00,64,00,69,00,61,00,\ 00,00,57,00,69,00,6e,00,64,00,6f,00,77,00,73,00,20,00,55,00,70,00,64,00,61,\ 00,74,00,65,00,20,00,41,00,67,00,65,00,6e,00,74,00,00,00,57,00,69,00,6e,00,\ 64,00,6f,00,77,00,73,00,20,00,53,00,63,00,72,00,69,00,70,00,74,00,20,00,48,\ 00,6f,00,73,00,74,00,00,00,57,00,69,00,6e,00,64,00,6f,00,77,00,73,00,20,00,\ 49,00,6e,00,73,00,74,00,61,00,6c,00,6c,00,65,00,72,00,20,00,33,00,2e,00,31,\ 00,00,00,57,00,69,00,6e,00,64,00,6f,00,77,00,73,00,20,00,49,00,6e,00,73,00,\ 74,00,61,00,6c,00,6c,00,65,00,72,00,20,00,33,00,2e,00,30,00,00,00,57,00,69,\ 00,6e,00,64,00,6f,00,77,00,73,00,20,00,46,00,69,00,6c,00,65,00,20,00,50,00,\ 72,00,6f,00,74,00,65,00,63,00,74,00,69,00,6f,00,6e,00,00,00,57,00,69,00,6e,\ 00,33,00,32,00,6b,00,00,00,77,00,65,00,69,00,74,00,65,00,6b,00,70,00,39,00,\ 5f,00,64,00,65,00,74,00,65,00,63,00,74,00,00,00,77,00,64,00,76,00,67,00,61,\ 00,5f,00,64,00,65,00,74,00,65,00,63,00,74,00,00,00,57,00,33,00,32,00,54,00,\ 69,00,6d,00,65,00,00,00,56,00,67,00,61,00,53,00,61,00,76,00,65,00,00,00,76,\ 00,61,00,78,00,73,00,63,00,73,00,69,00,00,00,55,00,50,00,53,00,00,00,75,00,\ 6c,00,74,00,72,00,61,00,36,00,36,00,00,00,75,00,64,00,66,00,73,00,00,00,54,\ 00,65,00,72,00,6d,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,00,00,74,00,\ 64,00,69,00,00,00,54,00,43,00,50,00,4d,00,6f,00,6e,00,00,00,54,00,63,00,70,\ 00,69,00,70,00,00,00,73,00,79,00,6d,00,5f,00,68,00,69,00,00,00,73,00,79,00,\ 6d,00,63,00,38,00,78,00,78,00,00,00,73,00,79,00,6d,00,63,00,38,00,31,00,30,\ 00,00,00,53,00,74,00,69,00,6c,00,6c,00,49,00,6d,00,61,00,67,00,65,00,00,00,\ 53,00,72,00,76,00,00,00,73,00,70,00,74,00,64,00,00,00,73,00,70,00,61,00,72,\ 00,72,00,6f,00,77,00,00,00,73,00,6e,00,64,00,62,00,6c,00,73,00,74,00,00,00,\ 53,00,69,00,6d,00,62,00,61,00,64,00,00,00,73,00,67,00,6c,00,66,00,62,00,00,\ 00,73,00,66,00,6c,00,6f,00,70,00,70,00,79,00,00,00,53,00,65,00,72,00,76,00,\ 69,00,63,00,65,00,20,00,43,00,6f,00,6e,00,74,00,72,00,6f,00,6c,00,20,00,4d,\ 00,61,00,6e,00,61,00,67,00,65,00,72,00,00,00,53,00,65,00,72,00,76,00,65,00,\ 72,00,00,00,73,00,65,00,72,00,69,00,61,00,6c,00,00,00,73,00,63,00,73,00,69,\ 00,70,00,6f,00,72,00,74,00,00,00,53,00,63,00,68,00,65,00,64,00,75,00,6c,00,\ 65,00,00,00,53,00,63,00,68,00,61,00,6e,00,6e,00,65,00,6c,00,00,00,53,00,43,\ 00,61,00,72,00,64,00,53,00,76,00,72,00,00,00,53,00,61,00,76,00,65,00,20,00,\ 44,00,75,00,6d,00,70,00,00,00,53,00,41,00,4d,00,00,00,73,00,33,00,6c,00,65,\ 00,67,00,61,00,63,00,79,00,5f,00,64,00,65,00,74,00,65,00,63,00,74,00,00,00,\ 72,00,74,00,6c,00,38,00,31,00,33,00,39,00,00,00,52,00,53,00,56,00,50,00,00,\ 00,52,00,65,00,6d,00,6f,00,76,00,61,00,62,00,6c,00,65,00,20,00,53,00,74,00,\ 6f,00,72,00,61,00,67,00,65,00,20,00,53,00,65,00,72,00,76,00,69,00,63,00,65,\ 00,00,00,52,00,65,00,6d,00,6f,00,74,00,65,00,41,00,63,00,63,00,65,00,73,00,\ 73,00,00,00,72,00,65,00,64,00,62,00,6f,00,6f,00,6b,00,00,00,52,00,64,00,62,\ 00,73,00,73,00,00,00,52,00,61,00,73,00,4d,00,61,00,6e,00,00,00,52,00,61,00,\ 73,00,41,00,75,00,74,00,6f,00,00,00,71,00,76,00,5f,00,64,00,65,00,74,00,65,\ 00,63,00,74,00,00,00,71,00,6c,00,32,00,31,00,30,00,30,00,00,00,71,00,6c,00,\ 31,00,32,00,34,00,30,00,00,00,71,00,6c,00,31,00,30,00,77,00,6e,00,74,00,00,\ 00,71,00,6c,00,31,00,30,00,38,00,30,00,00,00,50,00,72,00,69,00,6e,00,74,00,\ 00,00,50,00,70,00,74,00,70,00,4d,00,69,00,6e,00,69,00,70,00,6f,00,72,00,74,\ 00,00,00,50,00,6f,00,6c,00,69,00,63,00,79,00,41,00,67,00,65,00,6e,00,74,00,\ 00,00,70,00,63,00,6d,00,63,00,69,00,61,00,00,00,70,00,63,00,69,00,69,00,64,\ 00,65,00,00,00,70,00,63,00,69,00,00,00,70,00,61,00,72,00,76,00,64,00,6d,00,\ 00,00,70,00,61,00,72,00,70,00,6f,00,72,00,74,00,00,00,70,00,61,00,72,00,61,\ 00,6c,00,6c,00,65,00,6c,00,00,00,4f,00,75,00,74,00,6c,00,6f,00,6f,00,6b,00,\ 20,00,45,00,78,00,70,00,72,00,65,00,73,00,73,00,20,00,36,00,00,00,4f,00,53,\ 00,50,00,46,00,4d,00,69,00,62,00,00,00,4f,00,53,00,50,00,46,00,00,00,6e,00,\ 76,00,00,00,6e,00,75,00,6c,00,6c,00,00,00,4e,00,74,00,53,00,65,00,72,00,76,\ 00,69,00,63,00,65,00,50,00,61,00,63,00,6b,00,00,00,4e,00,54,00,4d,00,53,00,\ 00,00,6e,00,74,00,66,00,73,00,00,00,6e,00,70,00,66,00,73,00,00,00,4e,00,65,\ 00,74,00,6c,00,6f,00,67,00,6f,00,6e,00,00,00,4e,00,65,00,74,00,44,00,44,00,\ 45,00,00,00,4e,00,65,00,74,00,42,00,54,00,00,00,4e,00,65,00,74,00,42,00,49,\ 00,4f,00,53,00,00,00,4e,00,64,00,69,00,73,00,57,00,61,00,6e,00,00,00,6e,00,\ 64,00,69,00,73,00,00,00,6e,00,63,00,72,00,63,00,37,00,31,00,30,00,00,00,4d,\ 00,75,00,70,00,00,00,6d,00,73,00,66,00,73,00,00,00,6d,00,73,00,61,00,64,00,\ 6c,00,69,00,62,00,00,00,4d,00,72,00,78,00,53,00,6d,00,62,00,00,00,6d,00,72,\ 00,61,00,69,00,64,00,33,00,35,00,78,00,00,00,6d,00,6f,00,75,00,63,00,6c,00,\ 61,00,73,00,73,00,00,00,4d,00,6f,00,64,00,65,00,6d,00,00,00,6d,00,67,00,61,\ 00,5f,00,64,00,65,00,74,00,65,00,63,00,74,00,00,00,4d,00,44,00,41,00,43,00,\ 00,00,4c,00,73,00,61,00,53,00,72,00,76,00,00,00,6c,00,70,00,36,00,6e,00,64,\ 00,73,00,33,00,35,00,00,00,4c,00,6d,00,48,00,6f,00,73,00,74,00,73,00,00,00,\ 4c,00,44,00,4d,00,53,00,00,00,4c,00,44,00,4d,00,00,00,6c,00,62,00,72,00,74,\ 00,66,00,64,00,63,00,00,00,4b,00,65,00,72,00,62,00,65,00,72,00,6f,00,73,00,\ 00,00,6b,00,62,00,64,00,63,00,6c,00,61,00,73,00,73,00,00,00,69,00,73,00,61,\ 00,70,00,6e,00,70,00,00,00,49,00,50,00,58,00,53,00,41,00,50,00,00,00,49,00,\ 50,00,58,00,52,00,6f,00,75,00,74,00,65,00,72,00,4d,00,61,00,6e,00,61,00,67,\ 00,65,00,72,00,00,00,49,00,50,00,58,00,52,00,49,00,50,00,00,00,49,00,50,00,\ 58,00,43,00,50,00,00,00,69,00,70,00,73,00,72,00,61,00,69,00,64,00,6e,00,00,\ 00,49,00,50,00,53,00,45,00,43,00,00,00,49,00,50,00,52,00,6f,00,75,00,74,00,\ 65,00,72,00,4d,00,61,00,6e,00,61,00,67,00,65,00,72,00,00,00,49,00,50,00,52,\ 00,49,00,50,00,32,00,00,00,49,00,50,00,4e,00,41,00,54,00,48,00,4c,00,50,00,\ 00,00,49,00,50,00,42,00,4f,00,4f,00,54,00,50,00,00,00,49,00,6e,00,74,00,65,\ 00,72,00,6e,00,65,00,74,00,20,00,45,00,78,00,70,00,6c,00,6f,00,72,00,65,00,\ 72,00,20,00,36,00,00,00,69,00,6e,00,74,00,65,00,6c,00,69,00,64,00,65,00,00,\ 00,69,00,6e,00,69,00,39,00,31,00,30,00,75,00,00,00,49,00,6d,00,61,00,67,00,\ 65,00,64,00,72,00,76,00,00,00,69,00,38,00,30,00,34,00,32,00,70,00,72,00,74,\ 00,00,00,66,00,74,00,64,00,69,00,73,00,6b,00,00,00,66,00,73,00,5f,00,72,00,\ 65,00,63,00,00,00,66,00,6c,00,70,00,79,00,64,00,69,00,73,00,6b,00,00,00,66,\ 00,6c,00,61,00,73,00,68,00,70,00,6e,00,74,00,00,00,66,00,69,00,72,00,65,00,\ 70,00,6f,00,72,00,74,00,00,00,46,00,69,00,70,00,73,00,00,00,66,00,64,00,63,\ 00,00,00,66,00,64,00,31,00,36,00,5f,00,37,00,30,00,30,00,00,00,66,00,62,00,\ 78,00,75,00,73,00,62,00,00,00,66,00,61,00,73,00,74,00,66,00,61,00,74,00,00,\ 00,65,00,76,00,65,00,6e,00,74,00,6c,00,6f,00,67,00,00,00,65,00,74,00,34,00,\ 30,00,30,00,30,00,5f,00,64,00,65,00,74,00,65,00,63,00,74,00,00,00,65,00,66,\ 00,73,00,00,00,44,00,6e,00,73,00,63,00,61,00,63,00,68,00,65,00,00,00,44,00,\ 6e,00,73,00,61,00,70,00,69,00,00,00,64,00,6d,00,69,00,6f,00,00,00,64,00,6d,\ 00,62,00,6f,00,6f,00,74,00,00,00,44,00,69,00,73,00,74,00,72,00,69,00,62,00,\ 75,00,74,00,65,00,64,00,20,00,4c,00,69,00,6e,00,6b,00,20,00,54,00,72,00,61,\ 00,63,00,6b,00,69,00,6e,00,67,00,20,00,43,00,6c,00,69,00,65,00,6e,00,74,00,\ 00,00,64,00,69,00,73,00,6b,00,70,00,65,00,72,00,66,00,00,00,64,00,69,00,73,\ 00,6b,00,00,00,44,00,68,00,63,00,70,00,00,00,44,00,66,00,73,00,53,00,76,00,\ 63,00,00,00,44,00,66,00,73,00,44,00,72,00,69,00,76,00,65,00,72,00,00,00,64,\ 00,65,00,63,00,6b,00,7a,00,70,00,73,00,78,00,00,00,44,00,43,00,4f,00,4d,00,\ 00,00,64,00,61,00,63,00,39,00,36,00,30,00,6e,00,74,00,00,00,63,00,70,00,71,\ 00,66,00,77,00,73,00,32,00,65,00,00,00,63,00,70,00,71,00,66,00,63,00,61,00,\ 6c,00,6d,00,00,00,63,00,70,00,71,00,61,00,72,00,72,00,79,00,32,00,00,00,63,\ 00,70,00,71,00,61,00,72,00,72,00,61,00,79,00,00,00,43,00,6c,00,75,00,73,00,\ 73,00,76,00,63,00,00,00,63,00,69,00,72,00,72,00,75,00,73,00,5f,00,64,00,65,\ 00,74,00,65,00,63,00,74,00,00,00,63,00,68,00,61,00,6e,00,67,00,65,00,72,00,\ 00,00,63,00,64,00,72,00,6f,00,6d,00,00,00,63,00,64,00,66,00,73,00,00,00,63,\ 00,64,00,61,00,75,00,64,00,69,00,6f,00,00,00,63,00,64,00,32,00,30,00,78,00,\ 72,00,6e,00,74,00,00,00,62,00,75,00,73,00,6c,00,6f,00,67,00,69,00,63,00,00,\ 00,42,00,72,00,6f,00,77,00,73,00,65,00,72,00,00,00,42,00,49,00,54,00,53,00,\ 00,00,62,00,65,00,65,00,70,00,00,00,41,00,74,00,6d,00,61,00,72,00,70,00,63,\ 00,00,00,61,00,74,00,69,00,5f,00,64,00,65,00,74,00,65,00,63,00,74,00,00,00,\ 61,00,74,00,64,00,69,00,73,00,6b,00,00,00,61,00,74,00,61,00,70,00,69,00,00,\ 00,41,00,73,00,79,00,6e,00,63,00,4d,00,61,00,63,00,00,00,61,00,73,00,63,00,\ 33,00,35,00,35,00,30,00,00,00,61,00,73,00,63,00,33,00,33,00,35,00,30,00,70,\ 00,00,00,61,00,73,00,63,00,00,00,41,00,70,00,70,00,6c,00,69,00,63,00,61,00,\ 74,00,69,00,6f,00,6e,00,20,00,50,00,6f,00,70,00,75,00,70,00,00,00,61,00,6d,\ 00,73,00,69,00,6e,00,74,00,00,00,61,00,6d,00,69,00,30,00,6e,00,74,00,00,00,\ 41,00,6c,00,65,00,72,00,74,00,65,00,72,00,00,00,61,00,69,00,63,00,37,00,38,\ 00,78,00,78,00,00,00,61,00,69,00,63,00,37,00,38,00,75,00,32,00,00,00,61,00,\ 69,00,63,00,31,00,31,00,36,00,78,00,00,00,61,00,68,00,61,00,31,00,35,00,34,\ 00,78,00,00,00,61,00,64,00,70,00,75,00,31,00,36,00,30,00,6d,00,00,00,61,00,\ 63,00,70,00,69,00,65,00,63,00,00,00,61,00,63,00,70,00,69,00,00,00,61,00,62,\ 00,70,00,34,00,38,00,30,00,6e,00,35,00,00,00,61,00,62,00,69,00,6f,00,73,00,\ 64,00,73,00,6b,00,00,00,53,00,79,00,73,00,74,00,65,00,6d,00,00,00,00,00 "EventMessageFile"="%systemroot%\\system32\\stisvc.exe" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\abiosdsk] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\abiosdsk] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\abp480n5] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\abp480n5] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\acpi] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\acpi] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\Drivers\acpi.sys "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,3b,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,\ 25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,72,\ 00,69,00,76,00,65,00,72,00,73,00,5c,00,61,00,63,00,70,00,69,00,2e,00,73,00,\ 79,00,73,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\acpiec] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\acpiec] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\Drivers\acpiec.sys "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,3b,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,\ 25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,72,\ 00,69,00,76,00,65,00,72,00,73,00,5c,00,61,00,63,00,70,00,69,00,65,00,63,00,\ 2e,00,73,00,79,00,73,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\adpu160m] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\adpu160m] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\aha154x] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\aha154x] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\aic116x] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\aic116x] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\aic78u2] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\aic78u2] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\aic78xx] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\aic78xx] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\Alerter] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\Alerter] ; Contents of value: ; %SystemRoot%\System32\netmsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,6e,00,65,00,74,00,6d,00,73,00,67,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\ami0nt] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\ami0nt] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\amsint] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\amsint] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\Application Popup] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\Application Popup] ; Contents of value: ; %SystemRoot%\System32\ntdll.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,6e,00,74,00,64,00,6c,00,6c,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\asc] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\asc] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\asc3350p] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\asc3350p] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\asc3550] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\asc3550] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\AsyncMac] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\AsyncMac] ; Contents of value: ; %SystemRoot%\System32\mprmsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,6d,00,70,00,72,00,6d,00,73,00,67,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\atapi] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\atapi] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\atdisk] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\atdisk] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\ati_detect] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\ati_detect] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\ati_det.sys "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,3b,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,\ 25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,64,00,72,\ 00,69,00,76,00,65,00,72,00,73,00,5c,00,61,00,74,00,69,00,5f,00,64,00,65,00,\ 74,00,2e,00,73,00,79,00,73,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\Atmarpc] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\Atmarpc] ; Contents of value: ; %SystemRoot%\System32\netevent.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,6e,00,65,00,74,00,65,00,76,00,65,00,6e,00,74,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\beep] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\beep] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\BITS] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\BITS] ; Contents of value: ; %systemroot%\system32\xpob2res.dll "EventMessageFile"=hex(2):25,00,73,00,79,00,73,00,74,00,65,00,6d,00,72,00,6f,\ 00,6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,78,00,70,00,6f,00,62,00,32,00,72,00,65,00,73,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\Browser] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\Browser] ; Contents of value: ; %SystemRoot%\System32\netevent.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,6e,00,65,00,74,00,65,00,76,00,65,00,6e,00,74,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\buslogic] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\buslogic] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\cd20xrnt] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\cd20xrnt] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\cdaudio] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\cdaudio] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\cdfs] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\cdfs] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\cdrom] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\cdrom] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\changer] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\changer] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\cirrus_detect] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\cirrus_detect] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\cirrus_det.sys "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,3b,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,\ 25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,64,00,72,\ 00,69,00,76,00,65,00,72,00,73,00,5c,00,63,00,69,00,72,00,72,00,75,00,73,00,\ 5f,00,64,00,65,00,74,00,2e,00,73,00,79,00,73,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\Clussvc] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\Clussvc] ; Contents of value: ; %systemroot%\cluster\clussvc.exe;%SystemRoot%\System32\sp3res.dll "EventMessageFile"=hex(2):25,00,73,00,79,00,73,00,74,00,65,00,6d,00,72,00,6f,\ 00,6f,00,74,00,25,00,5c,00,63,00,6c,00,75,00,73,00,74,00,65,00,72,00,5c,00,\ 63,00,6c,00,75,00,73,00,73,00,76,00,63,00,2e,00,65,00,78,00,65,00,3b,00,25,\ 00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,00,\ 53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,70,00,33,00,72,\ 00,65,00,73,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\cpqarray] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\cpqarray] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\cpqarry2] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\cpqarry2] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\cpqfcalm] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\cpqfcalm] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\cpqfws2e] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\cpqfws2e] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\dac960nt] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\dac960nt] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\DCOM] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\DCOM] ; Contents of value: ; %SystemRoot%\System32\netevent.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,6e,00,65,00,74,00,65,00,76,00,65,00,6e,00,74,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\deckzpsx] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\deckzpsx] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\DfsDriver] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\DfsDriver] ; Contents of value: ; %SystemRoot%\System32\netevent.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,6e,00,65,00,74,00,65,00,76,00,65,00,6e,00,74,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\DfsSvc] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\DfsSvc] ; Contents of value: ; %SystemRoot%\System32\netevent.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,6e,00,65,00,74,00,65,00,76,00,65,00,6e,00,74,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\Dhcp] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\Dhcp] ; Contents of value: ; %SystemRoot%\System32\dhcpcsvc.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,64,00,68,00,63,00,70,00,63,00,73,00,76,00,63,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\disk] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\disk] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\diskperf] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\diskperf] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\Distributed Link Tracking Client] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\Distributed Link Tracking Client] ; Contents of value: ; %SystemRoot%\System32\netevent.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,6e,00,65,00,74,00,65,00,76,00,65,00,6e,00,74,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\dmboot] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\dmboot] ; Contents of value: ; %SystemRoot%\System32\Drivers\dmboot.sys;%SystemRoot%\System32\sp2res.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,44,00,72,00,69,00,76,00,65,00,72,00,73,00,5c,00,64,00,6d,00,62,00,6f,\ 00,6f,00,74,00,2e,00,73,00,79,00,73,00,3b,00,25,00,53,00,79,00,73,00,74,00,\ 65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,\ 00,6d,00,33,00,32,00,5c,00,73,00,70,00,32,00,72,00,65,00,73,00,2e,00,64,00,\ 6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\dmio] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\dmio] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\Drivers\dmio.sys "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,3b,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,\ 25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,72,\ 00,69,00,76,00,65,00,72,00,73,00,5c,00,64,00,6d,00,69,00,6f,00,2e,00,73,00,\ 79,00,73,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\Dnsapi] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\Dnsapi] ; Contents of value: ; %SystemRoot%\System32\netevent.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,6e,00,65,00,74,00,65,00,76,00,65,00,6e,00,74,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\Dnscache] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\Dnscache] ; Contents of value: ; %SystemRoot%\System32\netevent.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,6e,00,65,00,74,00,65,00,76,00,65,00,6e,00,74,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\efs] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\efs] ; Contents of value: ; %SystemRoot%\System32\lsasrv.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,6c,00,73,00,61,00,73,00,72,00,76,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\et4000_detect] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\et4000_detect] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\et4000_det.sys "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,3b,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,\ 25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,64,00,72,\ 00,69,00,76,00,65,00,72,00,73,00,5c,00,65,00,74,00,34,00,30,00,30,00,30,00,\ 5f,00,64,00,65,00,74,00,2e,00,73,00,79,00,73,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\eventlog] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\eventlog] ; Contents of value: ; %SystemRoot%\System32\netevent.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,6e,00,65,00,74,00,65,00,76,00,65,00,6e,00,74,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\fastfat] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\fastfat] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\fbxusb] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\fbxusb] ; Contents of value: ; %SystemRoot%\System32\netevent.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,6e,00,65,00,74,00,65,00,76,00,65,00,6e,00,74,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\fd16_700] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\fd16_700] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\fdc] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\fdc] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\Drivers\fdc.sys "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,3b,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,\ 25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,72,\ 00,69,00,76,00,65,00,72,00,73,00,5c,00,66,00,64,00,63,00,2e,00,73,00,79,00,\ 73,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\Fips] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\Fips] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\Drivers\fips.sys "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,3b,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,\ 25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,72,\ 00,69,00,76,00,65,00,72,00,73,00,5c,00,66,00,69,00,70,00,73,00,2e,00,73,00,\ 79,00,73,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\fireport] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\fireport] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\flashpnt] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\flashpnt] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\flpydisk] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\flpydisk] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\Drivers\flpydisk.sys "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,3b,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,\ 25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,72,\ 00,69,00,76,00,65,00,72,00,73,00,5c,00,66,00,6c,00,70,00,79,00,64,00,69,00,\ 73,00,6b,00,2e,00,73,00,79,00,73,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\fs_rec] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\fs_rec] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\ftdisk] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\ftdisk] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\Drivers\FtDisk.sys "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,3b,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,\ 25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,72,\ 00,69,00,76,00,65,00,72,00,73,00,5c,00,46,00,74,00,44,00,69,00,73,00,6b,00,\ 2e,00,73,00,79,00,73,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\i8042prt] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\i8042prt] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\i8042prt.sys "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,3b,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,\ 25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,64,00,72,\ 00,69,00,76,00,65,00,72,00,73,00,5c,00,69,00,38,00,30,00,34,00,32,00,70,00,\ 72,00,74,00,2e,00,73,00,79,00,73,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\Imagedrv] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\Imagedrv] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\ini910u] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\ini910u] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\intelide] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\intelide] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\Drivers\IntelIde.sys "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,3b,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,\ 25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,72,\ 00,69,00,76,00,65,00,72,00,73,00,5c,00,49,00,6e,00,74,00,65,00,6c,00,49,00,\ 64,00,65,00,2e,00,73,00,79,00,73,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\Internet Explorer 6] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\Internet Explorer 6] ; Contents of value: ; %SystemRoot%\System32\spmsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,73,00,70,00,6d,00,73,00,67,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\IPBOOTP] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\IPBOOTP] ; Contents of value: ; %SystemRoot%\System32\ipbootp.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,69,00,70,00,62,00,6f,00,6f,00,74,00,70,00,2e,00,64,00,6c,00,6c,00,00,\ 00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\IPNATHLP] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\IPNATHLP] ; Contents of value: ; %SystemRoot%\System32\ipnathlp.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,69,00,70,00,6e,00,61,00,74,00,68,00,6c,00,70,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\IPRIP2] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\IPRIP2] ; Contents of value: ; %SystemRoot%\System32\iprip2.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,69,00,70,00,72,00,69,00,70,00,32,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\IPRouterManager] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\IPRouterManager] ; Contents of value: ; %SystemRoot%\System32\mprmsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,6d,00,70,00,72,00,6d,00,73,00,67,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\IPSEC] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\IPSEC] ; Contents of value: ; %SystemRoot%\System32\netevent.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,6e,00,65,00,74,00,65,00,76,00,65,00,6e,00,74,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\ipsraidn] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\ipsraidn] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\IPXCP] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\IPXCP] ; Contents of value: ; %SystemRoot%\System32\mprmsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,6d,00,70,00,72,00,6d,00,73,00,67,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\IPXRIP] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\IPXRIP] ; Contents of value: ; %SystemRoot%\System32\mprmsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,6d,00,70,00,72,00,6d,00,73,00,67,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\IPXRouterManager] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\IPXRouterManager] ; Contents of value: ; %SystemRoot%\System32\mprmsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,6d,00,70,00,72,00,6d,00,73,00,67,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\IPXSAP] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\IPXSAP] ; Contents of value: ; %SystemRoot%\System32\mprmsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,6d,00,70,00,72,00,6d,00,73,00,67,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\isapnp] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\isapnp] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\isapnp.sys "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,3b,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,\ 25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,64,00,72,\ 00,69,00,76,00,65,00,72,00,73,00,5c,00,69,00,73,00,61,00,70,00,6e,00,70,00,\ 2e,00,73,00,79,00,73,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\kbdclass] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\kbdclass] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\kbdclass.sys "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,3b,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,\ 25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,64,00,72,\ 00,69,00,76,00,65,00,72,00,73,00,5c,00,6b,00,62,00,64,00,63,00,6c,00,61,00,\ 73,00,73,00,2e,00,73,00,79,00,73,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\Kerberos] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\Kerberos] ; Contents of value: ; %SystemRoot%\System32\kerberos.dll;%SystemRoot%\System32\sp3res.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,6b,00,65,00,72,00,62,00,65,00,72,00,6f,00,73,00,2e,00,64,00,6c,00,6c,\ 00,3b,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,\ 25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,70,\ 00,33,00,72,00,65,00,73,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\lbrtfdc] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\lbrtfdc] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\Drivers\lbrtfdc.sys "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,3b,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,\ 25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,72,\ 00,69,00,76,00,65,00,72,00,73,00,5c,00,6c,00,62,00,72,00,74,00,66,00,64,00,\ 63,00,2e,00,73,00,79,00,73,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\LDM] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\LDM] ; Contents of value: ; %SystemRoot%\System32\dmadmin.exe "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,64,00,6d,00,61,00,64,00,6d,00,69,00,6e,00,2e,00,65,00,78,00,65,00,00,\ 00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\LDMS] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\LDMS] ; Contents of value: ; %SystemRoot%\System32\dmserver.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,64,00,6d,00,73,00,65,00,72,00,76,00,65,00,72,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\LmHosts] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\LmHosts] ; Contents of value: ; %SystemRoot%\System32\netevent.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,6e,00,65,00,74,00,65,00,76,00,65,00,6e,00,74,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\lp6nds35] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\lp6nds35] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\LsaSrv] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\LsaSrv] ; Contents of value: ; %SystemRoot%\System32\lsasrv.dll;%SystemRoot%\System32\sp3res.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,6c,00,73,00,61,00,73,00,72,00,76,00,2e,00,64,00,6c,00,6c,00,3b,00,25,\ 00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,00,\ 53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,70,00,33,00,72,\ 00,65,00,73,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\MDAC] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\MDAC] ; Contents of value: ; %SystemRoot%\System32\spmsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,73,00,70,00,6d,00,73,00,67,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\mga_detect] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\mga_detect] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\mga_det.sys "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,3b,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,\ 25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,64,00,72,\ 00,69,00,76,00,65,00,72,00,73,00,5c,00,6d,00,67,00,61,00,5f,00,64,00,65,00,\ 74,00,2e,00,73,00,79,00,73,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\Modem] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\Modem] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\Drivers\Modem.sys "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,3b,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,\ 25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,72,\ 00,69,00,76,00,65,00,72,00,73,00,5c,00,4d,00,6f,00,64,00,65,00,6d,00,2e,00,\ 73,00,79,00,73,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\mouclass] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\mouclass] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\mouclass.sys "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,3b,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,\ 25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,64,00,72,\ 00,69,00,76,00,65,00,72,00,73,00,5c,00,6d,00,6f,00,75,00,63,00,6c,00,61,00,\ 73,00,73,00,2e,00,73,00,79,00,73,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\mraid35x] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\mraid35x] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\MrxSmb] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\MrxSmb] ; Contents of value: ; %SystemRoot%\System32\netevent.dll;%SystemRoot%\System32\iologmsg.dll;%SystemRoot%\System32\sp3res.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,6e,00,65,00,74,00,65,00,76,00,65,00,6e,00,74,00,2e,00,64,00,6c,00,6c,\ 00,3b,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,\ 25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,69,00,6f,\ 00,6c,00,6f,00,67,00,6d,00,73,00,67,00,2e,00,64,00,6c,00,6c,00,3b,00,25,00,\ 53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,00,53,\ 00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,70,00,33,00,72,00,\ 65,00,73,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\msadlib] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\msadlib] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\msfs] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\msfs] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\Mup] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\Mup] ; Contents of value: ; %SystemRoot%\System32\netevent.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,6e,00,65,00,74,00,65,00,76,00,65,00,6e,00,74,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\ncrc710] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\ncrc710] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\ndis] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\ndis] ; Contents of value: ; %SystemRoot%\System32\netevent.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,6e,00,65,00,74,00,65,00,76,00,65,00,6e,00,74,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\NdisWan] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\NdisWan] ; Contents of value: ; %SystemRoot%\System32\mprmsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,6d,00,70,00,72,00,6d,00,73,00,67,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\NetBIOS] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\NetBIOS] ; Contents of value: ; %SystemRoot%\System32\iologmsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,69,00,6f,00,6c,00,6f,00,67,00,6d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\NetBT] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\NetBT] ; Contents of value: ; %SystemRoot%\System32\netevent.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,6e,00,65,00,74,00,65,00,76,00,65,00,6e,00,74,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\NetDDE] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\NetDDE] ; Contents of value: ; %SystemRoot%\System32\netdde.exe "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,6e,00,65,00,74,00,64,00,64,00,65,00,2e,00,65,00,78,00,65,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\Netlogon] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\Netlogon] ; Contents of value: ; %SystemRoot%\System32\netmsg.dll;%SystemRoot%\System32\sp3res.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,6e,00,65,00,74,00,6d,00,73,00,67,00,2e,00,64,00,6c,00,6c,00,3b,00,25,\ 00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,00,\ 53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,70,00,33,00,72,\ 00,65,00,73,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\npfs] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\npfs] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\ntfs] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\ntfs] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\NTMS] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\NTMS] ; Contents of value: ; %SystemRoot%\system32\NtmsEvt.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,4e,00,74,00,6d,00,73,00,45,00,76,00,74,00,2e,00,64,00,6c,00,6c,00,00,\ 00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\NtServicePack] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\NtServicePack] ; Contents of value: ; %SystemRoot%\System32\spmsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,73,00,70,00,6d,00,73,00,67,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\null] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\null] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\nv] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\nv] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\nv4_mini.sys "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,3b,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,\ 25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,64,00,72,\ 00,69,00,76,00,65,00,72,00,73,00,5c,00,6e,00,76,00,34,00,5f,00,6d,00,69,00,\ 6e,00,69,00,2e,00,73,00,79,00,73,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\OSPF] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\OSPF] ; Contents of value: ; %SystemRoot%\System32\ospf.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,6f,00,73,00,70,00,66,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\OSPFMib] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\OSPFMib] ; Contents of value: ; %SystemRoot%\System32\ospfmib.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,6f,00,73,00,70,00,66,00,6d,00,69,00,62,00,2e,00,64,00,6c,00,6c,00,00,\ 00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\Outlook Express 6] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\Outlook Express 6] ; Contents of value: ; %SystemRoot%\System32\spmsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,73,00,70,00,6d,00,73,00,67,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\parallel] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\parallel] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\parallel.sys "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,3b,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,\ 25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,64,00,72,\ 00,69,00,76,00,65,00,72,00,73,00,5c,00,70,00,61,00,72,00,61,00,6c,00,6c,00,\ 65,00,6c,00,2e,00,73,00,79,00,73,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\parport] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\parport] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\parport.sys "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,3b,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,\ 25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,64,00,72,\ 00,69,00,76,00,65,00,72,00,73,00,5c,00,70,00,61,00,72,00,70,00,6f,00,72,00,\ 74,00,2e,00,73,00,79,00,73,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\parvdm] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\parvdm] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\Drivers\ParVdm.sys "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,3b,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,\ 25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,72,\ 00,69,00,76,00,65,00,72,00,73,00,5c,00,50,00,61,00,72,00,56,00,64,00,6d,00,\ 2e,00,73,00,79,00,73,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\pci] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\pci] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\Drivers\Pci.sys "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,3b,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,\ 25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,72,\ 00,69,00,76,00,65,00,72,00,73,00,5c,00,50,00,63,00,69,00,2e,00,73,00,79,00,\ 73,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\pciide] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\pciide] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\Drivers\PciIde.sys "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,3b,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,\ 25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,72,\ 00,69,00,76,00,65,00,72,00,73,00,5c,00,50,00,63,00,69,00,49,00,64,00,65,00,\ 2e,00,73,00,79,00,73,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\pcmcia] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\pcmcia] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\Drivers\Pcmcia.sys "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,3b,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,\ 25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,72,\ 00,69,00,76,00,65,00,72,00,73,00,5c,00,50,00,63,00,6d,00,63,00,69,00,61,00,\ 2e,00,73,00,79,00,73,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\PolicyAgent] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\PolicyAgent] ; Contents of value: ; %SystemRoot%\System32\polagent.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,70,00,6f,00,6c,00,61,00,67,00,65,00,6e,00,74,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\PptpMiniport] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\PptpMiniport] ; Contents of value: ; %SystemRoot%\System32\netevent.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,6e,00,65,00,74,00,65,00,76,00,65,00,6e,00,74,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\Print] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\Print] ; Contents of value: ; %SystemRoot%\System32\LocalSpl.dll;%SystemRoot%\System32\sp3res.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,4c,00,6f,00,63,00,61,00,6c,00,53,00,70,00,6c,00,2e,00,64,00,6c,00,6c,\ 00,3b,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,\ 25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,70,\ 00,33,00,72,00,65,00,73,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\ql1080] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\ql1080] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\ql10wnt] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\ql10wnt] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\ql1240] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\ql1240] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\ql2100] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\ql2100] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\qv_detect] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\qv_detect] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\qv_det.sys "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,3b,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,\ 25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,64,00,72,\ 00,69,00,76,00,65,00,72,00,73,00,5c,00,71,00,76,00,5f,00,64,00,65,00,74,00,\ 2e,00,73,00,79,00,73,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\RasAuto] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\RasAuto] ; Contents of value: ; %SystemRoot%\System32\mprmsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,6d,00,70,00,72,00,6d,00,73,00,67,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\RasMan] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\RasMan] ; Contents of value: ; %SystemRoot%\System32\mprmsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,6d,00,70,00,72,00,6d,00,73,00,67,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\Rdbss] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\Rdbss] ; Contents of value: ; %SystemRoot%\System32\netevent.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,6e,00,65,00,74,00,65,00,76,00,65,00,6e,00,74,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\redbook] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\redbook] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\redbook.sys "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,3b,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,\ 25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,64,00,72,\ 00,69,00,76,00,65,00,72,00,73,00,5c,00,72,00,65,00,64,00,62,00,6f,00,6f,00,\ 6b,00,2e,00,73,00,79,00,73,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\RemoteAccess] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\RemoteAccess] ; Contents of value: ; %SystemRoot%\System32\mprmsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,6d,00,70,00,72,00,6d,00,73,00,67,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\Removable Storage Service] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\Removable Storage Service] ; Contents of value: ; %SystemRoot%\System32\NTMSEVT.DLL "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,4e,00,54,00,4d,00,53,00,45,00,56,00,54,00,2e,00,44,00,4c,00,4c,00,00,\ 00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\RSVP] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\RSVP] ; Contents of value: ; %SystemRoot%\System32\rsvpmsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,72,00,73,00,76,00,70,00,6d,00,73,00,67,00,2e,00,64,00,6c,00,6c,00,00,\ 00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\rtl8139] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\rtl8139] ; Contents of value: ; %SystemRoot%\System32\netevent.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,6e,00,65,00,74,00,65,00,76,00,65,00,6e,00,74,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\s3legacy_detect] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\s3legacy_detect] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\s3legacy_det.sys "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,3b,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,\ 25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,64,00,72,\ 00,69,00,76,00,65,00,72,00,73,00,5c,00,73,00,33,00,6c,00,65,00,67,00,61,00,\ 63,00,79,00,5f,00,64,00,65,00,74,00,2e,00,73,00,79,00,73,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\SAM] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\SAM] ; Contents of value: ; %SystemRoot%\System32\samsrv.dll;%SystemRoot%\System32\sp3res.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,73,00,61,00,6d,00,73,00,72,00,76,00,2e,00,64,00,6c,00,6c,00,3b,00,25,\ 00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,00,\ 53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,70,00,33,00,72,\ 00,65,00,73,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\Save Dump] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\Save Dump] ; Contents of value: ; %SystemRoot%\System32\SaveDump.exe "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,53,00,61,00,76,00,65,00,44,00,75,00,6d,00,70,00,2e,00,65,00,78,00,65,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\SCardSvr] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\SCardSvr] ; Contents of value: ; %SystemRoot%\System32\SCardSvr.exe "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,53,00,43,00,61,00,72,00,64,00,53,00,76,00,72,00,2e,00,65,00,78,00,65,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\Schannel] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\Schannel] ; Contents of value: ; %SystemRoot%\system32\lsasrv.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,6c,00,73,00,61,00,73,00,72,00,76,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\Schedule] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\Schedule] ; Contents of value: ; %SystemRoot%\System32\netevent.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,6e,00,65,00,74,00,65,00,76,00,65,00,6e,00,74,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\scsiport] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\scsiport] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\serial] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\serial] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\serial.sys "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,3b,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,\ 25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,64,00,72,\ 00,69,00,76,00,65,00,72,00,73,00,5c,00,73,00,65,00,72,00,69,00,61,00,6c,00,\ 2e,00,73,00,79,00,73,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\Server] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\Server] ; Contents of value: ; %SystemRoot%\System32\netevent.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,6e,00,65,00,74,00,65,00,76,00,65,00,6e,00,74,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\Service Control Manager] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\Service Control Manager] ; Contents of value: ; %systemroot%\system32\netevent.dll;%systemroot%\system32\sp3res.dll "EventMessageFile"=hex(2):25,00,73,00,79,00,73,00,74,00,65,00,6d,00,72,00,6f,\ 00,6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,6e,00,65,00,74,00,65,00,76,00,65,00,6e,00,74,00,2e,00,64,00,6c,00,6c,\ 00,3b,00,25,00,73,00,79,00,73,00,74,00,65,00,6d,00,72,00,6f,00,6f,00,74,00,\ 25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,70,\ 00,33,00,72,00,65,00,73,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\sfloppy] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\sfloppy] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\sglfb] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\sglfb] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\Drivers\sglfb.sys "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,3b,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,\ 25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,72,\ 00,69,00,76,00,65,00,72,00,73,00,5c,00,73,00,67,00,6c,00,66,00,62,00,2e,00,\ 73,00,79,00,73,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\Simbad] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\Simbad] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\sndblst] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\sndblst] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\sparrow] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\sparrow] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\sptd] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\sptd] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\Srv] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\Srv] ; Contents of value: ; %SystemRoot%\System32\netevent.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,6e,00,65,00,74,00,65,00,76,00,65,00,6e,00,74,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\StillImage] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\StillImage] ; Contents of value: ; %SystemRoot%\System32\stisvc.exe "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,73,00,74,00,69,00,73,00,76,00,63,00,2e,00,65,00,78,00,65,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\symc810] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\symc810] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\symc8xx] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\symc8xx] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\sym_hi] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\sym_hi] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\System] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\Tcpip] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\Tcpip] ; Contents of value: ; %SystemRoot%\System32\netevent.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,6e,00,65,00,74,00,65,00,76,00,65,00,6e,00,74,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\TCPMon] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\TCPMon] "EventMessageFile"="%SystemRoot%\\System32\\tcpmon.dll" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\tdi] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\tdi] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\TermService] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\TermService] ; Contents of value: ; %SystemRoot%\System32\termsrv.exe;%SystemRoot%\System32\ntdll.dll;%SystemRoot%\System32\sp3res.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,74,00,65,00,72,00,6d,00,73,00,72,00,76,00,2e,00,65,00,78,00,65,00,3b,\ 00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,\ 5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,6e,00,74,00,64,\ 00,6c,00,6c,00,2e,00,64,00,6c,00,6c,00,3b,00,25,00,53,00,79,00,73,00,74,00,\ 65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,\ 00,6d,00,33,00,32,00,5c,00,73,00,70,00,33,00,72,00,65,00,73,00,2e,00,64,00,\ 6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\udfs] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\udfs] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\ultra66] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\ultra66] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\UPS] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\UPS] ; Contents of value: ; %SystemRoot%\System32\netmsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,6e,00,65,00,74,00,6d,00,73,00,67,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\vaxscsi] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\vaxscsi] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\VgaSave] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\VgaSave] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\Drivers\vga.sys "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,3b,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,\ 25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,72,\ 00,69,00,76,00,65,00,72,00,73,00,5c,00,76,00,67,00,61,00,2e,00,73,00,79,00,\ 73,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\W32Time] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\W32Time] ; Contents of value: ; %SystemRoot%\System32\w32time.dll;%SystemRoot%\System32\sp3res.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,77,00,33,00,32,00,74,00,69,00,6d,00,65,00,2e,00,64,00,6c,00,6c,00,3b,\ 00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,\ 5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,70,00,33,\ 00,72,00,65,00,73,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\wdvga_detect] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\wdvga_detect] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\wdvga_det.sys "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,3b,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,\ 25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,64,00,72,\ 00,69,00,76,00,65,00,72,00,73,00,5c,00,77,00,64,00,76,00,67,00,61,00,5f,00,\ 64,00,65,00,74,00,2e,00,73,00,79,00,73,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\weitekp9_detect] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\weitekp9_detect] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\weitekp9_det.sys "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,3b,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,\ 25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,64,00,72,\ 00,69,00,76,00,65,00,72,00,73,00,5c,00,77,00,65,00,69,00,74,00,65,00,6b,00,\ 70,00,39,00,5f,00,64,00,65,00,74,00,2e,00,73,00,79,00,73,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\Win32k] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\Win32k] ; Contents of value: ; %SystemRoot%\System32\win32k.sys "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,77,00,69,00,6e,00,33,00,32,00,6b,00,2e,00,73,00,79,00,73,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\Windows File Protection] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\Windows File Protection] ; Contents of value: ; %SystemRoot%\System32\sfc.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,73,00,66,00,63,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\Windows Installer 3.0] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\Windows Installer 3.0] ; Contents of value: ; %SystemRoot%\System32\spmsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,73,00,70,00,6d,00,73,00,67,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\Windows Installer 3.1] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\Windows Installer 3.1] ; Contents of value: ; %SystemRoot%\System32\spmsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,73,00,70,00,6d,00,73,00,67,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\Windows Script Host] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\Windows Script Host] ; Contents of value: ; %SystemRoot%\System32\wshext.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,77,00,73,00,68,00,65,00,78,00,74,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\Windows Update Agent] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\Windows Update Agent] ; Contents of value: ; %SystemRoot%\system32\wuaucpl.cpl "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,77,00,75,00,61,00,75,00,63,00,70,00,6c,00,2e,00,63,00,70,00,6c,00,00,\ 00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\WindowsMedia] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\WindowsMedia] ; Contents of value: ; %SystemRoot%\System32\spmsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,73,00,70,00,6d,00,73,00,67,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\Wmi] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\Wmi] ; Contents of value: ; %SystemRoot%\System32\netevent.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,6e,00,65,00,74,00,65,00,76,00,65,00,6e,00,74,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\Workstation] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\Workstation] ; Contents of value: ; %SystemRoot%\System32\netmsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,6e,00,65,00,74,00,6d,00,73,00,67,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\WZCSVC] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\WZCSVC] ; Contents of value: ; %SystemRoot%\System32\wzcsvc.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,77,00,7a,00,63,00,73,00,76,00,63,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\EventSystem] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\EventSystem\Parameters] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\EventSystem\Security] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\NdisTapi\Parameters] "AsyncEventQueueSize"=dword:00000300 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Npfs\Aliases] ; Contents of value: ; srvsvc ; wkssvc ; eventlog ; browser ; msgsvc ; svcctl ; w32time ; "ntsvcs"=hex(7):73,00,72,00,76,00,73,00,76,00,63,00,00,00,77,00,6b,00,73,00,73,\ 00,76,00,63,00,00,00,65,00,76,00,65,00,6e,00,74,00,6c,00,6f,00,67,00,00,00,\ 62,00,72,00,6f,00,77,00,73,00,65,00,72,00,00,00,6d,00,73,00,67,00,73,00,76,\ 00,63,00,00,00,73,00,76,00,63,00,63,00,74,00,6c,00,00,00,77,00,33,00,32,00,\ 74,00,69,00,6d,00,65,00,00,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\RemoteAccess\Policy\Pipelines1] "Events"="" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\RemoteAccess\Policy\Pipelines1\Stages1] "Events"="" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\RemoteAccess\Policy\Pipelines1\Stages1\RequestHandlers\12] "Events"="1" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\RemoteAccess\Policy\Pipelines1\Stages2] "Events"="" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\RemoteAccess\Policy\Pipelines1\Stages2\RequestHandlers1] "Events"="1" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\RemoteAccess\Policy\Pipelines1\Stages2\RequestHandlers3] "Events"="1 4" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\RemoteAccess\Policy\Pipelines1\Stages3] "Events"="" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\RemoteAccess\Policy\Pipelines1\Stages3\RequestHandlers7] "Events"="1 2" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\RemoteAccess\Policy\Pipelines1\Stages4] "Events"="" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\RemoteAccess\Policy\Pipelines1\Stages4\RequestHandlers6] "Events"="1 2" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\RemoteAccess\Policy\Pipelines2] "Events"="" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\RemoteAccess\Policy\Pipelines2\Stages5] "Events"="" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\RemoteAccess\Policy\Pipelines2\Stages5\RequestHandlers\10] "Events"="1" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\RemoteAccess\Policy\Pipelines3] "Events"="" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\RemoteAccess\Policy\Pipelines3\Stages6] "Events"="" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\RemoteAccess\Policy\Pipelines3\Stages6\RequestHandlers4] "Events"="1 4" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\RemoteAccess\Policy\Pipelines3\Stages6\RequestHandlers\11] "Events"="1" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\RemoteAccess\Policy\Pipelines3\Stages7] "Events"="" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\RemoteAccess\Policy\Pipelines3\Stages7\RequestHandlers2] "Events"="1" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\RemoteAccess\Policy\Pipelines3\Stages7\RequestHandlers9] "Events"="1 4" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\RemoteAccess\Policy\Pipelines3\Stages8] "Events"="" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\RemoteAccess\Policy\Pipelines3\Stages8\RequestHandlers5] "Events"="1" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SENS] ; Contents of value: ; EventSystem ; "DependOnService"=hex(7):45,00,76,00,65,00,6e,00,74,00,53,00,79,00,73,00,74,00,\ 65,00,6d,00,00,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SharedAccess] "Description"="Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network." [HKEY_LOCAL_MACHINE\SYSTEM\Setup\AllowStart\EventLog] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{6BDD1FC6-810F-11D0-BEC7-08002BE2092F}00\Events] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{6BDD1FC6-810F-11D0-BEC7-08002BE2092F}00\Events\PushButtonPushed1] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{6BDD1FC6-810F-11D0-BEC7-08002BE2092F}00\Events\PushButtonPushed2] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{6BDD1FC6-810F-11D0-BEC7-08002BE2092F}00\Events\PushButtonPushed3] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{6BDD1FC6-810F-11D0-BEC7-08002BE2092F}01\Events] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{6BDD1FC6-810F-11D0-BEC7-08002BE2092F}01\Events\CameraDetected] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\ContentIndex] "EventLogFlags"=dword:00000002 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CrashControl] "LogEvent"=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Providers] "EventLog"=dword:0000001b [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EventLog] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\EventLog] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurePipeServers\winreg\AllowedPaths] ; Contents of value: ; System\CurrentControlSet\Control\ProductOptions ; System\CurrentControlSet\Control\Print\Printers ; System\CurrentControlSet\Control\Server Applications ; System\CurrentControlSet\Services\Eventlog ; Software\Microsoft\OLAP Server ; Software\Microsoft\Windows NT\CurrentVersion ; "Machine"=hex(7):53,00,79,00,73,00,74,00,65,00,6d,00,5c,00,43,00,75,00,72,00,\ 72,00,65,00,6e,00,74,00,43,00,6f,00,6e,00,74,00,72,00,6f,00,6c,00,53,00,65,\ 00,74,00,5c,00,43,00,6f,00,6e,00,74,00,72,00,6f,00,6c,00,5c,00,50,00,72,00,\ 6f,00,64,00,75,00,63,00,74,00,4f,00,70,00,74,00,69,00,6f,00,6e,00,73,00,00,\ 00,53,00,79,00,73,00,74,00,65,00,6d,00,5c,00,43,00,75,00,72,00,72,00,65,00,\ 6e,00,74,00,43,00,6f,00,6e,00,74,00,72,00,6f,00,6c,00,53,00,65,00,74,00,5c,\ 00,43,00,6f,00,6e,00,74,00,72,00,6f,00,6c,00,5c,00,50,00,72,00,69,00,6e,00,\ 74,00,5c,00,50,00,72,00,69,00,6e,00,74,00,65,00,72,00,73,00,00,00,53,00,79,\ 00,73,00,74,00,65,00,6d,00,5c,00,43,00,75,00,72,00,72,00,65,00,6e,00,74,00,\ 43,00,6f,00,6e,00,74,00,72,00,6f,00,6c,00,53,00,65,00,74,00,5c,00,43,00,6f,\ 00,6e,00,74,00,72,00,6f,00,6c,00,5c,00,53,00,65,00,72,00,76,00,65,00,72,00,\ 20,00,41,00,70,00,70,00,6c,00,69,00,63,00,61,00,74,00,69,00,6f,00,6e,00,73,\ 00,00,00,53,00,79,00,73,00,74,00,65,00,6d,00,5c,00,43,00,75,00,72,00,72,00,\ 65,00,6e,00,74,00,43,00,6f,00,6e,00,74,00,72,00,6f,00,6c,00,53,00,65,00,74,\ 00,5c,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,73,00,5c,00,45,00,76,00,\ 65,00,6e,00,74,00,6c,00,6f,00,67,00,00,00,53,00,6f,00,66,00,74,00,77,00,61,\ 00,72,00,65,00,5c,00,4d,00,69,00,63,00,72,00,6f,00,73,00,6f,00,66,00,74,00,\ 5c,00,4f,00,4c,00,41,00,50,00,20,00,53,00,65,00,72,00,76,00,65,00,72,00,00,\ 00,53,00,6f,00,66,00,74,00,77,00,61,00,72,00,65,00,5c,00,4d,00,69,00,63,00,\ 72,00,6f,00,73,00,6f,00,66,00,74,00,5c,00,57,00,69,00,6e,00,64,00,6f,00,77,\ 00,73,00,20,00,4e,00,54,00,5c,00,43,00,75,00,72,00,72,00,65,00,6e,00,74,00,\ 56,00,65,00,72,00,73,00,69,00,6f,00,6e,00,00,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL] "EventLogging"=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\ServiceGroupOrder] ; Contents of value: ; System Reserved ; Boot Bus Extender ; System Bus Extender ; SCSI miniport ; port ; Primary disk ; SCSI class ; SCSI CDROM class ; FSFilter Infrastructure ; FSFilter System ; FSFilter Bottom ; FSFilter Copy Protection ; FSFilter Security Enhancer ; FSFilter Open File ; FSFilter Physical Quota Management ; FSFilter Encryption ; FSFilter Compression ; FSFilter HSM ; FSFilter Cluster File System ; FSFilter System Recovery ; FSFilter Quota Management ; FSFilter Content Screener ; FSFilter Continuous Backup ; FSFilter Replication ; FSFilter Anti-Virus ; FSFilter Undelete ; FSFilter Activity Monitor ; FSFilter Top ; filter ; boot file system ; Base ; Pointer Port ; Keyboard Port ; Pointer Class ; Keyboard Class ; Video Init ; Video ; Video Save ; file system ; Event log ; Streams Drivers ; NDIS Wrapper ; PNP_TDI ; NDIS ; TDI ; NetBIOSGroup ; PlugPlay ; SpoolerGroup ; NetDDEGroup ; Parallel arbitrator ; extended base ; RemoteValidation ; PCI Configuration ; "List"=hex(7):53,00,79,00,73,00,74,00,65,00,6d,00,20,00,52,00,65,00,73,00,65,\ 00,72,00,76,00,65,00,64,00,00,00,42,00,6f,00,6f,00,74,00,20,00,42,00,75,00,\ 73,00,20,00,45,00,78,00,74,00,65,00,6e,00,64,00,65,00,72,00,00,00,53,00,79,\ 00,73,00,74,00,65,00,6d,00,20,00,42,00,75,00,73,00,20,00,45,00,78,00,74,00,\ 65,00,6e,00,64,00,65,00,72,00,00,00,53,00,43,00,53,00,49,00,20,00,6d,00,69,\ 00,6e,00,69,00,70,00,6f,00,72,00,74,00,00,00,70,00,6f,00,72,00,74,00,00,00,\ 50,00,72,00,69,00,6d,00,61,00,72,00,79,00,20,00,64,00,69,00,73,00,6b,00,00,\ 00,53,00,43,00,53,00,49,00,20,00,63,00,6c,00,61,00,73,00,73,00,00,00,53,00,\ 43,00,53,00,49,00,20,00,43,00,44,00,52,00,4f,00,4d,00,20,00,63,00,6c,00,61,\ 00,73,00,73,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,\ 49,00,6e,00,66,00,72,00,61,00,73,00,74,00,72,00,75,00,63,00,74,00,75,00,72,\ 00,65,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,53,00,\ 79,00,73,00,74,00,65,00,6d,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,65,\ 00,72,00,20,00,42,00,6f,00,74,00,74,00,6f,00,6d,00,00,00,46,00,53,00,46,00,\ 69,00,6c,00,74,00,65,00,72,00,20,00,43,00,6f,00,70,00,79,00,20,00,50,00,72,\ 00,6f,00,74,00,65,00,63,00,74,00,69,00,6f,00,6e,00,00,00,46,00,53,00,46,00,\ 69,00,6c,00,74,00,65,00,72,00,20,00,53,00,65,00,63,00,75,00,72,00,69,00,74,\ 00,79,00,20,00,45,00,6e,00,68,00,61,00,6e,00,63,00,65,00,72,00,00,00,46,00,\ 53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,4f,00,70,00,65,00,6e,00,20,\ 00,46,00,69,00,6c,00,65,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,65,00,\ 72,00,20,00,50,00,68,00,79,00,73,00,69,00,63,00,61,00,6c,00,20,00,51,00,75,\ 00,6f,00,74,00,61,00,20,00,4d,00,61,00,6e,00,61,00,67,00,65,00,6d,00,65,00,\ 6e,00,74,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,45,\ 00,6e,00,63,00,72,00,79,00,70,00,74,00,69,00,6f,00,6e,00,00,00,46,00,53,00,\ 46,00,69,00,6c,00,74,00,65,00,72,00,20,00,43,00,6f,00,6d,00,70,00,72,00,65,\ 00,73,00,73,00,69,00,6f,00,6e,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,\ 65,00,72,00,20,00,48,00,53,00,4d,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,\ 00,65,00,72,00,20,00,43,00,6c,00,75,00,73,00,74,00,65,00,72,00,20,00,46,00,\ 69,00,6c,00,65,00,20,00,53,00,79,00,73,00,74,00,65,00,6d,00,00,00,46,00,53,\ 00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,53,00,79,00,73,00,74,00,65,00,\ 6d,00,20,00,52,00,65,00,63,00,6f,00,76,00,65,00,72,00,79,00,00,00,46,00,53,\ 00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,51,00,75,00,6f,00,74,00,61,00,\ 20,00,4d,00,61,00,6e,00,61,00,67,00,65,00,6d,00,65,00,6e,00,74,00,00,00,46,\ 00,53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,43,00,6f,00,6e,00,74,00,\ 65,00,6e,00,74,00,20,00,53,00,63,00,72,00,65,00,65,00,6e,00,65,00,72,00,00,\ 00,46,00,53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,43,00,6f,00,6e,00,\ 74,00,69,00,6e,00,75,00,6f,00,75,00,73,00,20,00,42,00,61,00,63,00,6b,00,75,\ 00,70,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,52,00,\ 65,00,70,00,6c,00,69,00,63,00,61,00,74,00,69,00,6f,00,6e,00,00,00,46,00,53,\ 00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,41,00,6e,00,74,00,69,00,2d,00,\ 56,00,69,00,72,00,75,00,73,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,65,\ 00,72,00,20,00,55,00,6e,00,64,00,65,00,6c,00,65,00,74,00,65,00,00,00,46,00,\ 53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,41,00,63,00,74,00,69,00,76,\ 00,69,00,74,00,79,00,20,00,4d,00,6f,00,6e,00,69,00,74,00,6f,00,72,00,00,00,\ 46,00,53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,54,00,6f,00,70,00,00,\ 00,66,00,69,00,6c,00,74,00,65,00,72,00,00,00,62,00,6f,00,6f,00,74,00,20,00,\ 66,00,69,00,6c,00,65,00,20,00,73,00,79,00,73,00,74,00,65,00,6d,00,00,00,42,\ 00,61,00,73,00,65,00,00,00,50,00,6f,00,69,00,6e,00,74,00,65,00,72,00,20,00,\ 50,00,6f,00,72,00,74,00,00,00,4b,00,65,00,79,00,62,00,6f,00,61,00,72,00,64,\ 00,20,00,50,00,6f,00,72,00,74,00,00,00,50,00,6f,00,69,00,6e,00,74,00,65,00,\ 72,00,20,00,43,00,6c,00,61,00,73,00,73,00,00,00,4b,00,65,00,79,00,62,00,6f,\ 00,61,00,72,00,64,00,20,00,43,00,6c,00,61,00,73,00,73,00,00,00,56,00,69,00,\ 64,00,65,00,6f,00,20,00,49,00,6e,00,69,00,74,00,00,00,56,00,69,00,64,00,65,\ 00,6f,00,00,00,56,00,69,00,64,00,65,00,6f,00,20,00,53,00,61,00,76,00,65,00,\ 00,00,66,00,69,00,6c,00,65,00,20,00,73,00,79,00,73,00,74,00,65,00,6d,00,00,\ 00,45,00,76,00,65,00,6e,00,74,00,20,00,6c,00,6f,00,67,00,00,00,53,00,74,00,\ 72,00,65,00,61,00,6d,00,73,00,20,00,44,00,72,00,69,00,76,00,65,00,72,00,73,\ 00,00,00,4e,00,44,00,49,00,53,00,20,00,57,00,72,00,61,00,70,00,70,00,65,00,\ 72,00,00,00,50,00,4e,00,50,00,5f,00,54,00,44,00,49,00,00,00,4e,00,44,00,49,\ 00,53,00,00,00,54,00,44,00,49,00,00,00,4e,00,65,00,74,00,42,00,49,00,4f,00,\ 53,00,47,00,72,00,6f,00,75,00,70,00,00,00,50,00,6c,00,75,00,67,00,50,00,6c,\ 00,61,00,79,00,00,00,53,00,70,00,6f,00,6f,00,6c,00,65,00,72,00,47,00,72,00,\ 6f,00,75,00,70,00,00,00,4e,00,65,00,74,00,44,00,44,00,45,00,47,00,72,00,6f,\ 00,75,00,70,00,00,00,50,00,61,00,72,00,61,00,6c,00,6c,00,65,00,6c,00,20,00,\ 61,00,72,00,62,00,69,00,74,00,72,00,61,00,74,00,6f,00,72,00,00,00,65,00,78,\ 00,74,00,65,00,6e,00,64,00,65,00,64,00,20,00,62,00,61,00,73,00,65,00,00,00,\ 52,00,65,00,6d,00,6f,00,74,00,65,00,56,00,61,00,6c,00,69,00,64,00,61,00,74,\ 00,69,00,6f,00,6e,00,00,00,50,00,43,00,49,00,20,00,43,00,6f,00,6e,00,66,00,\ 69,00,67,00,75,00,72,00,61,00,74,00,69,00,6f,00,6e,00,00,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_EVENT] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_EVENT00] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_EVENT00] "Service"="Event" "DeviceDesc"="Events Log" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_EVENTSYSTEM] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_EVENTSYSTEM00] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_EVENTSYSTEM00] "Service"="EventSystem" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_EVENTSYSTEM00\Control] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_EVENTSYSTEM00\Control] "ActiveService"="EventSystem" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Event] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Event] "DisplayName"="Events Log" "Description"="Enables event logs messages issued by Windows-based programs and components to be viewed in Event Viewer. This service cannot be stopped." [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Event\Security] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Event\Enum] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Event\Enum] "0"="Root\\LEGACY_EVENT\00" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog] "Group"="Event log" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application] ; Contents of value: ; WSH ; WinMgmt ; Winlogon ; Windows 3.1 Migration ; VBRuntime ; Userinit ; Userenv ; Tlntsvr ; SysmonLog ; SpoolerCtrs ; Software Installation ; SclgNtfy ; SceSrv ; SceCli ; RPC ; PlugPlayManager ; PerfProc ; PerfOS ; PerfNet ; Perfmon ; Perflib ; PerfDisk ; Perfctrs ; Offline Files ; Oakley ; Ntbackup.ini ; ntbackup ; NeroCheck ; MsiInstaller ; MSDTC Client ; MSDTC ; mnmsrvc ; LoadPerf ; IPSECPolicyStorage ; IExplore ; hpmon ; Folder Redirection ; File Deployment ; EventSystem ; ESENT ; DrWatson ; DiskQuota ; COM+ ; Ci ; Chkdsk ; Autochk ; Application Management ; APGTS ; Application ; "Sources"=hex(7):57,00,53,00,48,00,00,00,57,00,69,00,6e,00,4d,00,67,00,6d,00,\ 74,00,00,00,57,00,69,00,6e,00,6c,00,6f,00,67,00,6f,00,6e,00,00,00,57,00,69,\ 00,6e,00,64,00,6f,00,77,00,73,00,20,00,33,00,2e,00,31,00,20,00,4d,00,69,00,\ 67,00,72,00,61,00,74,00,69,00,6f,00,6e,00,00,00,56,00,42,00,52,00,75,00,6e,\ 00,74,00,69,00,6d,00,65,00,00,00,55,00,73,00,65,00,72,00,69,00,6e,00,69,00,\ 74,00,00,00,55,00,73,00,65,00,72,00,65,00,6e,00,76,00,00,00,54,00,6c,00,6e,\ 00,74,00,73,00,76,00,72,00,00,00,53,00,79,00,73,00,6d,00,6f,00,6e,00,4c,00,\ 6f,00,67,00,00,00,53,00,70,00,6f,00,6f,00,6c,00,65,00,72,00,43,00,74,00,72,\ 00,73,00,00,00,53,00,6f,00,66,00,74,00,77,00,61,00,72,00,65,00,20,00,49,00,\ 6e,00,73,00,74,00,61,00,6c,00,6c,00,61,00,74,00,69,00,6f,00,6e,00,00,00,53,\ 00,63,00,6c,00,67,00,4e,00,74,00,66,00,79,00,00,00,53,00,63,00,65,00,53,00,\ 72,00,76,00,00,00,53,00,63,00,65,00,43,00,6c,00,69,00,00,00,52,00,50,00,43,\ 00,00,00,50,00,6c,00,75,00,67,00,50,00,6c,00,61,00,79,00,4d,00,61,00,6e,00,\ 61,00,67,00,65,00,72,00,00,00,50,00,65,00,72,00,66,00,50,00,72,00,6f,00,63,\ 00,00,00,50,00,65,00,72,00,66,00,4f,00,53,00,00,00,50,00,65,00,72,00,66,00,\ 4e,00,65,00,74,00,00,00,50,00,65,00,72,00,66,00,6d,00,6f,00,6e,00,00,00,50,\ 00,65,00,72,00,66,00,6c,00,69,00,62,00,00,00,50,00,65,00,72,00,66,00,44,00,\ 69,00,73,00,6b,00,00,00,50,00,65,00,72,00,66,00,63,00,74,00,72,00,73,00,00,\ 00,4f,00,66,00,66,00,6c,00,69,00,6e,00,65,00,20,00,46,00,69,00,6c,00,65,00,\ 73,00,00,00,4f,00,61,00,6b,00,6c,00,65,00,79,00,00,00,4e,00,74,00,62,00,61,\ 00,63,00,6b,00,75,00,70,00,2e,00,69,00,6e,00,69,00,00,00,6e,00,74,00,62,00,\ 61,00,63,00,6b,00,75,00,70,00,00,00,4e,00,65,00,72,00,6f,00,43,00,68,00,65,\ 00,63,00,6b,00,00,00,4d,00,73,00,69,00,49,00,6e,00,73,00,74,00,61,00,6c,00,\ 6c,00,65,00,72,00,00,00,4d,00,53,00,44,00,54,00,43,00,20,00,43,00,6c,00,69,\ 00,65,00,6e,00,74,00,00,00,4d,00,53,00,44,00,54,00,43,00,00,00,6d,00,6e,00,\ 6d,00,73,00,72,00,76,00,63,00,00,00,4c,00,6f,00,61,00,64,00,50,00,65,00,72,\ 00,66,00,00,00,49,00,50,00,53,00,45,00,43,00,50,00,6f,00,6c,00,69,00,63,00,\ 79,00,53,00,74,00,6f,00,72,00,61,00,67,00,65,00,00,00,49,00,45,00,78,00,70,\ 00,6c,00,6f,00,72,00,65,00,00,00,68,00,70,00,6d,00,6f,00,6e,00,00,00,46,00,\ 6f,00,6c,00,64,00,65,00,72,00,20,00,52,00,65,00,64,00,69,00,72,00,65,00,63,\ 00,74,00,69,00,6f,00,6e,00,00,00,46,00,69,00,6c,00,65,00,20,00,44,00,65,00,\ 70,00,6c,00,6f,00,79,00,6d,00,65,00,6e,00,74,00,00,00,45,00,76,00,65,00,6e,\ 00,74,00,53,00,79,00,73,00,74,00,65,00,6d,00,00,00,45,00,53,00,45,00,4e,00,\ 54,00,00,00,44,00,72,00,57,00,61,00,74,00,73,00,6f,00,6e,00,00,00,44,00,69,\ 00,73,00,6b,00,51,00,75,00,6f,00,74,00,61,00,00,00,43,00,4f,00,4d,00,2b,00,\ 00,00,43,00,69,00,00,00,43,00,68,00,6b,00,64,00,73,00,6b,00,00,00,41,00,75,\ 00,74,00,6f,00,63,00,68,00,6b,00,00,00,41,00,70,00,70,00,6c,00,69,00,63,00,\ 61,00,74,00,69,00,6f,00,6e,00,20,00,4d,00,61,00,6e,00,61,00,67,00,65,00,6d,\ 00,65,00,6e,00,74,00,00,00,41,00,50,00,47,00,54,00,53,00,00,00,41,00,70,00,\ 70,00,6c,00,69,00,63,00,61,00,74,00,69,00,6f,00,6e,00,00,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\APGTS] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\APGTS] ; Contents of value: ; C:\WINNT\help\TShoot.ocx "EventMessageFile"=hex(2):43,00,3a,00,5c,00,57,00,49,00,4e,00,4e,00,54,00,5c,\ 00,68,00,65,00,6c,00,70,00,5c,00,54,00,53,00,68,00,6f,00,6f,00,74,00,2e,00,\ 6f,00,63,00,78,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Application] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Application Management] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Application Management] ; Contents of value: ; %SystemRoot%\System32\appmgmts.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,61,00,70,00,70,00,6d,00,67,00,6d,00,74,00,73,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Autochk] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Autochk] ; Contents of value: ; %SystemRoot%\System32\winlogon.exe "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,77,00,69,00,6e,00,6c,00,6f,00,67,00,6f,00,6e,00,2e,00,65,00,78,00,65,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Chkdsk] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Chkdsk] ; Contents of value: ; %SystemRoot%\System32\ulib.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,75,00,6c,00,69,00,62,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Ci] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Ci] ; Contents of value: ; %SystemRoot%\System32\query.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,71,00,75,00,65,00,72,00,79,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\COM+] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\COM+] ; Contents of value: ; C:\WINNT\system32\comsvcs.dll "EventMessageFile"=hex(2):43,00,3a,00,5c,00,57,00,49,00,4e,00,4e,00,54,00,5c,\ 00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,63,00,6f,00,6d,00,\ 73,00,76,00,63,00,73,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\DiskQuota] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\DiskQuota] "EventMessageFile"="%SystemRoot%\\System32\\dskquota.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\DrWatson] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\DrWatson] ; Contents of value: ; %SystemRoot%\System32\drwtsn32.exe "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,64,00,72,00,77,00,74,00,73,00,6e,00,33,00,32,00,2e,00,65,00,78,00,65,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\ESENT] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\ESENT] ; Contents of value: ; C:\WINNT\system32\ESENT.dll "EventMessageFile"=hex(2):43,00,3a,00,5c,00,57,00,49,00,4e,00,4e,00,54,00,5c,\ 00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,45,00,53,00,45,00,\ 4e,00,54,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\EventSystem] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\EventSystem] ; Contents of value: ; C:\WINNT\system32\es.dll "EventMessageFile"=hex(2):43,00,3a,00,5c,00,57,00,49,00,4e,00,4e,00,54,00,5c,\ 00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,65,00,73,00,2e,00,\ 64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\File Deployment] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\File Deployment] ; Contents of value: ; %SystemRoot%\System32\fdeploy.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,66,00,64,00,65,00,70,00,6c,00,6f,00,79,00,2e,00,64,00,6c,00,6c,00,00,\ 00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Folder Redirection] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Folder Redirection] ; Contents of value: ; %SystemRoot%\System32\fdeploy.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,66,00,64,00,65,00,70,00,6c,00,6f,00,79,00,2e,00,64,00,6c,00,6c,00,00,\ 00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\hpmon] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\hpmon] ; Contents of value: ; %SystemRoot%\System32\hpmon.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,68,00,70,00,6d,00,6f,00,6e,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\IExplore] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\IExplore] "EventMessageFile"="C:\\Program Files\\Internet Explorer\\DW15.EXE" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\IPSECPolicyStorage] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\IPSECPolicyStorage] "EventMessageFile"="%SystemRoot%\\System32\\polstore.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\LoadPerf] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\LoadPerf] ; Contents of value: ; %SystemRoot%\System32\loadperf.dll;%SystemRoot%\System32\sp2res.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,6c,00,6f,00,61,00,64,00,70,00,65,00,72,00,66,00,2e,00,64,00,6c,00,6c,\ 00,3b,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,\ 25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,70,\ 00,32,00,72,00,65,00,73,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\mnmsrvc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\mnmsrvc] "EventMessageFile"="%SystemRoot%\\System32\\nmevtmsg.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\MSDTC] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\MSDTC] ; Contents of value: ; C:\WINNT\system32\MSDTCPRX.DLL "EventMessageFile"=hex(2):43,00,3a,00,5c,00,57,00,49,00,4e,00,4e,00,54,00,5c,\ 00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,4d,00,53,00,44,00,\ 54,00,43,00,50,00,52,00,58,00,2e,00,44,00,4c,00,4c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\MSDTC Client] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\MSDTC Client] ; Contents of value: ; C:\WINNT\system32\MSDTCPRX.DLL "EventMessageFile"=hex(2):43,00,3a,00,5c,00,57,00,49,00,4e,00,4e,00,54,00,5c,\ 00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,4d,00,53,00,44,00,\ 54,00,43,00,50,00,52,00,58,00,2e,00,44,00,4c,00,4c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\MsiInstaller] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\MsiInstaller] "EventMessageFile"="C:\\WINNT\\system32\\msi.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\NeroCheck] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\NeroCheck] "EventMessageFile"="C:\\WINNT\\system32\\NeroCheck.exe" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\ntbackup] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\ntbackup] ; Contents of value: ; %SystemRoot%\System32\ntbackup.exe "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,6e,00,74,00,62,00,61,00,63,00,6b,00,75,00,70,00,2e,00,65,00,78,00,65,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Ntbackup.ini] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Ntbackup.ini] "EventMessageFile"="C:\\WINNT\\system32\\ntbackup.exe" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Oakley] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Oakley] "EventMessageFile"="%SystemRoot%\\System32\\oakley.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Offline Files] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Offline Files] "EventMessageFile"="%SystemRoot%\\System32\\cscui.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Perfctrs] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Perfctrs] ; Contents of value: ; %SystemRoot%\System32\perfctrs.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,70,00,65,00,72,00,66,00,63,00,74,00,72,00,73,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\PerfDisk] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\PerfDisk] ; Contents of value: ; %SystemRoot%\System32\perfdisk.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,70,00,65,00,72,00,66,00,64,00,69,00,73,00,6b,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Perflib] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Perflib] ; Contents of value: ; %SystemRoot%\System32\prflbmsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,70,00,72,00,66,00,6c,00,62,00,6d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Perfmon] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Perfmon] ; Contents of value: ; %SystemRoot%\System32\perfmon.exe "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,70,00,65,00,72,00,66,00,6d,00,6f,00,6e,00,2e,00,65,00,78,00,65,00,00,\ 00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\PerfNet] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\PerfNet] ; Contents of value: ; %SystemRoot%\System32\perfnet.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,70,00,65,00,72,00,66,00,6e,00,65,00,74,00,2e,00,64,00,6c,00,6c,00,00,\ 00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\PerfOS] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\PerfOS] ; Contents of value: ; %SystemRoot%\System32\perfOS.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,70,00,65,00,72,00,66,00,4f,00,53,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\PerfProc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\PerfProc] ; Contents of value: ; %SystemRoot%\System32\perfproc.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,70,00,65,00,72,00,66,00,70,00,72,00,6f,00,63,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\PlugPlayManager] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\PlugPlayManager] ; Contents of value: ; %SystemRoot%\System32\umpnpmgr.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,75,00,6d,00,70,00,6e,00,70,00,6d,00,67,00,72,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\RPC] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\RPC] ; Contents of value: ; %SystemRoot%\System32\sp3res.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,73,00,70,00,33,00,72,00,65,00,73,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\SceCli] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\SceCli] ; Contents of value: ; %SystemRoot%\System32\scecli.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,73,00,63,00,65,00,63,00,6c,00,69,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\SceSrv] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\SceSrv] ; Contents of value: ; %SystemRoot%\System32\scesrv.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,73,00,63,00,65,00,73,00,72,00,76,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\SclgNtfy] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\SclgNtfy] ; Contents of value: ; %SystemRoot%\System32\sclgntfy.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Software Installation] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Software Installation] ; Contents of value: ; %SystemRoot%\System32\appmgr.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,61,00,70,00,70,00,6d,00,67,00,72,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\SpoolerCtrs] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\SpoolerCtrs] ; Contents of value: ; %SystemRoot%\System32\winspool.drv "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,77,00,69,00,6e,00,73,00,70,00,6f,00,6f,00,6c,00,2e,00,64,00,72,00,76,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\SysmonLog] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\SysmonLog] ; Contents of value: ; %SystemRoot%\System32\smlogsvc.exe "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,73,00,6d,00,6c,00,6f,00,67,00,73,00,76,00,63,00,2e,00,65,00,78,00,65,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Tlntsvr] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Tlntsvr] ; Contents of value: ; %SystemRoot%\System32\tlntsvr.exe "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,74,00,6c,00,6e,00,74,00,73,00,76,00,72,00,2e,00,65,00,78,00,65,00,00,\ 00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Userenv] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Userenv] ; Contents of value: ; %SystemRoot%\System32\userenv.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,75,00,73,00,65,00,72,00,65,00,6e,00,76,00,2e,00,64,00,6c,00,6c,00,00,\ 00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Userinit] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Userinit] ; Contents of value: ; %SystemRoot%\System32\userinit.exe "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,75,00,73,00,65,00,72,00,69,00,6e,00,69,00,74,00,2e,00,65,00,78,00,65,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\VBRuntime] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\VBRuntime] "EventMessageFile"="C:\\WINNT\\system32\\MSVBVM60.DLL" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Windows 3.1 Migration] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Windows 3.1 Migration] ; Contents of value: ; %SystemRoot%\System32\advapi32.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,61,00,64,00,76,00,61,00,70,00,69,00,33,00,32,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Winlogon] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Winlogon] ; Contents of value: ; %SystemRoot%\System32\winlogon.exe;%SystemRoot%\System32\sp3res.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,77,00,69,00,6e,00,6c,00,6f,00,67,00,6f,00,6e,00,2e,00,65,00,78,00,65,\ 00,3b,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,\ 25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,70,\ 00,33,00,72,00,65,00,73,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WinMgmt] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WinMgmt] "EventMessageFile"="C:\\WINNT\\system32\\WBEM\\WinMgmtR.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WSH] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WSH] ; Contents of value: ; %SystemRoot%\System32\wshext.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,77,00,73,00,68,00,65,00,78,00,74,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security\DS] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security\DS\ObjectNames] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security\LSA] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security\LSA\ObjectNames] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security\NetDDE Object] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security\NetDDE Object\ObjectNames] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security\SC Manager] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security\SC Manager\ObjectNames] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security] ; Contents of value: ; %SystemRoot%\System32\MsAuditE.dll;%SystemRoot%\System32\sp2res.dll;%SystemRoot%\System32\sp3res.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,4d,00,73,00,41,00,75,00,64,00,69,00,74,00,45,00,2e,00,64,00,6c,00,6c,\ 00,3b,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,\ 25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,70,\ 00,32,00,72,00,65,00,73,00,2e,00,64,00,6c,00,6c,00,3b,00,25,00,53,00,79,00,\ 73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,\ 00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,70,00,33,00,72,00,65,00,73,00,\ 2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security\ObjectNames] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security\ObjectNames] "Event"=dword:00001120 "EventPair"=dword:00001130 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security Account Manager] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security Account Manager\ObjectNames] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Spooler] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Spooler\ObjectNames] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System] ; Contents of value: ; WZCSVC ; Workstation ; Wmi ; WindowsMedia ; Windows Update Agent ; Windows Script Host ; Windows Installer 3.1 ; Windows Installer 3.0 ; Windows File Protection ; Win32k ; weitekp9_detect ; wdvga_detect ; W32Time ; VgaSave ; vaxscsi ; UPS ; ultra66 ; udfs ; TermService ; tdi ; TCPMon ; Tcpip ; sym_hi ; symc8xx ; symc810 ; StillImage ; Srv ; sptd ; sparrow ; sndblst ; Simbad ; sglfb ; sfloppy ; Service Control Manager ; Server ; serial ; scsiport ; Schedule ; Schannel ; SCardSvr ; Save Dump ; SAM ; s3legacy_detect ; rtl8139 ; RSVP ; Removable Storage Service ; RemoteAccess ; redbook ; Rdbss ; RasMan ; RasAuto ; qv_detect ; ql2100 ; ql1240 ; ql10wnt ; ql1080 ; Print ; PptpMiniport ; PolicyAgent ; pcmcia ; pciide ; pci ; parvdm ; parport ; parallel ; Outlook Express 6 ; OSPFMib ; OSPF ; nv ; null ; NtServicePack ; NTMS ; ntfs ; npfs ; Netlogon ; NetDDE ; NetBT ; NetBIOS ; NdisWan ; ndis ; ncrc710 ; Mup ; msfs ; msadlib ; MrxSmb ; mraid35x ; mouclass ; Modem ; mga_detect ; MDAC ; LsaSrv ; lp6nds35 ; LmHosts ; LDMS ; LDM ; lbrtfdc ; Kerberos ; kbdclass ; isapnp ; IPXSAP ; IPXRouterManager ; IPXRIP ; IPXCP ; ipsraidn ; IPSEC ; IPRouterManager ; IPRIP2 ; IPNATHLP ; IPBOOTP ; Internet Explorer 6 ; intelide ; ini910u ; Imagedrv ; i8042prt ; ftdisk ; fs_rec ; flpydisk ; flashpnt ; fireport ; Fips ; fdc ; fd16_700 ; fbxusb ; fastfat ; eventlog ; et4000_detect ; efs ; Dnscache ; Dnsapi ; dmio ; dmboot ; Distributed Link Tracking Client ; diskperf ; disk ; Dhcp ; DfsSvc ; DfsDriver ; deckzpsx ; DCOM ; dac960nt ; cpqfws2e ; cpqfcalm ; cpqarry2 ; cpqarray ; Clussvc ; cirrus_detect ; changer ; cdrom ; cdfs ; cdaudio ; cd20xrnt ; buslogic ; Browser ; BITS ; beep ; Atmarpc ; ati_detect ; atdisk ; atapi ; AsyncMac ; asc3550 ; asc3350p ; asc ; Application Popup ; amsint ; ami0nt ; Alerter ; aic78xx ; aic78u2 ; aic116x ; aha154x ; adpu160m ; acpiec ; acpi ; abp480n5 ; abiosdsk ; System ; "Sources"=hex(7):57,00,5a,00,43,00,53,00,56,00,43,00,00,00,57,00,6f,00,72,00,\ 6b,00,73,00,74,00,61,00,74,00,69,00,6f,00,6e,00,00,00,57,00,6d,00,69,00,00,\ 00,57,00,69,00,6e,00,64,00,6f,00,77,00,73,00,4d,00,65,00,64,00,69,00,61,00,\ 00,00,57,00,69,00,6e,00,64,00,6f,00,77,00,73,00,20,00,55,00,70,00,64,00,61,\ 00,74,00,65,00,20,00,41,00,67,00,65,00,6e,00,74,00,00,00,57,00,69,00,6e,00,\ 64,00,6f,00,77,00,73,00,20,00,53,00,63,00,72,00,69,00,70,00,74,00,20,00,48,\ 00,6f,00,73,00,74,00,00,00,57,00,69,00,6e,00,64,00,6f,00,77,00,73,00,20,00,\ 49,00,6e,00,73,00,74,00,61,00,6c,00,6c,00,65,00,72,00,20,00,33,00,2e,00,31,\ 00,00,00,57,00,69,00,6e,00,64,00,6f,00,77,00,73,00,20,00,49,00,6e,00,73,00,\ 74,00,61,00,6c,00,6c,00,65,00,72,00,20,00,33,00,2e,00,30,00,00,00,57,00,69,\ 00,6e,00,64,00,6f,00,77,00,73,00,20,00,46,00,69,00,6c,00,65,00,20,00,50,00,\ 72,00,6f,00,74,00,65,00,63,00,74,00,69,00,6f,00,6e,00,00,00,57,00,69,00,6e,\ 00,33,00,32,00,6b,00,00,00,77,00,65,00,69,00,74,00,65,00,6b,00,70,00,39,00,\ 5f,00,64,00,65,00,74,00,65,00,63,00,74,00,00,00,77,00,64,00,76,00,67,00,61,\ 00,5f,00,64,00,65,00,74,00,65,00,63,00,74,00,00,00,57,00,33,00,32,00,54,00,\ 69,00,6d,00,65,00,00,00,56,00,67,00,61,00,53,00,61,00,76,00,65,00,00,00,76,\ 00,61,00,78,00,73,00,63,00,73,00,69,00,00,00,55,00,50,00,53,00,00,00,75,00,\ 6c,00,74,00,72,00,61,00,36,00,36,00,00,00,75,00,64,00,66,00,73,00,00,00,54,\ 00,65,00,72,00,6d,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,00,00,74,00,\ 64,00,69,00,00,00,54,00,43,00,50,00,4d,00,6f,00,6e,00,00,00,54,00,63,00,70,\ 00,69,00,70,00,00,00,73,00,79,00,6d,00,5f,00,68,00,69,00,00,00,73,00,79,00,\ 6d,00,63,00,38,00,78,00,78,00,00,00,73,00,79,00,6d,00,63,00,38,00,31,00,30,\ 00,00,00,53,00,74,00,69,00,6c,00,6c,00,49,00,6d,00,61,00,67,00,65,00,00,00,\ 53,00,72,00,76,00,00,00,73,00,70,00,74,00,64,00,00,00,73,00,70,00,61,00,72,\ 00,72,00,6f,00,77,00,00,00,73,00,6e,00,64,00,62,00,6c,00,73,00,74,00,00,00,\ 53,00,69,00,6d,00,62,00,61,00,64,00,00,00,73,00,67,00,6c,00,66,00,62,00,00,\ 00,73,00,66,00,6c,00,6f,00,70,00,70,00,79,00,00,00,53,00,65,00,72,00,76,00,\ 69,00,63,00,65,00,20,00,43,00,6f,00,6e,00,74,00,72,00,6f,00,6c,00,20,00,4d,\ 00,61,00,6e,00,61,00,67,00,65,00,72,00,00,00,53,00,65,00,72,00,76,00,65,00,\ 72,00,00,00,73,00,65,00,72,00,69,00,61,00,6c,00,00,00,73,00,63,00,73,00,69,\ 00,70,00,6f,00,72,00,74,00,00,00,53,00,63,00,68,00,65,00,64,00,75,00,6c,00,\ 65,00,00,00,53,00,63,00,68,00,61,00,6e,00,6e,00,65,00,6c,00,00,00,53,00,43,\ 00,61,00,72,00,64,00,53,00,76,00,72,00,00,00,53,00,61,00,76,00,65,00,20,00,\ 44,00,75,00,6d,00,70,00,00,00,53,00,41,00,4d,00,00,00,73,00,33,00,6c,00,65,\ 00,67,00,61,00,63,00,79,00,5f,00,64,00,65,00,74,00,65,00,63,00,74,00,00,00,\ 72,00,74,00,6c,00,38,00,31,00,33,00,39,00,00,00,52,00,53,00,56,00,50,00,00,\ 00,52,00,65,00,6d,00,6f,00,76,00,61,00,62,00,6c,00,65,00,20,00,53,00,74,00,\ 6f,00,72,00,61,00,67,00,65,00,20,00,53,00,65,00,72,00,76,00,69,00,63,00,65,\ 00,00,00,52,00,65,00,6d,00,6f,00,74,00,65,00,41,00,63,00,63,00,65,00,73,00,\ 73,00,00,00,72,00,65,00,64,00,62,00,6f,00,6f,00,6b,00,00,00,52,00,64,00,62,\ 00,73,00,73,00,00,00,52,00,61,00,73,00,4d,00,61,00,6e,00,00,00,52,00,61,00,\ 73,00,41,00,75,00,74,00,6f,00,00,00,71,00,76,00,5f,00,64,00,65,00,74,00,65,\ 00,63,00,74,00,00,00,71,00,6c,00,32,00,31,00,30,00,30,00,00,00,71,00,6c,00,\ 31,00,32,00,34,00,30,00,00,00,71,00,6c,00,31,00,30,00,77,00,6e,00,74,00,00,\ 00,71,00,6c,00,31,00,30,00,38,00,30,00,00,00,50,00,72,00,69,00,6e,00,74,00,\ 00,00,50,00,70,00,74,00,70,00,4d,00,69,00,6e,00,69,00,70,00,6f,00,72,00,74,\ 00,00,00,50,00,6f,00,6c,00,69,00,63,00,79,00,41,00,67,00,65,00,6e,00,74,00,\ 00,00,70,00,63,00,6d,00,63,00,69,00,61,00,00,00,70,00,63,00,69,00,69,00,64,\ 00,65,00,00,00,70,00,63,00,69,00,00,00,70,00,61,00,72,00,76,00,64,00,6d,00,\ 00,00,70,00,61,00,72,00,70,00,6f,00,72,00,74,00,00,00,70,00,61,00,72,00,61,\ 00,6c,00,6c,00,65,00,6c,00,00,00,4f,00,75,00,74,00,6c,00,6f,00,6f,00,6b,00,\ 20,00,45,00,78,00,70,00,72,00,65,00,73,00,73,00,20,00,36,00,00,00,4f,00,53,\ 00,50,00,46,00,4d,00,69,00,62,00,00,00,4f,00,53,00,50,00,46,00,00,00,6e,00,\ 76,00,00,00,6e,00,75,00,6c,00,6c,00,00,00,4e,00,74,00,53,00,65,00,72,00,76,\ 00,69,00,63,00,65,00,50,00,61,00,63,00,6b,00,00,00,4e,00,54,00,4d,00,53,00,\ 00,00,6e,00,74,00,66,00,73,00,00,00,6e,00,70,00,66,00,73,00,00,00,4e,00,65,\ 00,74,00,6c,00,6f,00,67,00,6f,00,6e,00,00,00,4e,00,65,00,74,00,44,00,44,00,\ 45,00,00,00,4e,00,65,00,74,00,42,00,54,00,00,00,4e,00,65,00,74,00,42,00,49,\ 00,4f,00,53,00,00,00,4e,00,64,00,69,00,73,00,57,00,61,00,6e,00,00,00,6e,00,\ 64,00,69,00,73,00,00,00,6e,00,63,00,72,00,63,00,37,00,31,00,30,00,00,00,4d,\ 00,75,00,70,00,00,00,6d,00,73,00,66,00,73,00,00,00,6d,00,73,00,61,00,64,00,\ 6c,00,69,00,62,00,00,00,4d,00,72,00,78,00,53,00,6d,00,62,00,00,00,6d,00,72,\ 00,61,00,69,00,64,00,33,00,35,00,78,00,00,00,6d,00,6f,00,75,00,63,00,6c,00,\ 61,00,73,00,73,00,00,00,4d,00,6f,00,64,00,65,00,6d,00,00,00,6d,00,67,00,61,\ 00,5f,00,64,00,65,00,74,00,65,00,63,00,74,00,00,00,4d,00,44,00,41,00,43,00,\ 00,00,4c,00,73,00,61,00,53,00,72,00,76,00,00,00,6c,00,70,00,36,00,6e,00,64,\ 00,73,00,33,00,35,00,00,00,4c,00,6d,00,48,00,6f,00,73,00,74,00,73,00,00,00,\ 4c,00,44,00,4d,00,53,00,00,00,4c,00,44,00,4d,00,00,00,6c,00,62,00,72,00,74,\ 00,66,00,64,00,63,00,00,00,4b,00,65,00,72,00,62,00,65,00,72,00,6f,00,73,00,\ 00,00,6b,00,62,00,64,00,63,00,6c,00,61,00,73,00,73,00,00,00,69,00,73,00,61,\ 00,70,00,6e,00,70,00,00,00,49,00,50,00,58,00,53,00,41,00,50,00,00,00,49,00,\ 50,00,58,00,52,00,6f,00,75,00,74,00,65,00,72,00,4d,00,61,00,6e,00,61,00,67,\ 00,65,00,72,00,00,00,49,00,50,00,58,00,52,00,49,00,50,00,00,00,49,00,50,00,\ 58,00,43,00,50,00,00,00,69,00,70,00,73,00,72,00,61,00,69,00,64,00,6e,00,00,\ 00,49,00,50,00,53,00,45,00,43,00,00,00,49,00,50,00,52,00,6f,00,75,00,74,00,\ 65,00,72,00,4d,00,61,00,6e,00,61,00,67,00,65,00,72,00,00,00,49,00,50,00,52,\ 00,49,00,50,00,32,00,00,00,49,00,50,00,4e,00,41,00,54,00,48,00,4c,00,50,00,\ 00,00,49,00,50,00,42,00,4f,00,4f,00,54,00,50,00,00,00,49,00,6e,00,74,00,65,\ 00,72,00,6e,00,65,00,74,00,20,00,45,00,78,00,70,00,6c,00,6f,00,72,00,65,00,\ 72,00,20,00,36,00,00,00,69,00,6e,00,74,00,65,00,6c,00,69,00,64,00,65,00,00,\ 00,69,00,6e,00,69,00,39,00,31,00,30,00,75,00,00,00,49,00,6d,00,61,00,67,00,\ 65,00,64,00,72,00,76,00,00,00,69,00,38,00,30,00,34,00,32,00,70,00,72,00,74,\ 00,00,00,66,00,74,00,64,00,69,00,73,00,6b,00,00,00,66,00,73,00,5f,00,72,00,\ 65,00,63,00,00,00,66,00,6c,00,70,00,79,00,64,00,69,00,73,00,6b,00,00,00,66,\ 00,6c,00,61,00,73,00,68,00,70,00,6e,00,74,00,00,00,66,00,69,00,72,00,65,00,\ 70,00,6f,00,72,00,74,00,00,00,46,00,69,00,70,00,73,00,00,00,66,00,64,00,63,\ 00,00,00,66,00,64,00,31,00,36,00,5f,00,37,00,30,00,30,00,00,00,66,00,62,00,\ 78,00,75,00,73,00,62,00,00,00,66,00,61,00,73,00,74,00,66,00,61,00,74,00,00,\ 00,65,00,76,00,65,00,6e,00,74,00,6c,00,6f,00,67,00,00,00,65,00,74,00,34,00,\ 30,00,30,00,30,00,5f,00,64,00,65,00,74,00,65,00,63,00,74,00,00,00,65,00,66,\ 00,73,00,00,00,44,00,6e,00,73,00,63,00,61,00,63,00,68,00,65,00,00,00,44,00,\ 6e,00,73,00,61,00,70,00,69,00,00,00,64,00,6d,00,69,00,6f,00,00,00,64,00,6d,\ 00,62,00,6f,00,6f,00,74,00,00,00,44,00,69,00,73,00,74,00,72,00,69,00,62,00,\ 75,00,74,00,65,00,64,00,20,00,4c,00,69,00,6e,00,6b,00,20,00,54,00,72,00,61,\ 00,63,00,6b,00,69,00,6e,00,67,00,20,00,43,00,6c,00,69,00,65,00,6e,00,74,00,\ 00,00,64,00,69,00,73,00,6b,00,70,00,65,00,72,00,66,00,00,00,64,00,69,00,73,\ 00,6b,00,00,00,44,00,68,00,63,00,70,00,00,00,44,00,66,00,73,00,53,00,76,00,\ 63,00,00,00,44,00,66,00,73,00,44,00,72,00,69,00,76,00,65,00,72,00,00,00,64,\ 00,65,00,63,00,6b,00,7a,00,70,00,73,00,78,00,00,00,44,00,43,00,4f,00,4d,00,\ 00,00,64,00,61,00,63,00,39,00,36,00,30,00,6e,00,74,00,00,00,63,00,70,00,71,\ 00,66,00,77,00,73,00,32,00,65,00,00,00,63,00,70,00,71,00,66,00,63,00,61,00,\ 6c,00,6d,00,00,00,63,00,70,00,71,00,61,00,72,00,72,00,79,00,32,00,00,00,63,\ 00,70,00,71,00,61,00,72,00,72,00,61,00,79,00,00,00,43,00,6c,00,75,00,73,00,\ 73,00,76,00,63,00,00,00,63,00,69,00,72,00,72,00,75,00,73,00,5f,00,64,00,65,\ 00,74,00,65,00,63,00,74,00,00,00,63,00,68,00,61,00,6e,00,67,00,65,00,72,00,\ 00,00,63,00,64,00,72,00,6f,00,6d,00,00,00,63,00,64,00,66,00,73,00,00,00,63,\ 00,64,00,61,00,75,00,64,00,69,00,6f,00,00,00,63,00,64,00,32,00,30,00,78,00,\ 72,00,6e,00,74,00,00,00,62,00,75,00,73,00,6c,00,6f,00,67,00,69,00,63,00,00,\ 00,42,00,72,00,6f,00,77,00,73,00,65,00,72,00,00,00,42,00,49,00,54,00,53,00,\ 00,00,62,00,65,00,65,00,70,00,00,00,41,00,74,00,6d,00,61,00,72,00,70,00,63,\ 00,00,00,61,00,74,00,69,00,5f,00,64,00,65,00,74,00,65,00,63,00,74,00,00,00,\ 61,00,74,00,64,00,69,00,73,00,6b,00,00,00,61,00,74,00,61,00,70,00,69,00,00,\ 00,41,00,73,00,79,00,6e,00,63,00,4d,00,61,00,63,00,00,00,61,00,73,00,63,00,\ 33,00,35,00,35,00,30,00,00,00,61,00,73,00,63,00,33,00,33,00,35,00,30,00,70,\ 00,00,00,61,00,73,00,63,00,00,00,41,00,70,00,70,00,6c,00,69,00,63,00,61,00,\ 74,00,69,00,6f,00,6e,00,20,00,50,00,6f,00,70,00,75,00,70,00,00,00,61,00,6d,\ 00,73,00,69,00,6e,00,74,00,00,00,61,00,6d,00,69,00,30,00,6e,00,74,00,00,00,\ 41,00,6c,00,65,00,72,00,74,00,65,00,72,00,00,00,61,00,69,00,63,00,37,00,38,\ 00,78,00,78,00,00,00,61,00,69,00,63,00,37,00,38,00,75,00,32,00,00,00,61,00,\ 69,00,63,00,31,00,31,00,36,00,78,00,00,00,61,00,68,00,61,00,31,00,35,00,34,\ 00,78,00,00,00,61,00,64,00,70,00,75,00,31,00,36,00,30,00,6d,00,00,00,61,00,\ 63,00,70,00,69,00,65,00,63,00,00,00,61,00,63,00,70,00,69,00,00,00,61,00,62,\ 00,70,00,34,00,38,00,30,00,6e,00,35,00,00,00,61,00,62,00,69,00,6f,00,73,00,\ 64,00,73,00,6b,00,00,00,53,00,79,00,73,00,74,00,65,00,6d,00,00,00,00,00 "EventMessageFile"="%systemroot%\\system32\\stisvc.exe" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\abiosdsk] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\abiosdsk] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\abp480n5] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\abp480n5] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\acpi] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\acpi] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\Drivers\acpi.sys "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,3b,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,\ 25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,72,\ 00,69,00,76,00,65,00,72,00,73,00,5c,00,61,00,63,00,70,00,69,00,2e,00,73,00,\ 79,00,73,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\acpiec] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\acpiec] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\Drivers\acpiec.sys "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,3b,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,\ 25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,72,\ 00,69,00,76,00,65,00,72,00,73,00,5c,00,61,00,63,00,70,00,69,00,65,00,63,00,\ 2e,00,73,00,79,00,73,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\adpu160m] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\adpu160m] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\aha154x] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\aha154x] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\aic116x] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\aic116x] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\aic78u2] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\aic78u2] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\aic78xx] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\aic78xx] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Alerter] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Alerter] ; Contents of value: ; %SystemRoot%\System32\netmsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,6e,00,65,00,74,00,6d,00,73,00,67,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\ami0nt] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\ami0nt] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\amsint] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\amsint] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Application Popup] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Application Popup] ; Contents of value: ; %SystemRoot%\System32\ntdll.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,6e,00,74,00,64,00,6c,00,6c,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\asc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\asc] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\asc3350p] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\asc3350p] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\asc3550] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\asc3550] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\AsyncMac] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\AsyncMac] ; Contents of value: ; %SystemRoot%\System32\mprmsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,6d,00,70,00,72,00,6d,00,73,00,67,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\atapi] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\atapi] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\atdisk] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\atdisk] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\ati_detect] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\ati_detect] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\ati_det.sys "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,3b,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,\ 25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,64,00,72,\ 00,69,00,76,00,65,00,72,00,73,00,5c,00,61,00,74,00,69,00,5f,00,64,00,65,00,\ 74,00,2e,00,73,00,79,00,73,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Atmarpc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Atmarpc] ; Contents of value: ; %SystemRoot%\System32\netevent.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,6e,00,65,00,74,00,65,00,76,00,65,00,6e,00,74,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\beep] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\beep] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\BITS] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\BITS] ; Contents of value: ; %systemroot%\system32\xpob2res.dll "EventMessageFile"=hex(2):25,00,73,00,79,00,73,00,74,00,65,00,6d,00,72,00,6f,\ 00,6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,78,00,70,00,6f,00,62,00,32,00,72,00,65,00,73,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Browser] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Browser] ; Contents of value: ; %SystemRoot%\System32\netevent.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,6e,00,65,00,74,00,65,00,76,00,65,00,6e,00,74,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\buslogic] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\buslogic] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\cd20xrnt] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\cd20xrnt] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\cdaudio] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\cdaudio] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\cdfs] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\cdfs] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\cdrom] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\cdrom] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\changer] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\changer] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\cirrus_detect] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\cirrus_detect] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\cirrus_det.sys "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,3b,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,\ 25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,64,00,72,\ 00,69,00,76,00,65,00,72,00,73,00,5c,00,63,00,69,00,72,00,72,00,75,00,73,00,\ 5f,00,64,00,65,00,74,00,2e,00,73,00,79,00,73,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Clussvc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Clussvc] ; Contents of value: ; %systemroot%\cluster\clussvc.exe;%SystemRoot%\System32\sp3res.dll "EventMessageFile"=hex(2):25,00,73,00,79,00,73,00,74,00,65,00,6d,00,72,00,6f,\ 00,6f,00,74,00,25,00,5c,00,63,00,6c,00,75,00,73,00,74,00,65,00,72,00,5c,00,\ 63,00,6c,00,75,00,73,00,73,00,76,00,63,00,2e,00,65,00,78,00,65,00,3b,00,25,\ 00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,00,\ 53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,70,00,33,00,72,\ 00,65,00,73,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\cpqarray] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\cpqarray] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\cpqarry2] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\cpqarry2] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\cpqfcalm] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\cpqfcalm] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\cpqfws2e] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\cpqfws2e] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\dac960nt] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\dac960nt] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\DCOM] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\DCOM] ; Contents of value: ; %SystemRoot%\System32\netevent.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,6e,00,65,00,74,00,65,00,76,00,65,00,6e,00,74,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\deckzpsx] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\deckzpsx] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\DfsDriver] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\DfsDriver] ; Contents of value: ; %SystemRoot%\System32\netevent.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,6e,00,65,00,74,00,65,00,76,00,65,00,6e,00,74,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\DfsSvc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\DfsSvc] ; Contents of value: ; %SystemRoot%\System32\netevent.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,6e,00,65,00,74,00,65,00,76,00,65,00,6e,00,74,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Dhcp] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Dhcp] ; Contents of value: ; %SystemRoot%\System32\dhcpcsvc.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,64,00,68,00,63,00,70,00,63,00,73,00,76,00,63,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\disk] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\disk] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\diskperf] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\diskperf] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Distributed Link Tracking Client] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Distributed Link Tracking Client] ; Contents of value: ; %SystemRoot%\System32\netevent.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,6e,00,65,00,74,00,65,00,76,00,65,00,6e,00,74,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\dmboot] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\dmboot] ; Contents of value: ; %SystemRoot%\System32\Drivers\dmboot.sys;%SystemRoot%\System32\sp2res.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,44,00,72,00,69,00,76,00,65,00,72,00,73,00,5c,00,64,00,6d,00,62,00,6f,\ 00,6f,00,74,00,2e,00,73,00,79,00,73,00,3b,00,25,00,53,00,79,00,73,00,74,00,\ 65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,\ 00,6d,00,33,00,32,00,5c,00,73,00,70,00,32,00,72,00,65,00,73,00,2e,00,64,00,\ 6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\dmio] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\dmio] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\Drivers\dmio.sys "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,3b,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,\ 25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,72,\ 00,69,00,76,00,65,00,72,00,73,00,5c,00,64,00,6d,00,69,00,6f,00,2e,00,73,00,\ 79,00,73,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Dnsapi] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Dnsapi] ; Contents of value: ; %SystemRoot%\System32\netevent.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,6e,00,65,00,74,00,65,00,76,00,65,00,6e,00,74,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Dnscache] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Dnscache] ; Contents of value: ; %SystemRoot%\System32\netevent.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,6e,00,65,00,74,00,65,00,76,00,65,00,6e,00,74,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\efs] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\efs] ; Contents of value: ; %SystemRoot%\System32\lsasrv.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,6c,00,73,00,61,00,73,00,72,00,76,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\et4000_detect] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\et4000_detect] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\et4000_det.sys "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,3b,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,\ 25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,64,00,72,\ 00,69,00,76,00,65,00,72,00,73,00,5c,00,65,00,74,00,34,00,30,00,30,00,30,00,\ 5f,00,64,00,65,00,74,00,2e,00,73,00,79,00,73,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\eventlog] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\eventlog] ; Contents of value: ; %SystemRoot%\System32\netevent.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,6e,00,65,00,74,00,65,00,76,00,65,00,6e,00,74,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\fastfat] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\fastfat] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\fbxusb] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\fbxusb] ; Contents of value: ; %SystemRoot%\System32\netevent.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,6e,00,65,00,74,00,65,00,76,00,65,00,6e,00,74,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\fd16_700] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\fd16_700] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\fdc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\fdc] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\Drivers\fdc.sys "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,3b,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,\ 25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,72,\ 00,69,00,76,00,65,00,72,00,73,00,5c,00,66,00,64,00,63,00,2e,00,73,00,79,00,\ 73,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Fips] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Fips] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\Drivers\fips.sys "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,3b,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,\ 25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,72,\ 00,69,00,76,00,65,00,72,00,73,00,5c,00,66,00,69,00,70,00,73,00,2e,00,73,00,\ 79,00,73,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\fireport] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\fireport] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\flashpnt] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\flashpnt] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\flpydisk] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\flpydisk] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\Drivers\flpydisk.sys "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,3b,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,\ 25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,72,\ 00,69,00,76,00,65,00,72,00,73,00,5c,00,66,00,6c,00,70,00,79,00,64,00,69,00,\ 73,00,6b,00,2e,00,73,00,79,00,73,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\fs_rec] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\fs_rec] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\ftdisk] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\ftdisk] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\Drivers\FtDisk.sys "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,3b,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,\ 25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,72,\ 00,69,00,76,00,65,00,72,00,73,00,5c,00,46,00,74,00,44,00,69,00,73,00,6b,00,\ 2e,00,73,00,79,00,73,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\i8042prt] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\i8042prt] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\i8042prt.sys "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,3b,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,\ 25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,64,00,72,\ 00,69,00,76,00,65,00,72,00,73,00,5c,00,69,00,38,00,30,00,34,00,32,00,70,00,\ 72,00,74,00,2e,00,73,00,79,00,73,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Imagedrv] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Imagedrv] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\ini910u] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\ini910u] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\intelide] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\intelide] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\Drivers\IntelIde.sys "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,3b,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,\ 25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,72,\ 00,69,00,76,00,65,00,72,00,73,00,5c,00,49,00,6e,00,74,00,65,00,6c,00,49,00,\ 64,00,65,00,2e,00,73,00,79,00,73,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Internet Explorer 6] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Internet Explorer 6] ; Contents of value: ; %SystemRoot%\System32\spmsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,73,00,70,00,6d,00,73,00,67,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\IPBOOTP] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\IPBOOTP] ; Contents of value: ; %SystemRoot%\System32\ipbootp.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,69,00,70,00,62,00,6f,00,6f,00,74,00,70,00,2e,00,64,00,6c,00,6c,00,00,\ 00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\IPNATHLP] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\IPNATHLP] ; Contents of value: ; %SystemRoot%\System32\ipnathlp.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,69,00,70,00,6e,00,61,00,74,00,68,00,6c,00,70,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\IPRIP2] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\IPRIP2] ; Contents of value: ; %SystemRoot%\System32\iprip2.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,69,00,70,00,72,00,69,00,70,00,32,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\IPRouterManager] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\IPRouterManager] ; Contents of value: ; %SystemRoot%\System32\mprmsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,6d,00,70,00,72,00,6d,00,73,00,67,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\IPSEC] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\IPSEC] ; Contents of value: ; %SystemRoot%\System32\netevent.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,6e,00,65,00,74,00,65,00,76,00,65,00,6e,00,74,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\ipsraidn] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\ipsraidn] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\IPXCP] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\IPXCP] ; Contents of value: ; %SystemRoot%\System32\mprmsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,6d,00,70,00,72,00,6d,00,73,00,67,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\IPXRIP] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\IPXRIP] ; Contents of value: ; %SystemRoot%\System32\mprmsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,6d,00,70,00,72,00,6d,00,73,00,67,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\IPXRouterManager] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\IPXRouterManager] ; Contents of value: ; %SystemRoot%\System32\mprmsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,6d,00,70,00,72,00,6d,00,73,00,67,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\IPXSAP] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\IPXSAP] ; Contents of value: ; %SystemRoot%\System32\mprmsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,6d,00,70,00,72,00,6d,00,73,00,67,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\isapnp] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\isapnp] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\isapnp.sys "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,3b,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,\ 25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,64,00,72,\ 00,69,00,76,00,65,00,72,00,73,00,5c,00,69,00,73,00,61,00,70,00,6e,00,70,00,\ 2e,00,73,00,79,00,73,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\kbdclass] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\kbdclass] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\kbdclass.sys "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,3b,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,\ 25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,64,00,72,\ 00,69,00,76,00,65,00,72,00,73,00,5c,00,6b,00,62,00,64,00,63,00,6c,00,61,00,\ 73,00,73,00,2e,00,73,00,79,00,73,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Kerberos] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Kerberos] ; Contents of value: ; %SystemRoot%\System32\kerberos.dll;%SystemRoot%\System32\sp3res.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,6b,00,65,00,72,00,62,00,65,00,72,00,6f,00,73,00,2e,00,64,00,6c,00,6c,\ 00,3b,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,\ 25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,70,\ 00,33,00,72,00,65,00,73,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\lbrtfdc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\lbrtfdc] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\Drivers\lbrtfdc.sys "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,3b,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,\ 25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,72,\ 00,69,00,76,00,65,00,72,00,73,00,5c,00,6c,00,62,00,72,00,74,00,66,00,64,00,\ 63,00,2e,00,73,00,79,00,73,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\LDM] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\LDM] ; Contents of value: ; %SystemRoot%\System32\dmadmin.exe "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,64,00,6d,00,61,00,64,00,6d,00,69,00,6e,00,2e,00,65,00,78,00,65,00,00,\ 00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\LDMS] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\LDMS] ; Contents of value: ; %SystemRoot%\System32\dmserver.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,64,00,6d,00,73,00,65,00,72,00,76,00,65,00,72,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\LmHosts] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\LmHosts] ; Contents of value: ; %SystemRoot%\System32\netevent.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,6e,00,65,00,74,00,65,00,76,00,65,00,6e,00,74,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\lp6nds35] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\lp6nds35] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\LsaSrv] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\LsaSrv] ; Contents of value: ; %SystemRoot%\System32\lsasrv.dll;%SystemRoot%\System32\sp3res.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,6c,00,73,00,61,00,73,00,72,00,76,00,2e,00,64,00,6c,00,6c,00,3b,00,25,\ 00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,00,\ 53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,70,00,33,00,72,\ 00,65,00,73,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\MDAC] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\MDAC] ; Contents of value: ; %SystemRoot%\System32\spmsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,73,00,70,00,6d,00,73,00,67,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\mga_detect] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\mga_detect] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\mga_det.sys "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,3b,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,\ 25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,64,00,72,\ 00,69,00,76,00,65,00,72,00,73,00,5c,00,6d,00,67,00,61,00,5f,00,64,00,65,00,\ 74,00,2e,00,73,00,79,00,73,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Modem] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Modem] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\Drivers\Modem.sys "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,3b,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,\ 25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,72,\ 00,69,00,76,00,65,00,72,00,73,00,5c,00,4d,00,6f,00,64,00,65,00,6d,00,2e,00,\ 73,00,79,00,73,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\mouclass] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\mouclass] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\mouclass.sys "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,3b,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,\ 25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,64,00,72,\ 00,69,00,76,00,65,00,72,00,73,00,5c,00,6d,00,6f,00,75,00,63,00,6c,00,61,00,\ 73,00,73,00,2e,00,73,00,79,00,73,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\mraid35x] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\mraid35x] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\MrxSmb] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\MrxSmb] ; Contents of value: ; %SystemRoot%\System32\netevent.dll;%SystemRoot%\System32\iologmsg.dll;%SystemRoot%\System32\sp3res.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,6e,00,65,00,74,00,65,00,76,00,65,00,6e,00,74,00,2e,00,64,00,6c,00,6c,\ 00,3b,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,\ 25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,69,00,6f,\ 00,6c,00,6f,00,67,00,6d,00,73,00,67,00,2e,00,64,00,6c,00,6c,00,3b,00,25,00,\ 53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,00,53,\ 00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,70,00,33,00,72,00,\ 65,00,73,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\msadlib] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\msadlib] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\msfs] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\msfs] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Mup] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Mup] ; Contents of value: ; %SystemRoot%\System32\netevent.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,6e,00,65,00,74,00,65,00,76,00,65,00,6e,00,74,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\ncrc710] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\ncrc710] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\ndis] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\ndis] ; Contents of value: ; %SystemRoot%\System32\netevent.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,6e,00,65,00,74,00,65,00,76,00,65,00,6e,00,74,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\NdisWan] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\NdisWan] ; Contents of value: ; %SystemRoot%\System32\mprmsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,6d,00,70,00,72,00,6d,00,73,00,67,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\NetBIOS] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\NetBIOS] ; Contents of value: ; %SystemRoot%\System32\iologmsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,69,00,6f,00,6c,00,6f,00,67,00,6d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\NetBT] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\NetBT] ; Contents of value: ; %SystemRoot%\System32\netevent.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,6e,00,65,00,74,00,65,00,76,00,65,00,6e,00,74,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\NetDDE] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\NetDDE] ; Contents of value: ; %SystemRoot%\System32\netdde.exe "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,6e,00,65,00,74,00,64,00,64,00,65,00,2e,00,65,00,78,00,65,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Netlogon] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Netlogon] ; Contents of value: ; %SystemRoot%\System32\netmsg.dll;%SystemRoot%\System32\sp3res.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,6e,00,65,00,74,00,6d,00,73,00,67,00,2e,00,64,00,6c,00,6c,00,3b,00,25,\ 00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,00,\ 53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,70,00,33,00,72,\ 00,65,00,73,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\npfs] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\npfs] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\ntfs] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\ntfs] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\NTMS] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\NTMS] ; Contents of value: ; %SystemRoot%\system32\NtmsEvt.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,4e,00,74,00,6d,00,73,00,45,00,76,00,74,00,2e,00,64,00,6c,00,6c,00,00,\ 00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\NtServicePack] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\NtServicePack] ; Contents of value: ; %SystemRoot%\System32\spmsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,73,00,70,00,6d,00,73,00,67,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\null] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\null] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\nv] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\nv] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\nv4_mini.sys "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,3b,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,\ 25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,64,00,72,\ 00,69,00,76,00,65,00,72,00,73,00,5c,00,6e,00,76,00,34,00,5f,00,6d,00,69,00,\ 6e,00,69,00,2e,00,73,00,79,00,73,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\OSPF] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\OSPF] ; Contents of value: ; %SystemRoot%\System32\ospf.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,6f,00,73,00,70,00,66,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\OSPFMib] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\OSPFMib] ; Contents of value: ; %SystemRoot%\System32\ospfmib.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,6f,00,73,00,70,00,66,00,6d,00,69,00,62,00,2e,00,64,00,6c,00,6c,00,00,\ 00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Outlook Express 6] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Outlook Express 6] ; Contents of value: ; %SystemRoot%\System32\spmsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,73,00,70,00,6d,00,73,00,67,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\parallel] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\parallel] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\parallel.sys "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,3b,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,\ 25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,64,00,72,\ 00,69,00,76,00,65,00,72,00,73,00,5c,00,70,00,61,00,72,00,61,00,6c,00,6c,00,\ 65,00,6c,00,2e,00,73,00,79,00,73,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\parport] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\parport] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\parport.sys "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,3b,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,\ 25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,64,00,72,\ 00,69,00,76,00,65,00,72,00,73,00,5c,00,70,00,61,00,72,00,70,00,6f,00,72,00,\ 74,00,2e,00,73,00,79,00,73,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\parvdm] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\parvdm] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\Drivers\ParVdm.sys "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,3b,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,\ 25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,72,\ 00,69,00,76,00,65,00,72,00,73,00,5c,00,50,00,61,00,72,00,56,00,64,00,6d,00,\ 2e,00,73,00,79,00,73,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\pci] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\pci] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\Drivers\Pci.sys "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,3b,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,\ 25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,72,\ 00,69,00,76,00,65,00,72,00,73,00,5c,00,50,00,63,00,69,00,2e,00,73,00,79,00,\ 73,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\pciide] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\pciide] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\Drivers\PciIde.sys "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,3b,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,\ 25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,72,\ 00,69,00,76,00,65,00,72,00,73,00,5c,00,50,00,63,00,69,00,49,00,64,00,65,00,\ 2e,00,73,00,79,00,73,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\pcmcia] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\pcmcia] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\Drivers\Pcmcia.sys "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,3b,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,\ 25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,72,\ 00,69,00,76,00,65,00,72,00,73,00,5c,00,50,00,63,00,6d,00,63,00,69,00,61,00,\ 2e,00,73,00,79,00,73,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\PolicyAgent] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\PolicyAgent] ; Contents of value: ; %SystemRoot%\System32\polagent.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,70,00,6f,00,6c,00,61,00,67,00,65,00,6e,00,74,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\PptpMiniport] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\PptpMiniport] ; Contents of value: ; %SystemRoot%\System32\netevent.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,6e,00,65,00,74,00,65,00,76,00,65,00,6e,00,74,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Print] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Print] ; Contents of value: ; %SystemRoot%\System32\LocalSpl.dll;%SystemRoot%\System32\sp3res.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,4c,00,6f,00,63,00,61,00,6c,00,53,00,70,00,6c,00,2e,00,64,00,6c,00,6c,\ 00,3b,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,\ 25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,70,\ 00,33,00,72,00,65,00,73,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\ql1080] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\ql1080] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\ql10wnt] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\ql10wnt] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\ql1240] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\ql1240] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\ql2100] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\ql2100] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\qv_detect] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\qv_detect] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\qv_det.sys "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,3b,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,\ 25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,64,00,72,\ 00,69,00,76,00,65,00,72,00,73,00,5c,00,71,00,76,00,5f,00,64,00,65,00,74,00,\ 2e,00,73,00,79,00,73,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\RasAuto] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\RasAuto] ; Contents of value: ; %SystemRoot%\System32\mprmsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,6d,00,70,00,72,00,6d,00,73,00,67,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\RasMan] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\RasMan] ; Contents of value: ; %SystemRoot%\System32\mprmsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,6d,00,70,00,72,00,6d,00,73,00,67,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Rdbss] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Rdbss] ; Contents of value: ; %SystemRoot%\System32\netevent.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,6e,00,65,00,74,00,65,00,76,00,65,00,6e,00,74,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\redbook] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\redbook] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\redbook.sys "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,3b,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,\ 25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,64,00,72,\ 00,69,00,76,00,65,00,72,00,73,00,5c,00,72,00,65,00,64,00,62,00,6f,00,6f,00,\ 6b,00,2e,00,73,00,79,00,73,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\RemoteAccess] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\RemoteAccess] ; Contents of value: ; %SystemRoot%\System32\mprmsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,6d,00,70,00,72,00,6d,00,73,00,67,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Removable Storage Service] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Removable Storage Service] ; Contents of value: ; %SystemRoot%\System32\NTMSEVT.DLL "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,4e,00,54,00,4d,00,53,00,45,00,56,00,54,00,2e,00,44,00,4c,00,4c,00,00,\ 00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\RSVP] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\RSVP] ; Contents of value: ; %SystemRoot%\System32\rsvpmsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,72,00,73,00,76,00,70,00,6d,00,73,00,67,00,2e,00,64,00,6c,00,6c,00,00,\ 00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\rtl8139] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\rtl8139] ; Contents of value: ; %SystemRoot%\System32\netevent.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,6e,00,65,00,74,00,65,00,76,00,65,00,6e,00,74,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\s3legacy_detect] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\s3legacy_detect] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\s3legacy_det.sys "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,3b,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,\ 25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,64,00,72,\ 00,69,00,76,00,65,00,72,00,73,00,5c,00,73,00,33,00,6c,00,65,00,67,00,61,00,\ 63,00,79,00,5f,00,64,00,65,00,74,00,2e,00,73,00,79,00,73,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\SAM] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\SAM] ; Contents of value: ; %SystemRoot%\System32\samsrv.dll;%SystemRoot%\System32\sp3res.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,73,00,61,00,6d,00,73,00,72,00,76,00,2e,00,64,00,6c,00,6c,00,3b,00,25,\ 00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,00,\ 53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,70,00,33,00,72,\ 00,65,00,73,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Save Dump] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Save Dump] ; Contents of value: ; %SystemRoot%\System32\SaveDump.exe "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,53,00,61,00,76,00,65,00,44,00,75,00,6d,00,70,00,2e,00,65,00,78,00,65,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\SCardSvr] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\SCardSvr] ; Contents of value: ; %SystemRoot%\System32\SCardSvr.exe "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,53,00,43,00,61,00,72,00,64,00,53,00,76,00,72,00,2e,00,65,00,78,00,65,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Schannel] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Schannel] ; Contents of value: ; %SystemRoot%\system32\lsasrv.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,6c,00,73,00,61,00,73,00,72,00,76,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Schedule] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Schedule] ; Contents of value: ; %SystemRoot%\System32\netevent.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,6e,00,65,00,74,00,65,00,76,00,65,00,6e,00,74,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\scsiport] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\scsiport] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\serial] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\serial] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\serial.sys "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,3b,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,\ 25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,64,00,72,\ 00,69,00,76,00,65,00,72,00,73,00,5c,00,73,00,65,00,72,00,69,00,61,00,6c,00,\ 2e,00,73,00,79,00,73,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Server] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Server] ; Contents of value: ; %SystemRoot%\System32\netevent.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,6e,00,65,00,74,00,65,00,76,00,65,00,6e,00,74,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Service Control Manager] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Service Control Manager] ; Contents of value: ; %systemroot%\system32\netevent.dll;%systemroot%\system32\sp3res.dll "EventMessageFile"=hex(2):25,00,73,00,79,00,73,00,74,00,65,00,6d,00,72,00,6f,\ 00,6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,6e,00,65,00,74,00,65,00,76,00,65,00,6e,00,74,00,2e,00,64,00,6c,00,6c,\ 00,3b,00,25,00,73,00,79,00,73,00,74,00,65,00,6d,00,72,00,6f,00,6f,00,74,00,\ 25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,70,\ 00,33,00,72,00,65,00,73,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\sfloppy] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\sfloppy] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\sglfb] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\sglfb] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\Drivers\sglfb.sys "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,3b,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,\ 25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,72,\ 00,69,00,76,00,65,00,72,00,73,00,5c,00,73,00,67,00,6c,00,66,00,62,00,2e,00,\ 73,00,79,00,73,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Simbad] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Simbad] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\sndblst] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\sndblst] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\sparrow] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\sparrow] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\sptd] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\sptd] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Srv] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Srv] ; Contents of value: ; %SystemRoot%\System32\netevent.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,6e,00,65,00,74,00,65,00,76,00,65,00,6e,00,74,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\StillImage] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\StillImage] ; Contents of value: ; %SystemRoot%\System32\stisvc.exe "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,73,00,74,00,69,00,73,00,76,00,63,00,2e,00,65,00,78,00,65,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\symc810] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\symc810] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\symc8xx] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\symc8xx] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\sym_hi] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\sym_hi] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\System] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Tcpip] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Tcpip] ; Contents of value: ; %SystemRoot%\System32\netevent.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,6e,00,65,00,74,00,65,00,76,00,65,00,6e,00,74,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\TCPMon] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\TCPMon] "EventMessageFile"="%SystemRoot%\\System32\\tcpmon.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\tdi] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\tdi] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\TermService] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\TermService] ; Contents of value: ; %SystemRoot%\System32\termsrv.exe;%SystemRoot%\System32\ntdll.dll;%SystemRoot%\System32\sp3res.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,74,00,65,00,72,00,6d,00,73,00,72,00,76,00,2e,00,65,00,78,00,65,00,3b,\ 00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,\ 5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,6e,00,74,00,64,\ 00,6c,00,6c,00,2e,00,64,00,6c,00,6c,00,3b,00,25,00,53,00,79,00,73,00,74,00,\ 65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,\ 00,6d,00,33,00,32,00,5c,00,73,00,70,00,33,00,72,00,65,00,73,00,2e,00,64,00,\ 6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\udfs] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\udfs] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\ultra66] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\ultra66] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\UPS] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\UPS] ; Contents of value: ; %SystemRoot%\System32\netmsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,6e,00,65,00,74,00,6d,00,73,00,67,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\vaxscsi] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\vaxscsi] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\VgaSave] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\VgaSave] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\Drivers\vga.sys "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,3b,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,\ 25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,72,\ 00,69,00,76,00,65,00,72,00,73,00,5c,00,76,00,67,00,61,00,2e,00,73,00,79,00,\ 73,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\W32Time] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\W32Time] ; Contents of value: ; %SystemRoot%\System32\w32time.dll;%SystemRoot%\System32\sp3res.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,77,00,33,00,32,00,74,00,69,00,6d,00,65,00,2e,00,64,00,6c,00,6c,00,3b,\ 00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,\ 5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,70,00,33,\ 00,72,00,65,00,73,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\wdvga_detect] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\wdvga_detect] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\wdvga_det.sys "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,3b,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,\ 25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,64,00,72,\ 00,69,00,76,00,65,00,72,00,73,00,5c,00,77,00,64,00,76,00,67,00,61,00,5f,00,\ 64,00,65,00,74,00,2e,00,73,00,79,00,73,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\weitekp9_detect] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\weitekp9_detect] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\weitekp9_det.sys "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,3b,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,\ 25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,64,00,72,\ 00,69,00,76,00,65,00,72,00,73,00,5c,00,77,00,65,00,69,00,74,00,65,00,6b,00,\ 70,00,39,00,5f,00,64,00,65,00,74,00,2e,00,73,00,79,00,73,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Win32k] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Win32k] ; Contents of value: ; %SystemRoot%\System32\win32k.sys "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,77,00,69,00,6e,00,33,00,32,00,6b,00,2e,00,73,00,79,00,73,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Windows File Protection] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Windows File Protection] ; Contents of value: ; %SystemRoot%\System32\sfc.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,73,00,66,00,63,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Windows Installer 3.0] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Windows Installer 3.0] ; Contents of value: ; %SystemRoot%\System32\spmsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,73,00,70,00,6d,00,73,00,67,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Windows Installer 3.1] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Windows Installer 3.1] ; Contents of value: ; %SystemRoot%\System32\spmsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,73,00,70,00,6d,00,73,00,67,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Windows Script Host] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Windows Script Host] ; Contents of value: ; %SystemRoot%\System32\wshext.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,77,00,73,00,68,00,65,00,78,00,74,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Windows Update Agent] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Windows Update Agent] ; Contents of value: ; %SystemRoot%\system32\wuaucpl.cpl "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,77,00,75,00,61,00,75,00,63,00,70,00,6c,00,2e,00,63,00,70,00,6c,00,00,\ 00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\WindowsMedia] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\WindowsMedia] ; Contents of value: ; %SystemRoot%\System32\spmsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,73,00,70,00,6d,00,73,00,67,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Wmi] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Wmi] ; Contents of value: ; %SystemRoot%\System32\netevent.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,6e,00,65,00,74,00,65,00,76,00,65,00,6e,00,74,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Workstation] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Workstation] ; Contents of value: ; %SystemRoot%\System32\netmsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,6e,00,65,00,74,00,6d,00,73,00,67,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\WZCSVC] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\WZCSVC] ; Contents of value: ; %SystemRoot%\System32\wzcsvc.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,77,00,7a,00,63,00,73,00,76,00,63,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventSystem] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventSystem\Parameters] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventSystem\Security] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventSystem\Enum] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventSystem\Enum] "0"="Root\\LEGACY_EVENTSYSTEM\00" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NdisTapi\Parameters] "AsyncEventQueueSize"=dword:00000300 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Npfs\Aliases] ; Contents of value: ; srvsvc ; wkssvc ; eventlog ; browser ; msgsvc ; svcctl ; w32time ; "ntsvcs"=hex(7):73,00,72,00,76,00,73,00,76,00,63,00,00,00,77,00,6b,00,73,00,73,\ 00,76,00,63,00,00,00,65,00,76,00,65,00,6e,00,74,00,6c,00,6f,00,67,00,00,00,\ 62,00,72,00,6f,00,77,00,73,00,65,00,72,00,00,00,6d,00,73,00,67,00,73,00,76,\ 00,63,00,00,00,73,00,76,00,63,00,63,00,74,00,6c,00,00,00,77,00,33,00,32,00,\ 74,00,69,00,6d,00,65,00,00,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteAccess\Policy\Pipelines1] "Events"="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteAccess\Policy\Pipelines1\Stages1] "Events"="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteAccess\Policy\Pipelines1\Stages1\RequestHandlers\12] "Events"="1" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteAccess\Policy\Pipelines1\Stages2] "Events"="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteAccess\Policy\Pipelines1\Stages2\RequestHandlers1] "Events"="1" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteAccess\Policy\Pipelines1\Stages2\RequestHandlers3] "Events"="1 4" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteAccess\Policy\Pipelines1\Stages3] "Events"="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteAccess\Policy\Pipelines1\Stages3\RequestHandlers7] "Events"="1 2" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteAccess\Policy\Pipelines1\Stages4] "Events"="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteAccess\Policy\Pipelines1\Stages4\RequestHandlers6] "Events"="1 2" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteAccess\Policy\Pipelines2] "Events"="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteAccess\Policy\Pipelines2\Stages5] "Events"="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteAccess\Policy\Pipelines2\Stages5\RequestHandlers\10] "Events"="1" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteAccess\Policy\Pipelines3] "Events"="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteAccess\Policy\Pipelines3\Stages6] "Events"="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteAccess\Policy\Pipelines3\Stages6\RequestHandlers4] "Events"="1 4" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteAccess\Policy\Pipelines3\Stages6\RequestHandlers\11] "Events"="1" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteAccess\Policy\Pipelines3\Stages7] "Events"="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteAccess\Policy\Pipelines3\Stages7\RequestHandlers2] "Events"="1" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteAccess\Policy\Pipelines3\Stages7\RequestHandlers9] "Events"="1 4" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteAccess\Policy\Pipelines3\Stages8] "Events"="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteAccess\Policy\Pipelines3\Stages8\RequestHandlers5] "Events"="1" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SENS] ; Contents of value: ; EventSystem ; "DependOnService"=hex(7):45,00,76,00,65,00,6e,00,74,00,53,00,79,00,73,00,74,00,\ 65,00,6d,00,00,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess] "Description"="Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network." [HKEY_CURRENT_USER\AppEvents] [HKEY_CURRENT_USER\AppEvents\EventLabels] [HKEY_CURRENT_USER\AppEvents\EventLabels\.Default] [HKEY_CURRENT_USER\AppEvents\EventLabels\ActivatingDocument] [HKEY_CURRENT_USER\AppEvents\EventLabels\AppGPFault] [HKEY_CURRENT_USER\AppEvents\EventLabels\CCSelect] [HKEY_CURRENT_USER\AppEvents\EventLabels\Close] [HKEY_CURRENT_USER\AppEvents\EventLabels\CriticalBatteryAlarm] [HKEY_CURRENT_USER\AppEvents\EventLabels\EmptyRecycleBin] [HKEY_CURRENT_USER\AppEvents\EventLabels\Incoming-Fax] [HKEY_CURRENT_USER\AppEvents\EventLabels\LowBatteryAlarm] [HKEY_CURRENT_USER\AppEvents\EventLabels\MailBeep] [HKEY_CURRENT_USER\AppEvents\EventLabels\Maximize] [HKEY_CURRENT_USER\AppEvents\EventLabels\MenuCommand] [HKEY_CURRENT_USER\AppEvents\EventLabels\MenuPopup] [HKEY_CURRENT_USER\AppEvents\EventLabels\Minimize] [HKEY_CURRENT_USER\AppEvents\EventLabels\MoveMenuItem] [HKEY_CURRENT_USER\AppEvents\EventLabels\Navigating] [HKEY_CURRENT_USER\AppEvents\EventLabels\Open] [HKEY_CURRENT_USER\AppEvents\EventLabels\Outgoing-Fax] [HKEY_CURRENT_USER\AppEvents\EventLabels\RestoreDown] [HKEY_CURRENT_USER\AppEvents\EventLabels\RestoreUp] [HKEY_CURRENT_USER\AppEvents\EventLabels\RingIn] [HKEY_CURRENT_USER\AppEvents\EventLabels\RingOut] [HKEY_CURRENT_USER\AppEvents\EventLabels\ShowBand] [HKEY_CURRENT_USER\AppEvents\EventLabels\SystemAsterisk] [HKEY_CURRENT_USER\AppEvents\EventLabels\SystemExclamation] [HKEY_CURRENT_USER\AppEvents\EventLabels\SystemExit] [HKEY_CURRENT_USER\AppEvents\EventLabels\SystemHand] [HKEY_CURRENT_USER\AppEvents\EventLabels\SystemQuestion] [HKEY_CURRENT_USER\AppEvents\EventLabels\SystemStart] [HKEY_CURRENT_USER\AppEvents\Schemes] [HKEY_CURRENT_USER\AppEvents\Schemes\Apps] [HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default] [HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\.Default] [HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\.Default\.Current] [HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\.Default\.Default] [HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\.Default\Utopia0] [HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\AppGPFault] [HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\AppGPFault\.Current] [HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\AppGPFault\.Default] [HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\AppGPFault\Utopia0] [HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\CCSelect] [HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\CCSelect\.current] [HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\Close] [HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\Close\.Current] [HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\Close\.Default] [HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\Close\Utopia0] [HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\MailBeep] [HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\MailBeep\.Current] [HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\MailBeep\.Default] [HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\Maximize] [HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\Maximize\.Current] [HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\Maximize\.Default] [HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\Maximize\Utopia0] [HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\MenuCommand] [HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\MenuCommand\.Current] [HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\MenuCommand\.Default] [HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\MenuCommand\Utopia0] [HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\MenuPopup] [HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\MenuPopup\.Current] [HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\MenuPopup\.Default] [HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\MenuPopup\Utopia0] [HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\Minimize] [HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\Minimize\.Current] [HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\Minimize\.Default] [HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\Minimize\Utopia0] [HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\Open] [HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\Open\.Current] [HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\Open\.Default] [HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\Open\Utopia0] [HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\RestoreDown] [HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\RestoreDown\.Current] [HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\RestoreDown\.Default] [HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\RestoreDown\Utopia0] [HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\RestoreUp] [HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\RestoreUp\.Current] [HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\RestoreUp\.Default] [HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\RestoreUp\Utopia0] [HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\RingIn] [HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\RingIn\.Current] [HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\RingOut] [HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\RingOut\.Current] [HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\ShowBand] [HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\ShowBand\.current] [HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\SystemAsterisk] [HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\SystemAsterisk\.Current] [HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\SystemAsterisk\.Default] [HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\SystemAsterisk\Utopia0] [HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\SystemExclamation] [HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\SystemExclamation\.Current] [HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\SystemExclamation\.Default] [HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\SystemExclamation\Utopia0] [HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\SystemExit] [HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\SystemExit\.Current] [HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\SystemExit\.Default] [HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\SystemExit\Utopia0] [HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\SystemHand] [HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\SystemHand\.Current] [HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\SystemHand\.Default] [HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\SystemHand\Utopia0] [HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\SystemQuestion] [HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\SystemQuestion\.Current] [HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\SystemQuestion\.Default] [HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\SystemQuestion\Utopia0] [HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\SystemStart] [HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\SystemStart\.Current] [HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\SystemStart\.Default] [HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\SystemStart\Utopia0] [HKEY_CURRENT_USER\AppEvents\Schemes\Apps\Conf] [HKEY_CURRENT_USER\AppEvents\Schemes\Apps\Conf\Participant] [HKEY_CURRENT_USER\AppEvents\Schemes\Apps\Conf\Participant\.Current] [HKEY_CURRENT_USER\AppEvents\Schemes\Apps\Conf\Recevoir l'appel] [HKEY_CURRENT_USER\AppEvents\Schemes\Apps\Conf\Recevoir l'appel\.Current] [HKEY_CURRENT_USER\AppEvents\Schemes\Apps\Conf\Recevoir une demande de participation] [HKEY_CURRENT_USER\AppEvents\Schemes\Apps\Conf\Recevoir une demande de participation\.Current] [HKEY_CURRENT_USER\AppEvents\Schemes\Apps\Conf\Sortant] [HKEY_CURRENT_USER\AppEvents\Schemes\Apps\Conf\Sortant\.Current] [HKEY_CURRENT_USER\AppEvents\Schemes\Apps\Explorer] [HKEY_CURRENT_USER\AppEvents\Schemes\Apps\Explorer\ActivatingDocument] [HKEY_CURRENT_USER\AppEvents\Schemes\Apps\Explorer\ActivatingDocument\.current] [HKEY_CURRENT_USER\AppEvents\Schemes\Apps\Explorer\EmptyRecycleBin] [HKEY_CURRENT_USER\AppEvents\Schemes\Apps\Explorer\EmptyRecycleBin\.Current] [HKEY_CURRENT_USER\AppEvents\Schemes\Apps\Explorer\EmptyRecycleBin\.Default] [HKEY_CURRENT_USER\AppEvents\Schemes\Apps\Explorer\EmptyRecycleBin\Utopia0] [HKEY_CURRENT_USER\AppEvents\Schemes\Apps\Explorer\Incoming-Fax] [HKEY_CURRENT_USER\AppEvents\Schemes\Apps\Explorer\Incoming-Fax\.Current] [HKEY_CURRENT_USER\AppEvents\Schemes\Apps\Explorer\Incoming-Fax\.Default] [HKEY_CURRENT_USER\AppEvents\Schemes\Apps\Explorer\MoveMenuItem] [HKEY_CURRENT_USER\AppEvents\Schemes\Apps\Explorer\MoveMenuItem\.current] [HKEY_CURRENT_USER\AppEvents\Schemes\Apps\Explorer\Navigating] [HKEY_CURRENT_USER\AppEvents\Schemes\Apps\Explorer\Navigating\.current] [HKEY_CURRENT_USER\AppEvents\Schemes\Apps\Explorer\Outgoing-Fax] [HKEY_CURRENT_USER\AppEvents\Schemes\Apps\Explorer\Outgoing-Fax\.Current] [HKEY_CURRENT_USER\AppEvents\Schemes\Apps\Explorer\Outgoing-Fax\.Default] [HKEY_CURRENT_USER\AppEvents\Schemes\Apps\MPlay32] [HKEY_CURRENT_USER\AppEvents\Schemes\Apps\MPlay32\Close] [HKEY_CURRENT_USER\AppEvents\Schemes\Apps\MPlay32\Close\.Current] [HKEY_CURRENT_USER\AppEvents\Schemes\Apps\MPlay32\Close\.Default] [HKEY_CURRENT_USER\AppEvents\Schemes\Apps\MPlay32\Open] [HKEY_CURRENT_USER\AppEvents\Schemes\Apps\MPlay32\Open\.Current] [HKEY_CURRENT_USER\AppEvents\Schemes\Apps\MPlay32\Open\.Default] [HKEY_CURRENT_USER\AppEvents\Schemes\Apps\PowerCfg] [HKEY_CURRENT_USER\AppEvents\Schemes\Apps\PowerCfg\CriticalBatteryAlarm] [HKEY_CURRENT_USER\AppEvents\Schemes\Apps\PowerCfg\CriticalBatteryAlarm\.Current] [HKEY_CURRENT_USER\AppEvents\Schemes\Apps\PowerCfg\CriticalBatteryAlarm\.Default] [HKEY_CURRENT_USER\AppEvents\Schemes\Apps\PowerCfg\LowBatteryAlarm] [HKEY_CURRENT_USER\AppEvents\Schemes\Apps\PowerCfg\LowBatteryAlarm\.Current] [HKEY_CURRENT_USER\AppEvents\Schemes\Apps\PowerCfg\LowBatteryAlarm\.Default] [HKEY_CURRENT_USER\AppEvents\Schemes\Apps\SndRec32] [HKEY_CURRENT_USER\AppEvents\Schemes\Apps\SndRec32\Close] [HKEY_CURRENT_USER\AppEvents\Schemes\Apps\SndRec32\Close\.Current] [HKEY_CURRENT_USER\AppEvents\Schemes\Apps\SndRec32\Open] [HKEY_CURRENT_USER\AppEvents\Schemes\Apps\SndRec32\Open\.Current] [HKEY_CURRENT_USER\AppEvents\Schemes\Names] [HKEY_CURRENT_USER\AppEvents\Schemes\Names\.Default] [HKEY_CURRENT_USER\AppEvents\Schemes\Names\.None] [HKEY_CURRENT_USER\AppEvents\Schemes\Names\Utopia0] [HKEY_CURRENT_USER\AppEvents\Schemes\NewSchemes] [HKEY_CURRENT_USER\AppEvents\Schemes\NewSchemes\Utopia] [HKEY_CURRENT_USER\Software\Microsoft\Advanced INF Setup\IE UserData NT\RegBackup.map] "39cd794abee19363"=",33,HKCU,AppEvents\\Schemes\\Apps\\Explorer\\ActivatingDocument,," "cd76491d6491d060"=",33,HKCU,AppEvents\\Schemes\\Apps\\Explorer\\Navigating,," "39cd794a5fa8faa1"=",33,HKCU,AppEvents\\Schemes\\Apps\\Explorer\\Navigating\\.current,," "e1cc8421f283cca5"=",33,HKCU,AppEvents\\Schemes\\Apps\\Explorer\\MoveMenuItem,," "49415f9a5ec1fc0f"=",33,HKCU,AppEvents\\EventLabels\\ActivatingDocument,," "73326354f619f719"=",33,HKCU,AppEvents\\EventLabels\\Navigating,," "e91ffd26a97429f9"=",33,HKCU,AppEvents\\EventLabels\\MoveMenuItem,," "ae25fe9238ef79f0"=",33,HKCU,AppEvents\\Schemes\\Apps\\.Default\\CCSelect,," "ae25fe920f8b3871"=",33,HKCU,AppEvents\\Schemes\\Apps\\.Default\\ShowBand,," "e11fa7cf59782b93"=",33,HKCU,AppEvents\\EventLabels\\CCSelect,," "e11fa7cf6e1c6a12"=",33,HKCU,AppEvents\\EventLabels\\ShowBand,," [HKEY_CURRENT_USER\Software\Microsoft\EventSystem] [HKEY_CURRENT_USER\Software\Microsoft\EventSystem\{26c409cc-ae86-11d1-b616-00805fc79216}] [HKEY_CURRENT_USER\Software\Microsoft\EventSystem\{26c409cc-ae86-11d1-b616-00805fc79216}\Subscriptions] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\EventHandlersDefaultSelection] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sonomaevents.com] [HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Network\Event Viewer] [HKEY_CURRENT_USER\Software\NVIDIA Corporation\Global\nView\Tweak] "PreventOffScreenOpens"=dword:00000000 ; End Of The Log... voila j'espere que tu sauras y voir clair je vais continuer ce que tu m'as suggereé de faire... à + re charle ingals voici le rapport regsearch : Windows Registry Editor Version 5.00 ; Registry Search 2.0 by Bobbi Flekman © 2005 ; Version: 2.0.2.0 ; Results at 05/04/2007 18:46:15 for strings: ; 'event' ; 'events log' ; Strings excluded from search: ; (None) ; Search in: ; Registry Keys Registry Values Registry Data ; HKEY_LOCAL_MACHINE HKEY_USERS [HKEY_LOCAL_MACHINE\SOFTWARE\Canon\ZoomBrowser EX Public\Search\kwd_event] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{1BE1F766-5536-11D1-B726-00C04FB926AF}] "LocalService"="EventSystem" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{D0565000-9DF4-11D1-A281-00C04FCA0AA7}] @="Event Object Change" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{D3938AB0-5B9D-11D1-8DD2-00AA004ABD5E}] @="SENS Subscriber for EventSystem EventObjectChange events" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{D5978620-5B9F-11D1-8DD2-00AA004ABD5E}] @="SENS Network Events" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{D5978630-5B9F-11D1-8DD2-00AA004ABD5E}] @="SENS Logon Events" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{D5978640-5B9F-11D1-8DD2-00AA004ABD5E}] @="SENS OnNow Events" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{ECABB0C3-7F19-11D2-978E-0000F8757E2A}] @="ComEvents.ComServiceEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{06290BD9-48AA-11D2-8432-006008C3FBFC}] @="Constructor for Scriptlet Event Handler" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{06290BD9-48AA-11D2-8432-006008C3FBFC}\ProgID] @="ScriptletHandler.Event" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0725C3CB-FEFB-11D0-99F9-00C04FC2F8EC}] @="WMI Event Provider" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1BE1F766-5536-11D1-B726-00C04FB926AF}] @="EventSystemTier2" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{266C72E7-62E8-11D1-AD89-00C04FD8FDFF}] @="Microsoft WBEM Active Scripting Event Consumer Provider" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3DD82D10-E6F1-11D2-B139-00105A1F77A1}] @="WBEM Power Event Provider" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4E14FBA2-2E22-11D1-9964-00C04FBBB345}] @="Event System" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4E14FBA2-2E22-11D1-9964-00C04FBBB345}\ProgID] @="EventSystem.EventSystem.1" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4E14FBA2-2E22-11D1-9964-00C04FBBB345}\VersionIndependentProgID] @="EventSystem.EventSystem" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{50B4791F-4731-11D0-8912-00C04FC2A0CA}\ProgID] @="DirectAnimation.DAEvent.1" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{50B4791F-4731-11D0-8912-00C04FC2A0CA}\VersionIndependentProgID] @="DirectAnimation.DAEvent" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5D08B586-343A-11D0-AD46-00C04FD8FDFF}] @="Microsoft WBEM Event Subsystem" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6BC0969F-0CE6-11D1-BAAE-00C04FC2E20D}] @="IAS NT Event Log Class" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6BC0969F-0CE6-11D1-BAAE-00C04FC2E20D}\ProgID] @="IAS.NTEventLog.1" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6BC0969F-0CE6-11D1-BAAE-00C04FC2E20D}\VersionIndependentProgID] @="IAS.NTEventLog" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6C19BE35-7500-11D1-AD94-00C04FD8FDFF}] @="Microsoft WBEM Event filter marshaling proxy" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7087EBD9-B9CE-11d1-8F62-00C04FB611C7}] @="TimerEventManager" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7542E960-79C7-11D1-88F9-0080C7D771BF}] @="Event Subscription" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7542E960-79C7-11D1-88F9-0080C7D771BF}\ProgID] @="EventSystem.EventSubscription" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7542E960-79C7-11D1-88F9-0080C7D771BF}\VersionIndependentProgID] @="EventSystem.EventSubscription.1" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AB944620-79C6-11D1-88F9-0080C7D771BF}] @="Event Publisher" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AB944620-79C6-11D1-88F9-0080C7D771BF}\ProgID] @="EventSystem.EventPublisher.1" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AB944620-79C6-11D1-88F9-0080C7D771BF}\VersionIndependentProgID] @="EventSystem.EventPublisher" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C7A3A54B-0250-11D3-9CD1-00105A1F4801}] @="Microsoft WBEM SMTP Event Consumer Provider" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CDBEC9C0-7A68-11D1-88F9-0080C7D771BF}] @="Event Class" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CDBEC9C0-7A68-11D1-88F9-0080C7D771BF}\ProgID] @="EventSystem.EventClass" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CDBEC9C0-7A68-11D1-88F9-0080C7D771BF}\VersionIndependentProgID] @="EventSystem.EventClass.1" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D0565000-9DF4-11D1-A281-00C04FCA0AA7}] @="EventSystem.EventObjectChange" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D3938AB0-5B9D-11D1-8DD2-00AA004ABD5E}] @="SENS Subscriber for EventSystem EventObjectChange events" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D5978620-5B9F-11D1-8DD2-00AA004ABD5E}] @="SENS Network Events" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D5978620-5B9F-11D1-8DD2-00AA004ABD5E}\ProgID] @="SENS Network Events.1" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D5978620-5B9F-11D1-8DD2-00AA004ABD5E}\VersionIndependentProgID] @="SENS Network Events" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D5978630-5B9F-11D1-8DD2-00AA004ABD5E}] @="SENS Logon Events" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D5978630-5B9F-11D1-8DD2-00AA004ABD5E}\ProgID] @="SENS Logon Events.1" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D5978630-5B9F-11D1-8DD2-00AA004ABD5E}\VersionIndependentProgID] @="SENS Logon Events" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D5978640-5B9F-11D1-8DD2-00AA004ABD5E}] @="SENS OnNow Events" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D5978640-5B9F-11D1-8DD2-00AA004ABD5E}\ProgID] @="SENS OnNow Events.1" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D5978640-5B9F-11D1-8DD2-00AA004ABD5E}\VersionIndependentProgID] @="SENS OnNow Events" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ecabafbc-7f19-11d2-978e-0000f8757e2a}\ProgID] @="EventPublisher.EventPublisher.1" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ecabb0ab-7f19-11d2-978e-0000f8757e2a}] @="MTSEvents Class" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ecabb0ab-7f19-11d2-978e-0000f8757e2a}\ProgID] @="MTS.MTSEvents.1" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ecabb0ab-7f19-11d2-978e-0000f8757e2a}\VersionIndependentProgID] @="MTS.MTSEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ECABB0C3-7F19-11D2-978E-0000F8757E2A}] @="ComEvents.ComServiceEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ECABB0C3-7F19-11D2-978E-0000F8757E2A}\ProgID] @="ComEvents.ComServiceEvents.1" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ECABB0C3-7F19-11D2-978E-0000F8757E2A}\VersionIndependentProgID] @="ComEvents.ComServiceEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F55C5B4C-517D-11D1-AB57-00C04FD9159E}] @="Microsoft WBEM NT Eventlog Event Provider" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F55C5B4C-517D-11D1-AB57-00C04FD9159E}\ProgID] @="WBEM.NT.EVENTLOG.EVENT.PROVIDER.0" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F55C5B4C-517D-11D1-AB57-00C04FD9159E}\VersionIndependentProgID] @="WBEM.NT.EVENTLOG.EVENT.PROVIDER" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FA77A74E-E109-11D0-AD6E-00C04FD8FDFF}] @="WBEM Registry Event Provider" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FD4F53E0-65DC-11D1-AB64-00C04FD9159E}] @="Microsoft WBEM NT Eventlog Instance Provider" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FD4F53E0-65DC-11D1-AB64-00C04FD9159E}\ProgID] @="WBEM.NT.EVENTLOG.INSTANCE.PROVIDER.0" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FD4F53E0-65DC-11D1-AB64-00C04FD9159E}\VersionIndependentProgID] @="WBEM.NT.EVENTLOG.INSTANCE.PROVIDER" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ComEvents.ComServiceEvents] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ComEvents.ComServiceEvents] @="ComEvents.ComServiceEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ComEvents.ComServiceEvents\CLSID] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ComEvents.ComServiceEvents\CurVer] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ComEvents.ComServiceEvents\CurVer] @="ComEvents.ComServiceEvents.1" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ComEvents.ComServiceEvents.1] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ComEvents.ComServiceEvents.1] @="ComEvents.ComServiceEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ComEvents.ComServiceEvents.1\CLSID] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DirectAnimation.DAEvent] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DirectAnimation.DAEvent\CLSID] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DirectAnimation.DAEvent.1] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DirectAnimation.DAEvent.1\CLSID] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\EventPublisher.EventPublisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\EventPublisher.EventPublisher] @="EventPublisher Class" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\EventPublisher.EventPublisher\CurVer] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\EventPublisher.EventPublisher\CurVer] @="EventPublisher.EventPublisher.1" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\EventPublisher.EventPublisher.1] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\EventPublisher.EventPublisher.1] @="EventPublisher Class" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\EventPublisher.EventPublisher.1\CLSID] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\EventSystem.EventClass] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\EventSystem.EventClass] @="Event Class" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\EventSystem.EventClass\CLSID] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\EventSystem.EventClass.1] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\EventSystem.EventClass.1] @="Event Class" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\EventSystem.EventClass.1\CLSID] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\EventSystem.EventClass.1\CurVer] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\EventSystem.EventClass.1\CurVer] @="EventSystem.EventClass" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\EventSystem.EventPublisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\EventSystem.EventPublisher] @="Event Publisher" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\EventSystem.EventPublisher\CLSID] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\EventSystem.EventPublisher\CurVer] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\EventSystem.EventPublisher\CurVer] @="EventSystem.EventPublisher.1" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\EventSystem.EventPublisher.1] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\EventSystem.EventPublisher.1] @="Event Publisher" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\EventSystem.EventPublisher.1\CLSID] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\EventSystem.EventSubscription] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\EventSystem.EventSubscription] @="Event Subscription" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\EventSystem.EventSubscription\CLSID] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\EventSystem.EventSubscription.1] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\EventSystem.EventSubscription.1] @="Event Subscription" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\EventSystem.EventSubscription.1\CLSID] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\EventSystem.EventSubscription.1\CurVer] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\EventSystem.EventSubscription.1\CurVer] @="EventSystem.EventSubscription" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\EventSystem.EventSystem] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\EventSystem.EventSystem] @="Event System" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\EventSystem.EventSystem\CLSID] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\EventSystem.EventSystem\CurVer] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\EventSystem.EventSystem\CurVer] @="EventSystem.EventSystem.1" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\EventSystem.EventSystem.1] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\EventSystem.EventSystem.1] @="Event System" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\EventSystem.EventSystem.1\CLSID] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IAS.NTEventLog] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IAS.NTEventLog] @="IAS NT Event Log Class" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IAS.NTEventLog\CLSID] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IAS.NTEventLog\CurVer] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IAS.NTEventLog\CurVer] @="IAS.NTEventLog.1" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IAS.NTEventLog.1] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IAS.NTEventLog.1] @="IAS NT Event Log Class" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IAS.NTEventLog.1\CLSID] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{00000266-0000-0010-8000-00AA006D2EA4}] @="RecordsetEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{00000400-0000-0010-8000-00AA006D2EA4}] @="ConnectionEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{0287BFEA-6093-4D3C-98D6-B8BD566B224A}] @="_IDataTransferEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{02BF25D4-8C17-4B23-BC80-D3488ABDDC6B}] @="DQTActiveXPluginEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{0343E2F4-86F6-11D1-B760-00C04FB926AF}] @="IEventControl" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{0343E2F5-86F6-11D1-B760-00C04FB926AF}] @="IMultiInterfaceEventControl" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{05589FA3-C356-11CE-BF01-00AA0055595A}] @="DActiveMovieEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{06DD38D2-D187-11CF-A80D-00C04FD74AD8}] @="DActiveXPluginEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{0705D0A4-9AD9-11D5-A2F5-00105A1F6B57}] @="_DAXCIGEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{0713E8A4-850A-101B-AFC0-4210102A8DA7}] @="ITreeViewEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{0713E8D1-850A-101B-AFC0-4210102A8DA7}] @="IProgressBarEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{07DB96D0-91D8-11D1-ADE1-0000F87734F0}] @="_RefDialEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{07F82098-0ED1-4EE9-99B4-4B55E6EA203A}] @="_IEventsToast" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{0E269CD0-10D4-4121-9C22-9C85D625650D}] @="ITPrivateEvent" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{0F504B94-6E42-42E6-99E0-E20FAFE52AB4}] @="IUserEventTimer" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{0FB77D50-1B66-4B2F-9245-9B1340E3C12B}] @="_IKAVWebScanEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1208D09A-A197-11D1-B7A7-00C04FB926AF}] @="IEventPropertyBag" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1611FDDA-445B-11D2-85DE-00C04FA35C89}] @="_SearchAssistantEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{166A20C0-AE10-11D1-ADEB-0000F87734F0}] @="_WebGateEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1896E50A-DC8F-4E80-BF5A-91F75057E3C6}] @="_IASInstaladorEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1B490296-50DF-11D1-8B44-00C04FC3183B}] @="DPreviewEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1C15D480-911D-11D2-B632-00C04F79498E}] @="IMSVidDeviceEvent" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1C15D485-911D-11D2-B632-00C04F79498E}] @="IMSVidTunerEvent" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1C15D486-911D-11D2-B632-00C04F79498E}] @="IMSVidAnalogTunerEvent" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1DC9CA50-06EF-11D2-8415-006008C3FBFC}] @="ITridentEventSink" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1DF04FC2-002F-4EEB-81F5-AD5E97A253D4}] @="_DRecordingEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1EFB6595-857C-11D1-B16A-00C0F0283628}] @="ITabStripEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1F6D88A2-98D2-11D1-ADE3-0000F87734F0}] @="_INSHandlerEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1FF6AA72-5842-11CF-A707-00AA00C0098D}] @="HTMLTextContainerEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{20DD1B9D-87C4-11D1-8BE3-0000F8754DA1}] @="DDTPickerEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{2179C5D2-EBFF-11CF-B6FD-00AA00B4E220}] @="DNSOPlayEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{2288B787-C5AE-4E8B-A886-162E318B057C}] @="_IEventsMainPluginWindow2" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{232E4569-87C3-11D1-8BE3-0000F8754DA1}] @="DMonthViewEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{24785B20-135E-11D1-A2A7-00A0C9082766}] @="IADCEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{2583251F-0A04-11D3-886B-00C04F72F303}] @="ISetupBasicFeatureStateEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{25959BEE-E700-11D2-A7AF-00C04F806200}] @="_DMsieEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{26AE5141-8010-46EA-861C-F9FC0F8B61D9}] @="DirectPlayVoiceEvent8" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{27395F87-0C0C-101B-A3C9-08002B2F49FB}] @="DPicClipEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{27D54D92-0EBE-11D2-8B22-00600806D9B6}] @="ISWbemEventSource" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{297F3032-BD11-11D1-A0A7-00805FC147D3}] @="ITACDGroupEvent" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{297F3033-BD11-11D1-A0A7-00805FC147D3}] @="ITQueueEvent" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{297F3034-BD11-11D1-A0A7-00805FC147D3}] @="ITAgentHandlerEvent" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{2B323CDA-50E3-11D3-9466-00A0C9700498}] @="_IYAcsEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{2BCC9863-C5CA-4784-8C19-F61002356D10}] @="_DLEDMeterEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{2C247F22-8591-11D1-B16A-00C0F0283628}] @="ImageListEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{2C6C9F62-1447-4CDA-8000-B8C97EB4D30B}] @="_INeroAudioTrackEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{2D3A4C40-E711-11D0-94AB-0080C74C7E95}] @="_MediaPlayerEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{2E6A14E2-571C-11D3-B652-00C04F79498E}] @="IMSVidOutputDeviceEvent" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3050F25B-98B5-11CF-BB82-00AA00BDCE0B}] @="HTMLImgEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3050F260-98B5-11CF-BB82-00AA00BDCE0B}] @="HTMLDocumentEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3050F29D-98B5-11CF-BB82-00AA00BDCE0B}] @="HTMLAnchorEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3050F2A7-98B5-11CF-BB82-00AA00BDCE0B}] @="HTMLInputTextElementEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3050F2AF-98B5-11CF-BB82-00AA00BDCE0B}] @="HTMLInputFileElementEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3050F2B3-98B5-11CF-BB82-00AA00BDCE0B}] @="HTMLButtonElementEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3050F2B8-98B5-11CF-BB82-00AA00BDCE0B}] @="HTMLMarqueeElementEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3050F2BD-98B5-11CF-BB82-00AA00BDCE0B}] @="HTMLOptionButtonElementEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3050F2C3-98B5-11CF-BB82-00AA00BDCE0B}] @="HTMLInputImageEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3050F302-98B5-11CF-BB82-00AA00BDCE0B}] @="HTMLSelectElementEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3050F329-98B5-11CF-BB82-00AA00BDCE0B}] @="HTMLLabelEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3050F32D-98B5-11CF-BB82-00AA00BDCE0B}] @="IHTMLEventObj" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3050F33C-98B5-11CF-BB82-00AA00BDCE0B}] @="HTMLElementEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3050F364-98B5-11CF-BB82-00AA00BDCE0B}] @="HTMLFormElementEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3050F366-98B5-11CF-BB82-00AA00BDCE0B}] @="HTMLAreaEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3050F3BA-98B5-11CF-BB82-00AA00BDCE0B}] @="HTMLMapEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3050F3C4-98B5-11CF-BB82-00AA00BDCE0B}] @="HTMLObjectElementEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3050F3CB-98B5-11CF-BB82-00AA00BDCE0B}] @="HTMLStyleElementEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3050F3CC-98B5-11CF-BB82-00AA00BDCE0B}] @="HTMLLinkElementEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3050F3E2-98B5-11CF-BB82-00AA00BDCE0B}] @="HTMLScriptEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3050F407-98B5-11CF-BB82-00AA00BDCE0B}] @="HTMLTableEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3050F48B-98B5-11CF-BB82-00AA00BDCE0B}] @="IHTMLEventObj2" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3050F4C7-98B5-11CF-BB82-00AA00BDCE0B}] @="HTMLPersistEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3050F4EA-98B5-11CF-BB82-00AA00BDCE0B}] @="HTMLControlElementEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3050F4FF-98B5-11CF-BB82-00AA00BDCE0B}] @="IHTCEventBehavior" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3050F558-98B5-11CF-BB82-00AA00BDCE0B}] @="DispCEventObj" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3050F574-98B5-11CF-BB82-00AA00BDCE0B}] @="DispHTCEventBehavior" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3050F60F-98B5-11CF-BB82-00AA00BDCE0B}] @="HTMLElementEvents2" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3050F610-98B5-11CF-BB82-00AA00BDCE0B}] @="HTMLAnchorEvents2" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3050F611-98B5-11CF-BB82-00AA00BDCE0B}] @="HTMLAreaEvents2" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3050F612-98B5-11CF-BB82-00AA00BDCE0B}] @="HTMLControlElementEvents2" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3050F613-98B5-11CF-BB82-00AA00BDCE0B}] @="HTMLDocumentEvents2" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3050F614-98B5-11CF-BB82-00AA00BDCE0B}] @="HTMLFormElementEvents2" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3050F615-98B5-11CF-BB82-00AA00BDCE0B}] @="HTMLStyleElementEvents2" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3050F616-98B5-11CF-BB82-00AA00BDCE0B}] @="HTMLImgEvents2" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3050F617-98B5-11CF-BB82-00AA00BDCE0B}] @="HTMLButtonElementEvents2" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3050F618-98B5-11CF-BB82-00AA00BDCE0B}] @="HTMLInputTextElementEvents2" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3050F619-98B5-11CF-BB82-00AA00BDCE0B}] @="HTMLOptionButtonElementEvents2" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3050F61A-98B5-11CF-BB82-00AA00BDCE0B}] @="HTMLInputFileElementEvents2" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3050F61B-98B5-11CF-BB82-00AA00BDCE0B}] @="HTMLInputImageEvents2" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3050F61C-98B5-11CF-BB82-00AA00BDCE0B}] @="HTMLLabelEvents2" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3050F61D-98B5-11CF-BB82-00AA00BDCE0B}] @="HTMLLinkElementEvents2" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3050F61E-98B5-11CF-BB82-00AA00BDCE0B}] @="HTMLMapEvents2" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3050F61F-98B5-11CF-BB82-00AA00BDCE0B}] @="HTMLMarqueeElementEvents2" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3050F620-98B5-11CF-BB82-00AA00BDCE0B}] @="HTMLObjectElementEvents2" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3050F621-98B5-11CF-BB82-00AA00BDCE0B}] @="HTMLScriptEvents2" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3050F622-98B5-11CF-BB82-00AA00BDCE0B}] @="HTMLSelectElementEvents2" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3050F623-98B5-11CF-BB82-00AA00BDCE0B}] @="HTMLTableEvents2" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3050F624-98B5-11CF-BB82-00AA00BDCE0B}] @="HTMLTextContainerEvents2" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3050F625-98B5-11CF-BB82-00AA00BDCE0B}] @="HTMLWindowEvents2" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3050F674-98B5-11CF-BB82-00AA00BDCE0B}] @="LayoutRectEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3050F680-98B5-11CF-BB82-00AA00BDCE0B}] @="IHTMLEventObj3" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3050F6BD-98B5-11CF-BB82-00AA00BDCE0B}] @="HTMLNamespaceEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3050F7FF-98B5-11CF-BB82-00AA00BDCE0B}] @="HTMLFrameSiteEvents2" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3050F800-98B5-11CF-BB82-00AA00BDCE0B}] @="HTMLFrameSiteEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3050F814-98B5-11CF-BB82-00AA00BDCE0B}] @="IHTMLEventObj4" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3130E57C-140F-427E-AB34-99C96CAEF9A0}] @="_IEventsWindowCreation" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3194B4CC-EF32-11D1-93AE-00AA00BA3258}] @="IEventSourceCallback" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3325E057-E758-49E2-B74F-DD98D72174D7}] @="_IEventsPluginHost" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{333C7BC6-460F-11D0-BC04-0080C7055A83}] @="ITDCCtlEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{34A715A0-6587-11D0-924A-0020AFC7AC4D}] @="DWebBrowserEvents2" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{34F65748-C76B-44DB-98F4-20EA3FF82F22}] @="_IYFTEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{35053A21-8589-11D1-B16A-00C0F0283628}] @="IProgressBarEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3584F274-61EA-11D2-8BD9-00C04FC2F51D}] @="_IDAViewerControlEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{369303C1-D7AC-11D0-89D5-00A0C90833E6}] @="ISGrfxCtlEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{36BE4BF6-F6C1-40FD-BDFE-919730A93B2A}] @="_IEventsAddressBook" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{373FF7F2-EB8B-11CD-8820-08002B2F4F5A}] @="ISliderEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{37B0353A-A4C8-11D2-B634-00C04F79498E}] @="IMSVidFilePlaybackEvent" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{37B0353B-A4C8-11D2-B634-00C04F79498E}] @="IMSVidPlaybackEvent" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{37B0353E-A4C8-11D2-B634-00C04F79498E}] @="IMSVidInputDeviceEvent" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{37B03541-A4C8-11D2-B634-00C04F79498E}] @="IMSVidAudioRendererEvent" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{37B03545-A4C8-11D2-B634-00C04F79498E}] @="IMSVidVideoRendererEvent" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{38CB4F18-F113-4432-9BF6-D3BCCCCC7F8D}] @="_ISeleccionEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{39A2C2A7-4778-11D2-9BDB-204C4F4F5020}] @="_IDirectControlEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{39A2C2AA-4778-11D2-9BDB-204C4F4F5020}] @="_IDirectContainerEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3A6AD9E2-23B9-11CF-AD60-00AA00A74CCD}] @="ITransactionOutcomeEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3B21263F-26E8-489D-AAC4-924F7EFD9511}] @="IBroadcastEvent" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3D0CE316-411A-43CB-9399-FFDCB28B3D29}] @="_IYbSkinControlEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3DA2AA3C-3D96-11D2-9BD2-204C4F4F5020}] @="_IAsyncPProtEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3E9BAF2C-7A79-11D2-9334-0000F875AE17}] @="_INetMeetingEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3EFAA427-272F-11D2-836F-0000F87A7782}] @="XMLDOMDocumentEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{41054FAD-F598-11D1-8232-00A0C9A7872D}] @="IEventHandler" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{42819D07-27DC-4413-BBBC-DE895C5B18C0}] @="_DCurveEditEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{44F876D8-8391-11D0-B16F-00AA00BA3258}] @="IMtsEventsPriv" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{4524AAA5-7E2C-11D6-B1B8-0050BAE10642}] @="_DSelectMicEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{4539E412-7813-11D2-B25F-00A0C90D6111}] @="TIMEMediaPlayerEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{4A6B0E15-2E38-11D1-9965-00C04FBBB345}] @="IEventSubscription" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{4A6B0E16-2E38-11D1-9965-00C04FBBB345}] @="IEventSubscription2" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{4B106873-DD36-11D0-8B44-00A024DD9EFF}] @="_DTSHOOTEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{4E14FB9F-2E22-11D1-9964-00C04FBBB345}] @="IEventSystem" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{4EF6100A-AF88-11D0-9846-00C04FC29993}] @="FontEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{4F241DB2-EE9F-11D0-9824-006097C99E51}] @="IMMSeqEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{50B4791E-4731-11D0-8912-00C04FC2A0CA}] @="IDAEvent" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{50CE8A7D-9C28-4DA8-9042-CDFA7116F979}] @="IMSVidStreamBufferSourceEvent" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{55136806-B2DE-11D1-B9F2-00A0C98BC547}] @="DShellNameSpaceEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{55522D2C-8DA4-4FB3-AB1F-3E9A904E36A1}] @="_DCoverEdCtrlEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{5630AF82-ECE9-11D2-A369-6C4209C10000}] @="_DAwm4MidiEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{56A868A2-0AD4-11CE-B03A-0020AF0BA770}] @="IMediaEventSink" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{56A868B6-0AD4-11CE-B03A-0020AF0BA770}] @="IMediaEvent" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{580ACAF8-FA1C-11D0-AD72-00C04FD8FDFF}] @="IWbemEventProviderQuerySink" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{588D5040-CF28-11D1-8CD3-00A0C959BC0A}] @="_DHTMLEditEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{58D6F4B0-181D-11D1-9E88-00C04FDCAB92}] @="DThumbCtlEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{58DA8D8C-9D6A-101B-AFC0-4210102A8DA7}] @="ListViewEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{58DA8D91-9D6A-101B-AFC0-4210102A8DA7}] @="ImageListEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{5AFC314A-4BCC-11D1-BF80-00805FC147D3}] @="ITAgentEvent" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{5AFC314B-4BCC-11D1-BF80-00805FC147D3}] @="ITAgentSessionEvent" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{5BB8F7F5-EA91-48AA-8575-84D1C5838D19}] @="_ISOSEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{5D4B65F9-E51C-11D1-A02F-00C04FB6809F}] @="ITCallInfoChangeEvent" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{603C7E7F-87C2-11D1-8BE3-0000F8754DA1}] @="DUpDownEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{60890160-69F0-11D1-B758-00A0C90564FE}] @="DSearchCommandEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{609B954B-4FB6-11D1-9971-00C04FBBB345}] @="IEventSystemTier2" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{609B9555-4FB6-11D1-9971-00C04FBBB345}] @="IEventClassTier2" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{609B9557-4FB6-11D1-9971-00C04FBBB345}] @="IEventSubscriptionTier2" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{612A8626-0FB3-11CE-8747-524153480004}] @="IToolbarEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{614E1495-1014-44F8-B350-5344C0770C1E}] @="_IQTControlEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{62112AA2-EBE4-11CF-A5FB-0020AFE7292D}] @="DShellFolderViewEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{62F47097-95C9-11D0-835D-00AA003CCABD}] @="ITCallStateEvent" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{631F7D96-D993-11D2-B339-00105A1F4AAF}] @="IWbemEventProviderSecurity" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{63CDBCB0-C1B1-11D0-9336-00A0C90DCAA9}] @="IBindEventHandler" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{64B8F404-A4AE-11D1-B7B6-00C04FB926AF}] @="IEventSystemTier2Factory" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{66833FE5-8583-11D1-B16A-00C0F0283628}] @="IToolbarEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{683130A4-2E50-11D2-98A5-00C04F8EE1C4}] @="IComUserEvent" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{683130A5-2E50-11D2-98A5-00C04F8EE1C4}] @="IComThreadEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{683130A6-2E50-11D2-98A5-00C04F8EE1C4}] @="IComAppEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{683130A7-2E50-11D2-98A5-00C04F8EE1C4}] @="IComInstanceEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{683130A8-2E50-11D2-98A5-00C04F8EE1C4}] @="IComTransactionEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{683130A9-2E50-11D2-98A5-00C04F8EE1C4}] @="IComMethodEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{683130AA-2E50-11D2-98A5-00C04F8EE1C4}] @="IComObjectEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{683130AB-2E50-11D2-98A5-00C04F8EE1C4}] @="IComResourceEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{683130AC-2E50-11D2-98A5-00C04F8EE1C4}] @="IComSecurityEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{683130AD-2E50-11D2-98A5-00C04F8EE1C4}] @="IComObjectPoolEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{683130AE-2E50-11D2-98A5-00C04F8EE1C4}] @="IComObjectPoolEvents2" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{683130AF-2E50-11D2-98A5-00C04F8EE1C4}] @="IComObjectConstructionEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{683130B0-2E50-11D2-98A5-00C04F8EE1C4}] @="IComActivityEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{683130B1-2E50-11D2-98A5-00C04F8EE1C4}] @="IComIdentityEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{683130B2-2E50-11D2-98A5-00C04F8EE1C4}] @="IComQCEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{683130B3-2E50-11D2-98A5-00C04F8EE1C4}] @="IComExceptionEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{683130B4-2E50-11D2-98A5-00C04F8EE1C4}] @="ILBEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{683130B5-2E50-11D2-98A5-00C04F8EE1C4}] @="IComCRMEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{68481420-0280-11D3-9D8E-00C04F72D980}] @="ITunerEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{69C7C394-905C-11D2-91AD-00C04FA37E1F}] @="IMMCCtrlEvent" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6A87113B-B6F2-40C8-98D7-9D19F8B9EE11}] @="_IIStitchEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6B7E6391-850A-101B-AFC0-4210102A8DA7}] @="IStatusBarEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6C736DC1-AB0D-11D0-A2AD-00A0C90F27E8}] @="ISystemDebugEventFire" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6C736DEE-AB0E-11D0-A2AD-00A0C90F27E8}] @="ISystemDebugEventFireAuto" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6E35779B-305C-11D2-98A5-00C04F8EE1C4}] @="IComLceEventDispatcher" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6E449681-C509-11CF-AAFA-00AA00B6015C}] @="DInstallEngineCtlEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{706BC692-B613-4B6E-97E7-2C2104C1D06E}] @="_IQTObjectEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{73B1F259-0F7D-46DF-827D-1D013548ED6F}] @="_IReportHebrewEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{74AF3E45-019E-11D5-9574-0050BAE2D732}] @="_DUniversalTunerEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{755F9DA7-7508-11D1-AD94-00C04FD8FDFF}] @="IWbemEventProviderRequirements" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{75718CA0-F029-11D1-A1AC-00C04FB6C223}] @="ISWbemSinkEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{777C89F8-5C36-11D5-ABAF-00B0D02332EB}] @="ISetupBasicFeatureStateEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{777C8A01-5C36-11D5-ABAF-00B0D02332EB}] @="ISetupTransferEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{777C8A02-5C36-11D5-ABAF-00B0D02332EB}] @="ISetupTransferEvents2" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{7A2E9A9E-0D87-46D9-84B1-21B30AE4BD66}] @="_INeroFreestyleTrackEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{7B79E0BC-3B0B-4A06-8C3D-A85A3DF03BDD}] @="_IEventsColors" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{7DC919C5-94D3-11D4-821C-D08D42000000}] @="_INeroDriveEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{7F9A2D71-59B0-4940-9D7D-4001B53D82D2}] @="_DAxisEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{80D3BFAC-57D9-11D2-A04A-00C04FB6809F}] @="ITDigitDetectionEvent" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{80D3BFAD-57D9-11D2-A04A-00C04FB6809F}] @="ITDigitGenerationEvent" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{811675CF-023E-4903-B6E9-DA28895373B7}] @="_IReporteEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{831CE2D1-83B5-11D1-BB5C-00C04FB6809F}] @="ITAddressEvent" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{83EA33C0-CD14-11D2-A252-00104BD35090}] @="IWSHRemoteEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{847B4DF6-4B61-11D2-9BDB-204C4F4F5020}] @="_IRadioViewEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{84DE8F05-AADB-454D-B137-E7C6EF77F7B2}] @="_IEventsConversationWindow" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{85E2439E-0E23-11D3-9D8E-00C04F72D980}] @="ISignalEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{87C56C39-6038-4EF6-ACF7-03302E618FE2}] @="_INeroFileProducerEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{89131312-7806-11D2-8BEE-00C04FC2F51D}] @="_IDAViewEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{895801DF-3DD6-11D1-8F30-00C04FB6809F}] @="ITCallNotificationEvent" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{8BB35070-2DAD-11D3-A580-00C04F8EF6E3}] @="ITParticipantEvent" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{8C445A90-9D0A-11D3-A8FB-444553540000}] @="_IImagXpressEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{8E3867A2-8586-11D1-B16A-00C0F0283628}] @="IStatusBarEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{90D6AF82-0648-11D2-B719-00C04F8EE1C4}] @="AsyncIEventSourceCallback" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{90D6AF83-0648-11D2-B719-00C04F8EE1C4}] @="IEventCall" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{918AD776-E077-4E5A-9FA9-E3983CFDCED0}] @="_IEventsMessenger2" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{96A0A4E0-D062-11CF-94B6-00AA0060275C}] @="HTMLWindowEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{97EFC58A-F423-49CD-AFD6-89250AB0363B}] @="_IEventsContentTabPluginServices" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9BBC41B5-4A28-4999-A48E-56BE1EA542AF}] @="_IIASEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9C2263B1-3E3C-11D2-9BD3-204C4F4F5020}] @="_IRadioPlayerEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9D39223F-AE8E-11D4-8FD3-00D0B7730277}] @="_IWcViewerEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9E1229EF-D6EC-4059-B8A2-F4DF9F3AB9F6}] @="_IEventsWindow" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9ED94442-E5E8-101B-B9B5-444553540000}] @="ITabStripEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9F34325B-7E62-11D2-9457-00C04F8EC888}] @="ITTAPIDispatchEventNotification" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9F6438FE-A461-4034-823F-4BDDBCE566F5}] @="_DSliderAxEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{A0E8F279-888C-11D1-B763-00C04FB926AF}] @="IEventSystemPersistable" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{A0E8F27A-888C-11D1-B763-00C04FB926AF}] @="IEventSystemInitialize" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{A3C15451-5B92-11D1-8F4E-00C04FB6809F}] @="ITCallHubEvent" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{A553F3F0-3805-11D0-B6B2-00AA003240C7}] @="IWbemEventSubsystem_m4" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{A5657E5C-7BAE-4E81-9C17-284655918763}] @="IEventClassParallelFiringTimeout" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{A6423D46-852F-47A6-90D3-AD180FFA0885}] @="_DLEDMeterEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{A6D897FF-0A95-11D1-B0BA-006008166E11}] @="DWebBridgeEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AA7E2068-CB55-11D2-8094-00104B1F9838}] @="ISetupTransferEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AC48FFDE-F8C4-11D1-A030-00C04FB6809F}] @="ITRequestEvent" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{ADB880A3-D8FF-11CF-9377-00AA003B7A11}] @="_HHCtrlEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AE3138BE-55B3-4F4E-AF9E-EC0216D832CD}] @="_IEventsContactList" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AEB84C82-95DC-11D0-B7FC-B61140119C4A}] @="_DDMViewEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B09DE714-87C1-11D1-8BE3-0000F8754DA1}] @="DAnimationEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B0A6BAE1-AAF0-11D0-A152-00A0C908DB96}] @="IMMSeqMgrEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B0EDF164-910A-11D2-B632-00C04F79498E}] @="_IMSVidCtlEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B4F7A674-9B83-49CB-A357-C63B871BE958}] @="IMSVidWebDVDEvent" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B6CD6553-E9CB-11D0-821F-00A0C91F9CA0}] @="DActiveMovieEvents2" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B7FC355D-8CE7-11CF-9754-00AA00C00908}] @="DHTMLEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B7FC35B7-8CE7-11CF-9754-00AA00C00908}] @="DNMOleControlEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B90E525A-574A-11D1-8E7B-00C04FC29D46}] @="IDA2Event" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B93D9411-C3D1-47E4-A895-C838F5C8F28D}] @="_IEventsSecondaryWindow" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{BA24E1DA-9E87-4502-9AF0-B5DDFA6D6B23}] @="ISetupTransferEvents3" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{BAA342A0-2DED-11D0-86F4-00A0C913F750}] @="IImageDecodeEventSink" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{BACEDF4D-74AB-11D0-B162-00AA00BA3258}] @="IMtsEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{BB24BBEF-1EEC-422B-A397-EDBC31FB3A56}] @="_mbEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{BC583EE7-EDBD-4071-9216-E8CBD4D16A1B}] @="_DBDSCANONLINEEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{BD1041AF-0726-4E67-B6E6-0C5EC8ADD828}] @="_IEventsConversationPluginServices" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{BD671561-BE43-4BD5-8250-F7555A2EA706}] @="_IEventsCustomMenu" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{BDC217C7-ED16-11CD-956C-0000C04E4C0A}] @="DSSTabCtlEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{BDD1F04A-858B-11D1-B16A-00C0F0283628}] @="ListViewEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{BE6115A1-7DE5-48DC-AD2A-25060E00FCE2}] @="ISetupTransferEvents2" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{C1FB73D0-EC3A-4BA2-B512-8CDB9187B6D1}] @="IHWEventHandler" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{C3701885-B39B-11D1-9D68-00C04FC30DF6}] @="_InstallEvent" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{C3701885-B39B-11EE-9D68-00C04FC30DF6}] @="_InfoReadyEvent" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{C3A9F406-2222-436D-86D5-BA3229279EFB}] @="IMSEventBinder" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{C40CB31E-8E51-470E-A7B4-39F017F4C04B}] @="_DEffectEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{C47195ED-CD7A-11D1-8EA3-00C04F9900D7}] @="_SysColorEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{C4D651F0-7697-11D1-A1E9-00A0C90F2731}] @="EventParameter" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{C4D651F1-7697-11D1-A1E9-00A0C90F2731}] @="EventParameters" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{C4D651F2-7697-11D1-A1E9-00A0C90F2731}] @="EventInfo" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{C572C17E-A55C-4605-9B18-5E11ABBF7043}] @="IStatusDisplayEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{C74190B5-8589-11D1-B16A-00C0F0283628}] @="ITreeViewEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{CCAD6A47-5701-4018-B1A5-654672FDC4B6}] @="IScriptEventHandler" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{CD6C7867-5864-11D0-ABF0-0020AF6B0B7A}] @="_DTVEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{CDCD32BA-617E-41D9-ADCE-01455E52647E}] @="_IEventsContactListUI" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{CF4B37DA-48E6-4C76-BB9A-B878469918DB}] @="_DLevelSliderEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{CFA3357C-AD77-11D1-BB68-00C04FB6809F}] @="ITQOSEvent" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{CFCDAA02-8BE4-11CF-B84B-0020AFBBCCFA}] @="DRealAudioEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D12DBEC0-C3C7-11D3-87A8-009027A35D73}] @="IYAcsUI1Events" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D1CA9B18-9ED2-43B5-8759-7A5C892D4C5C}] @="DirectXEvent8" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D1FC78E8-B380-11D1-ADC5-006008A5848C}] @="_DHTMLSafeEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D27CDB6D-AE6D-11CF-96B8-444553540000}] @="_IShockwaveFlashEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D2C8FD3A-88CF-4FAF-AD78-DFF019BD030C}] @="_IYCallControlEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D3AEAFBC-0749-4DA7-9E75-30277323B00F}] @="_DKnobEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D464A8C3-5BC8-48FB-B1F6-7EA0A32E9BB8}] @="IQTEventListeners" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D4D8791C-BEB1-4EF3-ABE5-4F0A4FB490CD}] @="_IControlConexionEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D56C3DC1-8482-11D0-B170-00AA00BA3258}] @="IMtsEventInfo" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D7A7D7C2-D47F-11D0-89D3-00A0C90833E6}] @="IPathCtlEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D952F7F3-936E-4C23-9A80-14C0EC1BFD5A}] @="IInternalEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D9E17CED-E662-4176-95A2-A50F4EB4DD8C}] @="IZbAppNotificationEventSink" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{DA538EE2-F4DE-11D1-B6BB-00805FC79216}] @="IEventProperty" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{DBC8C1D5-130F-49DA-BB96-420CC7C834EF}] @="_IEventsMainPluginWindow" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{DCE2F8B2-A520-11D4-8FD0-00D0B7730277}] @="_IWcUploadEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{DD9DA665-8594-11D1-B16A-00C0F0283628}] @="DImageComboEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{DEFECE96-1C6C-498E-ADDA-C1029DBB0C95}] @="IASquaredScanFormEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E01AA5D1-DE68-4D4B-8919-D46269BEA613}] @="_IListaEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E245105B-B06E-11D0-AD61-00C04FD8FDFF}] @="IWbemEventProvider" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E246107A-B06E-11D0-AD61-00C04FD8FDFF}] @="IWbemEventConsumerProvider" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E341516B-2E32-11D1-9964-00C04FBBB345}] @="IEventPublisher" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E5D12C4F-7B4F-11D3-B5C9-0050045C3C96}] @="_IMessengerEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E7C4BE81-7960-11D0-B727-00AA00B4E220}] @="DNSPlayEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E955E672-7FC9-4634-8074-36CB33C3322F}] @="_IEventsFileTransferManager" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E9EAD8E6-2A25-410E-9B58-A9FBEF1DD1A2}] @="IUserEventTimerCallback" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{EAB22AC2-30C1-11CF-A7EB-0000C05BAE0B}] @="DWebBrowserEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{EC1831E1-C231-11D3-87A8-009027A35D73}] @="_IYSliderEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{EC9E51C1-4E5D-11D3-9144-00104BA11C5E}] @="IDiscMasterProgressEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{EDDB9426-3B91-11D1-8F30-00C04FB6809F}] @="ITTAPIEventNotification" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F08DF953-8592-11D1-B16A-00C0F0283628}] @="ISliderEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F10FB760-2AFB-48B4-AD2E-800865A23232}] @="IQTEventObject" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F1CB0608-EC04-11D1-93AE-00AA00BA3258}] @="IEventServer" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F3FBC8E6-93A3-11D4-8217-A85459000000}] @="_INeroEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F4854D48-937A-11D1-BB58-00C04FB6809F}] @="ITTAPIObjectEvent" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F4A07D63-2E25-11D1-9964-00C04FBBB345}] @="IEnumEventObject" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F4A07D70-2E25-11D1-9964-00C04FBBB345}] @="IEventObjectChange" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F5BE8BD4-7DE6-11D0-91FE-00C04FD701A5}] @="_AgentEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F794A01F-2A0D-46A8-9CEF-D5678A413BEF}] @="DirectPlay8LobbyEvent" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F798A36B-B05B-4BBE-9703-EAEA7D61CD51}] @="IMSVidStreamBufferSinkEvent" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F805B114-C3F4-4E1E-B016-349D3F42CE11}] @="_DAxisEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F89AC270-D4EB-11D1-B682-00805FC79216}] @="IEventObjectCollection" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F9043C87-F6F2-101A-A3C9-08002B2F49FB}] @="ICommonDialogEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F97F4E15-B787-4212-80D1-D380CBBF982E}] @="IWinHttpRequestEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F97F7F83-C244-40F3-A1A9-F3B169BD3B36}] @="_IQTUIPanelEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F9DCCD1D-E6B9-45ED-B3E2-C32414C71FA4}] @="DirectPlay8Event" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{FAFA35B0-8B72-11D2-90B2-00C04FC2C602}] @="DirectXEvent" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{FB2B72A0-7A68-11D1-88F9-0080C7D771BF}] @="IEventClass" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{FB2B72A1-7A68-11D1-88F9-0080C7D771BF}] @="IEventClass2" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{FD179532-D86E-11D0-89D6-00A0C90833E6}] @="ISpriteCtlEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{FE387539-44A3-11D1-B5B7-0000C09000C4}] @="DFlatSBEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{FE4106E0-399A-11D0-A48C-00A0C90A8F39}] @="DShellWindowsEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{FE8287E8-5F43-11D3-ABCA-00105A5C1F46}] @="_DXscanEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{FF36B87F-EC3A-11D0-8EE4-00C04FB6809F}] @="ITCallMediaEvent" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MTS.MTSEvents] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MTS.MTSEvents] @="MTSEvents Class" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MTS.MTSEvents\CurVer] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MTS.MTSEvents\CurVer] @="MTS.MTSEvents.1" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MTS.MTSEvents.1] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MTS.MTSEvents.1] @="MTSEvents Class" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MTS.MTSEvents.1\CLSID] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ScriptletHandler.Event] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ScriptletHandler.Event] @="Constructor for Scriptlet Event Handler" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ScriptletHandler.Event\CLSID] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SENS Logon Events] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SENS Logon Events] @="SENS Logon Events" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SENS Logon Events\CLSID] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SENS Logon Events\CurVer] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SENS Logon Events\CurVer] @="SENS Logon Events.1" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SENS Logon Events.1] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SENS Logon Events.1] @="SENS Logon Events" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SENS Logon Events.1\CLSID] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SENS Network Events] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SENS Network Events] @="SENS Network Events" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SENS Network Events\CLSID] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SENS Network Events\CurVer] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SENS Network Events\CurVer] @="SENS Network Events.1" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SENS Network Events.1] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SENS Network Events.1] @="SENS Network Events" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SENS Network Events.1\CLSID] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SENS OnNow Events] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SENS OnNow Events] @="SENS OnNow Events" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SENS OnNow Events\CLSID] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SENS OnNow Events\CurVer] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SENS OnNow Events\CurVer] @="SENS OnNow Events.1" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SENS OnNow Events.1] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SENS OnNow Events.1] @="SENS OnNow Events" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SENS OnNow Events.1\CLSID] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\RealNetworks\RealMediaSDK\6.0\Preferences\PluginHandlerData\PluginInfo2] @="ble under the RealNetworks Public Source License.~Description~SHelix DNA RealMedia File Format Plugin~FileExtensions~Sra|rm|rmd|rmj|rms|mnd|rmc|rmvb|mns|mrc|rax|rvx|rv~FileMime~Saudio/x-pn-realaudio|application/x-pn-realmedia|video/x-pn-realvideo-encrypted|audio/x-pn-realaudio-encrypted|application/vnd.rn-realmedia-secure|application/x-musicnet-download|application/vnd.rn-realmedia-vbr|application/x-musicnet-stream~FileOpenNames~SRealMedia Files (*.ra, *.rm, *.rmj, *.rms, *.mnd, *.rmc, *.rmvb, *.mns, *.mrc, *.rax, *.rvx, *.rv)~PlgCopy~Shttp://www.helixcommunity.org~PluginFilename~Srmfformat.dll~PluginType~SPLUGIN_FILE_FORMAT}{IndexNumber~N0~LoadMultiple~N1~Version~N0~Copyright~S© 1995-2003 RealNetworks, Inc. All rights reserved.~Description~SRealPlayer Secure Media Plugin~FileExtensions~Srmx~FileMime~Sapplication/x-pn-container~FileOpenNames~SRealPlayer Secure Media Clip (*.rmx)~PlgCopy~Shttp://www.real.com~PluginFilename~Srmxfpln.dll~PluginType~SPLUGIN_FILE_FORMAT}{IndexNumber~N0~LoadMultiple~N1~Renderer_Granularity~N100~Version~N268450324~Copyright~S© 1995-2002 RealNetworks, Inc. All rights reserved.~Description~SEncrypted Real Media Renderer Plugin~PlgCopy~Shttp://www.real.com~PluginFilename~Srmxrend.dll~PluginType~SPLUGIN_RENDERER~RendererMime~Saudio/x-pn-encrypted-ra}{IndexNumber~N0~LoadMultiple~N1~Version~N-1610611281~AuthenticationProtocolID~SRN5~Copyright~SCopyright© RealNetworks, Inc. 1995-2004, All rights reserved.~Description~SRealNetworks RN5 Authenticator~PlgCopy~Shttp://www.real.com~PluginFilename~Srn5auth.dll~PluginID~Srn-auth-rn5~PluginType~SAuthenticator}{IndexNumber~N0~LoadMultiple~N1~Version~N-1610611279~Copyright~SCopyright© RealNetworks, Inc. 1995-2004. All rights reserved. Source code for this program is available under the RealNetworks Public Source License.~Description~SHelix RealText File Format Plugin~FileExtensions~Srtx|rt|txt~FileMime~Sapplication/vnd.rn-realtext|text/vnd.rn-realtext|application/x-pn-realtext|text/plain~FileOpenNames~SRealText File Format (*.rt)~PlgCopy~Shttp://www.helixcommunity.org~PluginFilename~Srtfformat.dll~PluginType~SPLUGIN_FILE_FORMAT}{IndexNumber~N0~LoadMultiple~N1~Renderer_Granularity~N50~Version~N-1610611486~Copyright~SCopyright© RealNetworks, Inc. 1995-2004, All rights reserved.~Description~SRealNetworks RealText Renderer Plugin~PlgCopy~Shttp://www.real.com~PluginFilename~Srtrender.dll~PluginType~SPLUGIN_RENDERER~RendererMime~Sapplication/vnd.rn-realtext|application/x-pn-realtext|text/plain}{Bandwidth.000~N1930~Bandwidth.001~N144~Bandwidth.002~N70~Bandwidth.003~N43~Bandwidth.004~N36~Bandwidth.005~N24~Bandwidth.006~N18~CodecCount~N7~IndexNumber~N0~LoadMultiple~N1~Priority.000~N1930~Priority.001~N144~Priority.002~N70~Priority.003~N43~Priority.004~N36~Priority.005~N24~Priority.006~N18~Renderer_Granularity~N10~Version~N-1610611092~Copyright~SCopyright© RealNetworks, Inc. 1995-2004. All rights reserved. Portions Copyright 1998 Intel Corporation. All rights reserved.~Description~SRealNetworks RealVideo Renderer Plugin~PlgCopy~Shttp://www.helixcommunity.org~PluginFilename~Srvrender.dll~PluginType~SPLUGIN_RENDERER~RendererMime~Svideo/x-pn-realvideo|video/x-pn-multirate-realvideo~Codec.000~Bpnrv~Codec.001~Bpnrv~Codec.002~Bpnrv~Codec.003~Bpnrv~Codec.004~Bpnrv~Codec.005~Bpnrv~Codec.006~Bpnrv}{IndexNumber~N1~LoadMultiple~N1~Renderer_Granularity~N50~Version~N-1610611092~Copyright~SCopyright© RealNetworks, Inc. 1995-2004, All rights reserved.~Description~SRealNetworks RealVideo Image Map Renderer Plugin~PlgCopy~Shttp://www.real.com~PluginFilename~Srvrender.dll~PluginType~SPLUGIN_RENDERER~RendererMime~Sapplication/x-pn-imagemap|image_map/x-pn-realvideo}{IndexNumber~N0~LoadMultiple~N1~Renderer_Granularity~N0~Version~N-1610612363~Copyright~SCopyright© RealNetworks, Inc. 1995-2004. All rights reserved. Source code for this program is available under the RealNetworks Public Source License.~Description~SHelix DNA SDP Renderer Plugin~PlgCopy~Shttp://www.helixcommunity.org~PluginFilename~Ssdpplin.dll~PluginType~SPLUGIN_RENDERER~RendererMime~Sapplication/sdp}{IndexNumber~N1~LoadMultiple~N1~Version~N-1610612363~Copyright~SCopyright© RealNetworks, Inc. 1995-2004. All rights reserved. Source code for this program is available under the RealNetworks Public Source License.~Description~SHelix DNA SDP File Format Plugin~FileExtensions~Ssdp~FileMime~Sapplication/sdp~FileOpenNames~SSDP File (*.sdp)~PlgCopy~Shttp://www.helixcommunity.org~PluginFilename~Ssdpplin.dll~PluginType~SPLUGIN_FILE_FORMAT}{IndexNumber~N0~LoadMultiple~N1~Renderer_Granularity~N50~Version~N268450262~Copyright~S© 1995-2002 RealNetworks, Inc. All rights reserved.~Description~SRealNetworks File Renderer Utility Toolkit~PlgCopy~Shttp://www.real.com~PluginFilename~Ssecurity.dll~PluginType~SPLUGIN_RENDERER~RendererMime~Snotavalidmimetype/x-pn-henceweshouldneverbeloaded}{IndexNumber~N0~LoadMultiple~N1~Version~N-1610610624~Copyright~SCopyright© RealNetworks, Inc. 1995-2004. All rights reserved. Source code for this program is available under the RealNetworks Public Source License.~Description~SHelix DNA SMIL File Format Plugin~FileExtensions~Ssmi|smil~FileMime~Sapplication/smil~FileOpenNames~SSMIL File Format (*.smi,*.smil)~PlgCopy~Shttp://www.helixcommunity.org~PluginFilename~Ssmlfformat.dll~PluginType~SPLUGIN_FILE_FORMAT}{IndexNumber~N0~LoadMultiple~N1~Renderer_Granularity~N67~Version~N-1610612722~Copyright~SCopyright© RealNetworks, Inc. 1995-2004. All rights reserved. Source code for this program is available under the RealNetworks Public Source License.~Description~SHelix DNA SMIL Renderer Plugin~PlgCopy~Shttp://www.helixcommunity.org~PluginFilename~Ssmlrender.dll~PluginType~SPLUGIN_RENDERER~RendererMime~Sapplication/rma-driver|application/smil|application/smil|application/smil}{IndexNumber~N1~LoadMultiple~N1~Renderer_Granularity~N66~Version~N-1610612719~Copyright~SCopyright© RealNetworks, Inc. 1995-2004. All rights reserved. Source code for this program is available under the RealNetworks Public Source License.~Description~SHelix DNA SMIL Renderer Plugin~PlgCopy~Shttp://www.helixcommunity.org~PluginFilename~Ssmlrender.dll~PluginType~SPLUGIN_RENDERER~RendererMime~Sapplication/vnd.rn-rmadriver|application/rma-driver}{IndexNumber~N2~LoadMultiple~N1~Version~N-1610612736~Copyright~SCopyright© RealNetworks, Inc. 1995-2004. All rights reserved. Source code for this program is available under the RealNetworks Public Source License.~Description~SHelix DNA Brush File Format Plugin~FileExtensions~Sbsh~FileMime~Stext/brush~FileOpenNames~SBrush Files (*.bsh)~PlgCopy~Shttp://www.helixcommunity.org~PluginFilename~Ssmlrender.dll~PluginType~SPLUGIN_FILE_FORMAT}{IndexNumber~N3~LoadMultiple~N1~Renderer_Granularity~N200~Version~N-1610612736~Copyright~SCopyright© RealNetworks, Inc. 1995-2004. All rights reserved. Source code for this program is available under the RealNetworks Public Source License.~Description~SHelix DNA Brush Renderer Plugin~PlgCopy~Shttp://www.helixcommunity.org~PluginFilename~Ssmlrender.dll~PluginType~SPLUGIN_RENDERER~RendererMime~Sapplication/vnd.rn-brushstream}{IndexNumber~N0~LoadMultiple~N1~Renderer_Granularity~N100~Version~N-1610611320~Copyright~SCopyright© RealNetworks, Inc. 1995-2004. All rights reserved. Source code for this program is available under the RealNetworks Public Source License.~Description~SHelix DNA Synchronized Renderer Plugin~PlgCopy~Shttp://www.helixcommunity.org~PluginFilename~Ssmmrender.dll~PluginType~SPLUGIN_RENDERER~RendererMime~Sapplication/x-pn-realevent|syncMM/x-pn-realvideo|application/x-pn-realad}{IndexNumber~N0~LoadMultiple~N1~Version~N-1610610716~Copyright~SCopyright© RealNetworks, Inc. 1995-2004. All rights reserved. Source code for this program is available under the RealNetworks Public Source License.~Description~SHelix DNA Local File System~FileProtocol~Sfile~FileShort~Spn-local~PlgCopy~Shttp://www.helixcommunity.org~PluginFilename~Ssmplfsys.dll~PluginType~SPLUGIN_FILE_SYSTEM}{IndexNumber~N0~LoadMultiple~N1~Version~N-1610611276~Copyright~SCopyright© RealNetworks, Inc. 1995-2004, All rights reserved.~Description~SRealNetworks Macromedia Flash 4 File Format Plugin~FileExtensions~Sswf~FileMime~Sapplication/x-shockwave-flash~FileOpenNames~SMacromedia Flash (*.swf)~PlgCopy~Shttp://www.real.com~PluginFilename~Sswfformat.dll~PluginType~SPLUGIN_FILE_FORMAT}{IndexNumber~N0~LoadMultiple~N1~Renderer_Granularity~N100~Version~N-1610611483~Copyright~SContains Macromedia® Flash Player technology by Macromedia, Inc. Copyright© 1995-2000 Macromedia, Inc. All rights reserved. Copyright© 1995-2004 RealNetworks, Inc. All rights reserved.~Description~SRealNetworks Renderer Plugin for Macromedia Flash 4~PlgCopy~Shttp://www.real.com~PluginFilename~Sswfrender.dll~PluginType~SPLUGIN_RENDERER~RendererMime~Sapplication/x-shockwave-flash|application/x-shockwave-flash2}{IndexNumber~N0~LoadMultiple~N1~Version~N268450232~Copyright~S© 1995-2002 RealNetworks, Inc. All rights reserved.~Description~SRealNetworks Local TFile System~FileProtocol~Stfile~FileShort~Stfile-local~PlgCopy~Shttp://www.real.com~PluginFilename~Stfilesys.dll~PluginType~SPLUGIN_FILE_SYSTEM}{IndexNumber~N0~LoadMultiple~N1~Renderer_Granularity~N20~Version~N1610644538~Copyright~SCopyright© RealNetworks, Inc. 1995-2004. All rights reserved. Source code for this program is available under the RealNetworks Public Source License.~Description~STheora Video Renderer~PlgCopy~Shttp://www.helixcommunity.org~PluginFilename~Stheorarend.dll~PluginType~SPLUGIN_RENDERER~RendererMime~Svideo/x-rn-theora}{IndexNumber~N0~LoadMultiple~N1~Renderer_Granularity~N20~Version~N-1610612736~Copyright~SCopyright© RealNetworks, Inc. 1995-2004. All rights reserved. Source code for this program is available under the RealNetworks Public Source License.~Description~SRealNetworks ICM Video Renderer Plugin~PlgCopy~Shttp://www.helixcommunity.org~PluginFilename~Svidplin.dll~PluginType~SPLUGIN_RENDERER~RendererMime~Svideo/x-pn-ic" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{4E14FB90-2E22-11D1-9964-00C04FBBB345}\1.0] @="EventSystem 1.0 Type Library" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{BACEDF3E-74AB-11D0-B162-00AA00BA3258}\1.0] @="Legacy MTSEvents 1.0 Type Library" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{D597DEED-5B9F-11D1-8DD2-00AA004ABD5E}\1.0] @="SENS Events Type Library" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Advanced INF Setup\IE5BAK\RegBackup.map] "17269d56ff42389e"=",33,HKLM,System\\CurrentControlSet\\Services\\Eventlog\\Application\\IExplore,EventMessageFile," "9e4965dda6299331"=",33,HKLM,System\\CurrentControlSet\\Services\\Eventlog\\Application\\IExplore,TypesSupported," [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EventSystem] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EventSystem\{26c409cc-ae86-11d1-b616-00805fc79216}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EventSystem\{26c409cc-ae86-11d1-b616-00805fc79216}\EventClasses] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EventSystem\{26c409cc-ae86-11d1-b616-00805fc79216}\EventClasses\{D0565000-9DF4-11D1-A281-00C04FCA0AA7}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EventSystem\{26c409cc-ae86-11d1-b616-00805fc79216}\EventClasses\{D0565000-9DF4-11D1-A281-00C04FCA0AA7}] "EventClassID"="{D0565000-9DF4-11D1-A281-00C04FCA0AA7}" "EventClassName"="EventSystem.EventObjectChange" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EventSystem\{26c409cc-ae86-11d1-b616-00805fc79216}\EventClasses\{D5978620-5B9F-11D1-8DD2-00AA004ABD5E}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EventSystem\{26c409cc-ae86-11d1-b616-00805fc79216}\EventClasses\{D5978620-5B9F-11D1-8DD2-00AA004ABD5E}] "EventClassID"="{D5978620-5B9F-11D1-8DD2-00AA004ABD5E}" "EventClassName"="SENS Network Events" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EventSystem\{26c409cc-ae86-11d1-b616-00805fc79216}\EventClasses\{D5978630-5B9F-11D1-8DD2-00AA004ABD5E}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EventSystem\{26c409cc-ae86-11d1-b616-00805fc79216}\EventClasses\{D5978630-5B9F-11D1-8DD2-00AA004ABD5E}] "EventClassID"="{D5978630-5B9F-11D1-8DD2-00AA004ABD5E}" "EventClassName"="SENS Logon Events" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EventSystem\{26c409cc-ae86-11d1-b616-00805fc79216}\EventClasses\{D5978640-5B9F-11D1-8DD2-00AA004ABD5E}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EventSystem\{26c409cc-ae86-11d1-b616-00805fc79216}\EventClasses\{D5978640-5B9F-11D1-8DD2-00AA004ABD5E}] "EventClassID"="{D5978640-5B9F-11D1-8DD2-00AA004ABD5E}" "EventClassName"="SENS OnNow Events" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EventSystem\{26c409cc-ae86-11d1-b616-00805fc79216}\EventClasses\{ECABB0C3-7F19-11D2-978E-0000F8757E2A}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EventSystem\{26c409cc-ae86-11d1-b616-00805fc79216}\EventClasses\{ECABB0C3-7F19-11D2-978E-0000F8757E2A}] "EventClassID"="{ECABB0C3-7F19-11D2-978E-0000F8757E2A}" "EventClassName"="ComEvents.ComServiceEvents" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EventSystem\{26c409cc-ae86-11d1-b616-00805fc79216}\Subscriptions] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EventSystem\{26c409cc-ae86-11d1-b616-00805fc79216}\Subscriptions\{6295DF30-35EE-11D1-8707-00C04FD93327}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EventSystem\{26c409cc-ae86-11d1-b616-00805fc79216}\Subscriptions\{6295DF30-35EE-11D1-8707-00C04FD93327}] "EventClassID"="{D5978620-5B9F-11D1-8DD2-00AA004ABD5E}" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EventSystem\{26c409cc-ae86-11d1-b616-00805fc79216}\Subscriptions\{D789AB02-5B9F-11D1-8DD2-00AA004ABD5E}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EventSystem\{26c409cc-ae86-11d1-b616-00805fc79216}\Subscriptions\{D789AB02-5B9F-11D1-8DD2-00AA004ABD5E}] "SubscriptionName"="SENS EventSystem Subscription Changed" "EventClassID"="{D0565000-9DF4-11D1-A281-00C04FCA0AA7}" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EventSystem\{26c409cc-ae86-11d1-b616-00805fc79216}\Subscriptions\{D789AB02-5B9F-11D1-8DD2-00AA004ABD5E}\PublisherProperties] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EventSystem\{26c409cc-ae86-11d1-b616-00805fc79216}\Subscriptions\{D789AB02-5B9F-11D1-8DD2-00AA004ABD5E}\PublisherProperties] "Criteria"="EventClassID={D5978620-5B9F-11D1-8DD2-00AA004ABD5E} OR EventClassID={D5978630-5B9F-11D1-8DD2-00AA004ABD5E} OR EventClassID={D5978640-5B9F-11D1-8DD2-00AA004ABD5E}" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EventSystem\{26c409cc-ae86-11d1-b616-00805fc79216}\Subscriptions\{3CE5891C-0268-4DA9-BFBE-F81CF6EAE7E3}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EventSystem\{26c409cc-ae86-11d1-b616-00805fc79216}\Subscriptions\{3CE5891C-0268-4DA9-BFBE-F81CF6EAE7E3}] "EventClassID"="{D5978630-5B9F-11D1-8DD2-00AA004ABD5E}" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MMC\NodeTypes\{7AB4A1FC-E403-11D0-9A97-00C04FD8DBF7}] @="Event Viewer Scope Node" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MMC\NodeTypes\{7D7FE374-E403-11D0-9A97-00C04FD8DBF7}] @="Event Viewer Result Node" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MMC\NodeTypes\{DC1C6BEC-4E2A-11D0-B702-00C04FD8DBF7}] @="Event Viewer Root Node" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MMC\SnapIns\{975797FC-4E2A-11D0-B702-00C04FD8DBF7}\NodeTypes\{7AB4A1FC-E403-11D0-9A97-00C04FD8DBF7}] @="Event Viewer Scope Node" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MMC\SnapIns\{975797FC-4E2A-11D0-B702-00C04FD8DBF7}\NodeTypes\{7D7FE374-E403-11D0-9A97-00C04FD8DBF7}] @="Event Viewer Result Node" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MMC\SnapIns\{975797FC-4E2A-11D0-B702-00C04FD8DBF7}\NodeTypes\{DC1C6BEC-4E2A-11D0-B702-00C04FD8DBF7}] @="Event Viewer Root Node" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows 2000\SP5\KB835732\Filelist\26] "FileName"="EVENTLOG.DLL" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows 2000\SP5\KB835732\Filelist\74] "FileName"="EVENTLOG.DLL" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows 2000\SP5\Update Rollup 1\Filelist\267] "FileName"="EVENTLOG.DLL" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows 2000\SP5\Update Rollup 1\Filelist\79] "FileName"="EVENTLOG.DLL" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM] "EnableEvents"="1" ; Contents of value: ; C:\WINNT\system32\WBEM\CimWin32.MOF ; C:\WINNT\system32\WBEM\RegEvent.mof ; C:\WINNT\system32\WBEM\NTEvt.mof ; C:\WINNT\system32\WBEM\WMI.mof ; C:\WINNT\system32\WBEM\secrcw32.mof ; C:\WINNT\system32\WBEM\dsprov.mof ; C:\WINNT\system32\WBEM\msi.mof ; C:\WINNT\system32\WBEM\CimWin32.MFL ; C:\WINNT\system32\WBEM\msi.mfl ; C:\WINNT\system32\WBEM\NTEvt.mfl ; C:\WINNT\system32\WBEM\secrcw32.mfl ; C:\Program Files\Fichiers communs\Microsoft Shared\MSInfo\ieinfo5.mof ; "Autorecover MOFs"=hex(7):43,00,3a,00,5c,00,57,00,49,00,4e,00,4e,00,54,00,5c,\ 00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,57,00,42,00,45,00,\ 4d,00,5c,00,43,00,69,00,6d,00,57,00,69,00,6e,00,33,00,32,00,2e,00,4d,00,4f,\ 00,46,00,00,00,43,00,3a,00,5c,00,57,00,49,00,4e,00,4e,00,54,00,5c,00,73,00,\ 79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,57,00,42,00,45,00,4d,00,5c,\ 00,52,00,65,00,67,00,45,00,76,00,65,00,6e,00,74,00,2e,00,6d,00,6f,00,66,00,\ 00,00,43,00,3a,00,5c,00,57,00,49,00,4e,00,4e,00,54,00,5c,00,73,00,79,00,73,\ 00,74,00,65,00,6d,00,33,00,32,00,5c,00,57,00,42,00,45,00,4d,00,5c,00,4e,00,\ 54,00,45,00,76,00,74,00,2e,00,6d,00,6f,00,66,00,00,00,43,00,3a,00,5c,00,57,\ 00,49,00,4e,00,4e,00,54,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,\ 32,00,5c,00,57,00,42,00,45,00,4d,00,5c,00,57,00,4d,00,49,00,2e,00,6d,00,6f,\ 00,66,00,00,00,43,00,3a,00,5c,00,57,00,49,00,4e,00,4e,00,54,00,5c,00,73,00,\ 79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,57,00,42,00,45,00,4d,00,5c,\ 00,73,00,65,00,63,00,72,00,63,00,77,00,33,00,32,00,2e,00,6d,00,6f,00,66,00,\ 00,00,43,00,3a,00,5c,00,57,00,49,00,4e,00,4e,00,54,00,5c,00,73,00,79,00,73,\ 00,74,00,65,00,6d,00,33,00,32,00,5c,00,57,00,42,00,45,00,4d,00,5c,00,64,00,\ 73,00,70,00,72,00,6f,00,76,00,2e,00,6d,00,6f,00,66,00,00,00,43,00,3a,00,5c,\ 00,57,00,49,00,4e,00,4e,00,54,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,\ 33,00,32,00,5c,00,57,00,42,00,45,00,4d,00,5c,00,6d,00,73,00,69,00,2e,00,6d,\ 00,6f,00,66,00,00,00,43,00,3a,00,5c,00,57,00,49,00,4e,00,4e,00,54,00,5c,00,\ 73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,57,00,42,00,45,00,4d,\ 00,5c,00,43,00,69,00,6d,00,57,00,69,00,6e,00,33,00,32,00,2e,00,4d,00,46,00,\ 4c,00,00,00,43,00,3a,00,5c,00,57,00,49,00,4e,00,4e,00,54,00,5c,00,73,00,79,\ 00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,57,00,42,00,45,00,4d,00,5c,00,\ 6d,00,73,00,69,00,2e,00,6d,00,66,00,6c,00,00,00,43,00,3a,00,5c,00,57,00,49,\ 00,4e,00,4e,00,54,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,57,00,42,00,45,00,4d,00,5c,00,4e,00,54,00,45,00,76,00,74,00,2e,00,6d,\ 00,66,00,6c,00,00,00,43,00,3a,00,5c,00,57,00,49,00,4e,00,4e,00,54,00,5c,00,\ 73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,57,00,42,00,45,00,4d,\ 00,5c,00,73,00,65,00,63,00,72,00,63,00,77,00,33,00,32,00,2e,00,6d,00,66,00,\ 6c,00,00,00,43,00,3a,00,5c,00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,20,\ 00,46,00,69,00,6c,00,65,00,73,00,5c,00,46,00,69,00,63,00,68,00,69,00,65,00,\ 72,00,73,00,20,00,63,00,6f,00,6d,00,6d,00,75,00,6e,00,73,00,5c,00,4d,00,69,\ 00,63,00,72,00,6f,00,73,00,6f,00,66,00,74,00,20,00,53,00,68,00,61,00,72,00,\ 65,00,64,00,5c,00,4d,00,53,00,49,00,6e,00,66,00,6f,00,5c,00,69,00,65,00,69,\ 00,6e,00,66,00,6f,00,35,00,2e,00,6d,00,6f,00,66,00,00,00,00,00 "Low Threshold On Events (B)"="1000000" "High Threshold On Events (B)"="2000000" "Max Wait On Events (ms)"="2000" ; Contents of value: ; "List of event-active namespaces"=hex:00,00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\EventHandlers] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\EventHandlers\MixedContentOnArrival] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\EventHandlers\PlayCDAudioOnArrival] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\EventHandlers\PlayDVDMovieOnArrival] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\EventHandlers\PlayVideoFilesOnArrival] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\EventHandlers\ShowPicturesOnArrival] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders] "D:\\Canon\\ZoomBrowser EX\\PhotoRecord\\art\\clipart\\events\\"="" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3A7EF95B66D6C1D4FBB7BF469304D69E] "D2F65FEBDE656714FB27B7864D3A9BD8"="D:\\Canon\\ZoomBrowser EX\\PhotoRecord\\art\\clipart\\events\\" "00000000000000000000000000000000"="D:\\Canon\\ZoomBrowser EX\\PhotoRecord\\art\\clipart\\events\\" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8C95DA1271F9E2C45A369188E2A2AF87] "2077E8159C817FC4B92CEEAEE9527236"="C:\\Program Files\\OpenOffice.org 2.0\\share\\dtd\\officedocument\\1_0\\event.dtd" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A9C3F7B2CA980DD4EA20205F2871110D] "2077E8159C817FC4B92CEEAEE9527236"="C:\\Program Files\\OpenOffice.org 2.0\\share\\registry\\schema\\org\\openoffice\\Office\\Events.xcs" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\StillImage\Registered Applications] "Imaging"="\"C:\\Program Files\\Windows NT\\Accessoires\\ImageVue\\KodakImg.exe\" /StiDevice:%1 /StiEvent:%2" "Photoshop"="D:\\Photoshop 7.0\\Photoshop.exe /StiDevice:%1 /StiEvent:%2" "Canon ZoomBrowser EX"="D:\\Canon\\ZoomBrowser EX\\Program\\ZoomBrowser.exe /StiDevice:%1 /StiEvent:%2" "Picasa2"="C:\\Program Files\\Picasa2\\PicasaMediaDetector.exe /StiDevice:%1 /StiEvent:%2" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Reporting\EventCache] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Providers\LanMan Print Services\Servers\.\Providers] "EventLog"=dword:0000001b [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost] ; Contents of value: ; EventSystem ; Ias ; Iprip ; Irmon ; Netman ; Nwsapagent ; Rasauto ; Rasman ; Remoteaccess ; SENS ; Sharedaccess ; Tapisrv ; Ntmssvc ; WZCSVC ; "netsvcs"=hex(7):45,00,76,00,65,00,6e,00,74,00,53,00,79,00,73,00,74,00,65,00,\ 6d,00,00,00,49,00,61,00,73,00,00,00,49,00,70,00,72,00,69,00,70,00,00,00,49,\ 00,72,00,6d,00,6f,00,6e,00,00,00,4e,00,65,00,74,00,6d,00,61,00,6e,00,00,00,\ 4e,00,77,00,73,00,61,00,70,00,61,00,67,00,65,00,6e,00,74,00,00,00,52,00,61,\ 00,73,00,61,00,75,00,74,00,6f,00,00,00,52,00,61,00,73,00,6d,00,61,00,6e,00,\ 00,00,52,00,65,00,6d,00,6f,00,74,00,65,00,61,00,63,00,63,00,65,00,73,00,73,\ 00,00,00,53,00,45,00,4e,00,53,00,00,00,53,00,68,00,61,00,72,00,65,00,64,00,\ 61,00,63,00,63,00,65,00,73,00,73,00,00,00,54,00,61,00,70,00,69,00,73,00,72,\ 00,76,00,00,00,4e,00,74,00,6d,00,73,00,73,00,76,00,63,00,00,00,57,00,5a,00,\ 43,00,53,00,56,00,43,00,00,00,00,00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain] "Logoff"="ChainWlxLogoffEvent" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet] "Logoff"="CryptnetWlxLogoffEvent" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll] "Logon"="WinlogonLogonEvent" "Logoff"="WinlogonLogoffEvent" "ScreenSaver"="WinlogonScreenSaverEvent" "Startup"="WinlogonStartupEvent" "Shutdown"="WinlogonShutdownEvent" "StartShell"="WinlogonStartShellEvent" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy] "Logoff"="WLEventLogoff" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn] "Lock"="SensLockEvent" "Logon"="SensLogonEvent" "Logoff"="SensLogoffEvent" "StartScreenSaver"="SensStartScreenSaverEvent" "StopScreenSaver"="SensStopScreenSaverEvent" "Startup"="SensStartupEvent" "Shutdown"="SensShutdownEvent" "StartShell"="SensStartShellEvent" "Unlock"="SensUnlockEvent" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wzcnotif] "Logon"="WZCEventLogon" "Logoff"="WZCEventLogoff" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{6BDD1FC6-810F-11D0-BEC7-08002BE2092F}00\Events] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{6BDD1FC6-810F-11D0-BEC7-08002BE2092F}00\Events\PushButtonPushed1] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{6BDD1FC6-810F-11D0-BEC7-08002BE2092F}00\Events\PushButtonPushed2] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{6BDD1FC6-810F-11D0-BEC7-08002BE2092F}00\Events\PushButtonPushed3] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{6BDD1FC6-810F-11D0-BEC7-08002BE2092F}01\Events] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{6BDD1FC6-810F-11D0-BEC7-08002BE2092F}01\Events\CameraDetected] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\ContentIndex] "EventLogFlags"=dword:00000002 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CrashControl] "LogEvent"=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Print\Providers] "EventLog"=dword:0000001b [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\EventLog] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network\EventLog] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SecurePipeServers\winreg\AllowedPaths] ; Contents of value: ; System\CurrentControlSet\Control\ProductOptions ; System\CurrentControlSet\Control\Print\Printers ; System\CurrentControlSet\Control\Server Applications ; System\CurrentControlSet\Services\Eventlog ; Software\Microsoft\OLAP Server ; Software\Microsoft\Windows NT\CurrentVersion ; "Machine"=hex(7):53,00,79,00,73,00,74,00,65,00,6d,00,5c,00,43,00,75,00,72,00,\ 72,00,65,00,6e,00,74,00,43,00,6f,00,6e,00,74,00,72,00,6f,00,6c,00,53,00,65,\ 00,74,00,5c,00,43,00,6f,00,6e,00,74,00,72,00,6f,00,6c,00,5c,00,50,00,72,00,\ 6f,00,64,00,75,00,63,00,74,00,4f,00,70,00,74,00,69,00,6f,00,6e,00,73,00,00,\ 00,53,00,79,00,73,00,74,00,65,00,6d,00,5c,00,43,00,75,00,72,00,72,00,65,00,\ 6e,00,74,00,43,00,6f,00,6e,00,74,00,72,00,6f,00,6c,00,53,00,65,00,74,00,5c,\ 00,43,00,6f,00,6e,00,74,00,72,00,6f,00,6c,00,5c,00,50,00,72,00,69,00,6e,00,\ 74,00,5c,00,50,00,72,00,69,00,6e,00,74,00,65,00,72,00,73,00,00,00,53,00,79,\ 00,73,00,74,00,65,00,6d,00,5c,00,43,00,75,00,72,00,72,00,65,00,6e,00,74,00,\ 43,00,6f,00,6e,00,74,00,72,00,6f,00,6c,00,53,00,65,00,74,00,5c,00,43,00,6f,\ 00,6e,00,74,00,72,00,6f,00,6c,00,5c,00,53,00,65,00,72,00,76,00,65,00,72,00,\ 20,00,41,00,70,00,70,00,6c,00,69,00,63,00,61,00,74,00,69,00,6f,00,6e,00,73,\ 00,00,00,53,00,79,00,73,00,74,00,65,00,6d,00,5c,00,43,00,75,00,72,00,72,00,\ 65,00,6e,00,74,00,43,00,6f,00,6e,00,74,00,72,00,6f,00,6c,00,53,00,65,00,74,\ 00,5c,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,73,00,5c,00,45,00,76,00,\ 65,00,6e,00,74,00,6c,00,6f,00,67,00,00,00,53,00,6f,00,66,00,74,00,77,00,61,\ 00,72,00,65,00,5c,00,4d,00,69,00,63,00,72,00,6f,00,73,00,6f,00,66,00,74,00,\ 5c,00,4f,00,4c,00,41,00,50,00,20,00,53,00,65,00,72,00,76,00,65,00,72,00,00,\ 00,53,00,6f,00,66,00,74,00,77,00,61,00,72,00,65,00,5c,00,4d,00,69,00,63,00,\ 72,00,6f,00,73,00,6f,00,66,00,74,00,5c,00,57,00,69,00,6e,00,64,00,6f,00,77,\ 00,73,00,20,00,4e,00,54,00,5c,00,43,00,75,00,72,00,72,00,65,00,6e,00,74,00,\ 56,00,65,00,72,00,73,00,69,00,6f,00,6e,00,00,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SecurityProviders\SCHANNEL] "EventLogging"=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\ServiceGroupOrder] ; Contents of value: ; System Reserved ; Boot Bus Extender ; System Bus Extender ; SCSI miniport ; port ; Primary disk ; SCSI class ; SCSI CDROM class ; FSFilter Infrastructure ; FSFilter System ; FSFilter Bottom ; FSFilter Copy Protection ; FSFilter Security Enhancer ; FSFilter Open File ; FSFilter Physical Quota Management ; FSFilter Encryption ; FSFilter Compression ; FSFilter HSM ; FSFilter Cluster File System ; FSFilter System Recovery ; FSFilter Quota Management ; FSFilter Content Screener ; FSFilter Continuous Backup ; FSFilter Replication ; FSFilter Anti-Virus ; FSFilter Undelete ; FSFilter Activity Monitor ; FSFilter Top ; filter ; boot file system ; Base ; Pointer Port ; Keyboard Port ; Pointer Class ; Keyboard Class ; Video Init ; Video ; Video Save ; file system ; Event log ; Streams Drivers ; NDIS Wrapper ; PNP_TDI ; NDIS ; TDI ; NetBIOSGroup ; PlugPlay ; SpoolerGroup ; NetDDEGroup ; Parallel arbitrator ; extended base ; RemoteValidation ; PCI Configuration ; "List"=hex(7):53,00,79,00,73,00,74,00,65,00,6d,00,20,00,52,00,65,00,73,00,65,\ 00,72,00,76,00,65,00,64,00,00,00,42,00,6f,00,6f,00,74,00,20,00,42,00,75,00,\ 73,00,20,00,45,00,78,00,74,00,65,00,6e,00,64,00,65,00,72,00,00,00,53,00,79,\ 00,73,00,74,00,65,00,6d,00,20,00,42,00,75,00,73,00,20,00,45,00,78,00,74,00,\ 65,00,6e,00,64,00,65,00,72,00,00,00,53,00,43,00,53,00,49,00,20,00,6d,00,69,\ 00,6e,00,69,00,70,00,6f,00,72,00,74,00,00,00,70,00,6f,00,72,00,74,00,00,00,\ 50,00,72,00,69,00,6d,00,61,00,72,00,79,00,20,00,64,00,69,00,73,00,6b,00,00,\ 00,53,00,43,00,53,00,49,00,20,00,63,00,6c,00,61,00,73,00,73,00,00,00,53,00,\ 43,00,53,00,49,00,20,00,43,00,44,00,52,00,4f,00,4d,00,20,00,63,00,6c,00,61,\ 00,73,00,73,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,\ 49,00,6e,00,66,00,72,00,61,00,73,00,74,00,72,00,75,00,63,00,74,00,75,00,72,\ 00,65,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,53,00,\ 79,00,73,00,74,00,65,00,6d,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,65,\ 00,72,00,20,00,42,00,6f,00,74,00,74,00,6f,00,6d,00,00,00,46,00,53,00,46,00,\ 69,00,6c,00,74,00,65,00,72,00,20,00,43,00,6f,00,70,00,79,00,20,00,50,00,72,\ 00,6f,00,74,00,65,00,63,00,74,00,69,00,6f,00,6e,00,00,00,46,00,53,00,46,00,\ 69,00,6c,00,74,00,65,00,72,00,20,00,53,00,65,00,63,00,75,00,72,00,69,00,74,\ 00,79,00,20,00,45,00,6e,00,68,00,61,00,6e,00,63,00,65,00,72,00,00,00,46,00,\ 53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,4f,00,70,00,65,00,6e,00,20,\ 00,46,00,69,00,6c,00,65,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,65,00,\ 72,00,20,00,50,00,68,00,79,00,73,00,69,00,63,00,61,00,6c,00,20,00,51,00,75,\ 00,6f,00,74,00,61,00,20,00,4d,00,61,00,6e,00,61,00,67,00,65,00,6d,00,65,00,\ 6e,00,74,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,45,\ 00,6e,00,63,00,72,00,79,00,70,00,74,00,69,00,6f,00,6e,00,00,00,46,00,53,00,\ 46,00,69,00,6c,00,74,00,65,00,72,00,20,00,43,00,6f,00,6d,00,70,00,72,00,65,\ 00,73,00,73,00,69,00,6f,00,6e,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,\ 65,00,72,00,20,00,48,00,53,00,4d,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,\ 00,65,00,72,00,20,00,43,00,6c,00,75,00,73,00,74,00,65,00,72,00,20,00,46,00,\ 69,00,6c,00,65,00,20,00,53,00,79,00,73,00,74,00,65,00,6d,00,00,00,46,00,53,\ 00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,53,00,79,00,73,00,74,00,65,00,\ 6d,00,20,00,52,00,65,00,63,00,6f,00,76,00,65,00,72,00,79,00,00,00,46,00,53,\ 00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,51,00,75,00,6f,00,74,00,61,00,\ 20,00,4d,00,61,00,6e,00,61,00,67,00,65,00,6d,00,65,00,6e,00,74,00,00,00,46,\ 00,53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,43,00,6f,00,6e,00,74,00,\ 65,00,6e,00,74,00,20,00,53,00,63,00,72,00,65,00,65,00,6e,00,65,00,72,00,00,\ 00,46,00,53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,43,00,6f,00,6e,00,\ 74,00,69,00,6e,00,75,00,6f,00,75,00,73,00,20,00,42,00,61,00,63,00,6b,00,75,\ 00,70,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,52,00,\ 65,00,70,00,6c,00,69,00,63,00,61,00,74,00,69,00,6f,00,6e,00,00,00,46,00,53,\ 00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,41,00,6e,00,74,00,69,00,2d,00,\ 56,00,69,00,72,00,75,00,73,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,65,\ 00,72,00,20,00,55,00,6e,00,64,00,65,00,6c,00,65,00,74,00,65,00,00,00,46,00,\ 53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,41,00,63,00,74,00,69,00,76,\ 00,69,00,74,00,79,00,20,00,4d,00,6f,00,6e,00,69,00,74,00,6f,00,72,00,00,00,\ 46,00,53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,54,00,6f,00,70,00,00,\ 00,66,00,69,00,6c,00,74,00,65,00,72,00,00,00,62,00,6f,00,6f,00,74,00,20,00,\ 66,00,69,00,6c,00,65,00,20,00,73,00,79,00,73,00,74,00,65,00,6d,00,00,00,42,\ 00,61,00,73,00,65,00,00,00,50,00,6f,00,69,00,6e,00,74,00,65,00,72,00,20,00,\ 50,00,6f,00,72,00,74,00,00,00,4b,00,65,00,79,00,62,00,6f,00,61,00,72,00,64,\ 00,20,00,50,00,6f,00,72,00,74,00,00,00,50,00,6f,00,69,00,6e,00,74,00,65,00,\ 72,00,20,00,43,00,6c,00,61,00,73,00,73,00,00,00,4b,00,65,00,79,00,62,00,6f,\ 00,61,00,72,00,64,00,20,00,43,00,6c,00,61,00,73,00,73,00,00,00,56,00,69,00,\ 64,00,65,00,6f,00,20,00,49,00,6e,00,69,00,74,00,00,00,56,00,69,00,64,00,65,\ 00,6f,00,00,00,56,00,69,00,64,00,65,00,6f,00,20,00,53,00,61,00,76,00,65,00,\ 00,00,66,00,69,00,6c,00,65,00,20,00,73,00,79,00,73,00,74,00,65,00,6d,00,00,\ 00,45,00,76,00,65,00,6e,00,74,00,20,00,6c,00,6f,00,67,00,00,00,53,00,74,00,\ 72,00,65,00,61,00,6d,00,73,00,20,00,44,00,72,00,69,00,76,00,65,00,72,00,73,\ 00,00,00,4e,00,44,00,49,00,53,00,20,00,57,00,72,00,61,00,70,00,70,00,65,00,\ 72,00,00,00,50,00,4e,00,50,00,5f,00,54,00,44,00,49,00,00,00,4e,00,44,00,49,\ 00,53,00,00,00,54,00,44,00,49,00,00,00,4e,00,65,00,74,00,42,00,49,00,4f,00,\ 53,00,47,00,72,00,6f,00,75,00,70,00,00,00,50,00,6c,00,75,00,67,00,50,00,6c,\ 00,61,00,79,00,00,00,53,00,70,00,6f,00,6f,00,6c,00,65,00,72,00,47,00,72,00,\ 6f,00,75,00,70,00,00,00,4e,00,65,00,74,00,44,00,44,00,45,00,47,00,72,00,6f,\ 00,75,00,70,00,00,00,50,00,61,00,72,00,61,00,6c,00,6c,00,65,00,6c,00,20,00,\ 61,00,72,00,62,00,69,00,74,00,72,00,61,00,74,00,6f,00,72,00,00,00,65,00,78,\ 00,74,00,65,00,6e,00,64,00,65,00,64,00,20,00,62,00,61,00,73,00,65,00,00,00,\ 52,00,65,00,6d,00,6f,00,74,00,65,00,56,00,61,00,6c,00,69,00,64,00,61,00,74,\ 00,69,00,6f,00,6e,00,00,00,50,00,43,00,49,00,20,00,43,00,6f,00,6e,00,66,00,\ 69,00,67,00,75,00,72,00,61,00,74,00,69,00,6f,00,6e,00,00,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_EVENT] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_EVENT00] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_EVENT00] "Service"="Event" "DeviceDesc"="Events Log" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_EVENTSYSTEM] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_EVENTSYSTEM00] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_EVENTSYSTEM00] "Service"="EventSystem" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_EVENTSYSTEM00\Control] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_EVENTSYSTEM00\Control] "ActiveService"="EventSystem" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Event] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Event] "DisplayName"="Events Log" "Description"="Enables event logs messages issued by Windows-based programs and components to be viewed in Event Viewer. This service cannot be stopped." [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Event\Security] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Event\Enum] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Event\Enum] "0"="Root\\LEGACY_EVENT\00" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog] "Group"="Event log" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application] ; Contents of value: ; WSH ; WinMgmt ; Winlogon ; Windows 3.1 Migration ; VBRuntime ; Userinit ; Userenv ; Tlntsvr ; SysmonLog ; SpoolerCtrs ; Software Installation ; SclgNtfy ; SceSrv ; SceCli ; RPC ; PlugPlayManager ; PerfProc ; PerfOS ; PerfNet ; Perfmon ; Perflib ; PerfDisk ; Perfctrs ; Offline Files ; Oakley ; Ntbackup.ini ; ntbackup ; NeroCheck ; MsiInstaller ; MSDTC Client ; MSDTC ; mnmsrvc ; LoadPerf ; IPSECPolicyStorage ; IExplore ; hpmon ; Folder Redirection ; File Deployment ; EventSystem ; ESENT ; DrWatson ; DiskQuota ; COM+ ; Ci ; Chkdsk ; Autochk ; Application Management ; APGTS ; Application ; "Sources"=hex(7):57,00,53,00,48,00,00,00,57,00,69,00,6e,00,4d,00,67,00,6d,00,\ 74,00,00,00,57,00,69,00,6e,00,6c,00,6f,00,67,00,6f,00,6e,00,00,00,57,00,69,\ 00,6e,00,64,00,6f,00,77,00,73,00,20,00,33,00,2e,00,31,00,20,00,4d,00,69,00,\ 67,00,72,00,61,00,74,00,69,00,6f,00,6e,00,00,00,56,00,42,00,52,00,75,00,6e,\ 00,74,00,69,00,6d,00,65,00,00,00,55,00,73,00,65,00,72,00,69,00,6e,00,69,00,\ 74,00,00,00,55,00,73,00,65,00,72,00,65,00,6e,00,76,00,00,00,54,00,6c,00,6e,\ 00,74,00,73,00,76,00,72,00,00,00,53,00,79,00,73,00,6d,00,6f,00,6e,00,4c,00,\ 6f,00,67,00,00,00,53,00,70,00,6f,00,6f,00,6c,00,65,00,72,00,43,00,74,00,72,\ 00,73,00,00,00,53,00,6f,00,66,00,74,00,77,00,61,00,72,00,65,00,20,00,49,00,\ 6e,00,73,00,74,00,61,00,6c,00,6c,00,61,00,74,00,69,00,6f,00,6e,00,00,00,53,\ 00,63,00,6c,00,67,00,4e,00,74,00,66,00,79,00,00,00,53,00,63,00,65,00,53,00,\ 72,00,76,00,00,00,53,00,63,00,65,00,43,00,6c,00,69,00,00,00,52,00,50,00,43,\ 00,00,00,50,00,6c,00,75,00,67,00,50,00,6c,00,61,00,79,00,4d,00,61,00,6e,00,\ 61,00,67,00,65,00,72,00,00,00,50,00,65,00,72,00,66,00,50,00,72,00,6f,00,63,\ 00,00,00,50,00,65,00,72,00,66,00,4f,00,53,00,00,00,50,00,65,00,72,00,66,00,\ 4e,00,65,00,74,00,00,00,50,00,65,00,72,00,66,00,6d,00,6f,00,6e,00,00,00,50,\ 00,65,00,72,00,66,00,6c,00,69,00,62,00,00,00,50,00,65,00,72,00,66,00,44,00,\ 69,00,73,00,6b,00,00,00,50,00,65,00,72,00,66,00,63,00,74,00,72,00,73,00,00,\ 00,4f,00,66,00,66,00,6c,00,69,00,6e,00,65,00,20,00,46,00,69,00,6c,00,65,00,\ 73,00,00,00,4f,00,61,00,6b,00,6c,00,65,00,79,00,00,00,4e,00,74,00,62,00,61,\ 00,63,00,6b,00,75,00,70,00,2e,00,69,00,6e,00,69,00,00,00,6e,00,74,00,62,00,\ 61,00,63,00,6b,00,75,00,70,00,00,00,4e,00,65,00,72,00,6f,00,43,00,68,00,65,\ 00,63,00,6b,00,00,00,4d,00,73,00,69,00,49,00,6e,00,73,00,74,00,61,00,6c,00,\ 6c,00,65,00,72,00,00,00,4d,00,53,00,44,00,54,00,43,00,20,00,43,00,6c,00,69,\ 00,65,00,6e,00,74,00,00,00,4d,00,53,00,44,00,54,00,43,00,00,00,6d,00,6e,00,\ 6d,00,73,00,72,00,76,00,63,00,00,00,4c,00,6f,00,61,00,64,00,50,00,65,00,72,\ 00,66,00,00,00,49,00,50,00,53,00,45,00,43,00,50,00,6f,00,6c,00,69,00,63,00,\ 79,00,53,00,74,00,6f,00,72,00,61,00,67,00,65,00,00,00,49,00,45,00,78,00,70,\ 00,6c,00,6f,00,72,00,65,00,00,00,68,00,70,00,6d,00,6f,00,6e,00,00,00,46,00,\ 6f,00,6c,00,64,00,65,00,72,00,20,00,52,00,65,00,64,00,69,00,72,00,65,00,63,\ 00,74,00,69,00,6f,00,6e,00,00,00,46,00,69,00,6c,00,65,00,20,00,44,00,65,00,\ 70,00,6c,00,6f,00,79,00,6d,00,65,00,6e,00,74,00,00,00,45,00,76,00,65,00,6e,\ 00,74,00,53,00,79,00,73,00,74,00,65,00,6d,00,00,00,45,00,53,00,45,00,4e,00,\ 54,00,00,00,44,00,72,00,57,00,61,00,74,00,73,00,6f,00,6e,00,00,00,44,00,69,\ 00,73,00,6b,00,51,00,75,00,6f,00,74,00,61,00,00,00,43,00,4f,00,4d,00,2b,00,\ 00,00,43,00,69,00,00,00,43,00,68,00,6b,00,64,00,73,00,6b,00,00,00,41,00,75,\ 00,74,00,6f,00,63,00,68,00,6b,00,00,00,41,00,70,00,70,00,6c,00,69,00,63,00,\ 61,00,74,00,69,00,6f,00,6e,00,20,00,4d,00,61,00,6e,00,61,00,67,00,65,00,6d,\ 00,65,00,6e,00,74,00,00,00,41,00,50,00,47,00,54,00,53,00,00,00,41,00,70,00,\ 70,00,6c,00,69,00,63,00,61,00,74,00,69,00,6f,00,6e,00,00,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\APGTS] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\APGTS] ; Contents of value: ; C:\WINNT\help\TShoot.ocx "EventMessageFile"=hex(2):43,00,3a,00,5c,00,57,00,49,00,4e,00,4e,00,54,00,5c,\ 00,68,00,65,00,6c,00,70,00,5c,00,54,00,53,00,68,00,6f,00,6f,00,74,00,2e,00,\ 6f,00,63,00,78,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\Application] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\Application Management] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\Application Management] ; Contents of value: ; %SystemRoot%\System32\appmgmts.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,61,00,70,00,70,00,6d,00,67,00,6d,00,74,00,73,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\Autochk] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\Autochk] ; Contents of value: ; %SystemRoot%\System32\winlogon.exe "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,77,00,69,00,6e,00,6c,00,6f,00,67,00,6f,00,6e,00,2e,00,65,00,78,00,65,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\Chkdsk] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\Chkdsk] ; Contents of value: ; %SystemRoot%\System32\ulib.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,75,00,6c,00,69,00,62,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\Ci] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\Ci] ; Contents of value: ; %SystemRoot%\System32\query.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,71,00,75,00,65,00,72,00,79,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\COM+] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\COM+] ; Contents of value: ; C:\WINNT\system32\comsvcs.dll "EventMessageFile"=hex(2):43,00,3a,00,5c,00,57,00,49,00,4e,00,4e,00,54,00,5c,\ 00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,63,00,6f,00,6d,00,\ 73,00,76,00,63,00,73,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\DiskQuota] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\DiskQuota] "EventMessageFile"="%SystemRoot%\\System32\\dskquota.dll" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\DrWatson] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\DrWatson] ; Contents of value: ; %SystemRoot%\System32\drwtsn32.exe "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,64,00,72,00,77,00,74,00,73,00,6e,00,33,00,32,00,2e,00,65,00,78,00,65,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\ESENT] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\ESENT] ; Contents of value: ; C:\WINNT\system32\ESENT.dll "EventMessageFile"=hex(2):43,00,3a,00,5c,00,57,00,49,00,4e,00,4e,00,54,00,5c,\ 00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,45,00,53,00,45,00,\ 4e,00,54,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\EventSystem] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\EventSystem] ; Contents of value: ; C:\WINNT\system32\es.dll "EventMessageFile"=hex(2):43,00,3a,00,5c,00,57,00,49,00,4e,00,4e,00,54,00,5c,\ 00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,65,00,73,00,2e,00,\ 64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\File Deployment] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\File Deployment] ; Contents of value: ; %SystemRoot%\System32\fdeploy.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,66,00,64,00,65,00,70,00,6c,00,6f,00,79,00,2e,00,64,00,6c,00,6c,00,00,\ 00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\Folder Redirection] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\Folder Redirection] ; Contents of value: ; %SystemRoot%\System32\fdeploy.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,66,00,64,00,65,00,70,00,6c,00,6f,00,79,00,2e,00,64,00,6c,00,6c,00,00,\ 00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\hpmon] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\hpmon] ; Contents of value: ; %SystemRoot%\System32\hpmon.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,68,00,70,00,6d,00,6f,00,6e,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\IExplore] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\IExplore] "EventMessageFile"="C:\\Program Files\\Internet Explorer\\DW15.EXE" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\IPSECPolicyStorage] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\IPSECPolicyStorage] "EventMessageFile"="%SystemRoot%\\System32\\polstore.dll" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\LoadPerf] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\LoadPerf] ; Contents of value: ; %SystemRoot%\System32\loadperf.dll;%SystemRoot%\System32\sp2res.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,6c,00,6f,00,61,00,64,00,70,00,65,00,72,00,66,00,2e,00,64,00,6c,00,6c,\ 00,3b,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,\ 25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,70,\ 00,32,00,72,00,65,00,73,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\mnmsrvc] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\mnmsrvc] "EventMessageFile"="%SystemRoot%\\System32\\nmevtmsg.dll" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\MSDTC] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\MSDTC] ; Contents of value: ; C:\WINNT\system32\MSDTCPRX.DLL "EventMessageFile"=hex(2):43,00,3a,00,5c,00,57,00,49,00,4e,00,4e,00,54,00,5c,\ 00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,4d,00,53,00,44,00,\ 54,00,43,00,50,00,52,00,58,00,2e,00,44,00,4c,00,4c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\MSDTC Client] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\MSDTC Client] ; Contents of value: ; C:\WINNT\system32\MSDTCPRX.DLL "EventMessageFile"=hex(2):43,00,3a,00,5c,00,57,00,49,00,4e,00,4e,00,54,00,5c,\ 00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,4d,00,53,00,44,00,\ 54,00,43,00,50,00,52,00,58,00,2e,00,44,00,4c,00,4c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\MsiInstaller] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\MsiInstaller] "EventMessageFile"="C:\\WINNT\\system32\\msi.dll" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\NeroCheck] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\NeroCheck] "EventMessageFile"="C:\\WINNT\\system32\\NeroCheck.exe" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\ntbackup] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\ntbackup] ; Contents of value: ; %SystemRoot%\System32\ntbackup.exe "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,6e,00,74,00,62,00,61,00,63,00,6b,00,75,00,70,00,2e,00,65,00,78,00,65,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\Ntbackup.ini] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\Ntbackup.ini] "EventMessageFile"="C:\\WINNT\\system32\\ntbackup.exe" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\Oakley] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\Oakley] "EventMessageFile"="%SystemRoot%\\System32\\oakley.dll" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\Offline Files] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\Offline Files] "EventMessageFile"="%SystemRoot%\\System32\\cscui.dll" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\Perfctrs] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\Perfctrs] ; Contents of value: ; %SystemRoot%\System32\perfctrs.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,70,00,65,00,72,00,66,00,63,00,74,00,72,00,73,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\PerfDisk] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\PerfDisk] ; Contents of value: ; %SystemRoot%\System32\perfdisk.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,70,00,65,00,72,00,66,00,64,00,69,00,73,00,6b,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\Perflib] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\Perflib] ; Contents of value: ; %SystemRoot%\System32\prflbmsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,70,00,72,00,66,00,6c,00,62,00,6d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\Perfmon] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\Perfmon] ; Contents of value: ; %SystemRoot%\System32\perfmon.exe "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,70,00,65,00,72,00,66,00,6d,00,6f,00,6e,00,2e,00,65,00,78,00,65,00,00,\ 00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\PerfNet] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\PerfNet] ; Contents of value: ; %SystemRoot%\System32\perfnet.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,70,00,65,00,72,00,66,00,6e,00,65,00,74,00,2e,00,64,00,6c,00,6c,00,00,\ 00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\PerfOS] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\PerfOS] ; Contents of value: ; %SystemRoot%\System32\perfOS.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,70,00,65,00,72,00,66,00,4f,00,53,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\PerfProc] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\PerfProc] ; Contents of value: ; %SystemRoot%\System32\perfproc.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,70,00,65,00,72,00,66,00,70,00,72,00,6f,00,63,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\PlugPlayManager] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\PlugPlayManager] ; Contents of value: ; %SystemRoot%\System32\umpnpmgr.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,75,00,6d,00,70,00,6e,00,70,00,6d,00,67,00,72,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\RPC] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\RPC] ; Contents of value: ; %SystemRoot%\System32\sp3res.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,73,00,70,00,33,00,72,00,65,00,73,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\SceCli] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\SceCli] ; Contents of value: ; %SystemRoot%\System32\scecli.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,73,00,63,00,65,00,63,00,6c,00,69,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\SceSrv] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\SceSrv] ; Contents of value: ; %SystemRoot%\System32\scesrv.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,73,00,63,00,65,00,73,00,72,00,76,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\SclgNtfy] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\SclgNtfy] ; Contents of value: ; %SystemRoot%\System32\sclgntfy.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\Software Installation] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\Software Installation] ; Contents of value: ; %SystemRoot%\System32\appmgr.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,61,00,70,00,70,00,6d,00,67,00,72,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\SpoolerCtrs] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\SpoolerCtrs] ; Contents of value: ; %SystemRoot%\System32\winspool.drv "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,77,00,69,00,6e,00,73,00,70,00,6f,00,6f,00,6c,00,2e,00,64,00,72,00,76,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\SysmonLog] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\SysmonLog] ; Contents of value: ; %SystemRoot%\System32\smlogsvc.exe "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,73,00,6d,00,6c,00,6f,00,67,00,73,00,76,00,63,00,2e,00,65,00,78,00,65,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\Tlntsvr] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\Tlntsvr] ; Contents of value: ; %SystemRoot%\System32\tlntsvr.exe "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,74,00,6c,00,6e,00,74,00,73,00,76,00,72,00,2e,00,65,00,78,00,65,00,00,\ 00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\Userenv] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\Userenv] ; Contents of value: ; %SystemRoot%\System32\userenv.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,75,00,73,00,65,00,72,00,65,00,6e,00,76,00,2e,00,64,00,6c,00,6c,00,00,\ 00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\Userinit] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\Userinit] ; Contents of value: ; %SystemRoot%\System32\userinit.exe "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,75,00,73,00,65,00,72,00,69,00,6e,00,69,00,74,00,2e,00,65,00,78,00,65,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\VBRuntime] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\VBRuntime] "EventMessageFile"="C:\\WINNT\\system32\\MSVBVM60.DLL" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\Windows 3.1 Migration] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\Windows 3.1 Migration] ; Contents of value: ; %SystemRoot%\System32\advapi32.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,61,00,64,00,76,00,61,00,70,00,69,00,33,00,32,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\Winlogon] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\Winlogon] ; Contents of value: ; %SystemRoot%\System32\winlogon.exe;%SystemRoot%\System32\sp3res.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,77,00,69,00,6e,00,6c,00,6f,00,67,00,6f,00,6e,00,2e,00,65,00,78,00,65,\ 00,3b,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,\ 25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,70,\ 00,33,00,72,00,65,00,73,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\WinMgmt] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\WinMgmt] "EventMessageFile"="C:\\WINNT\\system32\\WBEM\\WinMgmtR.dll" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\WSH] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\WSH] ; Contents of value: ; %SystemRoot%\System32\wshext.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,77,00,73,00,68,00,65,00,78,00,74,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Security] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Security\DS] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Security\DS\ObjectNames] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Security\LSA] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Security\LSA\ObjectNames] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Security\NetDDE Object] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Security\NetDDE Object\ObjectNames] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Security\SC Manager] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Security\SC Manager\ObjectNames] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Security\Security] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Security\Security] ; Contents of value: ; %SystemRoot%\System32\MsAuditE.dll;%SystemRoot%\System32\sp2res.dll;%SystemRoot%\System32\sp3res.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,4d,00,73,00,41,00,75,00,64,00,69,00,74,00,45,00,2e,00,64,00,6c,00,6c,\ 00,3b,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,\ 25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,70,\ 00,32,00,72,00,65,00,73,00,2e,00,64,00,6c,00,6c,00,3b,00,25,00,53,00,79,00,\ 73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,\ 00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,70,00,33,00,72,00,65,00,73,00,\ 2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Security\Security\ObjectNames] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Security\Security\ObjectNames] "Event"=dword:00001120 "EventPair"=dword:00001130 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Security\Security Account Manager] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Security\Security Account Manager\ObjectNames] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Security\Spooler] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Security\Spooler\ObjectNames] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System] ; Contents of value: ; WZCSVC ; Workstation ; Wmi ; WindowsMedia ; Windows Update Agent ; Windows Script Host ; Windows Installer 3.1 ; Windows Installer 3.0 ; Windows File Protection ; Win32k ; weitekp9_detect ; wdvga_detect ; W32Time ; VgaSave ; vaxscsi ; UPS ; ultra66 ; udfs ; TermService ; tdi ; TCPMon ; Tcpip ; sym_hi ; symc8xx ; symc810 ; StillImage ; Srv ; sptd ; sparrow ; sndblst ; Simbad ; sglfb ; sfloppy ; Service Control Manager ; Server ; serial ; scsiport ; Schedule ; Schannel ; SCardSvr ; Save Dump ; SAM ; s3legacy_detect ; rtl8139 ; RSVP ; Removable Storage Service ; RemoteAccess ; redbook ; Rdbss ; RasMan ; RasAuto ; qv_detect ; ql2100 ; ql1240 ; ql10wnt ; ql1080 ; Print ; PptpMiniport ; PolicyAgent ; pcmcia ; pciide ; pci ; parvdm ; parport ; parallel ; Outlook Express 6 ; OSPFMib ; OSPF ; nv ; null ; NtServicePack ; NTMS ; ntfs ; npfs ; Netlogon ; NetDDE ; NetBT ; NetBIOS ; NdisWan ; ndis ; ncrc710 ; Mup ; msfs ; msadlib ; MrxSmb ; mraid35x ; mouclass ; Modem ; mga_detect ; MDAC ; LsaSrv ; lp6nds35 ; LmHosts ; LDMS ; LDM ; lbrtfdc ; Kerberos ; kbdclass ; isapnp ; IPXSAP ; IPXRouterManager ; IPXRIP ; IPXCP ; ipsraidn ; IPSEC ; IPRouterManager ; IPRIP2 ; IPNATHLP ; IPBOOTP ; Internet Explorer 6 ; intelide ; ini910u ; Imagedrv ; i8042prt ; ftdisk ; fs_rec ; flpydisk ; flashpnt ; fireport ; Fips ; fdc ; fd16_700 ; fbxusb ; fastfat ; eventlog ; et4000_detect ; efs ; Dnscache ; Dnsapi ; dmio ; dmboot ; Distributed Link Tracking Client ; diskperf ; disk ; Dhcp ; DfsSvc ; DfsDriver ; deckzpsx ; DCOM ; dac960nt ; cpqfws2e ; cpqfcalm ; cpqarry2 ; cpqarray ; Clussvc ; cirrus_detect ; changer ; cdrom ; cdfs ; cdaudio ; cd20xrnt ; buslogic ; Browser ; BITS ; beep ; Atmarpc ; ati_detect ; atdisk ; atapi ; AsyncMac ; asc3550 ; asc3350p ; asc ; Application Popup ; amsint ; ami0nt ; Alerter ; aic78xx ; aic78u2 ; aic116x ; aha154x ; adpu160m ; acpiec ; acpi ; abp480n5 ; abiosdsk ; System ; "Sources"=hex(7):57,00,5a,00,43,00,53,00,56,00,43,00,00,00,57,00,6f,00,72,00,\ 6b,00,73,00,74,00,61,00,74,00,69,00,6f,00,6e,00,00,00,57,00,6d,00,69,00,00,\ 00,57,00,69,00,6e,00,64,00,6f,00,77,00,73,00,4d,00,65,00,64,00,69,00,61,00,\ 00,00,57,00,69,00,6e,00,64,00,6f,00,77,00,73,00,20,00,55,00,70,00,64,00,61,\ 00,74,00,65,00,20,00,41,00,67,00,65,00,6e,00,74,00,00,00,57,00,69,00,6e,00,\ 64,00,6f,00,77,00,73,00,20,00,53,00,63,00,72,00,69,00,70,00,74,00,20,00,48,\ 00,6f,00,73,00,74,00,00,00,57,00,69,00,6e,00,64,00,6f,00,77,00,73,00,20,00,\ 49,00,6e,00,73,00,74,00,61,00,6c,00,6c,00,65,00,72,00,20,00,33,00,2e,00,31,\ 00,00,00,57,00,69,00,6e,00,64,00,6f,00,77,00,73,00,20,00,49,00,6e,00,73,00,\ 74,00,61,00,6c,00,6c,00,65,00,72,00,20,00,33,00,2e,00,30,00,00,00,57,00,69,\ 00,6e,00,64,00,6f,00,77,00,73,00,20,00,46,00,69,00,6c,00,65,00,20,00,50,00,\ 72,00,6f,00,74,00,65,00,63,00,74,00,69,00,6f,00,6e,00,00,00,57,00,69,00,6e,\ 00,33,00,32,00,6b,00,00,00,77,00,65,00,69,00,74,00,65,00,6b,00,70,00,39,00,\ 5f,00,64,00,65,00,74,00,65,00,63,00,74,00,00,00,77,00,64,00,76,00,67,00,61,\ 00,5f,00,64,00,65,00,74,00,65,00,63,00,74,00,00,00,57,00,33,00,32,00,54,00,\ 69,00,6d,00,65,00,00,00,56,00,67,00,61,00,53,00,61,00,76,00,65,00,00,00,76,\ 00,61,00,78,00,73,00,63,00,73,00,69,00,00,00,55,00,50,00,53,00,00,00,75,00,\ 6c,00,74,00,72,00,61,00,36,00,36,00,00,00,75,00,64,00,66,00,73,00,00,00,54,\ 00,65,00,72,00,6d,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,00,00,74,00,\ 64,00,69,00,00,00,54,00,43,00,50,00,4d,00,6f,00,6e,00,00,00,54,00,63,00,70,\ 00,69,00,70,00,00,00,73,00,79,00,6d,00,5f,00,68,00,69,00,00,00,73,00,79,00,\ 6d,00,63,00,38,00,78,00,78,00,00,00,73,00,79,00,6d,00,63,00,38,00,31,00,30,\ 00,00,00,53,00,74,00,69,00,6c,00,6c,00,49,00,6d,00,61,00,67,00,65,00,00,00,\ 53,00,72,00,76,00,00,00,73,00,70,00,74,00,64,00,00,00,73,00,70,00,61,00,72,\ 00,72,00,6f,00,77,00,00,00,73,00,6e,00,64,00,62,00,6c,00,73,00,74,00,00,00,\ 53,00,69,00,6d,00,62,00,61,00,64,00,00,00,73,00,67,00,6c,00,66,00,62,00,00,\ 00,73,00,66,00,6c,00,6f,00,70,00,70,00,79,00,00,00,53,00,65,00,72,00,76,00,\ 69,00,63,00,65,00,20,00,43,00,6f,00,6e,00,74,00,72,00,6f,00,6c,00,20,00,4d,\ 00,61,00,6e,00,61,00,67,00,65,00,72,00,00,00,53,00,65,00,72,00,76,00,65,00,\ 72,00,00,00,73,00,65,00,72,00,69,00,61,00,6c,00,00,00,73,00,63,00,73,00,69,\ 00,70,00,6f,00,72,00,74,00,00,00,53,00,63,00,68,00,65,00,64,00,75,00,6c,00,\ 65,00,00,00,53,00,63,00,68,00,61,00,6e,00,6e,00,65,00,6c,00,00,00,53,00,43,\ 00,61,00,72,00,64,00,53,00,76,00,72,00,00,00,53,00,61,00,76,00,65,00,20,00,\ 44,00,75,00,6d,00,70,00,00,00,53,00,41,00,4d,00,00,00,73,00,33,00,6c,00,65,\ 00,67,00,61,00,63,00,79,00,5f,00,64,00,65,00,74,00,65,00,63,00,74,00,00,00,\ 72,00,74,00,6c,00,38,00,31,00,33,00,39,00,00,00,52,00,53,00,56,00,50,00,00,\ 00,52,00,65,00,6d,00,6f,00,76,00,61,00,62,00,6c,00,65,00,20,00,53,00,74,00,\ 6f,00,72,00,61,00,67,00,65,00,20,00,53,00,65,00,72,00,76,00,69,00,63,00,65,\ 00,00,00,52,00,65,00,6d,00,6f,00,74,00,65,00,41,00,63,00,63,00,65,00,73,00,\ 73,00,00,00,72,00,65,00,64,00,62,00,6f,00,6f,00,6b,00,00,00,52,00,64,00,62,\ 00,73,00,73,00,00,00,52,00,61,00,73,00,4d,00,61,00,6e,00,00,00,52,00,61,00,\ 73,00,41,00,75,00,74,00,6f,00,00,00,71,00,76,00,5f,00,64,00,65,00,74,00,65,\ 00,63,00,74,00,00,00,71,00,6c,00,32,00,31,00,30,00,30,00,00,00,71,00,6c,00,\ 31,00,32,00,34,00,30,00,00,00,71,00,6c,00,31,00,30,00,77,00,6e,00,74,00,00,\ 00,71,00,6c,00,31,00,30,00,38,00,30,00,00,00,50,00,72,00,69,00,6e,00,74,00,\ 00,00,50,00,70,00,74,00,70,00,4d,00,69,00,6e,00,69,00,70,00,6f,00,72,00,74,\ 00,00,00,50,00,6f,00,6c,00,69,00,63,00,79,00,41,00,67,00,65,00,6e,00,74,00,\ 00,00,70,00,63,00,6d,00,63,00,69,00,61,00,00,00,70,00,63,00,69,00,69,00,64,\ 00,65,00,00,00,70,00,63,00,69,00,00,00,70,00,61,00,72,00,76,00,64,00,6d,00,\ 00,00,70,00,61,00,72,00,70,00,6f,00,72,00,74,00,00,00,70,00,61,00,72,00,61,\ 00,6c,00,6c,00,65,00,6c,00,00,00,4f,00,75,00,74,00,6c,00,6f,00,6f,00,6b,00,\ 20,00,45,00,78,00,70,00,72,00,65,00,73,00,73,00,20,00,36,00,00,00,4f,00,53,\ 00,50,00,46,00,4d,00,69,00,62,00,00,00,4f,00,53,00,50,00,46,00,00,00,6e,00,\ 76,00,00,00,6e,00,75,00,6c,00,6c,00,00,00,4e,00,74,00,53,00,65,00,72,00,76,\ 00,69,00,63,00,65,00,50,00,61,00,63,00,6b,00,00,00,4e,00,54,00,4d,00,53,00,\ 00,00,6e,00,74,00,66,00,73,00,00,00,6e,00,70,00,66,00,73,00,00,00,4e,00,65,\ 00,74,00,6c,00,6f,00,67,00,6f,00,6e,00,00,00,4e,00,65,00,74,00,44,00,44,00,\ 45,00,00,00,4e,00,65,00,74,00,42,00,54,00,00,00,4e,00,65,00,74,00,42,00,49,\ 00,4f,00,53,00,00,00,4e,00,64,00,69,00,73,00,57,00,61,00,6e,00,00,00,6e,00,\ 64,00,69,00,73,00,00,00,6e,00,63,00,72,00,63,00,37,00,31,00,30,00,00,00,4d,\ 00,75,00,70,00,00,00,6d,00,73,00,66,00,73,00,00,00,6d,00,73,00,61,00,64,00,\ 6c,00,69,00,62,00,00,00,4d,00,72,00,78,00,53,00,6d,00,62,00,00,00,6d,00,72,\ 00,61,00,69,00,64,00,33,00,35,00,78,00,00,00,6d,00,6f,00,75,00,63,00,6c,00,\ 61,00,73,00,73,00,00,00,4d,00,6f,00,64,00,65,00,6d,00,00,00,6d,00,67,00,61,\ 00,5f,00,64,00,65,00,74,00,65,00,63,00,74,00,00,00,4d,00,44,00,41,00,43,00,\ 00,00,4c,00,73,00,61,00,53,00,72,00,76,00,00,00,6c,00,70,00,36,00,6e,00,64,\ 00,73,00,33,00,35,00,00,00,4c,00,6d,00,48,00,6f,00,73,00,74,00,73,00,00,00,\ 4c,00,44,00,4d,00,53,00,00,00,4c,00,44,00,4d,00,00,00,6c,00,62,00,72,00,74,\ 00,66,00,64,00,63,00,00,00,4b,00,65,00,72,00,62,00,65,00,72,00,6f,00,73,00,\ 00,00,6b,00,62,00,64,00,63,00,6c,00,61,00,73,00,73,00,00,00,69,00,73,00,61,\ 00,70,00,6e,00,70,00,00,00,49,00,50,00,58,00,53,00,41,00,50,00,00,00,49,00,\ 50,00,58,00,52,00,6f,00,75,00,74,00,65,00,72,00,4d,00,61,00,6e,00,61,00,67,\ 00,65,00,72,00,00,00,49,00,50,00,58,00,52,00,49,00,50,00,00,00,49,00,50,00,\ 58,00,43,00,50,00,00,00,69,00,70,00,73,00,72,00,61,00,69,00,64,00,6e,00,00,\ 00,49,00,50,00,53,00,45,00,43,00,00,00,49,00,50,00,52,00,6f,00,75,00,74,00,\ 65,00,72,00,4d,00,61,00,6e,00,61,00,67,00,65,00,72,00,00,00,49,00,50,00,52,\ 00,49,00,50,00,32,00,00,00,49,00,50,00,4e,00,41,00,54,00,48,00,4c,00,50,00,\ 00,00,49,00,50,00,42,00,4f,00,4f,00,54,00,50,00,00,00,49,00,6e,00,74,00,65,\ 00,72,00,6e,00,65,00,74,00,20,00,45,00,78,00,70,00,6c,00,6f,00,72,00,65,00,\ 72,00,20,00,36,00,00,00,69,00,6e,00,74,00,65,00,6c,00,69,00,64,00,65,00,00,\ 00,69,00,6e,00,69,00,39,00,31,00,30,00,75,00,00,00,49,00,6d,00,61,00,67,00,\ 65,00,64,00,72,00,76,00,00,00,69,00,38,00,30,00,34,00,32,00,70,00,72,00,74,\ 00,00,00,66,00,74,00,64,00,69,00,73,00,6b,00,00,00,66,00,73,00,5f,00,72,00,\ 65,00,63,00,00,00,66,00,6c,00,70,00,79,00,64,00,69,00,73,00,6b,00,00,00,66,\ 00,6c,00,61,00,73,00,68,00,70,00,6e,00,74,00,00,00,66,00,69,00,72,00,65,00,\ 70,00,6f,00,72,00,74,00,00,00,46,00,69,00,70,00,73,00,00,00,66,00,64,00,63,\ 00,00,00,66,00,64,00,31,00,36,00,5f,00,37,00,30,00,30,00,00,00,66,00,62,00,\ 78,00,75,00,73,00,62,00,00,00,66,00,61,00,73,00,74,00,66,00,61,00,74,00,00,\ 00,65,00,76,00,65,00,6e,00,74,00,6c,00,6f,00,67,00,00,00,65,00,74,00,34,00,\ 30,00,30,00,30,00,5f,00,64,00,65,00,74,00,65,00,63,00,74,00,00,00,65,00,66,\ 00,73,00,00,00,44,00,6e,00,73,00,63,00,61,00,63,00,68,00,65,00,00,00,44,00,\ 6e,00,73,00,61,00,70,00,69,00,00,00,64,00,6d,00,69,00,6f,00,00,00,64,00,6d,\ 00,62,00,6f,00,6f,00,74,00,00,00,44,00,69,00,73,00,74,00,72,00,69,00,62,00,\ 75,00,74,00,65,00,64,00,20,00,4c,00,69,00,6e,00,6b,00,20,00,54,00,72,00,61,\ 00,63,00,6b,00,69,00,6e,00,67,00,20,00,43,00,6c,00,69,00,65,00,6e,00,74,00,\ 00,00,64,00,69,00,73,00,6b,00,70,00,65,00,72,00,66,00,00,00,64,00,69,00,73,\ 00,6b,00,00,00,44,00,68,00,63,00,70,00,00,00,44,00,66,00,73,00,53,00,76,00,\ 63,00,00,00,44,00,66,00,73,00,44,00,72,00,69,00,76,00,65,00,72,00,00,00,64,\ 00,65,00,63,00,6b,00,7a,00,70,00,73,00,78,00,00,00,44,00,43,00,4f,00,4d,00,\ 00,00,64,00,61,00,63,00,39,00,36,00,30,00,6e,00,74,00,00,00,63,00,70,00,71,\ 00,66,00,77,00,73,00,32,00,65,00,00,00,63,00,70,00,71,00,66,00,63,00,61,00,\ 6c,00,6d,00,00,00,63,00,70,00,71,00,61,00,72,00,72,00,79,00,32,00,00,00,63,\ 00,70,00,71,00,61,00,72,00,72,00,61,00,79,00,00,00,43,00,6c,00,75,00,73,00,\ 73,00,76,00,63,00,00,00,63,00,69,00,72,00,72,00,75,00,73,00,5f,00,64,00,65,\ 00,74,00,65,00,63,00,74,00,00,00,63,00,68,00,61,00,6e,00,67,00,65,00,72,00,\ 00,00,63,00,64,00,72,00,6f,00,6d,00,00,00,63,00,64,00,66,00,73,00,00,00,63,\ 00,64,00,61,00,75,00,64,00,69,00,6f,00,00,00,63,00,64,00,32,00,30,00,78,00,\ 72,00,6e,00,74,00,00,00,62,00,75,00,73,00,6c,00,6f,00,67,00,69,00,63,00,00,\ 00,42,00,72,00,6f,00,77,00,73,00,65,00,72,00,00,00,42,00,49,00,54,00,53,00,\ 00,00,62,00,65,00,65,00,70,00,00,00,41,00,74,00,6d,00,61,00,72,00,70,00,63,\ 00,00,00,61,00,74,00,69,00,5f,00,64,00,65,00,74,00,65,00,63,00,74,00,00,00,\ 61,00,74,00,64,00,69,00,73,00,6b,00,00,00,61,00,74,00,61,00,70,00,69,00,00,\ 00,41,00,73,00,79,00,6e,00,63,00,4d,00,61,00,63,00,00,00,61,00,73,00,63,00,\ 33,00,35,00,35,00,30,00,00,00,61,00,73,00,63,00,33,00,33,00,35,00,30,00,70,\ 00,00,00,61,00,73,00,63,00,00,00,41,00,70,00,70,00,6c,00,69,00,63,00,61,00,\ 74,00,69,00,6f,00,6e,00,20,00,50,00,6f,00,70,00,75,00,70,00,00,00,61,00,6d,\ 00,73,00,69,00,6e,00,74,00,00,00,61,00,6d,00,69,00,30,00,6e,00,74,00,00,00,\ 41,00,6c,00,65,00,72,00,74,00,65,00,72,00,00,00,61,00,69,00,63,00,37,00,38,\ 00,78,00,78,00,00,00,61,00,69,00,63,00,37,00,38,00,75,00,32,00,00,00,61,00,\ 69,00,63,00,31,00,31,00,36,00,78,00,00,00,61,00,68,00,61,00,31,00,35,00,34,\ 00,78,00,00,00,61,00,64,00,70,00,75,00,31,00,36,00,30,00,6d,00,00,00,61,00,\ 63,00,70,00,69,00,65,00,63,00,00,00,61,00,63,00,70,00,69,00,00,00,61,00,62,\ 00,70,00,34,00,38,00,30,00,6e,00,35,00,00,00,61,00,62,00,69,00,6f,00,73,00,\ 64,00,73,00,6b,00,00,00,53,00,79,00,73,00,74,00,65,00,6d,00,00,00,00,00 "EventMessageFile"="%systemroot%\\system32\\stisvc.exe" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\abiosdsk] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\abiosdsk] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\abp480n5] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\abp480n5] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\acpi] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\acpi] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\Drivers\acpi.sys "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,3b,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,\ 25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,72,\ 00,69,00,76,00,65,00,72,00,73,00,5c,00,61,00,63,00,70,00,69,00,2e,00,73,00,\ 79,00,73,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\acpiec] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\acpiec] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\Drivers\acpiec.sys "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,3b,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,\ 25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,72,\ 00,69,00,76,00,65,00,72,00,73,00,5c,00,61,00,63,00,70,00,69,00,65,00,63,00,\ 2e,00,73,00,79,00,73,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\adpu160m] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\adpu160m] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\aha154x] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\aha154x] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\aic116x] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\aic116x] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\aic78u2] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\aic78u2] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\aic78xx] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\aic78xx] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\Alerter] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\Alerter] ; Contents of value: ; %SystemRoot%\System32\netmsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,6e,00,65,00,74,00,6d,00,73,00,67,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\ami0nt] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\ami0nt] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\amsint] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\amsint] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\Application Popup] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\Application Popup] ; Contents of value: ; %SystemRoot%\System32\ntdll.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,6e,00,74,00,64,00,6c,00,6c,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\asc] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\asc] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\asc3350p] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\asc3350p] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\asc3550] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\asc3550] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\AsyncMac] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\AsyncMac] ; Contents of value: ; %SystemRoot%\System32\mprmsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,6d,00,70,00,72,00,6d,00,73,00,67,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\atapi] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\atapi] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\atdisk] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\atdisk] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\ati_detect] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\ati_detect] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\ati_det.sys "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,3b,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,\ 25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,64,00,72,\ 00,69,00,76,00,65,00,72,00,73,00,5c,00,61,00,74,00,69,00,5f,00,64,00,65,00,\ 74,00,2e,00,73,00,79,00,73,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\Atmarpc] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\Atmarpc] ; Contents of value: ; %SystemRoot%\System32\netevent.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,6e,00,65,00,74,00,65,00,76,00,65,00,6e,00,74,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\beep] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\beep] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\BITS] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\BITS] ; Contents of value: ; %systemroot%\system32\xpob2res.dll "EventMessageFile"=hex(2):25,00,73,00,79,00,73,00,74,00,65,00,6d,00,72,00,6f,\ 00,6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,78,00,70,00,6f,00,62,00,32,00,72,00,65,00,73,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\Browser] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\Browser] ; Contents of value: ; %SystemRoot%\System32\netevent.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,6e,00,65,00,74,00,65,00,76,00,65,00,6e,00,74,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\buslogic] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\buslogic] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\cd20xrnt] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\cd20xrnt] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\cdaudio] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\cdaudio] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\cdfs] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\cdfs] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\cdrom] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\cdrom] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\changer] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\changer] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\cirrus_detect] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\cirrus_detect] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\cirrus_det.sys "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,3b,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,\ 25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,64,00,72,\ 00,69,00,76,00,65,00,72,00,73,00,5c,00,63,00,69,00,72,00,72,00,75,00,73,00,\ 5f,00,64,00,65,00,74,00,2e,00,73,00,79,00,73,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\Clussvc] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\Clussvc] ; Contents of value: ; %systemroot%\cluster\clussvc.exe;%SystemRoot%\System32\sp3res.dll "EventMessageFile"=hex(2):25,00,73,00,79,00,73,00,74,00,65,00,6d,00,72,00,6f,\ 00,6f,00,74,00,25,00,5c,00,63,00,6c,00,75,00,73,00,74,00,65,00,72,00,5c,00,\ 63,00,6c,00,75,00,73,00,73,00,76,00,63,00,2e,00,65,00,78,00,65,00,3b,00,25,\ 00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,00,\ 53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,70,00,33,00,72,\ 00,65,00,73,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\cpqarray] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\cpqarray] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\cpqarry2] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\cpqarry2] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\cpqfcalm] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\cpqfcalm] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\cpqfws2e] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\cpqfws2e] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\dac960nt] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\dac960nt] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\DCOM] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\DCOM] ; Contents of value: ; %SystemRoot%\System32\netevent.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,6e,00,65,00,74,00,65,00,76,00,65,00,6e,00,74,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\deckzpsx] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\deckzpsx] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\DfsDriver] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\DfsDriver] ; Contents of value: ; %SystemRoot%\System32\netevent.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,6e,00,65,00,74,00,65,00,76,00,65,00,6e,00,74,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\DfsSvc] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\DfsSvc] ; Contents of value: ; %SystemRoot%\System32\netevent.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,6e,00,65,00,74,00,65,00,76,00,65,00,6e,00,74,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\Dhcp] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\Dhcp] ; Contents of value: ; %SystemRoot%\System32\dhcpcsvc.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,64,00,68,00,63,00,70,00,63,00,73,00,76,00,63,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\disk] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\disk] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\diskperf] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\diskperf] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\Distributed Link Tracking Client] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\Distributed Link Tracking Client] ; Contents of value: ; %SystemRoot%\System32\netevent.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,6e,00,65,00,74,00,65,00,76,00,65,00,6e,00,74,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\dmboot] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\dmboot] ; Contents of value: ; %SystemRoot%\System32\Drivers\dmboot.sys;%SystemRoot%\System32\sp2res.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,44,00,72,00,69,00,76,00,65,00,72,00,73,00,5c,00,64,00,6d,00,62,00,6f,\ 00,6f,00,74,00,2e,00,73,00,79,00,73,00,3b,00,25,00,53,00,79,00,73,00,74,00,\ 65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,\ 00,6d,00,33,00,32,00,5c,00,73,00,70,00,32,00,72,00,65,00,73,00,2e,00,64,00,\ 6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\dmio] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\dmio] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\Drivers\dmio.sys "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,3b,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,\ 25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,72,\ 00,69,00,76,00,65,00,72,00,73,00,5c,00,64,00,6d,00,69,00,6f,00,2e,00,73,00,\ 79,00,73,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\Dnsapi] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\Dnsapi] ; Contents of value: ; %SystemRoot%\System32\netevent.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,6e,00,65,00,74,00,65,00,76,00,65,00,6e,00,74,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\Dnscache] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\Dnscache] ; Contents of value: ; %SystemRoot%\System32\netevent.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,6e,00,65,00,74,00,65,00,76,00,65,00,6e,00,74,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\efs] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\efs] ; Contents of value: ; %SystemRoot%\System32\lsasrv.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,6c,00,73,00,61,00,73,00,72,00,76,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\et4000_detect] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\et4000_detect] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\et4000_det.sys "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,3b,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,\ 25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,64,00,72,\ 00,69,00,76,00,65,00,72,00,73,00,5c,00,65,00,74,00,34,00,30,00,30,00,30,00,\ 5f,00,64,00,65,00,74,00,2e,00,73,00,79,00,73,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\eventlog] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\eventlog] ; Contents of value: ; %SystemRoot%\System32\netevent.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,6e,00,65,00,74,00,65,00,76,00,65,00,6e,00,74,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\fastfat] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\fastfat] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\fbxusb] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\fbxusb] ; Contents of value: ; %SystemRoot%\System32\netevent.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,6e,00,65,00,74,00,65,00,76,00,65,00,6e,00,74,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\fd16_700] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\fd16_700] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\fdc] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\fdc] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\Drivers\fdc.sys "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,3b,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,\ 25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,72,\ 00,69,00,76,00,65,00,72,00,73,00,5c,00,66,00,64,00,63,00,2e,00,73,00,79,00,\ 73,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\Fips] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\Fips] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\Drivers\fips.sys "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,3b,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,\ 25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,72,\ 00,69,00,76,00,65,00,72,00,73,00,5c,00,66,00,69,00,70,00,73,00,2e,00,73,00,\ 79,00,73,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\fireport] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\fireport] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\flashpnt] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\flashpnt] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\flpydisk] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\flpydisk] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\Drivers\flpydisk.sys "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,3b,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,\ 25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,72,\ 00,69,00,76,00,65,00,72,00,73,00,5c,00,66,00,6c,00,70,00,79,00,64,00,69,00,\ 73,00,6b,00,2e,00,73,00,79,00,73,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\fs_rec] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\fs_rec] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\ftdisk] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\ftdisk] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\Drivers\FtDisk.sys "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,3b,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,\ 25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,72,\ 00,69,00,76,00,65,00,72,00,73,00,5c,00,46,00,74,00,44,00,69,00,73,00,6b,00,\ 2e,00,73,00,79,00,73,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\i8042prt] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\i8042prt] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\i8042prt.sys "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,3b,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,\ 25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,64,00,72,\ 00,69,00,76,00,65,00,72,00,73,00,5c,00,69,00,38,00,30,00,34,00,32,00,70,00,\ 72,00,74,00,2e,00,73,00,79,00,73,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\Imagedrv] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\Imagedrv] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\ini910u] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\ini910u] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\intelide] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\intelide] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\Drivers\IntelIde.sys "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,3b,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,\ 25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,72,\ 00,69,00,76,00,65,00,72,00,73,00,5c,00,49,00,6e,00,74,00,65,00,6c,00,49,00,\ 64,00,65,00,2e,00,73,00,79,00,73,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\Internet Explorer 6] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\Internet Explorer 6] ; Contents of value: ; %SystemRoot%\System32\spmsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,73,00,70,00,6d,00,73,00,67,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\IPBOOTP] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\IPBOOTP] ; Contents of value: ; %SystemRoot%\System32\ipbootp.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,69,00,70,00,62,00,6f,00,6f,00,74,00,70,00,2e,00,64,00,6c,00,6c,00,00,\ 00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\IPNATHLP] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\IPNATHLP] ; Contents of value: ; %SystemRoot%\System32\ipnathlp.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,69,00,70,00,6e,00,61,00,74,00,68,00,6c,00,70,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\IPRIP2] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\IPRIP2] ; Contents of value: ; %SystemRoot%\System32\iprip2.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,69,00,70,00,72,00,69,00,70,00,32,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\IPRouterManager] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\IPRouterManager] ; Contents of value: ; %SystemRoot%\System32\mprmsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,6d,00,70,00,72,00,6d,00,73,00,67,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\IPSEC] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\IPSEC] ; Contents of value: ; %SystemRoot%\System32\netevent.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,6e,00,65,00,74,00,65,00,76,00,65,00,6e,00,74,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\ipsraidn] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\ipsraidn] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\IPXCP] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\IPXCP] ; Contents of value: ; %SystemRoot%\System32\mprmsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,6d,00,70,00,72,00,6d,00,73,00,67,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\IPXRIP] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\IPXRIP] ; Contents of value: ; %SystemRoot%\System32\mprmsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,6d,00,70,00,72,00,6d,00,73,00,67,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\IPXRouterManager] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\IPXRouterManager] ; Contents of value: ; %SystemRoot%\System32\mprmsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,6d,00,70,00,72,00,6d,00,73,00,67,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\IPXSAP] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\IPXSAP] ; Contents of value: ; %SystemRoot%\System32\mprmsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,6d,00,70,00,72,00,6d,00,73,00,67,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\isapnp] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\isapnp] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\isapnp.sys "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,3b,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,\ 25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,64,00,72,\ 00,69,00,76,00,65,00,72,00,73,00,5c,00,69,00,73,00,61,00,70,00,6e,00,70,00,\ 2e,00,73,00,79,00,73,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\kbdclass] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\kbdclass] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\kbdclass.sys "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,3b,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,\ 25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,64,00,72,\ 00,69,00,76,00,65,00,72,00,73,00,5c,00,6b,00,62,00,64,00,63,00,6c,00,61,00,\ 73,00,73,00,2e,00,73,00,79,00,73,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\Kerberos] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\Kerberos] ; Contents of value: ; %SystemRoot%\System32\kerberos.dll;%SystemRoot%\System32\sp3res.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,6b,00,65,00,72,00,62,00,65,00,72,00,6f,00,73,00,2e,00,64,00,6c,00,6c,\ 00,3b,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,\ 25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,70,\ 00,33,00,72,00,65,00,73,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\lbrtfdc] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\lbrtfdc] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\Drivers\lbrtfdc.sys "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,3b,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,\ 25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,72,\ 00,69,00,76,00,65,00,72,00,73,00,5c,00,6c,00,62,00,72,00,74,00,66,00,64,00,\ 63,00,2e,00,73,00,79,00,73,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\LDM] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\LDM] ; Contents of value: ; %SystemRoot%\System32\dmadmin.exe "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,64,00,6d,00,61,00,64,00,6d,00,69,00,6e,00,2e,00,65,00,78,00,65,00,00,\ 00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\LDMS] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\LDMS] ; Contents of value: ; %SystemRoot%\System32\dmserver.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,64,00,6d,00,73,00,65,00,72,00,76,00,65,00,72,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\LmHosts] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\LmHosts] ; Contents of value: ; %SystemRoot%\System32\netevent.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,6e,00,65,00,74,00,65,00,76,00,65,00,6e,00,74,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\lp6nds35] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\lp6nds35] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\LsaSrv] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\LsaSrv] ; Contents of value: ; %SystemRoot%\System32\lsasrv.dll;%SystemRoot%\System32\sp3res.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,6c,00,73,00,61,00,73,00,72,00,76,00,2e,00,64,00,6c,00,6c,00,3b,00,25,\ 00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,00,\ 53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,70,00,33,00,72,\ 00,65,00,73,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\MDAC] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\MDAC] ; Contents of value: ; %SystemRoot%\System32\spmsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,73,00,70,00,6d,00,73,00,67,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\mga_detect] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\mga_detect] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\mga_det.sys "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,3b,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,\ 25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,64,00,72,\ 00,69,00,76,00,65,00,72,00,73,00,5c,00,6d,00,67,00,61,00,5f,00,64,00,65,00,\ 74,00,2e,00,73,00,79,00,73,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\Modem] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\Modem] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\Drivers\Modem.sys "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,3b,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,\ 25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,72,\ 00,69,00,76,00,65,00,72,00,73,00,5c,00,4d,00,6f,00,64,00,65,00,6d,00,2e,00,\ 73,00,79,00,73,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\mouclass] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\mouclass] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\mouclass.sys "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,3b,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,\ 25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,64,00,72,\ 00,69,00,76,00,65,00,72,00,73,00,5c,00,6d,00,6f,00,75,00,63,00,6c,00,61,00,\ 73,00,73,00,2e,00,73,00,79,00,73,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\mraid35x] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\mraid35x] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\MrxSmb] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\MrxSmb] ; Contents of value: ; %SystemRoot%\System32\netevent.dll;%SystemRoot%\System32\iologmsg.dll;%SystemRoot%\System32\sp3res.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,6e,00,65,00,74,00,65,00,76,00,65,00,6e,00,74,00,2e,00,64,00,6c,00,6c,\ 00,3b,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,\ 25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,69,00,6f,\ 00,6c,00,6f,00,67,00,6d,00,73,00,67,00,2e,00,64,00,6c,00,6c,00,3b,00,25,00,\ 53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,00,53,\ 00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,70,00,33,00,72,00,\ 65,00,73,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\msadlib] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\msadlib] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\msfs] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\msfs] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\Mup] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\Mup] ; Contents of value: ; %SystemRoot%\System32\netevent.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,6e,00,65,00,74,00,65,00,76,00,65,00,6e,00,74,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\ncrc710] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\ncrc710] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\ndis] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\ndis] ; Contents of value: ; %SystemRoot%\System32\netevent.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,6e,00,65,00,74,00,65,00,76,00,65,00,6e,00,74,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\NdisWan] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\NdisWan] ; Contents of value: ; %SystemRoot%\System32\mprmsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,6d,00,70,00,72,00,6d,00,73,00,67,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\NetBIOS] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\NetBIOS] ; Contents of value: ; %SystemRoot%\System32\iologmsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,69,00,6f,00,6c,00,6f,00,67,00,6d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\NetBT] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\NetBT] ; Contents of value: ; %SystemRoot%\System32\netevent.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,6e,00,65,00,74,00,65,00,76,00,65,00,6e,00,74,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\NetDDE] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\NetDDE] ; Contents of value: ; %SystemRoot%\System32\netdde.exe "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,6e,00,65,00,74,00,64,00,64,00,65,00,2e,00,65,00,78,00,65,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\Netlogon] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\Netlogon] ; Contents of value: ; %SystemRoot%\System32\netmsg.dll;%SystemRoot%\System32\sp3res.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,6e,00,65,00,74,00,6d,00,73,00,67,00,2e,00,64,00,6c,00,6c,00,3b,00,25,\ 00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,00,\ 53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,70,00,33,00,72,\ 00,65,00,73,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\npfs] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\npfs] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\ntfs] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\ntfs] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\NTMS] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\NTMS] ; Contents of value: ; %SystemRoot%\system32\NtmsEvt.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,4e,00,74,00,6d,00,73,00,45,00,76,00,74,00,2e,00,64,00,6c,00,6c,00,00,\ 00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\NtServicePack] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\NtServicePack] ; Contents of value: ; %SystemRoot%\System32\spmsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,73,00,70,00,6d,00,73,00,67,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\null] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\null] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\nv] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\nv] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\nv4_mini.sys "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,3b,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,\ 25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,64,00,72,\ 00,69,00,76,00,65,00,72,00,73,00,5c,00,6e,00,76,00,34,00,5f,00,6d,00,69,00,\ 6e,00,69,00,2e,00,73,00,79,00,73,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\OSPF] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\OSPF] ; Contents of value: ; %SystemRoot%\System32\ospf.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,6f,00,73,00,70,00,66,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\OSPFMib] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\OSPFMib] ; Contents of value: ; %SystemRoot%\System32\ospfmib.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,6f,00,73,00,70,00,66,00,6d,00,69,00,62,00,2e,00,64,00,6c,00,6c,00,00,\ 00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\Outlook Express 6] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\Outlook Express 6] ; Contents of value: ; %SystemRoot%\System32\spmsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,73,00,70,00,6d,00,73,00,67,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\parallel] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\parallel] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\parallel.sys "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,3b,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,\ 25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,64,00,72,\ 00,69,00,76,00,65,00,72,00,73,00,5c,00,70,00,61,00,72,00,61,00,6c,00,6c,00,\ 65,00,6c,00,2e,00,73,00,79,00,73,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\parport] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\parport] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\parport.sys "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,3b,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,\ 25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,64,00,72,\ 00,69,00,76,00,65,00,72,00,73,00,5c,00,70,00,61,00,72,00,70,00,6f,00,72,00,\ 74,00,2e,00,73,00,79,00,73,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\parvdm] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\parvdm] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\Drivers\ParVdm.sys "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,3b,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,\ 25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,72,\ 00,69,00,76,00,65,00,72,00,73,00,5c,00,50,00,61,00,72,00,56,00,64,00,6d,00,\ 2e,00,73,00,79,00,73,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\pci] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\pci] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\Drivers\Pci.sys "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,3b,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,\ 25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,72,\ 00,69,00,76,00,65,00,72,00,73,00,5c,00,50,00,63,00,69,00,2e,00,73,00,79,00,\ 73,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\pciide] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\pciide] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\Drivers\PciIde.sys "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,3b,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,\ 25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,72,\ 00,69,00,76,00,65,00,72,00,73,00,5c,00,50,00,63,00,69,00,49,00,64,00,65,00,\ 2e,00,73,00,79,00,73,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\pcmcia] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\pcmcia] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\Drivers\Pcmcia.sys "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,3b,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,\ 25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,72,\ 00,69,00,76,00,65,00,72,00,73,00,5c,00,50,00,63,00,6d,00,63,00,69,00,61,00,\ 2e,00,73,00,79,00,73,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\PolicyAgent] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\PolicyAgent] ; Contents of value: ; %SystemRoot%\System32\polagent.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,70,00,6f,00,6c,00,61,00,67,00,65,00,6e,00,74,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\PptpMiniport] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\PptpMiniport] ; Contents of value: ; %SystemRoot%\System32\netevent.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,6e,00,65,00,74,00,65,00,76,00,65,00,6e,00,74,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\Print] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\Print] ; Contents of value: ; %SystemRoot%\System32\LocalSpl.dll;%SystemRoot%\System32\sp3res.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,4c,00,6f,00,63,00,61,00,6c,00,53,00,70,00,6c,00,2e,00,64,00,6c,00,6c,\ 00,3b,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,\ 25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,70,\ 00,33,00,72,00,65,00,73,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\ql1080] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\ql1080] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\ql10wnt] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\ql10wnt] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\ql1240] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\ql1240] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\ql2100] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\ql2100] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\qv_detect] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\qv_detect] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\qv_det.sys "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,3b,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,\ 25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,64,00,72,\ 00,69,00,76,00,65,00,72,00,73,00,5c,00,71,00,76,00,5f,00,64,00,65,00,74,00,\ 2e,00,73,00,79,00,73,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\RasAuto] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\RasAuto] ; Contents of value: ; %SystemRoot%\System32\mprmsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,6d,00,70,00,72,00,6d,00,73,00,67,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\RasMan] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\RasMan] ; Contents of value: ; %SystemRoot%\System32\mprmsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,6d,00,70,00,72,00,6d,00,73,00,67,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\Rdbss] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\Rdbss] ; Contents of value: ; %SystemRoot%\System32\netevent.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,6e,00,65,00,74,00,65,00,76,00,65,00,6e,00,74,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\redbook] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\redbook] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\redbook.sys "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,3b,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,\ 25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,64,00,72,\ 00,69,00,76,00,65,00,72,00,73,00,5c,00,72,00,65,00,64,00,62,00,6f,00,6f,00,\ 6b,00,2e,00,73,00,79,00,73,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\RemoteAccess] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\RemoteAccess] ; Contents of value: ; %SystemRoot%\System32\mprmsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,6d,00,70,00,72,00,6d,00,73,00,67,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\Removable Storage Service] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\Removable Storage Service] ; Contents of value: ; %SystemRoot%\System32\NTMSEVT.DLL "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,4e,00,54,00,4d,00,53,00,45,00,56,00,54,00,2e,00,44,00,4c,00,4c,00,00,\ 00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\RSVP] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\RSVP] ; Contents of value: ; %SystemRoot%\System32\rsvpmsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,72,00,73,00,76,00,70,00,6d,00,73,00,67,00,2e,00,64,00,6c,00,6c,00,00,\ 00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\rtl8139] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\rtl8139] ; Contents of value: ; %SystemRoot%\System32\netevent.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,6e,00,65,00,74,00,65,00,76,00,65,00,6e,00,74,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\s3legacy_detect] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\s3legacy_detect] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\s3legacy_det.sys "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,3b,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,\ 25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,64,00,72,\ 00,69,00,76,00,65,00,72,00,73,00,5c,00,73,00,33,00,6c,00,65,00,67,00,61,00,\ 63,00,79,00,5f,00,64,00,65,00,74,00,2e,00,73,00,79,00,73,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\SAM] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\SAM] ; Contents of value: ; %SystemRoot%\System32\samsrv.dll;%SystemRoot%\System32\sp3res.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,73,00,61,00,6d,00,73,00,72,00,76,00,2e,00,64,00,6c,00,6c,00,3b,00,25,\ 00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,00,\ 53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,70,00,33,00,72,\ 00,65,00,73,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\Save Dump] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\Save Dump] ; Contents of value: ; %SystemRoot%\System32\SaveDump.exe "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,53,00,61,00,76,00,65,00,44,00,75,00,6d,00,70,00,2e,00,65,00,78,00,65,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\SCardSvr] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\SCardSvr] ; Contents of value: ; %SystemRoot%\System32\SCardSvr.exe "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,53,00,43,00,61,00,72,00,64,00,53,00,76,00,72,00,2e,00,65,00,78,00,65,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\Schannel] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\Schannel] ; Contents of value: ; %SystemRoot%\system32\lsasrv.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,6c,00,73,00,61,00,73,00,72,00,76,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\Schedule] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\Schedule] ; Contents of value: ; %SystemRoot%\System32\netevent.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,6e,00,65,00,74,00,65,00,76,00,65,00,6e,00,74,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\scsiport] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\scsiport] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\serial] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\serial] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\serial.sys "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,3b,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,\ 25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,64,00,72,\ 00,69,00,76,00,65,00,72,00,73,00,5c,00,73,00,65,00,72,00,69,00,61,00,6c,00,\ 2e,00,73,00,79,00,73,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\Server] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\Server] ; Contents of value: ; %SystemRoot%\System32\netevent.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,6e,00,65,00,74,00,65,00,76,00,65,00,6e,00,74,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\Service Control Manager] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\Service Control Manager] ; Contents of value: ; %systemroot%\system32\netevent.dll;%systemroot%\system32\sp3res.dll "EventMessageFile"=hex(2):25,00,73,00,79,00,73,00,74,00,65,00,6d,00,72,00,6f,\ 00,6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,6e,00,65,00,74,00,65,00,76,00,65,00,6e,00,74,00,2e,00,64,00,6c,00,6c,\ 00,3b,00,25,00,73,00,79,00,73,00,74,00,65,00,6d,00,72,00,6f,00,6f,00,74,00,\ 25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,70,\ 00,33,00,72,00,65,00,73,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\sfloppy] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\sfloppy] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\sglfb] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\sglfb] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\Drivers\sglfb.sys "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,3b,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,\ 25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,72,\ 00,69,00,76,00,65,00,72,00,73,00,5c,00,73,00,67,00,6c,00,66,00,62,00,2e,00,\ 73,00,79,00,73,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\Simbad] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\Simbad] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\sndblst] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\sndblst] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\sparrow] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\sparrow] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\sptd] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\sptd] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\Srv] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\Srv] ; Contents of value: ; %SystemRoot%\System32\netevent.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,6e,00,65,00,74,00,65,00,76,00,65,00,6e,00,74,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\StillImage] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\StillImage] ; Contents of value: ; %SystemRoot%\System32\stisvc.exe "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,73,00,74,00,69,00,73,00,76,00,63,00,2e,00,65,00,78,00,65,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\symc810] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\symc810] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\symc8xx] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\symc8xx] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\sym_hi] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\sym_hi] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\System] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\Tcpip] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\Tcpip] ; Contents of value: ; %SystemRoot%\System32\netevent.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,6e,00,65,00,74,00,65,00,76,00,65,00,6e,00,74,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\TCPMon] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\TCPMon] "EventMessageFile"="%SystemRoot%\\System32\\tcpmon.dll" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\tdi] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\tdi] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\TermService] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\TermService] ; Contents of value: ; %SystemRoot%\System32\termsrv.exe;%SystemRoot%\System32\ntdll.dll;%SystemRoot%\System32\sp3res.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,74,00,65,00,72,00,6d,00,73,00,72,00,76,00,2e,00,65,00,78,00,65,00,3b,\ 00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,\ 5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,6e,00,74,00,64,\ 00,6c,00,6c,00,2e,00,64,00,6c,00,6c,00,3b,00,25,00,53,00,79,00,73,00,74,00,\ 65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,\ 00,6d,00,33,00,32,00,5c,00,73,00,70,00,33,00,72,00,65,00,73,00,2e,00,64,00,\ 6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\udfs] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\udfs] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\ultra66] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\ultra66] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\UPS] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\UPS] ; Contents of value: ; %SystemRoot%\System32\netmsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,6e,00,65,00,74,00,6d,00,73,00,67,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\vaxscsi] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\vaxscsi] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\VgaSave] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\VgaSave] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\Drivers\vga.sys "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,3b,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,\ 25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,72,\ 00,69,00,76,00,65,00,72,00,73,00,5c,00,76,00,67,00,61,00,2e,00,73,00,79,00,\ 73,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\W32Time] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\W32Time] ; Contents of value: ; %SystemRoot%\System32\w32time.dll;%SystemRoot%\System32\sp3res.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,77,00,33,00,32,00,74,00,69,00,6d,00,65,00,2e,00,64,00,6c,00,6c,00,3b,\ 00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,\ 5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,70,00,33,\ 00,72,00,65,00,73,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\wdvga_detect] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\wdvga_detect] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\wdvga_det.sys "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,3b,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,\ 25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,64,00,72,\ 00,69,00,76,00,65,00,72,00,73,00,5c,00,77,00,64,00,76,00,67,00,61,00,5f,00,\ 64,00,65,00,74,00,2e,00,73,00,79,00,73,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\weitekp9_detect] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\weitekp9_detect] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\weitekp9_det.sys "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,3b,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,\ 25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,64,00,72,\ 00,69,00,76,00,65,00,72,00,73,00,5c,00,77,00,65,00,69,00,74,00,65,00,6b,00,\ 70,00,39,00,5f,00,64,00,65,00,74,00,2e,00,73,00,79,00,73,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\Win32k] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\Win32k] ; Contents of value: ; %SystemRoot%\System32\win32k.sys "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,77,00,69,00,6e,00,33,00,32,00,6b,00,2e,00,73,00,79,00,73,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\Windows File Protection] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\Windows File Protection] ; Contents of value: ; %SystemRoot%\System32\sfc.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,73,00,66,00,63,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\Windows Installer 3.0] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\Windows Installer 3.0] ; Contents of value: ; %SystemRoot%\System32\spmsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,73,00,70,00,6d,00,73,00,67,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\Windows Installer 3.1] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\Windows Installer 3.1] ; Contents of value: ; %SystemRoot%\System32\spmsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,73,00,70,00,6d,00,73,00,67,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\Windows Script Host] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\Windows Script Host] ; Contents of value: ; %SystemRoot%\System32\wshext.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,77,00,73,00,68,00,65,00,78,00,74,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\Windows Update Agent] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\Windows Update Agent] ; Contents of value: ; %SystemRoot%\system32\wuaucpl.cpl "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,77,00,75,00,61,00,75,00,63,00,70,00,6c,00,2e,00,63,00,70,00,6c,00,00,\ 00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\WindowsMedia] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\WindowsMedia] ; Contents of value: ; %SystemRoot%\System32\spmsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,73,00,70,00,6d,00,73,00,67,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\Wmi] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\Wmi] ; Contents of value: ; %SystemRoot%\System32\netevent.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,6e,00,65,00,74,00,65,00,76,00,65,00,6e,00,74,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\Workstation] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\Workstation] ; Contents of value: ; %SystemRoot%\System32\netmsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,6e,00,65,00,74,00,6d,00,73,00,67,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\WZCSVC] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\WZCSVC] ; Contents of value: ; %SystemRoot%\System32\wzcsvc.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,77,00,7a,00,63,00,73,00,76,00,63,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventSystem] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventSystem\Parameters] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventSystem\Security] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventSystem\Enum] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventSystem\Enum] "0"="Root\\LEGACY_EVENTSYSTEM\00" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NdisTapi\Parameters] "AsyncEventQueueSize"=dword:00000300 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Npfs\Aliases] ; Contents of value: ; srvsvc ; wkssvc ; eventlog ; browser ; msgsvc ; svcctl ; w32time ; "ntsvcs"=hex(7):73,00,72,00,76,00,73,00,76,00,63,00,00,00,77,00,6b,00,73,00,73,\ 00,76,00,63,00,00,00,65,00,76,00,65,00,6e,00,74,00,6c,00,6f,00,67,00,00,00,\ 62,00,72,00,6f,00,77,00,73,00,65,00,72,00,00,00,6d,00,73,00,67,00,73,00,76,\ 00,63,00,00,00,73,00,76,00,63,00,63,00,74,00,6c,00,00,00,77,00,33,00,32,00,\ 74,00,69,00,6d,00,65,00,00,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RemoteAccess\Policy\Pipelines1] "Events"="" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RemoteAccess\Policy\Pipelines1\Stages1] "Events"="" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RemoteAccess\Policy\Pipelines1\Stages1\RequestHandlers\12] "Events"="1" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RemoteAccess\Policy\Pipelines1\Stages2] "Events"="" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RemoteAccess\Policy\Pipelines1\Stages2\RequestHandlers1] "Events"="1" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RemoteAccess\Policy\Pipelines1\Stages2\RequestHandlers3] "Events"="1 4" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RemoteAccess\Policy\Pipelines1\Stages3] "Events"="" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RemoteAccess\Policy\Pipelines1\Stages3\RequestHandlers7] "Events"="1 2" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RemoteAccess\Policy\Pipelines1\Stages4] "Events"="" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RemoteAccess\Policy\Pipelines1\Stages4\RequestHandlers6] "Events"="1 2" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RemoteAccess\Policy\Pipelines2] "Events"="" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RemoteAccess\Policy\Pipelines2\Stages5] "Events"="" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RemoteAccess\Policy\Pipelines2\Stages5\RequestHandlers\10] "Events"="1" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RemoteAccess\Policy\Pipelines3] "Events"="" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RemoteAccess\Policy\Pipelines3\Stages6] "Events"="" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RemoteAccess\Policy\Pipelines3\Stages6\RequestHandlers4] "Events"="1 4" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RemoteAccess\Policy\Pipelines3\Stages6\RequestHandlers\11] "Events"="1" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RemoteAccess\Policy\Pipelines3\Stages7] "Events"="" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RemoteAccess\Policy\Pipelines3\Stages7\RequestHandlers2] "Events"="1" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RemoteAccess\Policy\Pipelines3\Stages7\RequestHandlers9] "Events"="1 4" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RemoteAccess\Policy\Pipelines3\Stages8] "Events"="" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RemoteAccess\Policy\Pipelines3\Stages8\RequestHandlers5] "Events"="1" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SENS] ; Contents of value: ; EventSystem ; "DependOnService"=hex(7):45,00,76,00,65,00,6e,00,74,00,53,00,79,00,73,00,74,00,\ 65,00,6d,00,00,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess] "Description"="Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network." [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{6BDD1FC6-810F-11D0-BEC7-08002BE2092F}00\Events] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{6BDD1FC6-810F-11D0-BEC7-08002BE2092F}00\Events\PushButtonPushed1] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{6BDD1FC6-810F-11D0-BEC7-08002BE2092F}00\Events\PushButtonPushed2] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{6BDD1FC6-810F-11D0-BEC7-08002BE2092F}00\Events\PushButtonPushed3] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{6BDD1FC6-810F-11D0-BEC7-08002BE2092F}01\Events] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{6BDD1FC6-810F-11D0-BEC7-08002BE2092F}01\Events\CameraDetected] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\ContentIndex] "EventLogFlags"=dword:00000002 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\CrashControl] "LogEvent"=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Print\Providers] "EventLog"=dword:0000001b [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\SafeBoot\Minimal\EventLog] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\SafeBoot\Network\EventLog] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\SecurePipeServers\winreg\AllowedPaths] ; Contents of value: ; System\CurrentControlSet\Control\ProductOptions ; System\CurrentControlSet\Control\Print\Printers ; System\CurrentControlSet\Control\Server Applications ; System\CurrentControlSet\Services\Eventlog ; Software\Microsoft\OLAP Server ; Software\Microsoft\Windows NT\CurrentVersion ; "Machine"=hex(7):53,00,79,00,73,00,74,00,65,00,6d,00,5c,00,43,00,75,00,72,00,\ 72,00,65,00,6e,00,74,00,43,00,6f,00,6e,00,74,00,72,00,6f,00,6c,00,53,00,65,\ 00,74,00,5c,00,43,00,6f,00,6e,00,74,00,72,00,6f,00,6c,00,5c,00,50,00,72,00,\ 6f,00,64,00,75,00,63,00,74,00,4f,00,70,00,74,00,69,00,6f,00,6e,00,73,00,00,\ 00,53,00,79,00,73,00,74,00,65,00,6d,00,5c,00,43,00,75,00,72,00,72,00,65,00,\ 6e,00,74,00,43,00,6f,00,6e,00,74,00,72,00,6f,00,6c,00,53,00,65,00,74,00,5c,\ 00,43,00,6f,00,6e,00,74,00,72,00,6f,00,6c,00,5c,00,50,00,72,00,69,00,6e,00,\ 74,00,5c,00,50,00,72,00,69,00,6e,00,74,00,65,00,72,00,73,00,00,00,53,00,79,\ 00,73,00,74,00,65,00,6d,00,5c,00,43,00,75,00,72,00,72,00,65,00,6e,00,74,00,\ 43,00,6f,00,6e,00,74,00,72,00,6f,00,6c,00,53,00,65,00,74,00,5c,00,43,00,6f,\ 00,6e,00,74,00,72,00,6f,00,6c,00,5c,00,53,00,65,00,72,00,76,00,65,00,72,00,\ 20,00,41,00,70,00,70,00,6c,00,69,00,63,00,61,00,74,00,69,00,6f,00,6e,00,73,\ 00,00,00,53,00,79,00,73,00,74,00,65,00,6d,00,5c,00,43,00,75,00,72,00,72,00,\ 65,00,6e,00,74,00,43,00,6f,00,6e,00,74,00,72,00,6f,00,6c,00,53,00,65,00,74,\ 00,5c,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,73,00,5c,00,45,00,76,00,\ 65,00,6e,00,74,00,6c,00,6f,00,67,00,00,00,53,00,6f,00,66,00,74,00,77,00,61,\ 00,72,00,65,00,5c,00,4d,00,69,00,63,00,72,00,6f,00,73,00,6f,00,66,00,74,00,\ 5c,00,4f,00,4c,00,41,00,50,00,20,00,53,00,65,00,72,00,76,00,65,00,72,00,00,\ 00,53,00,6f,00,66,00,74,00,77,00,61,00,72,00,65,00,5c,00,4d,00,69,00,63,00,\ 72,00,6f,00,73,00,6f,00,66,00,74,00,5c,00,57,00,69,00,6e,00,64,00,6f,00,77,\ 00,73,00,20,00,4e,00,54,00,5c,00,43,00,75,00,72,00,72,00,65,00,6e,00,74,00,\ 56,00,65,00,72,00,73,00,69,00,6f,00,6e,00,00,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\SecurityProviders\SCHANNEL] "EventLogging"=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\ServiceGroupOrder] ; Contents of value: ; System Reserved ; Boot Bus Extender ; System Bus Extender ; SCSI miniport ; port ; Primary disk ; SCSI class ; SCSI CDROM class ; FSFilter Infrastructure ; FSFilter System ; FSFilter Bottom ; FSFilter Copy Protection ; FSFilter Security Enhancer ; FSFilter Open File ; FSFilter Physical Quota Management ; FSFilter Encryption ; FSFilter Compression ; FSFilter HSM ; FSFilter Cluster File System ; FSFilter System Recovery ; FSFilter Quota Management ; FSFilter Content Screener ; FSFilter Continuous Backup ; FSFilter Replication ; FSFilter Anti-Virus ; FSFilter Undelete ; FSFilter Activity Monitor ; FSFilter Top ; filter ; boot file system ; Base ; Pointer Port ; Keyboard Port ; Pointer Class ; Keyboard Class ; Video Init ; Video ; Video Save ; file system ; Event log ; Streams Drivers ; NDIS Wrapper ; PNP_TDI ; NDIS ; TDI ; NetBIOSGroup ; PlugPlay ; SpoolerGroup ; NetDDEGroup ; Parallel arbitrator ; extended base ; RemoteValidation ; PCI Configuration ; "List"=hex(7):53,00,79,00,73,00,74,00,65,00,6d,00,20,00,52,00,65,00,73,00,65,\ 00,72,00,76,00,65,00,64,00,00,00,42,00,6f,00,6f,00,74,00,20,00,42,00,75,00,\ 73,00,20,00,45,00,78,00,74,00,65,00,6e,00,64,00,65,00,72,00,00,00,53,00,79,\ 00,73,00,74,00,65,00,6d,00,20,00,42,00,75,00,73,00,20,00,45,00,78,00,74,00,\ 65,00,6e,00,64,00,65,00,72,00,00,00,53,00,43,00,53,00,49,00,20,00,6d,00,69,\ 00,6e,00,69,00,70,00,6f,00,72,00,74,00,00,00,70,00,6f,00,72,00,74,00,00,00,\ 50,00,72,00,69,00,6d,00,61,00,72,00,79,00,20,00,64,00,69,00,73,00,6b,00,00,\ 00,53,00,43,00,53,00,49,00,20,00,63,00,6c,00,61,00,73,00,73,00,00,00,53,00,\ 43,00,53,00,49,00,20,00,43,00,44,00,52,00,4f,00,4d,00,20,00,63,00,6c,00,61,\ 00,73,00,73,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,\ 49,00,6e,00,66,00,72,00,61,00,73,00,74,00,72,00,75,00,63,00,74,00,75,00,72,\ 00,65,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,53,00,\ 79,00,73,00,74,00,65,00,6d,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,65,\ 00,72,00,20,00,42,00,6f,00,74,00,74,00,6f,00,6d,00,00,00,46,00,53,00,46,00,\ 69,00,6c,00,74,00,65,00,72,00,20,00,43,00,6f,00,70,00,79,00,20,00,50,00,72,\ 00,6f,00,74,00,65,00,63,00,74,00,69,00,6f,00,6e,00,00,00,46,00,53,00,46,00,\ 69,00,6c,00,74,00,65,00,72,00,20,00,53,00,65,00,63,00,75,00,72,00,69,00,74,\ 00,79,00,20,00,45,00,6e,00,68,00,61,00,6e,00,63,00,65,00,72,00,00,00,46,00,\ 53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,4f,00,70,00,65,00,6e,00,20,\ 00,46,00,69,00,6c,00,65,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,65,00,\ 72,00,20,00,50,00,68,00,79,00,73,00,69,00,63,00,61,00,6c,00,20,00,51,00,75,\ 00,6f,00,74,00,61,00,20,00,4d,00,61,00,6e,00,61,00,67,00,65,00,6d,00,65,00,\ 6e,00,74,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,45,\ 00,6e,00,63,00,72,00,79,00,70,00,74,00,69,00,6f,00,6e,00,00,00,46,00,53,00,\ 46,00,69,00,6c,00,74,00,65,00,72,00,20,00,43,00,6f,00,6d,00,70,00,72,00,65,\ 00,73,00,73,00,69,00,6f,00,6e,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,\ 65,00,72,00,20,00,48,00,53,00,4d,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,\ 00,65,00,72,00,20,00,43,00,6c,00,75,00,73,00,74,00,65,00,72,00,20,00,46,00,\ 69,00,6c,00,65,00,20,00,53,00,79,00,73,00,74,00,65,00,6d,00,00,00,46,00,53,\ 00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,53,00,79,00,73,00,74,00,65,00,\ 6d,00,20,00,52,00,65,00,63,00,6f,00,76,00,65,00,72,00,79,00,00,00,46,00,53,\ 00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,51,00,75,00,6f,00,74,00,61,00,\ 20,00,4d,00,61,00,6e,00,61,00,67,00,65,00,6d,00,65,00,6e,00,74,00,00,00,46,\ 00,53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,43,00,6f,00,6e,00,74,00,\ 65,00,6e,00,74,00,20,00,53,00,63,00,72,00,65,00,65,00,6e,00,65,00,72,00,00,\ 00,46,00,53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,43,00,6f,00,6e,00,\ 74,00,69,00,6e,00,75,00,6f,00,75,00,73,00,20,00,42,00,61,00,63,00,6b,00,75,\ 00,70,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,52,00,\ 65,00,70,00,6c,00,69,00,63,00,61,00,74,00,69,00,6f,00,6e,00,00,00,46,00,53,\ 00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,41,00,6e,00,74,00,69,00,2d,00,\ 56,00,69,00,72,00,75,00,73,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,65,\ 00,72,00,20,00,55,00,6e,00,64,00,65,00,6c,00,65,00,74,00,65,00,00,00,46,00,\ 53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,41,00,63,00,74,00,69,00,76,\ 00,69,00,74,00,79,00,20,00,4d,00,6f,00,6e,00,69,00,74,00,6f,00,72,00,00,00,\ 46,00,53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,54,00,6f,00,70,00,00,\ 00,66,00,69,00,6c,00,74,00,65,00,72,00,00,00,62,00,6f,00,6f,00,74,00,20,00,\ 66,00,69,00,6c,00,65,00,20,00,73,00,79,00,73,00,74,00,65,00,6d,00,00,00,42,\ 00,61,00,73,00,65,00,00,00,50,00,6f,00,69,00,6e,00,74,00,65,00,72,00,20,00,\ 50,00,6f,00,72,00,74,00,00,00,4b,00,65,00,79,00,62,00,6f,00,61,00,72,00,64,\ 00,20,00,50,00,6f,00,72,00,74,00,00,00,50,00,6f,00,69,00,6e,00,74,00,65,00,\ 72,00,20,00,43,00,6c,00,61,00,73,00,73,00,00,00,4b,00,65,00,79,00,62,00,6f,\ 00,61,00,72,00,64,00,20,00,43,00,6c,00,61,00,73,00,73,00,00,00,56,00,69,00,\ 64,00,65,00,6f,00,20,00,49,00,6e,00,69,00,74,00,00,00,56,00,69,00,64,00,65,\ 00,6f,00,00,00,56,00,69,00,64,00,65,00,6f,00,20,00,53,00,61,00,76,00,65,00,\ 00,00,66,00,69,00,6c,00,65,00,20,00,73,00,79,00,73,00,74,00,65,00,6d,00,00,\ 00,45,00,76,00,65,00,6e,00,74,00,20,00,6c,00,6f,00,67,00,00,00,53,00,74,00,\ 72,00,65,00,61,00,6d,00,73,00,20,00,44,00,72,00,69,00,76,00,65,00,72,00,73,\ 00,00,00,4e,00,44,00,49,00,53,00,20,00,57,00,72,00,61,00,70,00,70,00,65,00,\ 72,00,00,00,50,00,4e,00,50,00,5f,00,54,00,44,00,49,00,00,00,4e,00,44,00,49,\ 00,53,00,00,00,54,00,44,00,49,00,00,00,4e,00,65,00,74,00,42,00,49,00,4f,00,\ 53,00,47,00,72,00,6f,00,75,00,70,00,00,00,50,00,6c,00,75,00,67,00,50,00,6c,\ 00,61,00,79,00,00,00,53,00,70,00,6f,00,6f,00,6c,00,65,00,72,00,47,00,72,00,\ 6f,00,75,00,70,00,00,00,4e,00,65,00,74,00,44,00,44,00,45,00,47,00,72,00,6f,\ 00,75,00,70,00,00,00,50,00,61,00,72,00,61,00,6c,00,6c,00,65,00,6c,00,20,00,\ 61,00,72,00,62,00,69,00,74,00,72,00,61,00,74,00,6f,00,72,00,00,00,65,00,78,\ 00,74,00,65,00,6e,00,64,00,65,00,64,00,20,00,62,00,61,00,73,00,65,00,00,00,\ 52,00,65,00,6d,00,6f,00,74,00,65,00,56,00,61,00,6c,00,69,00,64,00,61,00,74,\ 00,69,00,6f,00,6e,00,00,00,50,00,43,00,49,00,20,00,43,00,6f,00,6e,00,66,00,\ 69,00,67,00,75,00,72,00,61,00,74,00,69,00,6f,00,6e,00,00,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_EVENT] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_EVENT00] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_EVENT00] "Service"="Event" "DeviceDesc"="Events Log" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_EVENTSYSTEM] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_EVENTSYSTEM00] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_EVENTSYSTEM00] "Service"="EventSystem" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Event] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Event] "DisplayName"="Events Log" "Description"="Enables event logs messages issued by Windows-based programs and components to be viewed in Event Viewer. This service cannot be stopped." [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Event\Security] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog] "Group"="Event log" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application] ; Contents of value: ; WSH ; WinMgmt ; Winlogon ; Windows 3.1 Migration ; VBRuntime ; Userinit ; Userenv ; Tlntsvr ; SysmonLog ; SpoolerCtrs ; Software Installation ; SclgNtfy ; SceSrv ; SceCli ; RPC ; PlugPlayManager ; PerfProc ; PerfOS ; PerfNet ; Perfmon ; Perflib ; PerfDisk ; Perfctrs ; Offline Files ; Oakley ; Ntbackup.ini ; ntbackup ; NeroCheck ; MsiInstaller ; MSDTC Client ; MSDTC ; mnmsrvc ; LoadPerf ; IPSECPolicyStorage ; IExplore ; hpmon ; Folder Redirection ; File Deployment ; EventSystem ; ESENT ; DrWatson ; DiskQuota ; COM+ ; Ci ; Chkdsk ; Autochk ; Application Management ; APGTS ; Application ; "Sources"=hex(7):57,00,53,00,48,00,00,00,57,00,69,00,6e,00,4d,00,67,00,6d,00,\ 74,00,00,00,57,00,69,00,6e,00,6c,00,6f,00,67,00,6f,00,6e,00,00,00,57,00,69,\ 00,6e,00,64,00,6f,00,77,00,73,00,20,00,33,00,2e,00,31,00,20,00,4d,00,69,00,\ 67,00,72,00,61,00,74,00,69,00,6f,00,6e,00,00,00,56,00,42,00,52,00,75,00,6e,\ 00,74,00,69,00,6d,00,65,00,00,00,55,00,73,00,65,00,72,00,69,00,6e,00,69,00,\ 74,00,00,00,55,00,73,00,65,00,72,00,65,00,6e,00,76,00,00,00,54,00,6c,00,6e,\ 00,74,00,73,00,76,00,72,00,00,00,53,00,79,00,73,00,6d,00,6f,00,6e,00,4c,00,\ 6f,00,67,00,00,00,53,00,70,00,6f,00,6f,00,6c,00,65,00,72,00,43,00,74,00,72,\ 00,73,00,00,00,53,00,6f,00,66,00,74,00,77,00,61,00,72,00,65,00,20,00,49,00,\ 6e,00,73,00,74,00,61,00,6c,00,6c,00,61,00,74,00,69,00,6f,00,6e,00,00,00,53,\ 00,63,00,6c,00,67,00,4e,00,74,00,66,00,79,00,00,00,53,00,63,00,65,00,53,00,\ 72,00,76,00,00,00,53,00,63,00,65,00,43,00,6c,00,69,00,00,00,52,00,50,00,43,\ 00,00,00,50,00,6c,00,75,00,67,00,50,00,6c,00,61,00,79,00,4d,00,61,00,6e,00,\ 61,00,67,00,65,00,72,00,00,00,50,00,65,00,72,00,66,00,50,00,72,00,6f,00,63,\ 00,00,00,50,00,65,00,72,00,66,00,4f,00,53,00,00,00,50,00,65,00,72,00,66,00,\ 4e,00,65,00,74,00,00,00,50,00,65,00,72,00,66,00,6d,00,6f,00,6e,00,00,00,50,\ 00,65,00,72,00,66,00,6c,00,69,00,62,00,00,00,50,00,65,00,72,00,66,00,44,00,\ 69,00,73,00,6b,00,00,00,50,00,65,00,72,00,66,00,63,00,74,00,72,00,73,00,00,\ 00,4f,00,66,00,66,00,6c,00,69,00,6e,00,65,00,20,00,46,00,69,00,6c,00,65,00,\ 73,00,00,00,4f,00,61,00,6b,00,6c,00,65,00,79,00,00,00,4e,00,74,00,62,00,61,\ 00,63,00,6b,00,75,00,70,00,2e,00,69,00,6e,00,69,00,00,00,6e,00,74,00,62,00,\ 61,00,63,00,6b,00,75,00,70,00,00,00,4e,00,65,00,72,00,6f,00,43,00,68,00,65,\ 00,63,00,6b,00,00,00,4d,00,73,00,69,00,49,00,6e,00,73,00,74,00,61,00,6c,00,\ 6c,00,65,00,72,00,00,00,4d,00,53,00,44,00,54,00,43,00,20,00,43,00,6c,00,69,\ 00,65,00,6e,00,74,00,00,00,4d,00,53,00,44,00,54,00,43,00,00,00,6d,00,6e,00,\ 6d,00,73,00,72,00,76,00,63,00,00,00,4c,00,6f,00,61,00,64,00,50,00,65,00,72,\ 00,66,00,00,00,49,00,50,00,53,00,45,00,43,00,50,00,6f,00,6c,00,69,00,63,00,\ 79,00,53,00,74,00,6f,00,72,00,61,00,67,00,65,00,00,00,49,00,45,00,78,00,70,\ 00,6c,00,6f,00,72,00,65,00,00,00,68,00,70,00,6d,00,6f,00,6e,00,00,00,46,00,\ 6f,00,6c,00,64,00,65,00,72,00,20,00,52,00,65,00,64,00,69,00,72,00,65,00,63,\ 00,74,00,69,00,6f,00,6e,00,00,00,46,00,69,00,6c,00,65,00,20,00,44,00,65,00,\ 70,00,6c,00,6f,00,79,00,6d,00,65,00,6e,00,74,00,00,00,45,00,76,00,65,00,6e,\ 00,74,00,53,00,79,00,73,00,74,00,65,00,6d,00,00,00,45,00,53,00,45,00,4e,00,\ 54,00,00,00,44,00,72,00,57,00,61,00,74,00,73,00,6f,00,6e,00,00,00,44,00,69,\ 00,73,00,6b,00,51,00,75,00,6f,00,74,00,61,00,00,00,43,00,4f,00,4d,00,2b,00,\ 00,00,43,00,69,00,00,00,43,00,68,00,6b,00,64,00,73,00,6b,00,00,00,41,00,75,\ 00,74,00,6f,00,63,00,68,00,6b,00,00,00,41,00,70,00,70,00,6c,00,69,00,63,00,\ 61,00,74,00,69,00,6f,00,6e,00,20,00,4d,00,61,00,6e,00,61,00,67,00,65,00,6d,\ 00,65,00,6e,00,74,00,00,00,41,00,50,00,47,00,54,00,53,00,00,00,41,00,70,00,\ 70,00,6c,00,69,00,63,00,61,00,74,00,69,00,6f,00,6e,00,00,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\APGTS] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\APGTS] ; Contents of value: ; C:\WINNT\help\TShoot.ocx "EventMessageFile"=hex(2):43,00,3a,00,5c,00,57,00,49,00,4e,00,4e,00,54,00,5c,\ 00,68,00,65,00,6c,00,70,00,5c,00,54,00,53,00,68,00,6f,00,6f,00,74,00,2e,00,\ 6f,00,63,00,78,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\Application] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\Application Management] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\Application Management] ; Contents of value: ; %SystemRoot%\System32\appmgmts.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,61,00,70,00,70,00,6d,00,67,00,6d,00,74,00,73,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\Autochk] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\Autochk] ; Contents of value: ; %SystemRoot%\System32\winlogon.exe "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,77,00,69,00,6e,00,6c,00,6f,00,67,00,6f,00,6e,00,2e,00,65,00,78,00,65,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\Chkdsk] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\Chkdsk] ; Contents of value: ; %SystemRoot%\System32\ulib.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,75,00,6c,00,69,00,62,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\Ci] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\Ci] ; Contents of value: ; %SystemRoot%\System32\query.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,71,00,75,00,65,00,72,00,79,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\COM+] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\COM+] ; Contents of value: ; C:\WINNT\system32\comsvcs.dll "EventMessageFile"=hex(2):43,00,3a,00,5c,00,57,00,49,00,4e,00,4e,00,54,00,5c,\ 00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,63,00,6f,00,6d,00,\ 73,00,76,00,63,00,73,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\DiskQuota] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\DiskQuota] "EventMessageFile"="%SystemRoot%\\System32\\dskquota.dll" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\DrWatson] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\DrWatson] ; Contents of value: ; %SystemRoot%\System32\drwtsn32.exe "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,64,00,72,00,77,00,74,00,73,00,6e,00,33,00,32,00,2e,00,65,00,78,00,65,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\ESENT] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\ESENT] ; Contents of value: ; C:\WINNT\system32\ESENT.dll "EventMessageFile"=hex(2):43,00,3a,00,5c,00,57,00,49,00,4e,00,4e,00,54,00,5c,\ 00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,45,00,53,00,45,00,\ 4e,00,54,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\EventSystem] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\EventSystem] ; Contents of value: ; C:\WINNT\system32\es.dll "EventMessageFile"=hex(2):43,00,3a,00,5c,00,57,00,49,00,4e,00,4e,00,54,00,5c,\ 00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,65,00,73,00,2e,00,\ 64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\File Deployment] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\File Deployment] ; Contents of value: ; %SystemRoot%\System32\fdeploy.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,66,00,64,00,65,00,70,00,6c,00,6f,00,79,00,2e,00,64,00,6c,00,6c,00,00,\ 00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\Folder Redirection] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\Folder Redirection] ; Contents of value: ; %SystemRoot%\System32\fdeploy.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,66,00,64,00,65,00,70,00,6c,00,6f,00,79,00,2e,00,64,00,6c,00,6c,00,00,\ 00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\hpmon] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\hpmon] ; Contents of value: ; %SystemRoot%\System32\hpmon.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,68,00,70,00,6d,00,6f,00,6e,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\IExplore] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\IExplore] "EventMessageFile"="C:\\Program Files\\Internet Explorer\\DW15.EXE" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\IPSECPolicyStorage] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\IPSECPolicyStorage] "EventMessageFile"="%SystemRoot%\\System32\\polstore.dll" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\LoadPerf] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\LoadPerf] ; Contents of value: ; %SystemRoot%\System32\loadperf.dll;%SystemRoot%\System32\sp2res.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,6c,00,6f,00,61,00,64,00,70,00,65,00,72,00,66,00,2e,00,64,00,6c,00,6c,\ 00,3b,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,\ 25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,70,\ 00,32,00,72,00,65,00,73,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\mnmsrvc] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\mnmsrvc] "EventMessageFile"="%SystemRoot%\\System32\\nmevtmsg.dll" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\MSDTC] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\MSDTC] ; Contents of value: ; C:\WINNT\system32\MSDTCPRX.DLL "EventMessageFile"=hex(2):43,00,3a,00,5c,00,57,00,49,00,4e,00,4e,00,54,00,5c,\ 00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,4d,00,53,00,44,00,\ 54,00,43,00,50,00,52,00,58,00,2e,00,44,00,4c,00,4c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\MSDTC Client] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\MSDTC Client] ; Contents of value: ; C:\WINNT\system32\MSDTCPRX.DLL "EventMessageFile"=hex(2):43,00,3a,00,5c,00,57,00,49,00,4e,00,4e,00,54,00,5c,\ 00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,4d,00,53,00,44,00,\ 54,00,43,00,50,00,52,00,58,00,2e,00,44,00,4c,00,4c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\MsiInstaller] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\MsiInstaller] "EventMessageFile"="C:\\WINNT\\system32\\msi.dll" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\NeroCheck] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\NeroCheck] "EventMessageFile"="C:\\WINNT\\system32\\NeroCheck.exe" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\ntbackup] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\ntbackup] ; Contents of value: ; %SystemRoot%\System32\ntbackup.exe "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,6e,00,74,00,62,00,61,00,63,00,6b,00,75,00,70,00,2e,00,65,00,78,00,65,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\Ntbackup.ini] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\Ntbackup.ini] "EventMessageFile"="C:\\WINNT\\system32\\ntbackup.exe" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\Oakley] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\Oakley] "EventMessageFile"="%SystemRoot%\\System32\\oakley.dll" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\Offline Files] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\Offline Files] "EventMessageFile"="%SystemRoot%\\System32\\cscui.dll" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\Perfctrs] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\Perfctrs] ; Contents of value: ; %SystemRoot%\System32\perfctrs.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,70,00,65,00,72,00,66,00,63,00,74,00,72,00,73,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\PerfDisk] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\PerfDisk] ; Contents of value: ; %SystemRoot%\System32\perfdisk.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,70,00,65,00,72,00,66,00,64,00,69,00,73,00,6b,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\Perflib] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\Perflib] ; Contents of value: ; %SystemRoot%\System32\prflbmsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,70,00,72,00,66,00,6c,00,62,00,6d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\Perfmon] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\Perfmon] ; Contents of value: ; %SystemRoot%\System32\perfmon.exe "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,70,00,65,00,72,00,66,00,6d,00,6f,00,6e,00,2e,00,65,00,78,00,65,00,00,\ 00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\PerfNet] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\PerfNet] ; Contents of value: ; %SystemRoot%\System32\perfnet.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,70,00,65,00,72,00,66,00,6e,00,65,00,74,00,2e,00,64,00,6c,00,6c,00,00,\ 00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\PerfOS] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\PerfOS] ; Contents of value: ; %SystemRoot%\System32\perfOS.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,70,00,65,00,72,00,66,00,4f,00,53,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\PerfProc] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\PerfProc] ; Contents of value: ; %SystemRoot%\System32\perfproc.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,70,00,65,00,72,00,66,00,70,00,72,00,6f,00,63,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\PlugPlayManager] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\PlugPlayManager] ; Contents of value: ; %SystemRoot%\System32\umpnpmgr.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,75,00,6d,00,70,00,6e,00,70,00,6d,00,67,00,72,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\RPC] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\RPC] ; Contents of value: ; %SystemRoot%\System32\sp3res.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,73,00,70,00,33,00,72,00,65,00,73,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\SceCli] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\SceCli] ; Contents of value: ; %SystemRoot%\System32\scecli.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,73,00,63,00,65,00,63,00,6c,00,69,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\SceSrv] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\SceSrv] ; Contents of value: ; %SystemRoot%\System32\scesrv.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,73,00,63,00,65,00,73,00,72,00,76,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\SclgNtfy] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\SclgNtfy] ; Contents of value: ; %SystemRoot%\System32\sclgntfy.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\Software Installation] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\Software Installation] ; Contents of value: ; %SystemRoot%\System32\appmgr.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,61,00,70,00,70,00,6d,00,67,00,72,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\SpoolerCtrs] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\SpoolerCtrs] ; Contents of value: ; %SystemRoot%\System32\winspool.drv "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,77,00,69,00,6e,00,73,00,70,00,6f,00,6f,00,6c,00,2e,00,64,00,72,00,76,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\SysmonLog] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\SysmonLog] ; Contents of value: ; %SystemRoot%\System32\smlogsvc.exe "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,73,00,6d,00,6c,00,6f,00,67,00,73,00,76,00,63,00,2e,00,65,00,78,00,65,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\Tlntsvr] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\Tlntsvr] ; Contents of value: ; %SystemRoot%\System32\tlntsvr.exe "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,74,00,6c,00,6e,00,74,00,73,00,76,00,72,00,2e,00,65,00,78,00,65,00,00,\ 00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\Userenv] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\Userenv] ; Contents of value: ; %SystemRoot%\System32\userenv.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,75,00,73,00,65,00,72,00,65,00,6e,00,76,00,2e,00,64,00,6c,00,6c,00,00,\ 00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\Userinit] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\Userinit] ; Contents of value: ; %SystemRoot%\System32\userinit.exe "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,75,00,73,00,65,00,72,00,69,00,6e,00,69,00,74,00,2e,00,65,00,78,00,65,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\VBRuntime] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\VBRuntime] "EventMessageFile"="C:\\WINNT\\system32\\MSVBVM60.DLL" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\Windows 3.1 Migration] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\Windows 3.1 Migration] ; Contents of value: ; %SystemRoot%\System32\advapi32.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,61,00,64,00,76,00,61,00,70,00,69,00,33,00,32,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\Winlogon] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\Winlogon] ; Contents of value: ; %SystemRoot%\System32\winlogon.exe;%SystemRoot%\System32\sp3res.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,77,00,69,00,6e,00,6c,00,6f,00,67,00,6f,00,6e,00,2e,00,65,00,78,00,65,\ 00,3b,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,\ 25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,70,\ 00,33,00,72,00,65,00,73,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\WinMgmt] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\WinMgmt] "EventMessageFile"="C:\\WINNT\\system32\\WBEM\\WinMgmtR.dll" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\WSH] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\WSH] ; Contents of value: ; %SystemRoot%\System32\wshext.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,77,00,73,00,68,00,65,00,78,00,74,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Security] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Security\DS] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Security\DS\ObjectNames] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Security\LSA] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Security\LSA\ObjectNames] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Security\NetDDE Object] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Security\NetDDE Object\ObjectNames] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Security\SC Manager] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Security\SC Manager\ObjectNames] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Security\Security] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Security\Security] ; Contents of value: ; %SystemRoot%\System32\MsAuditE.dll;%SystemRoot%\System32\sp2res.dll;%SystemRoot%\System32\sp3res.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,4d,00,73,00,41,00,75,00,64,00,69,00,74,00,45,00,2e,00,64,00,6c,00,6c,\ 00,3b,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,\ 25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,70,\ 00,32,00,72,00,65,00,73,00,2e,00,64,00,6c,00,6c,00,3b,00,25,00,53,00,79,00,\ 73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,\ 00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,70,00,33,00,72,00,65,00,73,00,\ 2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Security\Security\ObjectNames] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Security\Security\ObjectNames] "Event"=dword:00001120 "EventPair"=dword:00001130 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Security\Security Account Manager] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Security\Security Account Manager\ObjectNames] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Security\Spooler] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Security\Spooler\ObjectNames] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System] ; Contents of value: ; WZCSVC ; Workstation ; Wmi ; WindowsMedia ; Windows Update Agent ; Windows Script Host ; Windows Installer 3.1 ; Windows Installer 3.0 ; Windows File Protection ; Win32k ; weitekp9_detect ; wdvga_detect ; W32Time ; VgaSave ; vaxscsi ; UPS ; ultra66 ; udfs ; TermService ; tdi ; TCPMon ; Tcpip ; sym_hi ; symc8xx ; symc810 ; StillImage ; Srv ; sptd ; sparrow ; sndblst ; Simbad ; sglfb ; sfloppy ; Service Control Manager ; Server ; serial ; scsiport ; Schedule ; Schannel ; SCardSvr ; Save Dump ; SAM ; s3legacy_detect ; rtl8139 ; RSVP ; Removable Storage Service ; RemoteAccess ; redbook ; Rdbss ; RasMan ; RasAuto ; qv_detect ; ql2100 ; ql1240 ; ql10wnt ; ql1080 ; Print ; PptpMiniport ; PolicyAgent ; pcmcia ; pciide ; pci ; parvdm ; parport ; parallel ; Outlook Express 6 ; OSPFMib ; OSPF ; nv ; null ; NtServicePack ; NTMS ; ntfs ; npfs ; Netlogon ; NetDDE ; NetBT ; NetBIOS ; NdisWan ; ndis ; ncrc710 ; Mup ; msfs ; msadlib ; MrxSmb ; mraid35x ; mouclass ; Modem ; mga_detect ; MDAC ; LsaSrv ; lp6nds35 ; LmHosts ; LDMS ; LDM ; lbrtfdc ; Kerberos ; kbdclass ; isapnp ; IPXSAP ; IPXRouterManager ; IPXRIP ; IPXCP ; ipsraidn ; IPSEC ; IPRouterManager ; IPRIP2 ; IPNATHLP ; IPBOOTP ; Internet Explorer 6 ; intelide ; ini910u ; Imagedrv ; i8042prt ; ftdisk ; fs_rec ; flpydisk ; flashpnt ; fireport ; Fips ; fdc ; fd16_700 ; fbxusb ; fastfat ; eventlog ; et4000_detect ; efs ; Dnscache ; Dnsapi ; dmio ; dmboot ; Distributed Link Tracking Client ; diskperf ; disk ; Dhcp ; DfsSvc ; DfsDriver ; deckzpsx ; DCOM ; dac960nt ; cpqfws2e ; cpqfcalm ; cpqarry2 ; cpqarray ; Clussvc ; cirrus_detect ; changer ; cdrom ; cdfs ; cdaudio ; cd20xrnt ; buslogic ; Browser ; BITS ; beep ; Atmarpc ; ati_detect ; atdisk ; atapi ; AsyncMac ; asc3550 ; asc3350p ; asc ; Application Popup ; amsint ; ami0nt ; Alerter ; aic78xx ; aic78u2 ; aic116x ; aha154x ; adpu160m ; acpiec ; acpi ; abp480n5 ; abiosdsk ; System ; "Sources"=hex(7):57,00,5a,00,43,00,53,00,56,00,43,00,00,00,57,00,6f,00,72,00,\ 6b,00,73,00,74,00,61,00,74,00,69,00,6f,00,6e,00,00,00,57,00,6d,00,69,00,00,\ 00,57,00,69,00,6e,00,64,00,6f,00,77,00,73,00,4d,00,65,00,64,00,69,00,61,00,\ 00,00,57,00,69,00,6e,00,64,00,6f,00,77,00,73,00,20,00,55,00,70,00,64,00,61,\ 00,74,00,65,00,20,00,41,00,67,00,65,00,6e,00,74,00,00,00,57,00,69,00,6e,00,\ 64,00,6f,00,77,00,73,00,20,00,53,00,63,00,72,00,69,00,70,00,74,00,20,00,48,\ 00,6f,00,73,00,74,00,00,00,57,00,69,00,6e,00,64,00,6f,00,77,00,73,00,20,00,\ 49,00,6e,00,73,00,74,00,61,00,6c,00,6c,00,65,00,72,00,20,00,33,00,2e,00,31,\ 00,00,00,57,00,69,00,6e,00,64,00,6f,00,77,00,73,00,20,00,49,00,6e,00,73,00,\ 74,00,61,00,6c,00,6c,00,65,00,72,00,20,00,33,00,2e,00,30,00,00,00,57,00,69,\ 00,6e,00,64,00,6f,00,77,00,73,00,20,00,46,00,69,00,6c,00,65,00,20,00,50,00,\ 72,00,6f,00,74,00,65,00,63,00,74,00,69,00,6f,00,6e,00,00,00,57,00,69,00,6e,\ 00,33,00,32,00,6b,00,00,00,77,00,65,00,69,00,74,00,65,00,6b,00,70,00,39,00,\ 5f,00,64,00,65,00,74,00,65,00,63,00,74,00,00,00,77,00,64,00,76,00,67,00,61,\ 00,5f,00,64,00,65,00,74,00,65,00,63,00,74,00,00,00,57,00,33,00,32,00,54,00,\ 69,00,6d,00,65,00,00,00,56,00,67,00,61,00,53,00,61,00,76,00,65,00,00,00,76,\ 00,61,00,78,00,73,00,63,00,73,00,69,00,00,00,55,00,50,00,53,00,00,00,75,00,\ 6c,00,74,00,72,00,61,00,36,00,36,00,00,00,75,00,64,00,66,00,73,00,00,00,54,\ 00,65,00,72,00,6d,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,00,00,74,00,\ 64,00,69,00,00,00,54,00,43,00,50,00,4d,00,6f,00,6e,00,00,00,54,00,63,00,70,\ 00,69,00,70,00,00,00,73,00,79,00,6d,00,5f,00,68,00,69,00,00,00,73,00,79,00,\ 6d,00,63,00,38,00,78,00,78,00,00,00,73,00,79,00,6d,00,63,00,38,00,31,00,30,\ 00,00,00,53,00,74,00,69,00,6c,00,6c,00,49,00,6d,00,61,00,67,00,65,00,00,00,\ 53,00,72,00,76,00,00,00,73,00,70,00,74,00,64,00,00,00,73,00,70,00,61,00,72,\ 00,72,00,6f,00,77,00,00,00,73,00,6e,00,64,00,62,00,6c,00,73,00,74,00,00,00,\ 53,00,69,00,6d,00,62,00,61,00,64,00,00,00,73,00,67,00,6c,00,66,00,62,00,00,\ 00,73,00,66,00,6c,00,6f,00,70,00,70,00,79,00,00,00,53,00,65,00,72,00,76,00,\ 69,00,63,00,65,00,20,00,43,00,6f,00,6e,00,74,00,72,00,6f,00,6c,00,20,00,4d,\ 00,61,00,6e,00,61,00,67,00,65,00,72,00,00,00,53,00,65,00,72,00,76,00,65,00,\ 72,00,00,00,73,00,65,00,72,00,69,00,61,00,6c,00,00,00,73,00,63,00,73,00,69,\ 00,70,00,6f,00,72,00,74,00,00,00,53,00,63,00,68,00,65,00,64,00,75,00,6c,00,\ 65,00,00,00,53,00,63,00,68,00,61,00,6e,00,6e,00,65,00,6c,00,00,00,53,00,43,\ 00,61,00,72,00,64,00,53,00,76,00,72,00,00,00,53,00,61,00,76,00,65,00,20,00,\ 44,00,75,00,6d,00,70,00,00,00,53,00,41,00,4d,00,00,00,73,00,33,00,6c,00,65,\ 00,67,00,61,00,63,00,79,00,5f,00,64,00,65,00,74,00,65,00,63,00,74,00,00,00,\ 72,00,74,00,6c,00,38,00,31,00,33,00,39,00,00,00,52,00,53,00,56,00,50,00,00,\ 00,52,00,65,00,6d,00,6f,00,76,00,61,00,62,00,6c,00,65,00,20,00,53,00,74,00,\ 6f,00,72,00,61,00,67,00,65,00,20,00,53,00,65,00,72,00,76,00,69,00,63,00,65,\ 00,00,00,52,00,65,00,6d,00,6f,00,74,00,65,00,41,00,63,00,63,00,65,00,73,00,\ 73,00,00,00,72,00,65,00,64,00,62,00,6f,00,6f,00,6b,00,00,00,52,00,64,00,62,\ 00,73,00,73,00,00,00,52,00,61,00,73,00,4d,00,61,00,6e,00,00,00,52,00,61,00,\ 73,00,41,00,75,00,74,00,6f,00,00,00,71,00,76,00,5f,00,64,00,65,00,74,00,65,\ 00,63,00,74,00,00,00,71,00,6c,00,32,00,31,00,30,00,30,00,00,00,71,00,6c,00,\ 31,00,32,00,34,00,30,00,00,00,71,00,6c,00,31,00,30,00,77,00,6e,00,74,00,00,\ 00,71,00,6c,00,31,00,30,00,38,00,30,00,00,00,50,00,72,00,69,00,6e,00,74,00,\ 00,00,50,00,70,00,74,00,70,00,4d,00,69,00,6e,00,69,00,70,00,6f,00,72,00,74,\ 00,00,00,50,00,6f,00,6c,00,69,00,63,00,79,00,41,00,67,00,65,00,6e,00,74,00,\ 00,00,70,00,63,00,6d,00,63,00,69,00,61,00,00,00,70,00,63,00,69,00,69,00,64,\ 00,65,00,00,00,70,00,63,00,69,00,00,00,70,00,61,00,72,00,76,00,64,00,6d,00,\ 00,00,70,00,61,00,72,00,70,00,6f,00,72,00,74,00,00,00,70,00,61,00,72,00,61,\ 00,6c,00,6c,00,65,00,6c,00,00,00,4f,00,75,00,74,00,6c,00,6f,00,6f,00,6b,00,\ 20,00,45,00,78,00,70,00,72,00,65,00,73,00,73,00,20,00,36,00,00,00,4f,00,53,\ 00,50,00,46,00,4d,00,69,00,62,00,00,00,4f,00,53,00,50,00,46,00,00,00,6e,00,\ 76,00,00,00,6e,00,75,00,6c,00,6c,00,00,00,4e,00,74,00,53,00,65,00,72,00,76,\ 00,69,00,63,00,65,00,50,00,61,00,63,00,6b,00,00,00,4e,00,54,00,4d,00,53,00,\ 00,00,6e,00,74,00,66,00,73,00,00,00,6e,00,70,00,66,00,73,00,00,00,4e,00,65,\ 00,74,00,6c,00,6f,00,67,00,6f,00,6e,00,00,00,4e,00,65,00,74,00,44,00,44,00,\ 45,00,00,00,4e,00,65,00,74,00,42,00,54,00,00,00,4e,00,65,00,74,00,42,00,49,\ 00,4f,00,53,00,00,00,4e,00,64,00,69,00,73,00,57,00,61,00,6e,00,00,00,6e,00,\ 64,00,69,00,73,00,00,00,6e,00,63,00,72,00,63,00,37,00,31,00,30,00,00,00,4d,\ 00,75,00,70,00,00,00,6d,00,73,00,66,00,73,00,00,00,6d,00,73,00,61,00,64,00,\ 6c,00,69,00,62,00,00,00,4d,00,72,00,78,00,53,00,6d,00,62,00,00,00,6d,00,72,\ 00,61,00,69,00,64,00,33,00,35,00,78,00,00,00,6d,00,6f,00,75,00,63,00,6c,00,\ 61,00,73,00,73,00,00,00,4d,00,6f,00,64,00,65,00,6d,00,00,00,6d,00,67,00,61,\ 00,5f,00,64,00,65,00,74,00,65,00,63,00,74,00,00,00,4d,00,44,00,41,00,43,00,\ 00,00,4c,00,73,00,61,00,53,00,72,00,76,00,00,00,6c,00,70,00,36,00,6e,00,64,\ 00,73,00,33,00,35,00,00,00,4c,00,6d,00,48,00,6f,00,73,00,74,00,73,00,00,00,\ 4c,00,44,00,4d,00,53,00,00,00,4c,00,44,00,4d,00,00,00,6c,00,62,00,72,00,74,\ 00,66,00,64,00,63,00,00,00,4b,00,65,00,72,00,62,00,65,00,72,00,6f,00,73,00,\ 00,00,6b,00,62,00,64,00,63,00,6c,00,61,00,73,00,73,00,00,00,69,00,73,00,61,\ 00,70,00,6e,00,70,00,00,00,49,00,50,00,58,00,53,00,41,00,50,00,00,00,49,00,\ 50,00,58,00,52,00,6f,00,75,00,74,00,65,00,72,00,4d,00,61,00,6e,00,61,00,67,\ 00,65,00,72,00,00,00,49,00,50,00,58,00,52,00,49,00,50,00,00,00,49,00,50,00,\ 58,00,43,00,50,00,00,00,69,00,70,00,73,00,72,00,61,00,69,00,64,00,6e,00,00,\ 00,49,00,50,00,53,00,45,00,43,00,00,00,49,00,50,00,52,00,6f,00,75,00,74,00,\ 65,00,72,00,4d,00,61,00,6e,00,61,00,67,00,65,00,72,00,00,00,49,00,50,00,52,\ 00,49,00,50,00,32,00,00,00,49,00,50,00,4e,00,41,00,54,00,48,00,4c,00,50,00,\ 00,00,49,00,50,00,42,00,4f,00,4f,00,54,00,50,00,00,00,49,00,6e,00,74,00,65,\ 00,72,00,6e,00,65,00,74,00,20,00,45,00,78,00,70,00,6c,00,6f,00,72,00,65,00,\ 72,00,20,00,36,00,00,00,69,00,6e,00,74,00,65,00,6c,00,69,00,64,00,65,00,00,\ 00,69,00,6e,00,69,00,39,00,31,00,30,00,75,00,00,00,49,00,6d,00,61,00,67,00,\ 65,00,64,00,72,00,76,00,00,00,69,00,38,00,30,00,34,00,32,00,70,00,72,00,74,\ 00,00,00,66,00,74,00,64,00,69,00,73,00,6b,00,00,00,66,00,73,00,5f,00,72,00,\ 65,00,63,00,00,00,66,00,6c,00,70,00,79,00,64,00,69,00,73,00,6b,00,00,00,66,\ 00,6c,00,61,00,73,00,68,00,70,00,6e,00,74,00,00,00,66,00,69,00,72,00,65,00,\ 70,00,6f,00,72,00,74,00,00,00,46,00,69,00,70,00,73,00,00,00,66,00,64,00,63,\ 00,00,00,66,00,64,00,31,00,36,00,5f,00,37,00,30,00,30,00,00,00,66,00,62,00,\ 78,00,75,00,73,00,62,00,00,00,66,00,61,00,73,00,74,00,66,00,61,00,74,00,00,\ 00,65,00,76,00,65,00,6e,00,74,00,6c,00,6f,00,67,00,00,00,65,00,74,00,34,00,\ 30,00,30,00,30,00,5f,00,64,00,65,00,74,00,65,00,63,00,74,00,00,00,65,00,66,\ 00,73,00,00,00,44,00,6e,00,73,00,63,00,61,00,63,00,68,00,65,00,00,00,44,00,\ 6e,00,73,00,61,00,70,00,69,00,00,00,64,00,6d,00,69,00,6f,00,00,00,64,00,6d,\ 00,62,00,6f,00,6f,00,74,00,00,00,44,00,69,00,73,00,74,00,72,00,69,00,62,00,\ 75,00,74,00,65,00,64,00,20,00,4c,00,69,00,6e,00,6b,00,20,00,54,00,72,00,61,\ 00,63,00,6b,00,69,00,6e,00,67,00,20,00,43,00,6c,00,69,00,65,00,6e,00,74,00,\ 00,00,64,00,69,00,73,00,6b,00,70,00,65,00,72,00,66,00,00,00,64,00,69,00,73,\ 00,6b,00,00,00,44,00,68,00,63,00,70,00,00,00,44,00,66,00,73,00,53,00,76,00,\ 63,00,00,00,44,00,66,00,73,00,44,00,72,00,69,00,76,00,65,00,72,00,00,00,64,\ 00,65,00,63,00,6b,00,7a,00,70,00,73,00,78,00,00,00,44,00,43,00,4f,00,4d,00,\ 00,00,64,00,61,00,63,00,39,00,36,00,30,00,6e,00,74,00,00,00,63,00,70,00,71,\ 00,66,00,77,00,73,00,32,00,65,00,00,00,63,00,70,00,71,00,66,00,63,00,61,00,\ 6c,00,6d,00,00,00,63,00,70,00,71,00,61,00,72,00,72,00,79,00,32,00,00,00,63,\ 00,70,00,71,00,61,00,72,00,72,00,61,00,79,00,00,00,43,00,6c,00,75,00,73,00,\ 73,00,76,00,63,00,00,00,63,00,69,00,72,00,72,00,75,00,73,00,5f,00,64,00,65,\ 00,74,00,65,00,63,00,74,00,00,00,63,00,68,00,61,00,6e,00,67,00,65,00,72,00,\ 00,00,63,00,64,00,72,00,6f,00,6d,00,00,00,63,00,64,00,66,00,73,00,00,00,63,\ 00,64,00,61,00,75,00,64,00,69,00,6f,00,00,00,63,00,64,00,32,00,30,00,78,00,\ 72,00,6e,00,74,00,00,00,62,00,75,00,73,00,6c,00,6f,00,67,00,69,00,63,00,00,\ 00,42,00,72,00,6f,00,77,00,73,00,65,00,72,00,00,00,42,00,49,00,54,00,53,00,\ 00,00,62,00,65,00,65,00,70,00,00,00,41,00,74,00,6d,00,61,00,72,00,70,00,63,\ 00,00,00,61,00,74,00,69,00,5f,00,64,00,65,00,74,00,65,00,63,00,74,00,00,00,\ 61,00,74,00,64,00,69,00,73,00,6b,00,00,00,61,00,74,00,61,00,70,00,69,00,00,\ 00,41,00,73,00,79,00,6e,00,63,00,4d,00,61,00,63,00,00,00,61,00,73,00,63,00,\ 33,00,35,00,35,00,30,00,00,00,61,00,73,00,63,00,33,00,33,00,35,00,30,00,70,\ 00,00,00,61,00,73,00,63,00,00,00,41,00,70,00,70,00,6c,00,69,00,63,00,61,00,\ 74,00,69,00,6f,00,6e,00,20,00,50,00,6f,00,70,00,75,00,70,00,00,00,61,00,6d,\ 00,73,00,69,00,6e,00,74,00,00,00,61,00,6d,00,69,00,30,00,6e,00,74,00,00,00,\ 41,00,6c,00,65,00,72,00,74,00,65,00,72,00,00,00,61,00,69,00,63,00,37,00,38,\ 00,78,00,78,00,00,00,61,00,69,00,63,00,37,00,38,00,75,00,32,00,00,00,61,00,\ 69,00,63,00,31,00,31,00,36,00,78,00,00,00,61,00,68,00,61,00,31,00,35,00,34,\ 00,78,00,00,00,61,00,64,00,70,00,75,00,31,00,36,00,30,00,6d,00,00,00,61,00,\ 63,00,70,00,69,00,65,00,63,00,00,00,61,00,63,00,70,00,69,00,00,00,61,00,62,\ 00,70,00,34,00,38,00,30,00,6e,00,35,00,00,00,61,00,62,00,69,00,6f,00,73,00,\ 64,00,73,00,6b,00,00,00,53,00,79,00,73,00,74,00,65,00,6d,00,00,00,00,00 "EventMessageFile"="%systemroot%\\system32\\stisvc.exe" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\abiosdsk] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\abiosdsk] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\abp480n5] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\abp480n5] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\acpi] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\acpi] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\Drivers\acpi.sys "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,3b,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,\ 25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,72,\ 00,69,00,76,00,65,00,72,00,73,00,5c,00,61,00,63,00,70,00,69,00,2e,00,73,00,\ 79,00,73,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\acpiec] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\acpiec] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\Drivers\acpiec.sys "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,3b,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,\ 25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,72,\ 00,69,00,76,00,65,00,72,00,73,00,5c,00,61,00,63,00,70,00,69,00,65,00,63,00,\ 2e,00,73,00,79,00,73,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\adpu160m] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\adpu160m] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\aha154x] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\aha154x] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\aic116x] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\aic116x] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\aic78u2] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\aic78u2] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\aic78xx] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\aic78xx] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\Alerter] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\Alerter] ; Contents of value: ; %SystemRoot%\System32\netmsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,6e,00,65,00,74,00,6d,00,73,00,67,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\ami0nt] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\ami0nt] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\amsint] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\amsint] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\Application Popup] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\Application Popup] ; Contents of value: ; %SystemRoot%\System32\ntdll.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,6e,00,74,00,64,00,6c,00,6c,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\asc] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\asc] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\asc3350p] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\asc3350p] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\asc3550] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\asc3550] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\AsyncMac] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\AsyncMac] ; Contents of value: ; %SystemRoot%\System32\mprmsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,6d,00,70,00,72,00,6d,00,73,00,67,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\atapi] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\atapi] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\atdisk] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\atdisk] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\ati_detect] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\ati_detect] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\ati_det.sys "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,3b,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,\ 25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,64,00,72,\ 00,69,00,76,00,65,00,72,00,73,00,5c,00,61,00,74,00,69,00,5f,00,64,00,65,00,\ 74,00,2e,00,73,00,79,00,73,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\Atmarpc] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\Atmarpc] ; Contents of value: ; %SystemRoot%\System32\netevent.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,6e,00,65,00,74,00,65,00,76,00,65,00,6e,00,74,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\beep] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\beep] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\BITS] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\BITS] ; Contents of value: ; %systemroot%\system32\xpob2res.dll "EventMessageFile"=hex(2):25,00,73,00,79,00,73,00,74,00,65,00,6d,00,72,00,6f,\ 00,6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,78,00,70,00,6f,00,62,00,32,00,72,00,65,00,73,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\Browser] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\Browser] ; Contents of value: ; %SystemRoot%\System32\netevent.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,6e,00,65,00,74,00,65,00,76,00,65,00,6e,00,74,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\buslogic] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\buslogic] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\cd20xrnt] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\cd20xrnt] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\cdaudio] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\cdaudio] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\cdfs] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\cdfs] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\cdrom] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\cdrom] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\changer] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\changer] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\cirrus_detect] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\cirrus_detect] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\cirrus_det.sys "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,3b,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,\ 25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,64,00,72,\ 00,69,00,76,00,65,00,72,00,73,00,5c,00,63,00,69,00,72,00,72,00,75,00,73,00,\ 5f,00,64,00,65,00,74,00,2e,00,73,00,79,00,73,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\Clussvc] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\Clussvc] ; Contents of value: ; %systemroot%\cluster\clussvc.exe;%SystemRoot%\System32\sp3res.dll "EventMessageFile"=hex(2):25,00,73,00,79,00,73,00,74,00,65,00,6d,00,72,00,6f,\ 00,6f,00,74,00,25,00,5c,00,63,00,6c,00,75,00,73,00,74,00,65,00,72,00,5c,00,\ 63,00,6c,00,75,00,73,00,73,00,76,00,63,00,2e,00,65,00,78,00,65,00,3b,00,25,\ 00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,00,\ 53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,70,00,33,00,72,\ 00,65,00,73,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\cpqarray] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\cpqarray] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\cpqarry2] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\cpqarry2] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\cpqfcalm] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\cpqfcalm] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\cpqfws2e] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\cpqfws2e] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\dac960nt] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\dac960nt] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\DCOM] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\DCOM] ; Contents of value: ; %SystemRoot%\System32\netevent.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,6e,00,65,00,74,00,65,00,76,00,65,00,6e,00,74,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\deckzpsx] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\deckzpsx] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\DfsDriver] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\DfsDriver] ; Contents of value: ; %SystemRoot%\System32\netevent.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,6e,00,65,00,74,00,65,00,76,00,65,00,6e,00,74,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\DfsSvc] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\DfsSvc] ; Contents of value: ; %SystemRoot%\System32\netevent.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,6e,00,65,00,74,00,65,00,76,00,65,00,6e,00,74,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\Dhcp] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\Dhcp] ; Contents of value: ; %SystemRoot%\System32\dhcpcsvc.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,64,00,68,00,63,00,70,00,63,00,73,00,76,00,63,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\disk] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\disk] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\diskperf] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\diskperf] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\Distributed Link Tracking Client] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\Distributed Link Tracking Client] ; Contents of value: ; %SystemRoot%\System32\netevent.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,6e,00,65,00,74,00,65,00,76,00,65,00,6e,00,74,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\dmboot] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\dmboot] ; Contents of value: ; %SystemRoot%\System32\Drivers\dmboot.sys;%SystemRoot%\System32\sp2res.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,44,00,72,00,69,00,76,00,65,00,72,00,73,00,5c,00,64,00,6d,00,62,00,6f,\ 00,6f,00,74,00,2e,00,73,00,79,00,73,00,3b,00,25,00,53,00,79,00,73,00,74,00,\ 65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,\ 00,6d,00,33,00,32,00,5c,00,73,00,70,00,32,00,72,00,65,00,73,00,2e,00,64,00,\ 6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\dmio] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\dmio] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\Drivers\dmio.sys "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,3b,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,\ 25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,72,\ 00,69,00,76,00,65,00,72,00,73,00,5c,00,64,00,6d,00,69,00,6f,00,2e,00,73,00,\ 79,00,73,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\Dnsapi] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\Dnsapi] ; Contents of value: ; %SystemRoot%\System32\netevent.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,6e,00,65,00,74,00,65,00,76,00,65,00,6e,00,74,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\Dnscache] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\Dnscache] ; Contents of value: ; %SystemRoot%\System32\netevent.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,6e,00,65,00,74,00,65,00,76,00,65,00,6e,00,74,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\efs] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\efs] ; Contents of value: ; %SystemRoot%\System32\lsasrv.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,6c,00,73,00,61,00,73,00,72,00,76,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\et4000_detect] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\et4000_detect] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\et4000_det.sys "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,3b,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,\ 25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,64,00,72,\ 00,69,00,76,00,65,00,72,00,73,00,5c,00,65,00,74,00,34,00,30,00,30,00,30,00,\ 5f,00,64,00,65,00,74,00,2e,00,73,00,79,00,73,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\eventlog] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\eventlog] ; Contents of value: ; %SystemRoot%\System32\netevent.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,6e,00,65,00,74,00,65,00,76,00,65,00,6e,00,74,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\fastfat] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\fastfat] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\fbxusb] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\fbxusb] ; Contents of value: ; %SystemRoot%\System32\netevent.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,6e,00,65,00,74,00,65,00,76,00,65,00,6e,00,74,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\fd16_700] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\fd16_700] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\fdc] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\fdc] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\Drivers\fdc.sys "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,3b,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,\ 25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,72,\ 00,69,00,76,00,65,00,72,00,73,00,5c,00,66,00,64,00,63,00,2e,00,73,00,79,00,\ 73,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\Fips] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\Fips] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\Drivers\fips.sys "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,3b,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,\ 25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,72,\ 00,69,00,76,00,65,00,72,00,73,00,5c,00,66,00,69,00,70,00,73,00,2e,00,73,00,\ 79,00,73,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\fireport] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\fireport] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\flashpnt] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\flashpnt] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\flpydisk] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\flpydisk] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\Drivers\flpydisk.sys "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,3b,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,\ 25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,72,\ 00,69,00,76,00,65,00,72,00,73,00,5c,00,66,00,6c,00,70,00,79,00,64,00,69,00,\ 73,00,6b,00,2e,00,73,00,79,00,73,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\fs_rec] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\fs_rec] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\ftdisk] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\ftdisk] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\Drivers\FtDisk.sys "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,3b,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,\ 25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,72,\ 00,69,00,76,00,65,00,72,00,73,00,5c,00,46,00,74,00,44,00,69,00,73,00,6b,00,\ 2e,00,73,00,79,00,73,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\i8042prt] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\i8042prt] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\i8042prt.sys "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,3b,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,\ 25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,64,00,72,\ 00,69,00,76,00,65,00,72,00,73,00,5c,00,69,00,38,00,30,00,34,00,32,00,70,00,\ 72,00,74,00,2e,00,73,00,79,00,73,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\Imagedrv] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\Imagedrv] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\ini910u] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\ini910u] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\intelide] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\intelide] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\Drivers\IntelIde.sys "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,3b,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,\ 25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,72,\ 00,69,00,76,00,65,00,72,00,73,00,5c,00,49,00,6e,00,74,00,65,00,6c,00,49,00,\ 64,00,65,00,2e,00,73,00,79,00,73,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\Internet Explorer 6] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\Internet Explorer 6] ; Contents of value: ; %SystemRoot%\System32\spmsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,73,00,70,00,6d,00,73,00,67,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\IPBOOTP] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\IPBOOTP] ; Contents of value: ; %SystemRoot%\System32\ipbootp.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,69,00,70,00,62,00,6f,00,6f,00,74,00,70,00,2e,00,64,00,6c,00,6c,00,00,\ 00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\IPNATHLP] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\IPNATHLP] ; Contents of value: ; %SystemRoot%\System32\ipnathlp.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,69,00,70,00,6e,00,61,00,74,00,68,00,6c,00,70,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\IPRIP2] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\IPRIP2] ; Contents of value: ; %SystemRoot%\System32\iprip2.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,69,00,70,00,72,00,69,00,70,00,32,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\IPRouterManager] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\IPRouterManager] ; Contents of value: ; %SystemRoot%\System32\mprmsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,6d,00,70,00,72,00,6d,00,73,00,67,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\IPSEC] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\IPSEC] ; Contents of value: ; %SystemRoot%\System32\netevent.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,6e,00,65,00,74,00,65,00,76,00,65,00,6e,00,74,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\ipsraidn] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\ipsraidn] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\IPXCP] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\IPXCP] ; Contents of value: ; %SystemRoot%\System32\mprmsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,6d,00,70,00,72,00,6d,00,73,00,67,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\IPXRIP] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\IPXRIP] ; Contents of value: ; %SystemRoot%\System32\mprmsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,6d,00,70,00,72,00,6d,00,73,00,67,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\IPXRouterManager] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\IPXRouterManager] ; Contents of value: ; %SystemRoot%\System32\mprmsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,6d,00,70,00,72,00,6d,00,73,00,67,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\IPXSAP] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\IPXSAP] ; Contents of value: ; %SystemRoot%\System32\mprmsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,6d,00,70,00,72,00,6d,00,73,00,67,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\isapnp] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\isapnp] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\isapnp.sys "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,3b,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,\ 25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,64,00,72,\ 00,69,00,76,00,65,00,72,00,73,00,5c,00,69,00,73,00,61,00,70,00,6e,00,70,00,\ 2e,00,73,00,79,00,73,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\kbdclass] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\kbdclass] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\kbdclass.sys "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,3b,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,\ 25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,64,00,72,\ 00,69,00,76,00,65,00,72,00,73,00,5c,00,6b,00,62,00,64,00,63,00,6c,00,61,00,\ 73,00,73,00,2e,00,73,00,79,00,73,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\Kerberos] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\Kerberos] ; Contents of value: ; %SystemRoot%\System32\kerberos.dll;%SystemRoot%\System32\sp3res.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,6b,00,65,00,72,00,62,00,65,00,72,00,6f,00,73,00,2e,00,64,00,6c,00,6c,\ 00,3b,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,\ 25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,70,\ 00,33,00,72,00,65,00,73,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\lbrtfdc] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\lbrtfdc] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\Drivers\lbrtfdc.sys "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,3b,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,\ 25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,72,\ 00,69,00,76,00,65,00,72,00,73,00,5c,00,6c,00,62,00,72,00,74,00,66,00,64,00,\ 63,00,2e,00,73,00,79,00,73,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\LDM] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\LDM] ; Contents of value: ; %SystemRoot%\System32\dmadmin.exe "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,64,00,6d,00,61,00,64,00,6d,00,69,00,6e,00,2e,00,65,00,78,00,65,00,00,\ 00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\LDMS] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\LDMS] ; Contents of value: ; %SystemRoot%\System32\dmserver.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,64,00,6d,00,73,00,65,00,72,00,76,00,65,00,72,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\LmHosts] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\LmHosts] ; Contents of value: ; %SystemRoot%\System32\netevent.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,6e,00,65,00,74,00,65,00,76,00,65,00,6e,00,74,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\lp6nds35] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\lp6nds35] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\LsaSrv] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\LsaSrv] ; Contents of value: ; %SystemRoot%\System32\lsasrv.dll;%SystemRoot%\System32\sp3res.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,6c,00,73,00,61,00,73,00,72,00,76,00,2e,00,64,00,6c,00,6c,00,3b,00,25,\ 00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,00,\ 53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,70,00,33,00,72,\ 00,65,00,73,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\MDAC] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\MDAC] ; Contents of value: ; %SystemRoot%\System32\spmsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,73,00,70,00,6d,00,73,00,67,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\mga_detect] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\mga_detect] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\mga_det.sys "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,3b,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,\ 25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,64,00,72,\ 00,69,00,76,00,65,00,72,00,73,00,5c,00,6d,00,67,00,61,00,5f,00,64,00,65,00,\ 74,00,2e,00,73,00,79,00,73,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\Modem] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\Modem] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\Drivers\Modem.sys "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,3b,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,\ 25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,72,\ 00,69,00,76,00,65,00,72,00,73,00,5c,00,4d,00,6f,00,64,00,65,00,6d,00,2e,00,\ 73,00,79,00,73,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\mouclass] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\mouclass] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\mouclass.sys "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,3b,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,\ 25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,64,00,72,\ 00,69,00,76,00,65,00,72,00,73,00,5c,00,6d,00,6f,00,75,00,63,00,6c,00,61,00,\ 73,00,73,00,2e,00,73,00,79,00,73,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\mraid35x] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\mraid35x] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\MrxSmb] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\MrxSmb] ; Contents of value: ; %SystemRoot%\System32\netevent.dll;%SystemRoot%\System32\iologmsg.dll;%SystemRoot%\System32\sp3res.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,6e,00,65,00,74,00,65,00,76,00,65,00,6e,00,74,00,2e,00,64,00,6c,00,6c,\ 00,3b,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,\ 25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,69,00,6f,\ 00,6c,00,6f,00,67,00,6d,00,73,00,67,00,2e,00,64,00,6c,00,6c,00,3b,00,25,00,\ 53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,00,53,\ 00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,70,00,33,00,72,00,\ 65,00,73,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\msadlib] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\msadlib] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\msfs] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\msfs] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\Mup] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\Mup] ; Contents of value: ; %SystemRoot%\System32\netevent.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,6e,00,65,00,74,00,65,00,76,00,65,00,6e,00,74,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\ncrc710] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\ncrc710] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\ndis] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\ndis] ; Contents of value: ; %SystemRoot%\System32\netevent.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,6e,00,65,00,74,00,65,00,76,00,65,00,6e,00,74,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\NdisWan] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\NdisWan] ; Contents of value: ; %SystemRoot%\System32\mprmsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,6d,00,70,00,72,00,6d,00,73,00,67,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\NetBIOS] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\NetBIOS] ; Contents of value: ; %SystemRoot%\System32\iologmsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,69,00,6f,00,6c,00,6f,00,67,00,6d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\NetBT] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\NetBT] ; Contents of value: ; %SystemRoot%\System32\netevent.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,6e,00,65,00,74,00,65,00,76,00,65,00,6e,00,74,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\NetDDE] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\NetDDE] ; Contents of value: ; %SystemRoot%\System32\netdde.exe "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,6e,00,65,00,74,00,64,00,64,00,65,00,2e,00,65,00,78,00,65,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\Netlogon] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\Netlogon] ; Contents of value: ; %SystemRoot%\System32\netmsg.dll;%SystemRoot%\System32\sp3res.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,6e,00,65,00,74,00,6d,00,73,00,67,00,2e,00,64,00,6c,00,6c,00,3b,00,25,\ 00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,00,\ 53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,70,00,33,00,72,\ 00,65,00,73,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\npfs] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\npfs] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\ntfs] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\ntfs] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\NTMS] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\NTMS] ; Contents of value: ; %SystemRoot%\system32\NtmsEvt.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,4e,00,74,00,6d,00,73,00,45,00,76,00,74,00,2e,00,64,00,6c,00,6c,00,00,\ 00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\NtServicePack] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\NtServicePack] ; Contents of value: ; %SystemRoot%\System32\spmsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,73,00,70,00,6d,00,73,00,67,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\null] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\null] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\nv] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\nv] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\nv4_mini.sys "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,3b,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,\ 25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,64,00,72,\ 00,69,00,76,00,65,00,72,00,73,00,5c,00,6e,00,76,00,34,00,5f,00,6d,00,69,00,\ 6e,00,69,00,2e,00,73,00,79,00,73,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\OSPF] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\OSPF] ; Contents of value: ; %SystemRoot%\System32\ospf.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,6f,00,73,00,70,00,66,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\OSPFMib] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\OSPFMib] ; Contents of value: ; %SystemRoot%\System32\ospfmib.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,6f,00,73,00,70,00,66,00,6d,00,69,00,62,00,2e,00,64,00,6c,00,6c,00,00,\ 00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\Outlook Express 6] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\Outlook Express 6] ; Contents of value: ; %SystemRoot%\System32\spmsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,73,00,70,00,6d,00,73,00,67,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\parallel] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\parallel] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\parallel.sys "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,3b,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,\ 25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,64,00,72,\ 00,69,00,76,00,65,00,72,00,73,00,5c,00,70,00,61,00,72,00,61,00,6c,00,6c,00,\ 65,00,6c,00,2e,00,73,00,79,00,73,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\parport] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\parport] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\parport.sys "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,3b,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,\ 25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,64,00,72,\ 00,69,00,76,00,65,00,72,00,73,00,5c,00,70,00,61,00,72,00,70,00,6f,00,72,00,\ 74,00,2e,00,73,00,79,00,73,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\parvdm] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\parvdm] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\Drivers\ParVdm.sys "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,3b,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,\ 25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,72,\ 00,69,00,76,00,65,00,72,00,73,00,5c,00,50,00,61,00,72,00,56,00,64,00,6d,00,\ 2e,00,73,00,79,00,73,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\pci] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\pci] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\Drivers\Pci.sys "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,3b,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,\ 25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,72,\ 00,69,00,76,00,65,00,72,00,73,00,5c,00,50,00,63,00,69,00,2e,00,73,00,79,00,\ 73,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\pciide] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\pciide] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\Drivers\PciIde.sys "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,3b,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,\ 25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,72,\ 00,69,00,76,00,65,00,72,00,73,00,5c,00,50,00,63,00,69,00,49,00,64,00,65,00,\ 2e,00,73,00,79,00,73,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\pcmcia] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\pcmcia] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\Drivers\Pcmcia.sys "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,3b,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,\ 25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,72,\ 00,69,00,76,00,65,00,72,00,73,00,5c,00,50,00,63,00,6d,00,63,00,69,00,61,00,\ 2e,00,73,00,79,00,73,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\PolicyAgent] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\PolicyAgent] ; Contents of value: ; %SystemRoot%\System32\polagent.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,70,00,6f,00,6c,00,61,00,67,00,65,00,6e,00,74,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\PptpMiniport] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\PptpMiniport] ; Contents of value: ; %SystemRoot%\System32\netevent.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,6e,00,65,00,74,00,65,00,76,00,65,00,6e,00,74,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\Print] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\Print] ; Contents of value: ; %SystemRoot%\System32\LocalSpl.dll;%SystemRoot%\System32\sp3res.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,4c,00,6f,00,63,00,61,00,6c,00,53,00,70,00,6c,00,2e,00,64,00,6c,00,6c,\ 00,3b,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,\ 25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,70,\ 00,33,00,72,00,65,00,73,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\ql1080] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\ql1080] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\ql10wnt] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\ql10wnt] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\ql1240] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\ql1240] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\ql2100] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\ql2100] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\qv_detect] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\qv_detect] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\qv_det.sys "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,3b,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,\ 25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,64,00,72,\ 00,69,00,76,00,65,00,72,00,73,00,5c,00,71,00,76,00,5f,00,64,00,65,00,74,00,\ 2e,00,73,00,79,00,73,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\RasAuto] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\RasAuto] ; Contents of value: ; %SystemRoot%\System32\mprmsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,6d,00,70,00,72,00,6d,00,73,00,67,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\RasMan] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\RasMan] ; Contents of value: ; %SystemRoot%\System32\mprmsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,6d,00,70,00,72,00,6d,00,73,00,67,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\Rdbss] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\Rdbss] ; Contents of value: ; %SystemRoot%\System32\netevent.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,6e,00,65,00,74,00,65,00,76,00,65,00,6e,00,74,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\redbook] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\redbook] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\redbook.sys "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,3b,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,\ 25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,64,00,72,\ 00,69,00,76,00,65,00,72,00,73,00,5c,00,72,00,65,00,64,00,62,00,6f,00,6f,00,\ 6b,00,2e,00,73,00,79,00,73,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\RemoteAccess] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\RemoteAccess] ; Contents of value: ; %SystemRoot%\System32\mprmsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,6d,00,70,00,72,00,6d,00,73,00,67,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\Removable Storage Service] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\Removable Storage Service] ; Contents of value: ; %SystemRoot%\System32\NTMSEVT.DLL "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,4e,00,54,00,4d,00,53,00,45,00,56,00,54,00,2e,00,44,00,4c,00,4c,00,00,\ 00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\RSVP] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\RSVP] ; Contents of value: ; %SystemRoot%\System32\rsvpmsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,72,00,73,00,76,00,70,00,6d,00,73,00,67,00,2e,00,64,00,6c,00,6c,00,00,\ 00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\rtl8139] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\rtl8139] ; Contents of value: ; %SystemRoot%\System32\netevent.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,6e,00,65,00,74,00,65,00,76,00,65,00,6e,00,74,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\s3legacy_detect] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\s3legacy_detect] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\s3legacy_det.sys "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,3b,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,\ 25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,64,00,72,\ 00,69,00,76,00,65,00,72,00,73,00,5c,00,73,00,33,00,6c,00,65,00,67,00,61,00,\ 63,00,79,00,5f,00,64,00,65,00,74,00,2e,00,73,00,79,00,73,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\SAM] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\SAM] ; Contents of value: ; %SystemRoot%\System32\samsrv.dll;%SystemRoot%\System32\sp3res.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,73,00,61,00,6d,00,73,00,72,00,76,00,2e,00,64,00,6c,00,6c,00,3b,00,25,\ 00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,00,\ 53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,70,00,33,00,72,\ 00,65,00,73,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\Save Dump] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\Save Dump] ; Contents of value: ; %SystemRoot%\System32\SaveDump.exe "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,53,00,61,00,76,00,65,00,44,00,75,00,6d,00,70,00,2e,00,65,00,78,00,65,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\SCardSvr] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\SCardSvr] ; Contents of value: ; %SystemRoot%\System32\SCardSvr.exe "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,53,00,43,00,61,00,72,00,64,00,53,00,76,00,72,00,2e,00,65,00,78,00,65,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\Schannel] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\Schannel] ; Contents of value: ; %SystemRoot%\system32\lsasrv.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,6c,00,73,00,61,00,73,00,72,00,76,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\Schedule] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\Schedule] ; Contents of value: ; %SystemRoot%\System32\netevent.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,6e,00,65,00,74,00,65,00,76,00,65,00,6e,00,74,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\scsiport] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\scsiport] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\serial] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\serial] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\serial.sys "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,3b,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,\ 25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,64,00,72,\ 00,69,00,76,00,65,00,72,00,73,00,5c,00,73,00,65,00,72,00,69,00,61,00,6c,00,\ 2e,00,73,00,79,00,73,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\Server] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\Server] ; Contents of value: ; %SystemRoot%\System32\netevent.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,6e,00,65,00,74,00,65,00,76,00,65,00,6e,00,74,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\Service Control Manager] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\Service Control Manager] ; Contents of value: ; %systemroot%\system32\netevent.dll;%systemroot%\system32\sp3res.dll "EventMessageFile"=hex(2):25,00,73,00,79,00,73,00,74,00,65,00,6d,00,72,00,6f,\ 00,6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,6e,00,65,00,74,00,65,00,76,00,65,00,6e,00,74,00,2e,00,64,00,6c,00,6c,\ 00,3b,00,25,00,73,00,79,00,73,00,74,00,65,00,6d,00,72,00,6f,00,6f,00,74,00,\ 25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,70,\ 00,33,00,72,00,65,00,73,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\sfloppy] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\sfloppy] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\sglfb] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\sglfb] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\Drivers\sglfb.sys "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,3b,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,\ 25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,72,\ 00,69,00,76,00,65,00,72,00,73,00,5c,00,73,00,67,00,6c,00,66,00,62,00,2e,00,\ 73,00,79,00,73,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\Simbad] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\Simbad] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\sndblst] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\sndblst] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\sparrow] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\sparrow] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\sptd] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\sptd] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\Srv] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\Srv] ; Contents of value: ; %SystemRoot%\System32\netevent.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,6e,00,65,00,74,00,65,00,76,00,65,00,6e,00,74,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\StillImage] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\StillImage] ; Contents of value: ; %SystemRoot%\System32\stisvc.exe "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,73,00,74,00,69,00,73,00,76,00,63,00,2e,00,65,00,78,00,65,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\symc810] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\symc810] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\symc8xx] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\symc8xx] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\sym_hi] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\sym_hi] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\System] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\Tcpip] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\Tcpip] ; Contents of value: ; %SystemRoot%\System32\netevent.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,6e,00,65,00,74,00,65,00,76,00,65,00,6e,00,74,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\TCPMon] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\TCPMon] "EventMessageFile"="%SystemRoot%\\System32\\tcpmon.dll" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\tdi] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\tdi] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\TermService] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\TermService] ; Contents of value: ; %SystemRoot%\System32\termsrv.exe;%SystemRoot%\System32\ntdll.dll;%SystemRoot%\System32\sp3res.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,74,00,65,00,72,00,6d,00,73,00,72,00,76,00,2e,00,65,00,78,00,65,00,3b,\ 00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,\ 5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,6e,00,74,00,64,\ 00,6c,00,6c,00,2e,00,64,00,6c,00,6c,00,3b,00,25,00,53,00,79,00,73,00,74,00,\ 65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,\ 00,6d,00,33,00,32,00,5c,00,73,00,70,00,33,00,72,00,65,00,73,00,2e,00,64,00,\ 6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\udfs] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\udfs] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\ultra66] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\ultra66] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\UPS] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\UPS] ; Contents of value: ; %SystemRoot%\System32\netmsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,6e,00,65,00,74,00,6d,00,73,00,67,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\vaxscsi] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\vaxscsi] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\VgaSave] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\VgaSave] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\Drivers\vga.sys "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,3b,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,\ 25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,72,\ 00,69,00,76,00,65,00,72,00,73,00,5c,00,76,00,67,00,61,00,2e,00,73,00,79,00,\ 73,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\W32Time] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\W32Time] ; Contents of value: ; %SystemRoot%\System32\w32time.dll;%SystemRoot%\System32\sp3res.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,77,00,33,00,32,00,74,00,69,00,6d,00,65,00,2e,00,64,00,6c,00,6c,00,3b,\ 00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,\ 5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,70,00,33,\ 00,72,00,65,00,73,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\wdvga_detect] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\wdvga_detect] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\wdvga_det.sys "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,3b,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,\ 25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,64,00,72,\ 00,69,00,76,00,65,00,72,00,73,00,5c,00,77,00,64,00,76,00,67,00,61,00,5f,00,\ 64,00,65,00,74,00,2e,00,73,00,79,00,73,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\weitekp9_detect] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\weitekp9_detect] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\weitekp9_det.sys "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,3b,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,\ 25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,64,00,72,\ 00,69,00,76,00,65,00,72,00,73,00,5c,00,77,00,65,00,69,00,74,00,65,00,6b,00,\ 70,00,39,00,5f,00,64,00,65,00,74,00,2e,00,73,00,79,00,73,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\Win32k] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\Win32k] ; Contents of value: ; %SystemRoot%\System32\win32k.sys "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,77,00,69,00,6e,00,33,00,32,00,6b,00,2e,00,73,00,79,00,73,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\Windows File Protection] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\Windows File Protection] ; Contents of value: ; %SystemRoot%\System32\sfc.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,73,00,66,00,63,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\Windows Installer 3.0] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\Windows Installer 3.0] ; Contents of value: ; %SystemRoot%\System32\spmsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,73,00,70,00,6d,00,73,00,67,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\Windows Installer 3.1] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\Windows Installer 3.1] ; Contents of value: ; %SystemRoot%\System32\spmsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,73,00,70,00,6d,00,73,00,67,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\Windows Script Host] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\Windows Script Host] ; Contents of value: ; %SystemRoot%\System32\wshext.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,77,00,73,00,68,00,65,00,78,00,74,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\Windows Update Agent] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\Windows Update Agent] ; Contents of value: ; %SystemRoot%\system32\wuaucpl.cpl "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,77,00,75,00,61,00,75,00,63,00,70,00,6c,00,2e,00,63,00,70,00,6c,00,00,\ 00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\WindowsMedia] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\WindowsMedia] ; Contents of value: ; %SystemRoot%\System32\spmsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,73,00,70,00,6d,00,73,00,67,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\Wmi] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\Wmi] ; Contents of value: ; %SystemRoot%\System32\netevent.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,6e,00,65,00,74,00,65,00,76,00,65,00,6e,00,74,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\Workstation] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\Workstation] ; Contents of value: ; %SystemRoot%\System32\netmsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,6e,00,65,00,74,00,6d,00,73,00,67,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\WZCSVC] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\WZCSVC] ; Contents of value: ; %SystemRoot%\System32\wzcsvc.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,77,00,7a,00,63,00,73,00,76,00,63,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\EventSystem] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\EventSystem\Parameters] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\EventSystem\Security] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\NdisTapi\Parameters] "AsyncEventQueueSize"=dword:00000300 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Npfs\Aliases] ; Contents of value: ; srvsvc ; wkssvc ; eventlog ; browser ; msgsvc ; svcctl ; w32time ; "ntsvcs"=hex(7):73,00,72,00,76,00,73,00,76,00,63,00,00,00,77,00,6b,00,73,00,73,\ 00,76,00,63,00,00,00,65,00,76,00,65,00,6e,00,74,00,6c,00,6f,00,67,00,00,00,\ 62,00,72,00,6f,00,77,00,73,00,65,00,72,00,00,00,6d,00,73,00,67,00,73,00,76,\ 00,63,00,00,00,73,00,76,00,63,00,63,00,74,00,6c,00,00,00,77,00,33,00,32,00,\ 74,00,69,00,6d,00,65,00,00,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\RemoteAccess\Policy\Pipelines1] "Events"="" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\RemoteAccess\Policy\Pipelines1\Stages1] "Events"="" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\RemoteAccess\Policy\Pipelines1\Stages1\RequestHandlers\12] "Events"="1" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\RemoteAccess\Policy\Pipelines1\Stages2] "Events"="" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\RemoteAccess\Policy\Pipelines1\Stages2\RequestHandlers1] "Events"="1" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\RemoteAccess\Policy\Pipelines1\Stages2\RequestHandlers3] "Events"="1 4" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\RemoteAccess\Policy\Pipelines1\Stages3] "Events"="" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\RemoteAccess\Policy\Pipelines1\Stages3\RequestHandlers7] "Events"="1 2" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\RemoteAccess\Policy\Pipelines1\Stages4] "Events"="" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\RemoteAccess\Policy\Pipelines1\Stages4\RequestHandlers6] "Events"="1 2" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\RemoteAccess\Policy\Pipelines2] "Events"="" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\RemoteAccess\Policy\Pipelines2\Stages5] "Events"="" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\RemoteAccess\Policy\Pipelines2\Stages5\RequestHandlers\10] "Events"="1" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\RemoteAccess\Policy\Pipelines3] "Events"="" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\RemoteAccess\Policy\Pipelines3\Stages6] "Events"="" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\RemoteAccess\Policy\Pipelines3\Stages6\RequestHandlers4] "Events"="1 4" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\RemoteAccess\Policy\Pipelines3\Stages6\RequestHandlers\11] "Events"="1" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\RemoteAccess\Policy\Pipelines3\Stages7] "Events"="" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\RemoteAccess\Policy\Pipelines3\Stages7\RequestHandlers2] "Events"="1" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\RemoteAccess\Policy\Pipelines3\Stages7\RequestHandlers9] "Events"="1 4" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\RemoteAccess\Policy\Pipelines3\Stages8] "Events"="" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\RemoteAccess\Policy\Pipelines3\Stages8\RequestHandlers5] "Events"="1" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SENS] ; Contents of value: ; EventSystem ; "DependOnService"=hex(7):45,00,76,00,65,00,6e,00,74,00,53,00,79,00,73,00,74,00,\ 65,00,6d,00,00,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SharedAccess] "Description"="Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network." [HKEY_LOCAL_MACHINE\SYSTEM\Setup\AllowStart\EventLog] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{6BDD1FC6-810F-11D0-BEC7-08002BE2092F}00\Events] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{6BDD1FC6-810F-11D0-BEC7-08002BE2092F}00\Events\PushButtonPushed1] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{6BDD1FC6-810F-11D0-BEC7-08002BE2092F}00\Events\PushButtonPushed2] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{6BDD1FC6-810F-11D0-BEC7-08002BE2092F}00\Events\PushButtonPushed3] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{6BDD1FC6-810F-11D0-BEC7-08002BE2092F}01\Events] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{6BDD1FC6-810F-11D0-BEC7-08002BE2092F}01\Events\CameraDetected] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\ContentIndex] "EventLogFlags"=dword:00000002 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CrashControl] "LogEvent"=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Providers] "EventLog"=dword:0000001b [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EventLog] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\EventLog] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurePipeServers\winreg\AllowedPaths] ; Contents of value: ; System\CurrentControlSet\Control\ProductOptions ; System\CurrentControlSet\Control\Print\Printers ; System\CurrentControlSet\Control\Server Applications ; System\CurrentControlSet\Services\Eventlog ; Software\Microsoft\OLAP Server ; Software\Microsoft\Windows NT\CurrentVersion ; "Machine"=hex(7):53,00,79,00,73,00,74,00,65,00,6d,00,5c,00,43,00,75,00,72,00,\ 72,00,65,00,6e,00,74,00,43,00,6f,00,6e,00,74,00,72,00,6f,00,6c,00,53,00,65,\ 00,74,00,5c,00,43,00,6f,00,6e,00,74,00,72,00,6f,00,6c,00,5c,00,50,00,72,00,\ 6f,00,64,00,75,00,63,00,74,00,4f,00,70,00,74,00,69,00,6f,00,6e,00,73,00,00,\ 00,53,00,79,00,73,00,74,00,65,00,6d,00,5c,00,43,00,75,00,72,00,72,00,65,00,\ 6e,00,74,00,43,00,6f,00,6e,00,74,00,72,00,6f,00,6c,00,53,00,65,00,74,00,5c,\ 00,43,00,6f,00,6e,00,74,00,72,00,6f,00,6c,00,5c,00,50,00,72,00,69,00,6e,00,\ 74,00,5c,00,50,00,72,00,69,00,6e,00,74,00,65,00,72,00,73,00,00,00,53,00,79,\ 00,73,00,74,00,65,00,6d,00,5c,00,43,00,75,00,72,00,72,00,65,00,6e,00,74,00,\ 43,00,6f,00,6e,00,74,00,72,00,6f,00,6c,00,53,00,65,00,74,00,5c,00,43,00,6f,\ 00,6e,00,74,00,72,00,6f,00,6c,00,5c,00,53,00,65,00,72,00,76,00,65,00,72,00,\ 20,00,41,00,70,00,70,00,6c,00,69,00,63,00,61,00,74,00,69,00,6f,00,6e,00,73,\ 00,00,00,53,00,79,00,73,00,74,00,65,00,6d,00,5c,00,43,00,75,00,72,00,72,00,\ 65,00,6e,00,74,00,43,00,6f,00,6e,00,74,00,72,00,6f,00,6c,00,53,00,65,00,74,\ 00,5c,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,73,00,5c,00,45,00,76,00,\ 65,00,6e,00,74,00,6c,00,6f,00,67,00,00,00,53,00,6f,00,66,00,74,00,77,00,61,\ 00,72,00,65,00,5c,00,4d,00,69,00,63,00,72,00,6f,00,73,00,6f,00,66,00,74,00,\ 5c,00,4f,00,4c,00,41,00,50,00,20,00,53,00,65,00,72,00,76,00,65,00,72,00,00,\ 00,53,00,6f,00,66,00,74,00,77,00,61,00,72,00,65,00,5c,00,4d,00,69,00,63,00,\ 72,00,6f,00,73,00,6f,00,66,00,74,00,5c,00,57,00,69,00,6e,00,64,00,6f,00,77,\ 00,73,00,20,00,4e,00,54,00,5c,00,43,00,75,00,72,00,72,00,65,00,6e,00,74,00,\ 56,00,65,00,72,00,73,00,69,00,6f,00,6e,00,00,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL] "EventLogging"=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\ServiceGroupOrder] ; Contents of value: ; System Reserved ; Boot Bus Extender ; System Bus Extender ; SCSI miniport ; port ; Primary disk ; SCSI class ; SCSI CDROM class ; FSFilter Infrastructure ; FSFilter System ; FSFilter Bottom ; FSFilter Copy Protection ; FSFilter Security Enhancer ; FSFilter Open File ; FSFilter Physical Quota Management ; FSFilter Encryption ; FSFilter Compression ; FSFilter HSM ; FSFilter Cluster File System ; FSFilter System Recovery ; FSFilter Quota Management ; FSFilter Content Screener ; FSFilter Continuous Backup ; FSFilter Replication ; FSFilter Anti-Virus ; FSFilter Undelete ; FSFilter Activity Monitor ; FSFilter Top ; filter ; boot file system ; Base ; Pointer Port ; Keyboard Port ; Pointer Class ; Keyboard Class ; Video Init ; Video ; Video Save ; file system ; Event log ; Streams Drivers ; NDIS Wrapper ; PNP_TDI ; NDIS ; TDI ; NetBIOSGroup ; PlugPlay ; SpoolerGroup ; NetDDEGroup ; Parallel arbitrator ; extended base ; RemoteValidation ; PCI Configuration ; "List"=hex(7):53,00,79,00,73,00,74,00,65,00,6d,00,20,00,52,00,65,00,73,00,65,\ 00,72,00,76,00,65,00,64,00,00,00,42,00,6f,00,6f,00,74,00,20,00,42,00,75,00,\ 73,00,20,00,45,00,78,00,74,00,65,00,6e,00,64,00,65,00,72,00,00,00,53,00,79,\ 00,73,00,74,00,65,00,6d,00,20,00,42,00,75,00,73,00,20,00,45,00,78,00,74,00,\ 65,00,6e,00,64,00,65,00,72,00,00,00,53,00,43,00,53,00,49,00,20,00,6d,00,69,\ 00,6e,00,69,00,70,00,6f,00,72,00,74,00,00,00,70,00,6f,00,72,00,74,00,00,00,\ 50,00,72,00,69,00,6d,00,61,00,72,00,79,00,20,00,64,00,69,00,73,00,6b,00,00,\ 00,53,00,43,00,53,00,49,00,20,00,63,00,6c,00,61,00,73,00,73,00,00,00,53,00,\ 43,00,53,00,49,00,20,00,43,00,44,00,52,00,4f,00,4d,00,20,00,63,00,6c,00,61,\ 00,73,00,73,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,\ 49,00,6e,00,66,00,72,00,61,00,73,00,74,00,72,00,75,00,63,00,74,00,75,00,72,\ 00,65,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,53,00,\ 79,00,73,00,74,00,65,00,6d,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,65,\ 00,72,00,20,00,42,00,6f,00,74,00,74,00,6f,00,6d,00,00,00,46,00,53,00,46,00,\ 69,00,6c,00,74,00,65,00,72,00,20,00,43,00,6f,00,70,00,79,00,20,00,50,00,72,\ 00,6f,00,74,00,65,00,63,00,74,00,69,00,6f,00,6e,00,00,00,46,00,53,00,46,00,\ 69,00,6c,00,74,00,65,00,72,00,20,00,53,00,65,00,63,00,75,00,72,00,69,00,74,\ 00,79,00,20,00,45,00,6e,00,68,00,61,00,6e,00,63,00,65,00,72,00,00,00,46,00,\ 53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,4f,00,70,00,65,00,6e,00,20,\ 00,46,00,69,00,6c,00,65,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,65,00,\ 72,00,20,00,50,00,68,00,79,00,73,00,69,00,63,00,61,00,6c,00,20,00,51,00,75,\ 00,6f,00,74,00,61,00,20,00,4d,00,61,00,6e,00,61,00,67,00,65,00,6d,00,65,00,\ 6e,00,74,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,45,\ 00,6e,00,63,00,72,00,79,00,70,00,74,00,69,00,6f,00,6e,00,00,00,46,00,53,00,\ 46,00,69,00,6c,00,74,00,65,00,72,00,20,00,43,00,6f,00,6d,00,70,00,72,00,65,\ 00,73,00,73,00,69,00,6f,00,6e,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,\ 65,00,72,00,20,00,48,00,53,00,4d,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,\ 00,65,00,72,00,20,00,43,00,6c,00,75,00,73,00,74,00,65,00,72,00,20,00,46,00,\ 69,00,6c,00,65,00,20,00,53,00,79,00,73,00,74,00,65,00,6d,00,00,00,46,00,53,\ 00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,53,00,79,00,73,00,74,00,65,00,\ 6d,00,20,00,52,00,65,00,63,00,6f,00,76,00,65,00,72,00,79,00,00,00,46,00,53,\ 00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,51,00,75,00,6f,00,74,00,61,00,\ 20,00,4d,00,61,00,6e,00,61,00,67,00,65,00,6d,00,65,00,6e,00,74,00,00,00,46,\ 00,53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,43,00,6f,00,6e,00,74,00,\ 65,00,6e,00,74,00,20,00,53,00,63,00,72,00,65,00,65,00,6e,00,65,00,72,00,00,\ 00,46,00,53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,43,00,6f,00,6e,00,\ 74,00,69,00,6e,00,75,00,6f,00,75,00,73,00,20,00,42,00,61,00,63,00,6b,00,75,\ 00,70,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,52,00,\ 65,00,70,00,6c,00,69,00,63,00,61,00,74,00,69,00,6f,00,6e,00,00,00,46,00,53,\ 00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,41,00,6e,00,74,00,69,00,2d,00,\ 56,00,69,00,72,00,75,00,73,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,65,\ 00,72,00,20,00,55,00,6e,00,64,00,65,00,6c,00,65,00,74,00,65,00,00,00,46,00,\ 53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,41,00,63,00,74,00,69,00,76,\ 00,69,00,74,00,79,00,20,00,4d,00,6f,00,6e,00,69,00,74,00,6f,00,72,00,00,00,\ 46,00,53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,54,00,6f,00,70,00,00,\ 00,66,00,69,00,6c,00,74,00,65,00,72,00,00,00,62,00,6f,00,6f,00,74,00,20,00,\ 66,00,69,00,6c,00,65,00,20,00,73,00,79,00,73,00,74,00,65,00,6d,00,00,00,42,\ 00,61,00,73,00,65,00,00,00,50,00,6f,00,69,00,6e,00,74,00,65,00,72,00,20,00,\ 50,00,6f,00,72,00,74,00,00,00,4b,00,65,00,79,00,62,00,6f,00,61,00,72,00,64,\ 00,20,00,50,00,6f,00,72,00,74,00,00,00,50,00,6f,00,69,00,6e,00,74,00,65,00,\ 72,00,20,00,43,00,6c,00,61,00,73,00,73,00,00,00,4b,00,65,00,79,00,62,00,6f,\ 00,61,00,72,00,64,00,20,00,43,00,6c,00,61,00,73,00,73,00,00,00,56,00,69,00,\ 64,00,65,00,6f,00,20,00,49,00,6e,00,69,00,74,00,00,00,56,00,69,00,64,00,65,\ 00,6f,00,00,00,56,00,69,00,64,00,65,00,6f,00,20,00,53,00,61,00,76,00,65,00,\ 00,00,66,00,69,00,6c,00,65,00,20,00,73,00,79,00,73,00,74,00,65,00,6d,00,00,\ 00,45,00,76,00,65,00,6e,00,74,00,20,00,6c,00,6f,00,67,00,00,00,53,00,74,00,\ 72,00,65,00,61,00,6d,00,73,00,20,00,44,00,72,00,69,00,76,00,65,00,72,00,73,\ 00,00,00,4e,00,44,00,49,00,53,00,20,00,57,00,72,00,61,00,70,00,70,00,65,00,\ 72,00,00,00,50,00,4e,00,50,00,5f,00,54,00,44,00,49,00,00,00,4e,00,44,00,49,\ 00,53,00,00,00,54,00,44,00,49,00,00,00,4e,00,65,00,74,00,42,00,49,00,4f,00,\ 53,00,47,00,72,00,6f,00,75,00,70,00,00,00,50,00,6c,00,75,00,67,00,50,00,6c,\ 00,61,00,79,00,00,00,53,00,70,00,6f,00,6f,00,6c,00,65,00,72,00,47,00,72,00,\ 6f,00,75,00,70,00,00,00,4e,00,65,00,74,00,44,00,44,00,45,00,47,00,72,00,6f,\ 00,75,00,70,00,00,00,50,00,61,00,72,00,61,00,6c,00,6c,00,65,00,6c,00,20,00,\ 61,00,72,00,62,00,69,00,74,00,72,00,61,00,74,00,6f,00,72,00,00,00,65,00,78,\ 00,74,00,65,00,6e,00,64,00,65,00,64,00,20,00,62,00,61,00,73,00,65,00,00,00,\ 52,00,65,00,6d,00,6f,00,74,00,65,00,56,00,61,00,6c,00,69,00,64,00,61,00,74,\ 00,69,00,6f,00,6e,00,00,00,50,00,43,00,49,00,20,00,43,00,6f,00,6e,00,66,00,\ 69,00,67,00,75,00,72,00,61,00,74,00,69,00,6f,00,6e,00,00,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_EVENT] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_EVENT00] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_EVENT00] "Service"="Event" "DeviceDesc"="Events Log" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_EVENTSYSTEM] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_EVENTSYSTEM00] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_EVENTSYSTEM00] "Service"="EventSystem" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_EVENTSYSTEM00\Control] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_EVENTSYSTEM00\Control] "ActiveService"="EventSystem" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Event] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Event] "DisplayName"="Events Log" "Description"="Enables event logs messages issued by Windows-based programs and components to be viewed in Event Viewer. This service cannot be stopped." [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Event\Security] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Event\Enum] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Event\Enum] "0"="Root\\LEGACY_EVENT\00" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog] "Group"="Event log" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application] ; Contents of value: ; WSH ; WinMgmt ; Winlogon ; Windows 3.1 Migration ; VBRuntime ; Userinit ; Userenv ; Tlntsvr ; SysmonLog ; SpoolerCtrs ; Software Installation ; SclgNtfy ; SceSrv ; SceCli ; RPC ; PlugPlayManager ; PerfProc ; PerfOS ; PerfNet ; Perfmon ; Perflib ; PerfDisk ; Perfctrs ; Offline Files ; Oakley ; Ntbackup.ini ; ntbackup ; NeroCheck ; MsiInstaller ; MSDTC Client ; MSDTC ; mnmsrvc ; LoadPerf ; IPSECPolicyStorage ; IExplore ; hpmon ; Folder Redirection ; File Deployment ; EventSystem ; ESENT ; DrWatson ; DiskQuota ; COM+ ; Ci ; Chkdsk ; Autochk ; Application Management ; APGTS ; Application ; "Sources"=hex(7):57,00,53,00,48,00,00,00,57,00,69,00,6e,00,4d,00,67,00,6d,00,\ 74,00,00,00,57,00,69,00,6e,00,6c,00,6f,00,67,00,6f,00,6e,00,00,00,57,00,69,\ 00,6e,00,64,00,6f,00,77,00,73,00,20,00,33,00,2e,00,31,00,20,00,4d,00,69,00,\ 67,00,72,00,61,00,74,00,69,00,6f,00,6e,00,00,00,56,00,42,00,52,00,75,00,6e,\ 00,74,00,69,00,6d,00,65,00,00,00,55,00,73,00,65,00,72,00,69,00,6e,00,69,00,\ 74,00,00,00,55,00,73,00,65,00,72,00,65,00,6e,00,76,00,00,00,54,00,6c,00,6e,\ 00,74,00,73,00,76,00,72,00,00,00,53,00,79,00,73,00,6d,00,6f,00,6e,00,4c,00,\ 6f,00,67,00,00,00,53,00,70,00,6f,00,6f,00,6c,00,65,00,72,00,43,00,74,00,72,\ 00,73,00,00,00,53,00,6f,00,66,00,74,00,77,00,61,00,72,00,65,00,20,00,49,00,\ 6e,00,73,00,74,00,61,00,6c,00,6c,00,61,00,74,00,69,00,6f,00,6e,00,00,00,53,\ 00,63,00,6c,00,67,00,4e,00,74,00,66,00,79,00,00,00,53,00,63,00,65,00,53,00,\ 72,00,76,00,00,00,53,00,63,00,65,00,43,00,6c,00,69,00,00,00,52,00,50,00,43,\ 00,00,00,50,00,6c,00,75,00,67,00,50,00,6c,00,61,00,79,00,4d,00,61,00,6e,00,\ 61,00,67,00,65,00,72,00,00,00,50,00,65,00,72,00,66,00,50,00,72,00,6f,00,63,\ 00,00,00,50,00,65,00,72,00,66,00,4f,00,53,00,00,00,50,00,65,00,72,00,66,00,\ 4e,00,65,00,74,00,00,00,50,00,65,00,72,00,66,00,6d,00,6f,00,6e,00,00,00,50,\ 00,65,00,72,00,66,00,6c,00,69,00,62,00,00,00,50,00,65,00,72,00,66,00,44,00,\ 69,00,73,00,6b,00,00,00,50,00,65,00,72,00,66,00,63,00,74,00,72,00,73,00,00,\ 00,4f,00,66,00,66,00,6c,00,69,00,6e,00,65,00,20,00,46,00,69,00,6c,00,65,00,\ 73,00,00,00,4f,00,61,00,6b,00,6c,00,65,00,79,00,00,00,4e,00,74,00,62,00,61,\ 00,63,00,6b,00,75,00,70,00,2e,00,69,00,6e,00,69,00,00,00,6e,00,74,00,62,00,\ 61,00,63,00,6b,00,75,00,70,00,00,00,4e,00,65,00,72,00,6f,00,43,00,68,00,65,\ 00,63,00,6b,00,00,00,4d,00,73,00,69,00,49,00,6e,00,73,00,74,00,61,00,6c,00,\ 6c,00,65,00,72,00,00,00,4d,00,53,00,44,00,54,00,43,00,20,00,43,00,6c,00,69,\ 00,65,00,6e,00,74,00,00,00,4d,00,53,00,44,00,54,00,43,00,00,00,6d,00,6e,00,\ 6d,00,73,00,72,00,76,00,63,00,00,00,4c,00,6f,00,61,00,64,00,50,00,65,00,72,\ 00,66,00,00,00,49,00,50,00,53,00,45,00,43,00,50,00,6f,00,6c,00,69,00,63,00,\ 79,00,53,00,74,00,6f,00,72,00,61,00,67,00,65,00,00,00,49,00,45,00,78,00,70,\ 00,6c,00,6f,00,72,00,65,00,00,00,68,00,70,00,6d,00,6f,00,6e,00,00,00,46,00,\ 6f,00,6c,00,64,00,65,00,72,00,20,00,52,00,65,00,64,00,69,00,72,00,65,00,63,\ 00,74,00,69,00,6f,00,6e,00,00,00,46,00,69,00,6c,00,65,00,20,00,44,00,65,00,\ 70,00,6c,00,6f,00,79,00,6d,00,65,00,6e,00,74,00,00,00,45,00,76,00,65,00,6e,\ 00,74,00,53,00,79,00,73,00,74,00,65,00,6d,00,00,00,45,00,53,00,45,00,4e,00,\ 54,00,00,00,44,00,72,00,57,00,61,00,74,00,73,00,6f,00,6e,00,00,00,44,00,69,\ 00,73,00,6b,00,51,00,75,00,6f,00,74,00,61,00,00,00,43,00,4f,00,4d,00,2b,00,\ 00,00,43,00,69,00,00,00,43,00,68,00,6b,00,64,00,73,00,6b,00,00,00,41,00,75,\ 00,74,00,6f,00,63,00,68,00,6b,00,00,00,41,00,70,00,70,00,6c,00,69,00,63,00,\ 61,00,74,00,69,00,6f,00,6e,00,20,00,4d,00,61,00,6e,00,61,00,67,00,65,00,6d,\ 00,65,00,6e,00,74,00,00,00,41,00,50,00,47,00,54,00,53,00,00,00,41,00,70,00,\ 70,00,6c,00,69,00,63,00,61,00,74,00,69,00,6f,00,6e,00,00,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\APGTS] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\APGTS] ; Contents of value: ; C:\WINNT\help\TShoot.ocx "EventMessageFile"=hex(2):43,00,3a,00,5c,00,57,00,49,00,4e,00,4e,00,54,00,5c,\ 00,68,00,65,00,6c,00,70,00,5c,00,54,00,53,00,68,00,6f,00,6f,00,74,00,2e,00,\ 6f,00,63,00,78,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Application] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Application Management] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Application Management] ; Contents of value: ; %SystemRoot%\System32\appmgmts.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,61,00,70,00,70,00,6d,00,67,00,6d,00,74,00,73,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Autochk] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Autochk] ; Contents of value: ; %SystemRoot%\System32\winlogon.exe "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,77,00,69,00,6e,00,6c,00,6f,00,67,00,6f,00,6e,00,2e,00,65,00,78,00,65,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Chkdsk] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Chkdsk] ; Contents of value: ; %SystemRoot%\System32\ulib.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,75,00,6c,00,69,00,62,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Ci] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Ci] ; Contents of value: ; %SystemRoot%\System32\query.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,71,00,75,00,65,00,72,00,79,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\COM+] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\COM+] ; Contents of value: ; C:\WINNT\system32\comsvcs.dll "EventMessageFile"=hex(2):43,00,3a,00,5c,00,57,00,49,00,4e,00,4e,00,54,00,5c,\ 00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,63,00,6f,00,6d,00,\ 73,00,76,00,63,00,73,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\DiskQuota] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\DiskQuota] "EventMessageFile"="%SystemRoot%\\System32\\dskquota.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\DrWatson] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\DrWatson] ; Contents of value: ; %SystemRoot%\System32\drwtsn32.exe "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,64,00,72,00,77,00,74,00,73,00,6e,00,33,00,32,00,2e,00,65,00,78,00,65,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\ESENT] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\ESENT] ; Contents of value: ; C:\WINNT\system32\ESENT.dll "EventMessageFile"=hex(2):43,00,3a,00,5c,00,57,00,49,00,4e,00,4e,00,54,00,5c,\ 00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,45,00,53,00,45,00,\ 4e,00,54,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\EventSystem] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\EventSystem] ; Contents of value: ; C:\WINNT\system32\es.dll "EventMessageFile"=hex(2):43,00,3a,00,5c,00,57,00,49,00,4e,00,4e,00,54,00,5c,\ 00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,65,00,73,00,2e,00,\ 64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\File Deployment] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\File Deployment] ; Contents of value: ; %SystemRoot%\System32\fdeploy.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,66,00,64,00,65,00,70,00,6c,00,6f,00,79,00,2e,00,64,00,6c,00,6c,00,00,\ 00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Folder Redirection] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Folder Redirection] ; Contents of value: ; %SystemRoot%\System32\fdeploy.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,66,00,64,00,65,00,70,00,6c,00,6f,00,79,00,2e,00,64,00,6c,00,6c,00,00,\ 00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\hpmon] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\hpmon] ; Contents of value: ; %SystemRoot%\System32\hpmon.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,68,00,70,00,6d,00,6f,00,6e,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\IExplore] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\IExplore] "EventMessageFile"="C:\\Program Files\\Internet Explorer\\DW15.EXE" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\IPSECPolicyStorage] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\IPSECPolicyStorage] "EventMessageFile"="%SystemRoot%\\System32\\polstore.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\LoadPerf] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\LoadPerf] ; Contents of value: ; %SystemRoot%\System32\loadperf.dll;%SystemRoot%\System32\sp2res.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,6c,00,6f,00,61,00,64,00,70,00,65,00,72,00,66,00,2e,00,64,00,6c,00,6c,\ 00,3b,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,\ 25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,70,\ 00,32,00,72,00,65,00,73,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\mnmsrvc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\mnmsrvc] "EventMessageFile"="%SystemRoot%\\System32\\nmevtmsg.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\MSDTC] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\MSDTC] ; Contents of value: ; C:\WINNT\system32\MSDTCPRX.DLL "EventMessageFile"=hex(2):43,00,3a,00,5c,00,57,00,49,00,4e,00,4e,00,54,00,5c,\ 00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,4d,00,53,00,44,00,\ 54,00,43,00,50,00,52,00,58,00,2e,00,44,00,4c,00,4c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\MSDTC Client] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\MSDTC Client] ; Contents of value: ; C:\WINNT\system32\MSDTCPRX.DLL "EventMessageFile"=hex(2):43,00,3a,00,5c,00,57,00,49,00,4e,00,4e,00,54,00,5c,\ 00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,4d,00,53,00,44,00,\ 54,00,43,00,50,00,52,00,58,00,2e,00,44,00,4c,00,4c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\MsiInstaller] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\MsiInstaller] "EventMessageFile"="C:\\WINNT\\system32\\msi.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\NeroCheck] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\NeroCheck] "EventMessageFile"="C:\\WINNT\\system32\\NeroCheck.exe" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\ntbackup] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\ntbackup] ; Contents of value: ; %SystemRoot%\System32\ntbackup.exe "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,6e,00,74,00,62,00,61,00,63,00,6b,00,75,00,70,00,2e,00,65,00,78,00,65,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Ntbackup.ini] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Ntbackup.ini] "EventMessageFile"="C:\\WINNT\\system32\\ntbackup.exe" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Oakley] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Oakley] "EventMessageFile"="%SystemRoot%\\System32\\oakley.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Offline Files] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Offline Files] "EventMessageFile"="%SystemRoot%\\System32\\cscui.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Perfctrs] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Perfctrs] ; Contents of value: ; %SystemRoot%\System32\perfctrs.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,70,00,65,00,72,00,66,00,63,00,74,00,72,00,73,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\PerfDisk] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\PerfDisk] ; Contents of value: ; %SystemRoot%\System32\perfdisk.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,70,00,65,00,72,00,66,00,64,00,69,00,73,00,6b,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Perflib] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Perflib] ; Contents of value: ; %SystemRoot%\System32\prflbmsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,70,00,72,00,66,00,6c,00,62,00,6d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Perfmon] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Perfmon] ; Contents of value: ; %SystemRoot%\System32\perfmon.exe "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,70,00,65,00,72,00,66,00,6d,00,6f,00,6e,00,2e,00,65,00,78,00,65,00,00,\ 00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\PerfNet] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\PerfNet] ; Contents of value: ; %SystemRoot%\System32\perfnet.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,70,00,65,00,72,00,66,00,6e,00,65,00,74,00,2e,00,64,00,6c,00,6c,00,00,\ 00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\PerfOS] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\PerfOS] ; Contents of value: ; %SystemRoot%\System32\perfOS.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,70,00,65,00,72,00,66,00,4f,00,53,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\PerfProc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\PerfProc] ; Contents of value: ; %SystemRoot%\System32\perfproc.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,70,00,65,00,72,00,66,00,70,00,72,00,6f,00,63,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\PlugPlayManager] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\PlugPlayManager] ; Contents of value: ; %SystemRoot%\System32\umpnpmgr.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,75,00,6d,00,70,00,6e,00,70,00,6d,00,67,00,72,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\RPC] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\RPC] ; Contents of value: ; %SystemRoot%\System32\sp3res.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,73,00,70,00,33,00,72,00,65,00,73,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\SceCli] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\SceCli] ; Contents of value: ; %SystemRoot%\System32\scecli.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,73,00,63,00,65,00,63,00,6c,00,69,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\SceSrv] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\SceSrv] ; Contents of value: ; %SystemRoot%\System32\scesrv.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,73,00,63,00,65,00,73,00,72,00,76,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\SclgNtfy] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\SclgNtfy] ; Contents of value: ; %SystemRoot%\System32\sclgntfy.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Software Installation] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Software Installation] ; Contents of value: ; %SystemRoot%\System32\appmgr.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,61,00,70,00,70,00,6d,00,67,00,72,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\SpoolerCtrs] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\SpoolerCtrs] ; Contents of value: ; %SystemRoot%\System32\winspool.drv "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,77,00,69,00,6e,00,73,00,70,00,6f,00,6f,00,6c,00,2e,00,64,00,72,00,76,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\SysmonLog] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\SysmonLog] ; Contents of value: ; %SystemRoot%\System32\smlogsvc.exe "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,73,00,6d,00,6c,00,6f,00,67,00,73,00,76,00,63,00,2e,00,65,00,78,00,65,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Tlntsvr] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Tlntsvr] ; Contents of value: ; %SystemRoot%\System32\tlntsvr.exe "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,74,00,6c,00,6e,00,74,00,73,00,76,00,72,00,2e,00,65,00,78,00,65,00,00,\ 00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Userenv] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Userenv] ; Contents of value: ; %SystemRoot%\System32\userenv.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,75,00,73,00,65,00,72,00,65,00,6e,00,76,00,2e,00,64,00,6c,00,6c,00,00,\ 00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Userinit] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Userinit] ; Contents of value: ; %SystemRoot%\System32\userinit.exe "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,75,00,73,00,65,00,72,00,69,00,6e,00,69,00,74,00,2e,00,65,00,78,00,65,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\VBRuntime] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\VBRuntime] "EventMessageFile"="C:\\WINNT\\system32\\MSVBVM60.DLL" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Windows 3.1 Migration] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Windows 3.1 Migration] ; Contents of value: ; %SystemRoot%\System32\advapi32.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,61,00,64,00,76,00,61,00,70,00,69,00,33,00,32,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Winlogon] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Winlogon] ; Contents of value: ; %SystemRoot%\System32\winlogon.exe;%SystemRoot%\System32\sp3res.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,77,00,69,00,6e,00,6c,00,6f,00,67,00,6f,00,6e,00,2e,00,65,00,78,00,65,\ 00,3b,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,\ 25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,70,\ 00,33,00,72,00,65,00,73,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WinMgmt] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WinMgmt] "EventMessageFile"="C:\\WINNT\\system32\\WBEM\\WinMgmtR.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WSH] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WSH] ; Contents of value: ; %SystemRoot%\System32\wshext.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,77,00,73,00,68,00,65,00,78,00,74,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security\DS] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security\DS\ObjectNames] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security\LSA] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security\LSA\ObjectNames] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security\NetDDE Object] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security\NetDDE Object\ObjectNames] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security\SC Manager] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security\SC Manager\ObjectNames] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security] ; Contents of value: ; %SystemRoot%\System32\MsAuditE.dll;%SystemRoot%\System32\sp2res.dll;%SystemRoot%\System32\sp3res.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,4d,00,73,00,41,00,75,00,64,00,69,00,74,00,45,00,2e,00,64,00,6c,00,6c,\ 00,3b,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,\ 25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,70,\ 00,32,00,72,00,65,00,73,00,2e,00,64,00,6c,00,6c,00,3b,00,25,00,53,00,79,00,\ 73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,\ 00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,70,00,33,00,72,00,65,00,73,00,\ 2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security\ObjectNames] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security\ObjectNames] "Event"=dword:00001120 "EventPair"=dword:00001130 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security Account Manager] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security Account Manager\ObjectNames] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Spooler] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Spooler\ObjectNames] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System] ; Contents of value: ; WZCSVC ; Workstation ; Wmi ; WindowsMedia ; Windows Update Agent ; Windows Script Host ; Windows Installer 3.1 ; Windows Installer 3.0 ; Windows File Protection ; Win32k ; weitekp9_detect ; wdvga_detect ; W32Time ; VgaSave ; vaxscsi ; UPS ; ultra66 ; udfs ; TermService ; tdi ; TCPMon ; Tcpip ; sym_hi ; symc8xx ; symc810 ; StillImage ; Srv ; sptd ; sparrow ; sndblst ; Simbad ; sglfb ; sfloppy ; Service Control Manager ; Server ; serial ; scsiport ; Schedule ; Schannel ; SCardSvr ; Save Dump ; SAM ; s3legacy_detect ; rtl8139 ; RSVP ; Removable Storage Service ; RemoteAccess ; redbook ; Rdbss ; RasMan ; RasAuto ; qv_detect ; ql2100 ; ql1240 ; ql10wnt ; ql1080 ; Print ; PptpMiniport ; PolicyAgent ; pcmcia ; pciide ; pci ; parvdm ; parport ; parallel ; Outlook Express 6 ; OSPFMib ; OSPF ; nv ; null ; NtServicePack ; NTMS ; ntfs ; npfs ; Netlogon ; NetDDE ; NetBT ; NetBIOS ; NdisWan ; ndis ; ncrc710 ; Mup ; msfs ; msadlib ; MrxSmb ; mraid35x ; mouclass ; Modem ; mga_detect ; MDAC ; LsaSrv ; lp6nds35 ; LmHosts ; LDMS ; LDM ; lbrtfdc ; Kerberos ; kbdclass ; isapnp ; IPXSAP ; IPXRouterManager ; IPXRIP ; IPXCP ; ipsraidn ; IPSEC ; IPRouterManager ; IPRIP2 ; IPNATHLP ; IPBOOTP ; Internet Explorer 6 ; intelide ; ini910u ; Imagedrv ; i8042prt ; ftdisk ; fs_rec ; flpydisk ; flashpnt ; fireport ; Fips ; fdc ; fd16_700 ; fbxusb ; fastfat ; eventlog ; et4000_detect ; efs ; Dnscache ; Dnsapi ; dmio ; dmboot ; Distributed Link Tracking Client ; diskperf ; disk ; Dhcp ; DfsSvc ; DfsDriver ; deckzpsx ; DCOM ; dac960nt ; cpqfws2e ; cpqfcalm ; cpqarry2 ; cpqarray ; Clussvc ; cirrus_detect ; changer ; cdrom ; cdfs ; cdaudio ; cd20xrnt ; buslogic ; Browser ; BITS ; beep ; Atmarpc ; ati_detect ; atdisk ; atapi ; AsyncMac ; asc3550 ; asc3350p ; asc ; Application Popup ; amsint ; ami0nt ; Alerter ; aic78xx ; aic78u2 ; aic116x ; aha154x ; adpu160m ; acpiec ; acpi ; abp480n5 ; abiosdsk ; System ; "Sources"=hex(7):57,00,5a,00,43,00,53,00,56,00,43,00,00,00,57,00,6f,00,72,00,\ 6b,00,73,00,74,00,61,00,74,00,69,00,6f,00,6e,00,00,00,57,00,6d,00,69,00,00,\ 00,57,00,69,00,6e,00,64,00,6f,00,77,00,73,00,4d,00,65,00,64,00,69,00,61,00,\ 00,00,57,00,69,00,6e,00,64,00,6f,00,77,00,73,00,20,00,55,00,70,00,64,00,61,\ 00,74,00,65,00,20,00,41,00,67,00,65,00,6e,00,74,00,00,00,57,00,69,00,6e,00,\ 64,00,6f,00,77,00,73,00,20,00,53,00,63,00,72,00,69,00,70,00,74,00,20,00,48,\ 00,6f,00,73,00,74,00,00,00,57,00,69,00,6e,00,64,00,6f,00,77,00,73,00,20,00,\ 49,00,6e,00,73,00,74,00,61,00,6c,00,6c,00,65,00,72,00,20,00,33,00,2e,00,31,\ 00,00,00,57,00,69,00,6e,00,64,00,6f,00,77,00,73,00,20,00,49,00,6e,00,73,00,\ 74,00,61,00,6c,00,6c,00,65,00,72,00,20,00,33,00,2e,00,30,00,00,00,57,00,69,\ 00,6e,00,64,00,6f,00,77,00,73,00,20,00,46,00,69,00,6c,00,65,00,20,00,50,00,\ 72,00,6f,00,74,00,65,00,63,00,74,00,69,00,6f,00,6e,00,00,00,57,00,69,00,6e,\ 00,33,00,32,00,6b,00,00,00,77,00,65,00,69,00,74,00,65,00,6b,00,70,00,39,00,\ 5f,00,64,00,65,00,74,00,65,00,63,00,74,00,00,00,77,00,64,00,76,00,67,00,61,\ 00,5f,00,64,00,65,00,74,00,65,00,63,00,74,00,00,00,57,00,33,00,32,00,54,00,\ 69,00,6d,00,65,00,00,00,56,00,67,00,61,00,53,00,61,00,76,00,65,00,00,00,76,\ 00,61,00,78,00,73,00,63,00,73,00,69,00,00,00,55,00,50,00,53,00,00,00,75,00,\ 6c,00,74,00,72,00,61,00,36,00,36,00,00,00,75,00,64,00,66,00,73,00,00,00,54,\ 00,65,00,72,00,6d,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,00,00,74,00,\ 64,00,69,00,00,00,54,00,43,00,50,00,4d,00,6f,00,6e,00,00,00,54,00,63,00,70,\ 00,69,00,70,00,00,00,73,00,79,00,6d,00,5f,00,68,00,69,00,00,00,73,00,79,00,\ 6d,00,63,00,38,00,78,00,78,00,00,00,73,00,79,00,6d,00,63,00,38,00,31,00,30,\ 00,00,00,53,00,74,00,69,00,6c,00,6c,00,49,00,6d,00,61,00,67,00,65,00,00,00,\ 53,00,72,00,76,00,00,00,73,00,70,00,74,00,64,00,00,00,73,00,70,00,61,00,72,\ 00,72,00,6f,00,77,00,00,00,73,00,6e,00,64,00,62,00,6c,00,73,00,74,00,00,00,\ 53,00,69,00,6d,00,62,00,61,00,64,00,00,00,73,00,67,00,6c,00,66,00,62,00,00,\ 00,73,00,66,00,6c,00,6f,00,70,00,70,00,79,00,00,00,53,00,65,00,72,00,76,00,\ 69,00,63,00,65,00,20,00,43,00,6f,00,6e,00,74,00,72,00,6f,00,6c,00,20,00,4d,\ 00,61,00,6e,00,61,00,67,00,65,00,72,00,00,00,53,00,65,00,72,00,76,00,65,00,\ 72,00,00,00,73,00,65,00,72,00,69,00,61,00,6c,00,00,00,73,00,63,00,73,00,69,\ 00,70,00,6f,00,72,00,74,00,00,00,53,00,63,00,68,00,65,00,64,00,75,00,6c,00,\ 65,00,00,00,53,00,63,00,68,00,61,00,6e,00,6e,00,65,00,6c,00,00,00,53,00,43,\ 00,61,00,72,00,64,00,53,00,76,00,72,00,00,00,53,00,61,00,76,00,65,00,20,00,\ 44,00,75,00,6d,00,70,00,00,00,53,00,41,00,4d,00,00,00,73,00,33,00,6c,00,65,\ 00,67,00,61,00,63,00,79,00,5f,00,64,00,65,00,74,00,65,00,63,00,74,00,00,00,\ 72,00,74,00,6c,00,38,00,31,00,33,00,39,00,00,00,52,00,53,00,56,00,50,00,00,\ 00,52,00,65,00,6d,00,6f,00,76,00,61,00,62,00,6c,00,65,00,20,00,53,00,74,00,\ 6f,00,72,00,61,00,67,00,65,00,20,00,53,00,65,00,72,00,76,00,69,00,63,00,65,\ 00,00,00,52,00,65,00,6d,00,6f,00,74,00,65,00,41,00,63,00,63,00,65,00,73,00,\ 73,00,00,00,72,00,65,00,64,00,62,00,6f,00,6f,00,6b,00,00,00,52,00,64,00,62,\ 00,73,00,73,00,00,00,52,00,61,00,73,00,4d,00,61,00,6e,00,00,00,52,00,61,00,\ 73,00,41,00,75,00,74,00,6f,00,00,00,71,00,76,00,5f,00,64,00,65,00,74,00,65,\ 00,63,00,74,00,00,00,71,00,6c,00,32,00,31,00,30,00,30,00,00,00,71,00,6c,00,\ 31,00,32,00,34,00,30,00,00,00,71,00,6c,00,31,00,30,00,77,00,6e,00,74,00,00,\ 00,71,00,6c,00,31,00,30,00,38,00,30,00,00,00,50,00,72,00,69,00,6e,00,74,00,\ 00,00,50,00,70,00,74,00,70,00,4d,00,69,00,6e,00,69,00,70,00,6f,00,72,00,74,\ 00,00,00,50,00,6f,00,6c,00,69,00,63,00,79,00,41,00,67,00,65,00,6e,00,74,00,\ 00,00,70,00,63,00,6d,00,63,00,69,00,61,00,00,00,70,00,63,00,69,00,69,00,64,\ 00,65,00,00,00,70,00,63,00,69,00,00,00,70,00,61,00,72,00,76,00,64,00,6d,00,\ 00,00,70,00,61,00,72,00,70,00,6f,00,72,00,74,00,00,00,70,00,61,00,72,00,61,\ 00,6c,00,6c,00,65,00,6c,00,00,00,4f,00,75,00,74,00,6c,00,6f,00,6f,00,6b,00,\ 20,00,45,00,78,00,70,00,72,00,65,00,73,00,73,00,20,00,36,00,00,00,4f,00,53,\ 00,50,00,46,00,4d,00,69,00,62,00,00,00,4f,00,53,00,50,00,46,00,00,00,6e,00,\ 76,00,00,00,6e,00,75,00,6c,00,6c,00,00,00,4e,00,74,00,53,00,65,00,72,00,76,\ 00,69,00,63,00,65,00,50,00,61,00,63,00,6b,00,00,00,4e,00,54,00,4d,00,53,00,\ 00,00,6e,00,74,00,66,00,73,00,00,00,6e,00,70,00,66,00,73,00,00,00,4e,00,65,\ 00,74,00,6c,00,6f,00,67,00,6f,00,6e,00,00,00,4e,00,65,00,74,00,44,00,44,00,\ 45,00,00,00,4e,00,65,00,74,00,42,00,54,00,00,00,4e,00,65,00,74,00,42,00,49,\ 00,4f,00,53,00,00,00,4e,00,64,00,69,00,73,00,57,00,61,00,6e,00,00,00,6e,00,\ 64,00,69,00,73,00,00,00,6e,00,63,00,72,00,63,00,37,00,31,00,30,00,00,00,4d,\ 00,75,00,70,00,00,00,6d,00,73,00,66,00,73,00,00,00,6d,00,73,00,61,00,64,00,\ 6c,00,69,00,62,00,00,00,4d,00,72,00,78,00,53,00,6d,00,62,00,00,00,6d,00,72,\ 00,61,00,69,00,64,00,33,00,35,00,78,00,00,00,6d,00,6f,00,75,00,63,00,6c,00,\ 61,00,73,00,73,00,00,00,4d,00,6f,00,64,00,65,00,6d,00,00,00,6d,00,67,00,61,\ 00,5f,00,64,00,65,00,74,00,65,00,63,00,74,00,00,00,4d,00,44,00,41,00,43,00,\ 00,00,4c,00,73,00,61,00,53,00,72,00,76,00,00,00,6c,00,70,00,36,00,6e,00,64,\ 00,73,00,33,00,35,00,00,00,4c,00,6d,00,48,00,6f,00,73,00,74,00,73,00,00,00,\ 4c,00,44,00,4d,00,53,00,00,00,4c,00,44,00,4d,00,00,00,6c,00,62,00,72,00,74,\ 00,66,00,64,00,63,00,00,00,4b,00,65,00,72,00,62,00,65,00,72,00,6f,00,73,00,\ 00,00,6b,00,62,00,64,00,63,00,6c,00,61,00,73,00,73,00,00,00,69,00,73,00,61,\ 00,70,00,6e,00,70,00,00,00,49,00,50,00,58,00,53,00,41,00,50,00,00,00,49,00,\ 50,00,58,00,52,00,6f,00,75,00,74,00,65,00,72,00,4d,00,61,00,6e,00,61,00,67,\ 00,65,00,72,00,00,00,49,00,50,00,58,00,52,00,49,00,50,00,00,00,49,00,50,00,\ 58,00,43,00,50,00,00,00,69,00,70,00,73,00,72,00,61,00,69,00,64,00,6e,00,00,\ 00,49,00,50,00,53,00,45,00,43,00,00,00,49,00,50,00,52,00,6f,00,75,00,74,00,\ 65,00,72,00,4d,00,61,00,6e,00,61,00,67,00,65,00,72,00,00,00,49,00,50,00,52,\ 00,49,00,50,00,32,00,00,00,49,00,50,00,4e,00,41,00,54,00,48,00,4c,00,50,00,\ 00,00,49,00,50,00,42,00,4f,00,4f,00,54,00,50,00,00,00,49,00,6e,00,74,00,65,\ 00,72,00,6e,00,65,00,74,00,20,00,45,00,78,00,70,00,6c,00,6f,00,72,00,65,00,\ 72,00,20,00,36,00,00,00,69,00,6e,00,74,00,65,00,6c,00,69,00,64,00,65,00,00,\ 00,69,00,6e,00,69,00,39,00,31,00,30,00,75,00,00,00,49,00,6d,00,61,00,67,00,\ 65,00,64,00,72,00,76,00,00,00,69,00,38,00,30,00,34,00,32,00,70,00,72,00,74,\ 00,00,00,66,00,74,00,64,00,69,00,73,00,6b,00,00,00,66,00,73,00,5f,00,72,00,\ 65,00,63,00,00,00,66,00,6c,00,70,00,79,00,64,00,69,00,73,00,6b,00,00,00,66,\ 00,6c,00,61,00,73,00,68,00,70,00,6e,00,74,00,00,00,66,00,69,00,72,00,65,00,\ 70,00,6f,00,72,00,74,00,00,00,46,00,69,00,70,00,73,00,00,00,66,00,64,00,63,\ 00,00,00,66,00,64,00,31,00,36,00,5f,00,37,00,30,00,30,00,00,00,66,00,62,00,\ 78,00,75,00,73,00,62,00,00,00,66,00,61,00,73,00,74,00,66,00,61,00,74,00,00,\ 00,65,00,76,00,65,00,6e,00,74,00,6c,00,6f,00,67,00,00,00,65,00,74,00,34,00,\ 30,00,30,00,30,00,5f,00,64,00,65,00,74,00,65,00,63,00,74,00,00,00,65,00,66,\ 00,73,00,00,00,44,00,6e,00,73,00,63,00,61,00,63,00,68,00,65,00,00,00,44,00,\ 6e,00,73,00,61,00,70,00,69,00,00,00,64,00,6d,00,69,00,6f,00,00,00,64,00,6d,\ 00,62,00,6f,00,6f,00,74,00,00,00,44,00,69,00,73,00,74,00,72,00,69,00,62,00,\ 75,00,74,00,65,00,64,00,20,00,4c,00,69,00,6e,00,6b,00,20,00,54,00,72,00,61,\ 00,63,00,6b,00,69,00,6e,00,67,00,20,00,43,00,6c,00,69,00,65,00,6e,00,74,00,\ 00,00,64,00,69,00,73,00,6b,00,70,00,65,00,72,00,66,00,00,00,64,00,69,00,73,\ 00,6b,00,00,00,44,00,68,00,63,00,70,00,00,00,44,00,66,00,73,00,53,00,76,00,\ 63,00,00,00,44,00,66,00,73,00,44,00,72,00,69,00,76,00,65,00,72,00,00,00,64,\ 00,65,00,63,00,6b,00,7a,00,70,00,73,00,78,00,00,00,44,00,43,00,4f,00,4d,00,\ 00,00,64,00,61,00,63,00,39,00,36,00,30,00,6e,00,74,00,00,00,63,00,70,00,71,\ 00,66,00,77,00,73,00,32,00,65,00,00,00,63,00,70,00,71,00,66,00,63,00,61,00,\ 6c,00,6d,00,00,00,63,00,70,00,71,00,61,00,72,00,72,00,79,00,32,00,00,00,63,\ 00,70,00,71,00,61,00,72,00,72,00,61,00,79,00,00,00,43,00,6c,00,75,00,73,00,\ 73,00,76,00,63,00,00,00,63,00,69,00,72,00,72,00,75,00,73,00,5f,00,64,00,65,\ 00,74,00,65,00,63,00,74,00,00,00,63,00,68,00,61,00,6e,00,67,00,65,00,72,00,\ 00,00,63,00,64,00,72,00,6f,00,6d,00,00,00,63,00,64,00,66,00,73,00,00,00,63,\ 00,64,00,61,00,75,00,64,00,69,00,6f,00,00,00,63,00,64,00,32,00,30,00,78,00,\ 72,00,6e,00,74,00,00,00,62,00,75,00,73,00,6c,00,6f,00,67,00,69,00,63,00,00,\ 00,42,00,72,00,6f,00,77,00,73,00,65,00,72,00,00,00,42,00,49,00,54,00,53,00,\ 00,00,62,00,65,00,65,00,70,00,00,00,41,00,74,00,6d,00,61,00,72,00,70,00,63,\ 00,00,00,61,00,74,00,69,00,5f,00,64,00,65,00,74,00,65,00,63,00,74,00,00,00,\ 61,00,74,00,64,00,69,00,73,00,6b,00,00,00,61,00,74,00,61,00,70,00,69,00,00,\ 00,41,00,73,00,79,00,6e,00,63,00,4d,00,61,00,63,00,00,00,61,00,73,00,63,00,\ 33,00,35,00,35,00,30,00,00,00,61,00,73,00,63,00,33,00,33,00,35,00,30,00,70,\ 00,00,00,61,00,73,00,63,00,00,00,41,00,70,00,70,00,6c,00,69,00,63,00,61,00,\ 74,00,69,00,6f,00,6e,00,20,00,50,00,6f,00,70,00,75,00,70,00,00,00,61,00,6d,\ 00,73,00,69,00,6e,00,74,00,00,00,61,00,6d,00,69,00,30,00,6e,00,74,00,00,00,\ 41,00,6c,00,65,00,72,00,74,00,65,00,72,00,00,00,61,00,69,00,63,00,37,00,38,\ 00,78,00,78,00,00,00,61,00,69,00,63,00,37,00,38,00,75,00,32,00,00,00,61,00,\ 69,00,63,00,31,00,31,00,36,00,78,00,00,00,61,00,68,00,61,00,31,00,35,00,34,\ 00,78,00,00,00,61,00,64,00,70,00,75,00,31,00,36,00,30,00,6d,00,00,00,61,00,\ 63,00,70,00,69,00,65,00,63,00,00,00,61,00,63,00,70,00,69,00,00,00,61,00,62,\ 00,70,00,34,00,38,00,30,00,6e,00,35,00,00,00,61,00,62,00,69,00,6f,00,73,00,\ 64,00,73,00,6b,00,00,00,53,00,79,00,73,00,74,00,65,00,6d,00,00,00,00,00 "EventMessageFile"="%systemroot%\\system32\\stisvc.exe" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\abiosdsk] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\abiosdsk] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\abp480n5] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\abp480n5] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\acpi] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\acpi] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\Drivers\acpi.sys "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,3b,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,\ 25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,72,\ 00,69,00,76,00,65,00,72,00,73,00,5c,00,61,00,63,00,70,00,69,00,2e,00,73,00,\ 79,00,73,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\acpiec] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\acpiec] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\Drivers\acpiec.sys "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,3b,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,\ 25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,72,\ 00,69,00,76,00,65,00,72,00,73,00,5c,00,61,00,63,00,70,00,69,00,65,00,63,00,\ 2e,00,73,00,79,00,73,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\adpu160m] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\adpu160m] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\aha154x] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\aha154x] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\aic116x] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\aic116x] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\aic78u2] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\aic78u2] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\aic78xx] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\aic78xx] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Alerter] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Alerter] ; Contents of value: ; %SystemRoot%\System32\netmsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,6e,00,65,00,74,00,6d,00,73,00,67,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\ami0nt] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\ami0nt] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\amsint] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\amsint] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Application Popup] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Application Popup] ; Contents of value: ; %SystemRoot%\System32\ntdll.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,6e,00,74,00,64,00,6c,00,6c,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\asc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\asc] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\asc3350p] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\asc3350p] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\asc3550] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\asc3550] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\AsyncMac] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\AsyncMac] ; Contents of value: ; %SystemRoot%\System32\mprmsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,6d,00,70,00,72,00,6d,00,73,00,67,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\atapi] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\atapi] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\atdisk] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\atdisk] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\ati_detect] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\ati_detect] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\ati_det.sys "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,3b,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,\ 25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,64,00,72,\ 00,69,00,76,00,65,00,72,00,73,00,5c,00,61,00,74,00,69,00,5f,00,64,00,65,00,\ 74,00,2e,00,73,00,79,00,73,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Atmarpc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Atmarpc] ; Contents of value: ; %SystemRoot%\System32\netevent.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,6e,00,65,00,74,00,65,00,76,00,65,00,6e,00,74,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\beep] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\beep] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\BITS] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\BITS] ; Contents of value: ; %systemroot%\system32\xpob2res.dll "EventMessageFile"=hex(2):25,00,73,00,79,00,73,00,74,00,65,00,6d,00,72,00,6f,\ 00,6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,78,00,70,00,6f,00,62,00,32,00,72,00,65,00,73,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Browser] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Browser] ; Contents of value: ; %SystemRoot%\System32\netevent.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,6e,00,65,00,74,00,65,00,76,00,65,00,6e,00,74,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\buslogic] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\buslogic] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\cd20xrnt] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\cd20xrnt] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\cdaudio] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\cdaudio] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\cdfs] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\cdfs] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\cdrom] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\cdrom] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\changer] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\changer] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\cirrus_detect] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\cirrus_detect] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\cirrus_det.sys "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,3b,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,\ 25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,64,00,72,\ 00,69,00,76,00,65,00,72,00,73,00,5c,00,63,00,69,00,72,00,72,00,75,00,73,00,\ 5f,00,64,00,65,00,74,00,2e,00,73,00,79,00,73,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Clussvc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Clussvc] ; Contents of value: ; %systemroot%\cluster\clussvc.exe;%SystemRoot%\System32\sp3res.dll "EventMessageFile"=hex(2):25,00,73,00,79,00,73,00,74,00,65,00,6d,00,72,00,6f,\ 00,6f,00,74,00,25,00,5c,00,63,00,6c,00,75,00,73,00,74,00,65,00,72,00,5c,00,\ 63,00,6c,00,75,00,73,00,73,00,76,00,63,00,2e,00,65,00,78,00,65,00,3b,00,25,\ 00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,00,\ 53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,70,00,33,00,72,\ 00,65,00,73,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\cpqarray] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\cpqarray] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\cpqarry2] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\cpqarry2] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\cpqfcalm] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\cpqfcalm] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\cpqfws2e] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\cpqfws2e] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\dac960nt] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\dac960nt] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\DCOM] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\DCOM] ; Contents of value: ; %SystemRoot%\System32\netevent.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,6e,00,65,00,74,00,65,00,76,00,65,00,6e,00,74,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\deckzpsx] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\deckzpsx] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\DfsDriver] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\DfsDriver] ; Contents of value: ; %SystemRoot%\System32\netevent.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,6e,00,65,00,74,00,65,00,76,00,65,00,6e,00,74,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\DfsSvc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\DfsSvc] ; Contents of value: ; %SystemRoot%\System32\netevent.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,6e,00,65,00,74,00,65,00,76,00,65,00,6e,00,74,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Dhcp] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Dhcp] ; Contents of value: ; %SystemRoot%\System32\dhcpcsvc.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,64,00,68,00,63,00,70,00,63,00,73,00,76,00,63,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\disk] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\disk] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\diskperf] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\diskperf] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Distributed Link Tracking Client] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Distributed Link Tracking Client] ; Contents of value: ; %SystemRoot%\System32\netevent.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,6e,00,65,00,74,00,65,00,76,00,65,00,6e,00,74,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\dmboot] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\dmboot] ; Contents of value: ; %SystemRoot%\System32\Drivers\dmboot.sys;%SystemRoot%\System32\sp2res.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,44,00,72,00,69,00,76,00,65,00,72,00,73,00,5c,00,64,00,6d,00,62,00,6f,\ 00,6f,00,74,00,2e,00,73,00,79,00,73,00,3b,00,25,00,53,00,79,00,73,00,74,00,\ 65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,\ 00,6d,00,33,00,32,00,5c,00,73,00,70,00,32,00,72,00,65,00,73,00,2e,00,64,00,\ 6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\dmio] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\dmio] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\Drivers\dmio.sys "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,3b,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,\ 25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,72,\ 00,69,00,76,00,65,00,72,00,73,00,5c,00,64,00,6d,00,69,00,6f,00,2e,00,73,00,\ 79,00,73,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Dnsapi] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Dnsapi] ; Contents of value: ; %SystemRoot%\System32\netevent.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,6e,00,65,00,74,00,65,00,76,00,65,00,6e,00,74,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Dnscache] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Dnscache] ; Contents of value: ; %SystemRoot%\System32\netevent.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,6e,00,65,00,74,00,65,00,76,00,65,00,6e,00,74,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\efs] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\efs] ; Contents of value: ; %SystemRoot%\System32\lsasrv.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,6c,00,73,00,61,00,73,00,72,00,76,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\et4000_detect] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\et4000_detect] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\et4000_det.sys "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,3b,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,\ 25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,64,00,72,\ 00,69,00,76,00,65,00,72,00,73,00,5c,00,65,00,74,00,34,00,30,00,30,00,30,00,\ 5f,00,64,00,65,00,74,00,2e,00,73,00,79,00,73,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\eventlog] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\eventlog] ; Contents of value: ; %SystemRoot%\System32\netevent.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,6e,00,65,00,74,00,65,00,76,00,65,00,6e,00,74,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\fastfat] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\fastfat] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\fbxusb] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\fbxusb] ; Contents of value: ; %SystemRoot%\System32\netevent.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,6e,00,65,00,74,00,65,00,76,00,65,00,6e,00,74,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\fd16_700] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\fd16_700] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\fdc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\fdc] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\Drivers\fdc.sys "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,3b,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,\ 25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,72,\ 00,69,00,76,00,65,00,72,00,73,00,5c,00,66,00,64,00,63,00,2e,00,73,00,79,00,\ 73,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Fips] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Fips] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\Drivers\fips.sys "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,3b,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,\ 25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,72,\ 00,69,00,76,00,65,00,72,00,73,00,5c,00,66,00,69,00,70,00,73,00,2e,00,73,00,\ 79,00,73,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\fireport] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\fireport] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\flashpnt] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\flashpnt] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\flpydisk] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\flpydisk] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\Drivers\flpydisk.sys "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,3b,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,\ 25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,72,\ 00,69,00,76,00,65,00,72,00,73,00,5c,00,66,00,6c,00,70,00,79,00,64,00,69,00,\ 73,00,6b,00,2e,00,73,00,79,00,73,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\fs_rec] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\fs_rec] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\ftdisk] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\ftdisk] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\Drivers\FtDisk.sys "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,3b,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,\ 25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,72,\ 00,69,00,76,00,65,00,72,00,73,00,5c,00,46,00,74,00,44,00,69,00,73,00,6b,00,\ 2e,00,73,00,79,00,73,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\i8042prt] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\i8042prt] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\i8042prt.sys "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,3b,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,\ 25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,64,00,72,\ 00,69,00,76,00,65,00,72,00,73,00,5c,00,69,00,38,00,30,00,34,00,32,00,70,00,\ 72,00,74,00,2e,00,73,00,79,00,73,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Imagedrv] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Imagedrv] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\ini910u] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\ini910u] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\intelide] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\intelide] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\Drivers\IntelIde.sys "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,3b,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,\ 25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,72,\ 00,69,00,76,00,65,00,72,00,73,00,5c,00,49,00,6e,00,74,00,65,00,6c,00,49,00,\ 64,00,65,00,2e,00,73,00,79,00,73,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Internet Explorer 6] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Internet Explorer 6] ; Contents of value: ; %SystemRoot%\System32\spmsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,73,00,70,00,6d,00,73,00,67,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\IPBOOTP] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\IPBOOTP] ; Contents of value: ; %SystemRoot%\System32\ipbootp.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,69,00,70,00,62,00,6f,00,6f,00,74,00,70,00,2e,00,64,00,6c,00,6c,00,00,\ 00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\IPNATHLP] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\IPNATHLP] ; Contents of value: ; %SystemRoot%\System32\ipnathlp.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,69,00,70,00,6e,00,61,00,74,00,68,00,6c,00,70,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\IPRIP2] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\IPRIP2] ; Contents of value: ; %SystemRoot%\System32\iprip2.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,69,00,70,00,72,00,69,00,70,00,32,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\IPRouterManager] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\IPRouterManager] ; Contents of value: ; %SystemRoot%\System32\mprmsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,6d,00,70,00,72,00,6d,00,73,00,67,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\IPSEC] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\IPSEC] ; Contents of value: ; %SystemRoot%\System32\netevent.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,6e,00,65,00,74,00,65,00,76,00,65,00,6e,00,74,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\ipsraidn] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\ipsraidn] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\IPXCP] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\IPXCP] ; Contents of value: ; %SystemRoot%\System32\mprmsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,6d,00,70,00,72,00,6d,00,73,00,67,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\IPXRIP] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\IPXRIP] ; Contents of value: ; %SystemRoot%\System32\mprmsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,6d,00,70,00,72,00,6d,00,73,00,67,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\IPXRouterManager] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\IPXRouterManager] ; Contents of value: ; %SystemRoot%\System32\mprmsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,6d,00,70,00,72,00,6d,00,73,00,67,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\IPXSAP] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\IPXSAP] ; Contents of value: ; %SystemRoot%\System32\mprmsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,6d,00,70,00,72,00,6d,00,73,00,67,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\isapnp] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\isapnp] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\isapnp.sys "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,3b,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,\ 25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,64,00,72,\ 00,69,00,76,00,65,00,72,00,73,00,5c,00,69,00,73,00,61,00,70,00,6e,00,70,00,\ 2e,00,73,00,79,00,73,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\kbdclass] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\kbdclass] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\kbdclass.sys "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,3b,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,\ 25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,64,00,72,\ 00,69,00,76,00,65,00,72,00,73,00,5c,00,6b,00,62,00,64,00,63,00,6c,00,61,00,\ 73,00,73,00,2e,00,73,00,79,00,73,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Kerberos] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Kerberos] ; Contents of value: ; %SystemRoot%\System32\kerberos.dll;%SystemRoot%\System32\sp3res.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,6b,00,65,00,72,00,62,00,65,00,72,00,6f,00,73,00,2e,00,64,00,6c,00,6c,\ 00,3b,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,\ 25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,70,\ 00,33,00,72,00,65,00,73,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\lbrtfdc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\lbrtfdc] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\Drivers\lbrtfdc.sys "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,3b,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,\ 25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,72,\ 00,69,00,76,00,65,00,72,00,73,00,5c,00,6c,00,62,00,72,00,74,00,66,00,64,00,\ 63,00,2e,00,73,00,79,00,73,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\LDM] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\LDM] ; Contents of value: ; %SystemRoot%\System32\dmadmin.exe "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,64,00,6d,00,61,00,64,00,6d,00,69,00,6e,00,2e,00,65,00,78,00,65,00,00,\ 00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\LDMS] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\LDMS] ; Contents of value: ; %SystemRoot%\System32\dmserver.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,64,00,6d,00,73,00,65,00,72,00,76,00,65,00,72,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\LmHosts] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\LmHosts] ; Contents of value: ; %SystemRoot%\System32\netevent.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,6e,00,65,00,74,00,65,00,76,00,65,00,6e,00,74,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\lp6nds35] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\lp6nds35] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\LsaSrv] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\LsaSrv] ; Contents of value: ; %SystemRoot%\System32\lsasrv.dll;%SystemRoot%\System32\sp3res.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,6c,00,73,00,61,00,73,00,72,00,76,00,2e,00,64,00,6c,00,6c,00,3b,00,25,\ 00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,00,\ 53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,70,00,33,00,72,\ 00,65,00,73,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\MDAC] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\MDAC] ; Contents of value: ; %SystemRoot%\System32\spmsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,73,00,70,00,6d,00,73,00,67,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\mga_detect] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\mga_detect] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\mga_det.sys "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,3b,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,\ 25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,64,00,72,\ 00,69,00,76,00,65,00,72,00,73,00,5c,00,6d,00,67,00,61,00,5f,00,64,00,65,00,\ 74,00,2e,00,73,00,79,00,73,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Modem] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Modem] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\Drivers\Modem.sys "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,3b,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,\ 25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,72,\ 00,69,00,76,00,65,00,72,00,73,00,5c,00,4d,00,6f,00,64,00,65,00,6d,00,2e,00,\ 73,00,79,00,73,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\mouclass] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\mouclass] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\mouclass.sys "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,3b,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,\ 25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,64,00,72,\ 00,69,00,76,00,65,00,72,00,73,00,5c,00,6d,00,6f,00,75,00,63,00,6c,00,61,00,\ 73,00,73,00,2e,00,73,00,79,00,73,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\mraid35x] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\mraid35x] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\MrxSmb] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\MrxSmb] ; Contents of value: ; %SystemRoot%\System32\netevent.dll;%SystemRoot%\System32\iologmsg.dll;%SystemRoot%\System32\sp3res.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,6e,00,65,00,74,00,65,00,76,00,65,00,6e,00,74,00,2e,00,64,00,6c,00,6c,\ 00,3b,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,\ 25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,69,00,6f,\ 00,6c,00,6f,00,67,00,6d,00,73,00,67,00,2e,00,64,00,6c,00,6c,00,3b,00,25,00,\ 53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,00,53,\ 00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,70,00,33,00,72,00,\ 65,00,73,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\msadlib] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\msadlib] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\msfs] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\msfs] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Mup] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Mup] ; Contents of value: ; %SystemRoot%\System32\netevent.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,6e,00,65,00,74,00,65,00,76,00,65,00,6e,00,74,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\ncrc710] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\ncrc710] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\ndis] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\ndis] ; Contents of value: ; %SystemRoot%\System32\netevent.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,6e,00,65,00,74,00,65,00,76,00,65,00,6e,00,74,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\NdisWan] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\NdisWan] ; Contents of value: ; %SystemRoot%\System32\mprmsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,6d,00,70,00,72,00,6d,00,73,00,67,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\NetBIOS] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\NetBIOS] ; Contents of value: ; %SystemRoot%\System32\iologmsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,69,00,6f,00,6c,00,6f,00,67,00,6d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\NetBT] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\NetBT] ; Contents of value: ; %SystemRoot%\System32\netevent.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,6e,00,65,00,74,00,65,00,76,00,65,00,6e,00,74,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\NetDDE] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\NetDDE] ; Contents of value: ; %SystemRoot%\System32\netdde.exe "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,6e,00,65,00,74,00,64,00,64,00,65,00,2e,00,65,00,78,00,65,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Netlogon] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Netlogon] ; Contents of value: ; %SystemRoot%\System32\netmsg.dll;%SystemRoot%\System32\sp3res.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,6e,00,65,00,74,00,6d,00,73,00,67,00,2e,00,64,00,6c,00,6c,00,3b,00,25,\ 00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,00,\ 53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,70,00,33,00,72,\ 00,65,00,73,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\npfs] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\npfs] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\ntfs] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\ntfs] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\NTMS] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\NTMS] ; Contents of value: ; %SystemRoot%\system32\NtmsEvt.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,4e,00,74,00,6d,00,73,00,45,00,76,00,74,00,2e,00,64,00,6c,00,6c,00,00,\ 00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\NtServicePack] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\NtServicePack] ; Contents of value: ; %SystemRoot%\System32\spmsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,73,00,70,00,6d,00,73,00,67,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\null] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\null] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\nv] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\nv] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\nv4_mini.sys "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,3b,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,\ 25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,64,00,72,\ 00,69,00,76,00,65,00,72,00,73,00,5c,00,6e,00,76,00,34,00,5f,00,6d,00,69,00,\ 6e,00,69,00,2e,00,73,00,79,00,73,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\OSPF] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\OSPF] ; Contents of value: ; %SystemRoot%\System32\ospf.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,6f,00,73,00,70,00,66,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\OSPFMib] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\OSPFMib] ; Contents of value: ; %SystemRoot%\System32\ospfmib.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,6f,00,73,00,70,00,66,00,6d,00,69,00,62,00,2e,00,64,00,6c,00,6c,00,00,\ 00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Outlook Express 6] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Outlook Express 6] ; Contents of value: ; %SystemRoot%\System32\spmsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,73,00,70,00,6d,00,73,00,67,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\parallel] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\parallel] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\parallel.sys "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,3b,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,\ 25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,64,00,72,\ 00,69,00,76,00,65,00,72,00,73,00,5c,00,70,00,61,00,72,00,61,00,6c,00,6c,00,\ 65,00,6c,00,2e,00,73,00,79,00,73,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\parport] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\parport] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\parport.sys "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,3b,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,\ 25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,64,00,72,\ 00,69,00,76,00,65,00,72,00,73,00,5c,00,70,00,61,00,72,00,70,00,6f,00,72,00,\ 74,00,2e,00,73,00,79,00,73,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\parvdm] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\parvdm] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\Drivers\ParVdm.sys "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,3b,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,\ 25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,72,\ 00,69,00,76,00,65,00,72,00,73,00,5c,00,50,00,61,00,72,00,56,00,64,00,6d,00,\ 2e,00,73,00,79,00,73,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\pci] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\pci] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\Drivers\Pci.sys "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,3b,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,\ 25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,72,\ 00,69,00,76,00,65,00,72,00,73,00,5c,00,50,00,63,00,69,00,2e,00,73,00,79,00,\ 73,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\pciide] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\pciide] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\Drivers\PciIde.sys "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,3b,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,\ 25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,72,\ 00,69,00,76,00,65,00,72,00,73,00,5c,00,50,00,63,00,69,00,49,00,64,00,65,00,\ 2e,00,73,00,79,00,73,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\pcmcia] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\pcmcia] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\Drivers\Pcmcia.sys "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,3b,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,\ 25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,72,\ 00,69,00,76,00,65,00,72,00,73,00,5c,00,50,00,63,00,6d,00,63,00,69,00,61,00,\ 2e,00,73,00,79,00,73,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\PolicyAgent] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\PolicyAgent] ; Contents of value: ; %SystemRoot%\System32\polagent.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,70,00,6f,00,6c,00,61,00,67,00,65,00,6e,00,74,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\PptpMiniport] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\PptpMiniport] ; Contents of value: ; %SystemRoot%\System32\netevent.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,6e,00,65,00,74,00,65,00,76,00,65,00,6e,00,74,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Print] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Print] ; Contents of value: ; %SystemRoot%\System32\LocalSpl.dll;%SystemRoot%\System32\sp3res.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,4c,00,6f,00,63,00,61,00,6c,00,53,00,70,00,6c,00,2e,00,64,00,6c,00,6c,\ 00,3b,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,\ 25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,70,\ 00,33,00,72,00,65,00,73,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\ql1080] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\ql1080] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\ql10wnt] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\ql10wnt] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\ql1240] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\ql1240] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\ql2100] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\ql2100] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\qv_detect] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\qv_detect] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\qv_det.sys "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,3b,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,\ 25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,64,00,72,\ 00,69,00,76,00,65,00,72,00,73,00,5c,00,71,00,76,00,5f,00,64,00,65,00,74,00,\ 2e,00,73,00,79,00,73,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\RasAuto] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\RasAuto] ; Contents of value: ; %SystemRoot%\System32\mprmsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,6d,00,70,00,72,00,6d,00,73,00,67,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\RasMan] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\RasMan] ; Contents of value: ; %SystemRoot%\System32\mprmsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,6d,00,70,00,72,00,6d,00,73,00,67,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Rdbss] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Rdbss] ; Contents of value: ; %SystemRoot%\System32\netevent.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,6e,00,65,00,74,00,65,00,76,00,65,00,6e,00,74,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\redbook] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\redbook] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\redbook.sys "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,3b,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,\ 25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,64,00,72,\ 00,69,00,76,00,65,00,72,00,73,00,5c,00,72,00,65,00,64,00,62,00,6f,00,6f,00,\ 6b,00,2e,00,73,00,79,00,73,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\RemoteAccess] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\RemoteAccess] ; Contents of value: ; %SystemRoot%\System32\mprmsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,6d,00,70,00,72,00,6d,00,73,00,67,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Removable Storage Service] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Removable Storage Service] ; Contents of value: ; %SystemRoot%\System32\NTMSEVT.DLL "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,4e,00,54,00,4d,00,53,00,45,00,56,00,54,00,2e,00,44,00,4c,00,4c,00,00,\ 00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\RSVP] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\RSVP] ; Contents of value: ; %SystemRoot%\System32\rsvpmsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,72,00,73,00,76,00,70,00,6d,00,73,00,67,00,2e,00,64,00,6c,00,6c,00,00,\ 00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\rtl8139] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\rtl8139] ; Contents of value: ; %SystemRoot%\System32\netevent.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,6e,00,65,00,74,00,65,00,76,00,65,00,6e,00,74,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\s3legacy_detect] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\s3legacy_detect] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\s3legacy_det.sys "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,3b,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,\ 25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,64,00,72,\ 00,69,00,76,00,65,00,72,00,73,00,5c,00,73,00,33,00,6c,00,65,00,67,00,61,00,\ 63,00,79,00,5f,00,64,00,65,00,74,00,2e,00,73,00,79,00,73,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\SAM] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\SAM] ; Contents of value: ; %SystemRoot%\System32\samsrv.dll;%SystemRoot%\System32\sp3res.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,73,00,61,00,6d,00,73,00,72,00,76,00,2e,00,64,00,6c,00,6c,00,3b,00,25,\ 00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,00,\ 53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,70,00,33,00,72,\ 00,65,00,73,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Save Dump] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Save Dump] ; Contents of value: ; %SystemRoot%\System32\SaveDump.exe "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,53,00,61,00,76,00,65,00,44,00,75,00,6d,00,70,00,2e,00,65,00,78,00,65,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\SCardSvr] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\SCardSvr] ; Contents of value: ; %SystemRoot%\System32\SCardSvr.exe "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,53,00,43,00,61,00,72,00,64,00,53,00,76,00,72,00,2e,00,65,00,78,00,65,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Schannel] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Schannel] ; Contents of value: ; %SystemRoot%\system32\lsasrv.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,6c,00,73,00,61,00,73,00,72,00,76,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Schedule] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Schedule] ; Contents of value: ; %SystemRoot%\System32\netevent.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,6e,00,65,00,74,00,65,00,76,00,65,00,6e,00,74,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\scsiport] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\scsiport] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\serial] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\serial] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\serial.sys "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,3b,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,\ 25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,64,00,72,\ 00,69,00,76,00,65,00,72,00,73,00,5c,00,73,00,65,00,72,00,69,00,61,00,6c,00,\ 2e,00,73,00,79,00,73,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Server] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Server] ; Contents of value: ; %SystemRoot%\System32\netevent.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,6e,00,65,00,74,00,65,00,76,00,65,00,6e,00,74,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Service Control Manager] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Service Control Manager] ; Contents of value: ; %systemroot%\system32\netevent.dll;%systemroot%\system32\sp3res.dll "EventMessageFile"=hex(2):25,00,73,00,79,00,73,00,74,00,65,00,6d,00,72,00,6f,\ 00,6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,6e,00,65,00,74,00,65,00,76,00,65,00,6e,00,74,00,2e,00,64,00,6c,00,6c,\ 00,3b,00,25,00,73,00,79,00,73,00,74,00,65,00,6d,00,72,00,6f,00,6f,00,74,00,\ 25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,70,\ 00,33,00,72,00,65,00,73,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\sfloppy] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\sfloppy] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\sglfb] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\sglfb] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\Drivers\sglfb.sys "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,3b,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,\ 25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,72,\ 00,69,00,76,00,65,00,72,00,73,00,5c,00,73,00,67,00,6c,00,66,00,62,00,2e,00,\ 73,00,79,00,73,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Simbad] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Simbad] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\sndblst] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\sndblst] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\sparrow] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\sparrow] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\sptd] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\sptd] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Srv] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Srv] ; Contents of value: ; %SystemRoot%\System32\netevent.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,6e,00,65,00,74,00,65,00,76,00,65,00,6e,00,74,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\StillImage] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\StillImage] ; Contents of value: ; %SystemRoot%\System32\stisvc.exe "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,73,00,74,00,69,00,73,00,76,00,63,00,2e,00,65,00,78,00,65,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\symc810] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\symc810] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\symc8xx] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\symc8xx] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\sym_hi] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\sym_hi] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\System] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Tcpip] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Tcpip] ; Contents of value: ; %SystemRoot%\System32\netevent.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,6e,00,65,00,74,00,65,00,76,00,65,00,6e,00,74,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\TCPMon] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\TCPMon] "EventMessageFile"="%SystemRoot%\\System32\\tcpmon.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\tdi] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\tdi] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\TermService] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\TermService] ; Contents of value: ; %SystemRoot%\System32\termsrv.exe;%SystemRoot%\System32\ntdll.dll;%SystemRoot%\System32\sp3res.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,74,00,65,00,72,00,6d,00,73,00,72,00,76,00,2e,00,65,00,78,00,65,00,3b,\ 00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,\ 5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,6e,00,74,00,64,\ 00,6c,00,6c,00,2e,00,64,00,6c,00,6c,00,3b,00,25,00,53,00,79,00,73,00,74,00,\ 65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,\ 00,6d,00,33,00,32,00,5c,00,73,00,70,00,33,00,72,00,65,00,73,00,2e,00,64,00,\ 6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\udfs] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\udfs] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\ultra66] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\ultra66] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\UPS] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\UPS] ; Contents of value: ; %SystemRoot%\System32\netmsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,6e,00,65,00,74,00,6d,00,73,00,67,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\vaxscsi] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\vaxscsi] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\VgaSave] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\VgaSave] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\Drivers\vga.sys "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,3b,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,\ 25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,72,\ 00,69,00,76,00,65,00,72,00,73,00,5c,00,76,00,67,00,61,00,2e,00,73,00,79,00,\ 73,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\W32Time] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\W32Time] ; Contents of value: ; %SystemRoot%\System32\w32time.dll;%SystemRoot%\System32\sp3res.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,77,00,33,00,32,00,74,00,69,00,6d,00,65,00,2e,00,64,00,6c,00,6c,00,3b,\ 00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,\ 5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,70,00,33,\ 00,72,00,65,00,73,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\wdvga_detect] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\wdvga_detect] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\wdvga_det.sys "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,3b,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,\ 25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,64,00,72,\ 00,69,00,76,00,65,00,72,00,73,00,5c,00,77,00,64,00,76,00,67,00,61,00,5f,00,\ 64,00,65,00,74,00,2e,00,73,00,79,00,73,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\weitekp9_detect] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\weitekp9_detect] ; Contents of value: ; %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\weitekp9_det.sys "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\ 00,3b,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,\ 25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,64,00,72,\ 00,69,00,76,00,65,00,72,00,73,00,5c,00,77,00,65,00,69,00,74,00,65,00,6b,00,\ 70,00,39,00,5f,00,64,00,65,00,74,00,2e,00,73,00,79,00,73,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Win32k] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Win32k] ; Contents of value: ; %SystemRoot%\System32\win32k.sys "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,77,00,69,00,6e,00,33,00,32,00,6b,00,2e,00,73,00,79,00,73,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Windows File Protection] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Windows File Protection] ; Contents of value: ; %SystemRoot%\System32\sfc.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,73,00,66,00,63,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Windows Installer 3.0] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Windows Installer 3.0] ; Contents of value: ; %SystemRoot%\System32\spmsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,73,00,70,00,6d,00,73,00,67,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Windows Installer 3.1] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Windows Installer 3.1] ; Contents of value: ; %SystemRoot%\System32\spmsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,73,00,70,00,6d,00,73,00,67,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Windows Script Host] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Windows Script Host] ; Contents of value: ; %SystemRoot%\System32\wshext.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,77,00,73,00,68,00,65,00,78,00,74,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Windows Update Agent] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Windows Update Agent] ; Contents of value: ; %SystemRoot%\system32\wuaucpl.cpl "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,77,00,75,00,61,00,75,00,63,00,70,00,6c,00,2e,00,63,00,70,00,6c,00,00,\ 00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\WindowsMedia] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\WindowsMedia] ; Contents of value: ; %SystemRoot%\System32\spmsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,73,00,70,00,6d,00,73,00,67,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Wmi] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Wmi] ; Contents of value: ; %SystemRoot%\System32\netevent.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,6e,00,65,00,74,00,65,00,76,00,65,00,6e,00,74,00,2e,00,64,00,6c,00,6c,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Workstation] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Workstation] ; Contents of value: ; %SystemRoot%\System32\netmsg.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,6e,00,65,00,74,00,6d,00,73,00,67,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\WZCSVC] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\WZCSVC] ; Contents of value: ; %SystemRoot%\System32\wzcsvc.dll "EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,77,00,7a,00,63,00,73,00,76,00,63,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventSystem] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventSystem\Parameters] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventSystem\Security] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventSystem\Enum] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventSystem\Enum] "0"="Root\\LEGACY_EVENTSYSTEM\00" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NdisTapi\Parameters] "AsyncEventQueueSize"=dword:00000300 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Npfs\Aliases] ; Contents of value: ; srvsvc ; wkssvc ; eventlog ; browser ; msgsvc ; svcctl ; w32time ; "ntsvcs"=hex(7):73,00,72,00,76,00,73,00,76,00,63,00,00,00,77,00,6b,00,73,00,73,\ 00,76,00,63,00,00,00,65,00,76,00,65,00,6e,00,74,00,6c,00,6f,00,67,00,00,00,\ 62,00,72,00,6f,00,77,00,73,00,65,00,72,00,00,00,6d,00,73,00,67,00,73,00,76,\ 00,63,00,00,00,73,00,76,00,63,00,63,00,74,00,6c,00,00,00,77,00,33,00,32,00,\ 74,00,69,00,6d,00,65,00,00,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteAccess\Policy\Pipelines1] "Events"="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteAccess\Policy\Pipelines1\Stages1] "Events"="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteAccess\Policy\Pipelines1\Stages1\RequestHandlers\12] "Events"="1" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteAccess\Policy\Pipelines1\Stages2] "Events"="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteAccess\Policy\Pipelines1\Stages2\RequestHandlers1] "Events"="1" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteAccess\Policy\Pipelines1\Stages2\RequestHandlers3] "Events"="1 4" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteAccess\Policy\Pipelines1\Stages3] "Events"="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteAccess\Policy\Pipelines1\Stages3\RequestHandlers7] "Events"="1 2" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteAccess\Policy\Pipelines1\Stages4] "Events"="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteAccess\Policy\Pipelines1\Stages4\RequestHandlers6] "Events"="1 2" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteAccess\Policy\Pipelines2] "Events"="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteAccess\Policy\Pipelines2\Stages5] "Events"="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteAccess\Policy\Pipelines2\Stages5\RequestHandlers\10] "Events"="1" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteAccess\Policy\Pipelines3] "Events"="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteAccess\Policy\Pipelines3\Stages6] "Events"="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteAccess\Policy\Pipelines3\Stages6\RequestHandlers4] "Events"="1 4" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteAccess\Policy\Pipelines3\Stages6\RequestHandlers\11] "Events"="1" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteAccess\Policy\Pipelines3\Stages7] "Events"="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteAccess\Policy\Pipelines3\Stages7\RequestHandlers2] "Events"="1" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteAccess\Policy\Pipelines3\Stages7\RequestHandlers9] "Events"="1 4" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteAccess\Policy\Pipelines3\Stages8] "Events"="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteAccess\Policy\Pipelines3\Stages8\RequestHandlers5] "Events"="1" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SENS] ; Contents of value: ; EventSystem ; "DependOnService"=hex(7):45,00,76,00,65,00,6e,00,74,00,53,00,79,00,73,00,74,00,\ 65,00,6d,00,00,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess] "Description"="Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network." [HKEY_CURRENT_USER\AppEvents] [HKEY_CURRENT_USER\AppEvents\EventLabels] [HKEY_CURRENT_USER\AppEvents\EventLabels\.Default] [HKEY_CURRENT_USER\AppEvents\EventLabels\ActivatingDocument] [HKEY_CURRENT_USER\AppEvents\EventLabels\AppGPFault] [HKEY_CURRENT_USER\AppEvents\EventLabels\CCSelect] [HKEY_CURRENT_USER\AppEvents\EventLabels\Close] [HKEY_CURRENT_USER\AppEvents\EventLabels\CriticalBatteryAlarm] [HKEY_CURRENT_USER\AppEvents\EventLabels\EmptyRecycleBin] [HKEY_CURRENT_USER\AppEvents\EventLabels\Incoming-Fax] [HKEY_CURRENT_USER\AppEvents\EventLabels\LowBatteryAlarm] [HKEY_CURRENT_USER\AppEvents\EventLabels\MailBeep] [HKEY_CURRENT_USER\AppEvents\EventLabels\Maximize] [HKEY_CURRENT_USER\AppEvents\EventLabels\MenuCommand] [HKEY_CURRENT_USER\AppEvents\EventLabels\MenuPopup] [HKEY_CURRENT_USER\AppEvents\EventLabels\Minimize] [HKEY_CURRENT_USER\AppEvents\EventLabels\MoveMenuItem] [HKEY_CURRENT_USER\AppEvents\EventLabels\Navigating] [HKEY_CURRENT_USER\AppEvents\EventLabels\Open] [HKEY_CURRENT_USER\AppEvents\EventLabels\Outgoing-Fax] [HKEY_CURRENT_USER\AppEvents\EventLabels\RestoreDown] [HKEY_CURRENT_USER\AppEvents\EventLabels\RestoreUp] [HKEY_CURRENT_USER\AppEvents\EventLabels\RingIn] [HKEY_CURRENT_USER\AppEvents\EventLabels\RingOut] [HKEY_CURRENT_USER\AppEvents\EventLabels\ShowBand] [HKEY_CURRENT_USER\AppEvents\EventLabels\SystemAsterisk] [HKEY_CURRENT_USER\AppEvents\EventLabels\SystemExclamation] [HKEY_CURRENT_USER\AppEvents\EventLabels\SystemExit] [HKEY_CURRENT_USER\AppEvents\EventLabels\SystemHand] [HKEY_CURRENT_USER\AppEvents\EventLabels\SystemQuestion] [HKEY_CURRENT_USER\AppEvents\EventLabels\SystemStart] [HKEY_CURRENT_USER\AppEvents\Schemes] [HKEY_CURRENT_USER\AppEvents\Schemes\Apps] [HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default] [HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\.Default] [HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\.Default\.Current] [HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\.Default\.Default] [HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\.Default\Utopia0] [HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\AppGPFault] [HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\AppGPFault\.Current] [HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\AppGPFault\.Default] [HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\AppGPFault\Utopia0] [HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\CCSelect] [HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\CCSelect\.current] [HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\Close] [HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\Close\.Current] [HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\Close\.Default] [HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\Close\Utopia0] [HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\MailBeep] [HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\MailBeep\.Current] [HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\MailBeep\.Default] [HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\Maximize] [HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\Maximize\.Current] [HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\Maximize\.Default] [HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\Maximize\Utopia0] [HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\MenuCommand] [HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\MenuCommand\.Current] [HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\MenuCommand\.Default] [HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\MenuCommand\Utopia0] [HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\MenuPopup] [HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\MenuPopup\.Current] [HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\MenuPopup\.Default] [HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\MenuPopup\Utopia0] [HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\Minimize] [HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\Minimize\.Current] [HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\Minimize\.Default] [HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\Minimize\Utopia0] [HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\Open] [HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\Open\.Current] [HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\Open\.Default] [HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\Open\Utopia0] [HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\RestoreDown] [HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\RestoreDown\.Current] [HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\RestoreDown\.Default] [HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\RestoreDown\Utopia0] [HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\RestoreUp] [HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\RestoreUp\.Current] [HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\RestoreUp\.Default] [HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\RestoreUp\Utopia0] [HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\RingIn] [HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\RingIn\.Current] [HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\RingOut] [HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\RingOut\.Current] [HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\ShowBand] [HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\ShowBand\.current] [HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\SystemAsterisk] [HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\SystemAsterisk\.Current] [HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\SystemAsterisk\.Default] [HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\SystemAsterisk\Utopia0] [HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\SystemExclamation] [HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\SystemExclamation\.Current] [HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\SystemExclamation\.Default] [HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\SystemExclamation\Utopia0] [HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\SystemExit] [HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\SystemExit\.Current] [HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\SystemExit\.Default] [HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\SystemExit\Utopia0] [HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\SystemHand] [HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\SystemHand\.Current] [HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\SystemHand\.Default] [HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\SystemHand\Utopia0] [HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\SystemQuestion] [HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\SystemQuestion\.Current] [HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\SystemQuestion\.Default] [HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\SystemQuestion\Utopia0] [HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\SystemStart] [HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\SystemStart\.Current] [HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\SystemStart\.Default] [HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\SystemStart\Utopia0] [HKEY_CURRENT_USER\AppEvents\Schemes\Apps\Conf] [HKEY_CURRENT_USER\AppEvents\Schemes\Apps\Conf\Participant] [HKEY_CURRENT_USER\AppEvents\Schemes\Apps\Conf\Participant\.Current] [HKEY_CURRENT_USER\AppEvents\Schemes\Apps\Conf\Recevoir l'appel] [HKEY_CURRENT_USER\AppEvents\Schemes\Apps\Conf\Recevoir l'appel\.Current] [HKEY_CURRENT_USER\AppEvents\Schemes\Apps\Conf\Recevoir une demande de participation] [HKEY_CURRENT_USER\AppEvents\Schemes\Apps\Conf\Recevoir une demande de participation\.Current] [HKEY_CURRENT_USER\AppEvents\Schemes\Apps\Conf\Sortant] [HKEY_CURRENT_USER\AppEvents\Schemes\Apps\Conf\Sortant\.Current] [HKEY_CURRENT_USER\AppEvents\Schemes\Apps\Explorer] [HKEY_CURRENT_USER\AppEvents\Schemes\Apps\Explorer\ActivatingDocument] [HKEY_CURRENT_USER\AppEvents\Schemes\Apps\Explorer\ActivatingDocument\.current] [HKEY_CURRENT_USER\AppEvents\Schemes\Apps\Explorer\EmptyRecycleBin] [HKEY_CURRENT_USER\AppEvents\Schemes\Apps\Explorer\EmptyRecycleBin\.Current] [HKEY_CURRENT_USER\AppEvents\Schemes\Apps\Explorer\EmptyRecycleBin\.Default] [HKEY_CURRENT_USER\AppEvents\Schemes\Apps\Explorer\EmptyRecycleBin\Utopia0] [HKEY_CURRENT_USER\AppEvents\Schemes\Apps\Explorer\Incoming-Fax] [HKEY_CURRENT_USER\AppEvents\Schemes\Apps\Explorer\Incoming-Fax\.Current] [HKEY_CURRENT_USER\AppEvents\Schemes\Apps\Explorer\Incoming-Fax\.Default] [HKEY_CURRENT_USER\AppEvents\Schemes\Apps\Explorer\MoveMenuItem] [HKEY_CURRENT_USER\AppEvents\Schemes\Apps\Explorer\MoveMenuItem\.current] [HKEY_CURRENT_USER\AppEvents\Schemes\Apps\Explorer\Navigating] [HKEY_CURRENT_USER\AppEvents\Schemes\Apps\Explorer\Navigating\.current] [HKEY_CURRENT_USER\AppEvents\Schemes\Apps\Explorer\Outgoing-Fax] [HKEY_CURRENT_USER\AppEvents\Schemes\Apps\Explorer\Outgoing-Fax\.Current] [HKEY_CURRENT_USER\AppEvents\Schemes\Apps\Explorer\Outgoing-Fax\.Default] [HKEY_CURRENT_USER\AppEvents\Schemes\Apps\MPlay32] [HKEY_CURRENT_USER\AppEvents\Schemes\Apps\MPlay32\Close] [HKEY_CURRENT_USER\AppEvents\Schemes\Apps\MPlay32\Close\.Current] [HKEY_CURRENT_USER\AppEvents\Schemes\Apps\MPlay32\Close\.Default] [HKEY_CURRENT_USER\AppEvents\Schemes\Apps\MPlay32\Open] [HKEY_CURRENT_USER\AppEvents\Schemes\Apps\MPlay32\Open\.Current] [HKEY_CURRENT_USER\AppEvents\Schemes\Apps\MPlay32\Open\.Default] [HKEY_CURRENT_USER\AppEvents\Schemes\Apps\PowerCfg] [HKEY_CURRENT_USER\AppEvents\Schemes\Apps\PowerCfg\CriticalBatteryAlarm] [HKEY_CURRENT_USER\AppEvents\Schemes\Apps\PowerCfg\CriticalBatteryAlarm\.Current] [HKEY_CURRENT_USER\AppEvents\Schemes\Apps\PowerCfg\CriticalBatteryAlarm\.Default] [HKEY_CURRENT_USER\AppEvents\Schemes\Apps\PowerCfg\LowBatteryAlarm] [HKEY_CURRENT_USER\AppEvents\Schemes\Apps\PowerCfg\LowBatteryAlarm\.Current] [HKEY_CURRENT_USER\AppEvents\Schemes\Apps\PowerCfg\LowBatteryAlarm\.Default] [HKEY_CURRENT_USER\AppEvents\Schemes\Apps\SndRec32] [HKEY_CURRENT_USER\AppEvents\Schemes\Apps\SndRec32\Close] [HKEY_CURRENT_USER\AppEvents\Schemes\Apps\SndRec32\Close\.Current] [HKEY_CURRENT_USER\AppEvents\Schemes\Apps\SndRec32\Open] [HKEY_CURRENT_USER\AppEvents\Schemes\Apps\SndRec32\Open\.Current] [HKEY_CURRENT_USER\AppEvents\Schemes\Names] [HKEY_CURRENT_USER\AppEvents\Schemes\Names\.Default] [HKEY_CURRENT_USER\AppEvents\Schemes\Names\.None] [HKEY_CURRENT_USER\AppEvents\Schemes\Names\Utopia0] [HKEY_CURRENT_USER\AppEvents\Schemes\NewSchemes] [HKEY_CURRENT_USER\AppEvents\Schemes\NewSchemes\Utopia] [HKEY_CURRENT_USER\Software\Microsoft\Advanced INF Setup\IE UserData NT\RegBackup.map] "39cd794abee19363"=",33,HKCU,AppEvents\\Schemes\\Apps\\Explorer\\ActivatingDocument,," "cd76491d6491d060"=",33,HKCU,AppEvents\\Schemes\\Apps\\Explorer\\Navigating,," "39cd794a5fa8faa1"=",33,HKCU,AppEvents\\Schemes\\Apps\\Explorer\\Navigating\\.current,," "e1cc8421f283cca5"=",33,HKCU,AppEvents\\Schemes\\Apps\\Explorer\\MoveMenuItem,," "49415f9a5ec1fc0f"=",33,HKCU,AppEvents\\EventLabels\\ActivatingDocument,," "73326354f619f719"=",33,HKCU,AppEvents\\EventLabels\\Navigating,," "e91ffd26a97429f9"=",33,HKCU,AppEvents\\EventLabels\\MoveMenuItem,," "ae25fe9238ef79f0"=",33,HKCU,AppEvents\\Schemes\\Apps\\.Default\\CCSelect,," "ae25fe920f8b3871"=",33,HKCU,AppEvents\\Schemes\\Apps\\.Default\\ShowBand,," "e11fa7cf59782b93"=",33,HKCU,AppEvents\\EventLabels\\CCSelect,," "e11fa7cf6e1c6a12"=",33,HKCU,AppEvents\\EventLabels\\ShowBand,," [HKEY_CURRENT_USER\Software\Microsoft\EventSystem] [HKEY_CURRENT_USER\Software\Microsoft\EventSystem\{26c409cc-ae86-11d1-b616-00805fc79216}] [HKEY_CURRENT_USER\Software\Microsoft\EventSystem\{26c409cc-ae86-11d1-b616-00805fc79216}\Subscriptions] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\EventHandlersDefaultSelection] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sonomaevents.com] [HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Network\Event Viewer] [HKEY_CURRENT_USER\Software\NVIDIA Corporation\Global\nView\Tweak] "PreventOffScreenOpens"=dword:00000000 ; End Of The Log... voila j'espere que tu sauras y voir clair je vais continuer ce que tu m'as suggereé de faire... à +

et diaghelp C:\WINNT\System32/drivers\nwlnkcr.sys -->05/04/2007 07:22:09 C:\WINNT\System32/drivers\gmer.sys -->03/04/2007 23:34:19 C:\WINNT\System32/drivers\atksgt.sys -->03/02/2007 14:29:45 C:\WINNT\System32/drivers\lirsgt.sys -->03/02/2007 14:29:44 C:\WINNT\System32/drivers\npf.sys -->25/01/2007 19:31:34 C:\WINNT\System32/drivers\SECDRV.SYS -->25/01/2007 09:18:32 C:\WINNT\System32/drivers\vaxscsi.sys -->25/01/2007 09:10:44 C:\WINNT\System32\Perflib_Perfdata_338.dat -->05/04/2007 07:20:42 C:\WINNT\System32\nvapps.xml -->05/04/2007 07:14:46 C:\WINNT\System32\asfiles.txt -->04/04/2007 07:17:35 C:\WINNT\System32\Uninstall.ico -->04/04/2007 07:11:45 C:\WINNT\System32\pavas.ico -->04/04/2007 07:11:45 C:\WINNT\System32\Help.ico -->04/04/2007 07:11:45 C:\WINNT\System32\FNTCACHE.DAT -->03/04/2007 23:22:42 C:\WINNT\System32\jupdate-1.5.0_11-b03.log -->31/03/2007 08:47:54 C:\WINNT\System32\tmp.txt -->30/03/2007 18:51:34 C:\WINNT\System32\tmp.reg -->30/03/2007 18:51:34 C:\WINNT\System32\Perflib_Perfdata_310.dat -->29/03/2007 19:19:26 C:\WINNT\System32\.exe -->29/03/2007 19:16:47 C:\WINNT\System32\Perflib_Perfdata_314.dat -->28/03/2007 20:46:52 C:\WINNT\System32\dp.exe -->28/03/2007 12:12:16 C:\WINNT\System32\tj -->28/03/2007 12:12:13 C:\WINNT\System32\Perflib_Perfdata_234.dat -->27/03/2007 23:31:49 C:\WINNT\System32\Perflib_Perfdata_1c0.dat -->26/03/2007 18:53:43 C:\WINNT\System32\sfc.dll -->26/03/2007 18:35:49 C:\WINNT\System32\Perflib_Perfdata_31c.dat -->25/03/2007 20:22:28 C:\WINNT\System32\Perflib_Perfdata_5c8.dat -->25/03/2007 20:06:27 C:\WINNT\System32\Perflib_Perfdata_57c.dat -->25/03/2007 19:45:43 C:\WINNT\System32\Perflib_Perfdata_17c.dat -->25/03/2007 19:29:07 C:\WINNT\System32\Perflib_Perfdata_188.dat -->25/03/2007 19:24:49 C:\WINNT\System32\Perflib_Perfdata_5d8.dat -->22/03/2007 20:38:05 C:\WINNT\System32\Perflib_Perfdata_60c.dat -->22/03/2007 20:30:23 C:\WINNT\WindowsUpdate.log -->05/04/2007 07:13:53 C:\WINNT\SchedLgU.Txt -->04/04/2007 23:08:13 C:\WINNT\win.ini -->04/04/2007 21:58:11 C:\WINNT\setupapi.log -->04/04/2007 07:12:32 C:\WINNT\gmer.ini -->03/04/2007 23:35:15 C:\WINNT\gmer_uninstall.cmd -->03/04/2007 23:34:19 C:\WINNT\gmer.dll -->03/04/2007 23:34:19 C:\WINNT\ShellIconCache -->03/04/2007 23:21:17 C:\WINNT\iis5.log -->03/04/2007 22:57:56 C:\WINNT\KB925902.log -->03/04/2007 22:57:55 C:\WINNT\imsins.log -->03/04/2007 22:57:55 C:\WINNT\comsetup.log -->03/04/2007 22:57:55 C:\WINNT\ockodak.log -->03/04/2007 22:57:54 C:\WINNT\ocgen.log -->03/04/2007 22:57:54 C:\WINNT\updspapi.log -->03/04/2007 22:57:44 C:\WINNT\alcrmv.exe |24/01/2007 21:00:18 C:\WINNT\alcupd.exe |24/01/2007 21:00:18 C:\WINNT\bdoscandel.exe |04/03/2005 15:10:36 C:\WINNT\gmer.exe |03/04/2007 23:34:18 C:\WINNT\IsUn040c.exe |02/02/2007 10:14:04 C:\WINNT\IsUninst.exe |24/01/2007 20:55:54 C:\WINNT\meta4.exe |25/02/2007 13:35:09 C:\WINNT\MOTA113.exe |25/02/2007 13:35:09 C:\WINNT\PATCH.EXE |27/01/2007 13:25:04 C:\WINNT\runtsckl.exe |02/11/2005 19:07:12 C:\WINNT\tsc.exe |27/01/2007 13:30:15 C:\WINNT\twunk_16.exe |16/12/1999 10:00:00 C:\WINNT\twunk_32.exe |16/12/1999 10:00:00 C:\WINNT\War3Unin.exe |10/02/2007 18:12:03 C:\WINNT\x2.64.exe |25/02/2007 13:35:09 C:\WINNT\AuHCcup1.dll |23/07/1999 11:53:20 C:\WINNT\BPMNT.dll |27/01/2007 13:30:14 C:\WINNT\gmer.dll |03/04/2007 23:34:19 C:\WINNT\hcextoutput.dll |27/01/2007 13:30:15 C:\WINNT\loadhttp.dll |15/10/2002 15:29:40 C:\WINNT\patchw32.dll |14/12/2001 14:34:46 C:\WINNT\TMUPDATE.DLL |27/01/2007 13:25:04 C:\WINNT\twain.dll |16/12/1999 10:00:00 C:\WINNT\twain_32.dll |16/12/1999 10:00:00 C:\WINNT\UNZIP.DLL |27/01/2007 13:25:04 C:\WINNT\vsapi32.dll |27/01/2007 13:30:14 C:\WINNT\system32\.exe |28/03/2007 19:03:56 C:\WINNT\system32\append.exe |16/12/1999 10:00:00 C:\WINNT\system32\asuninst.exe |04/04/2007 07:12:22 C:\WINNT\system32\CNDNDlg.exe |07/03/2007 15:18:10 C:\WINNT\system32\debug.exe |16/12/1999 10:00:00 C:\WINNT\system32\dfrgfat.exe |19/06/2003 12:05:04 C:\WINNT\system32\dfrgntfs.exe |19/06/2003 12:05:04 C:\WINNT\system32\dmadmin.exe |19/06/2003 12:05:04 C:\WINNT\system32\dmremote.exe |19/06/2003 12:05:04 C:\WINNT\system32\dosx.exe |16/12/1999 10:00:00 C:\WINNT\system32\dp.exe |28/03/2007 12:12:16 C:\WINNT\system32\dumphive.exe |27/03/2007 19:14:13 C:\WINNT\system32\dvdplay.exe |15/12/1999 01:30:38 C:\WINNT\system32\edlin.exe |16/12/1999 10:00:00 C:\WINNT\system32\exe2bin.exe |16/12/1999 10:00:00 C:\WINNT\system32\fastopen.exe |16/12/1999 10:00:00 C:\WINNT\system32\java.exe |31/03/2007 08:47:58 C:\WINNT\system32\javaw.exe |31/03/2007 08:47:58 C:\WINNT\system32\javaws.exe |31/03/2007 08:47:58 C:\WINNT\system32\keystone.exe |22/10/2006 13:22:00 C:\WINNT\system32\massvc32.exe |18/03/2007 13:34:52 C:\WINNT\system32\mem.exe |16/12/1999 10:00:00 C:\WINNT\system32\mscdexnt.exe |16/12/1999 10:00:00 C:\WINNT\system32\msswchx.exe |19/06/2003 12:05:04 C:\WINNT\system32\NeroCheck.exe |29/01/2007 20:12:00 C:\WINNT\system32\nlsfunc.exe |16/12/1999 10:00:00 C:\WINNT\system32\nvappbar.exe |22/10/2006 13:22:00 C:\WINNT\system32\nvcolor.exe |22/10/2006 13:22:00 C:\WINNT\system32\nvcplui.exe |22/10/2006 13:22:00 C:\WINNT\system32\nvdspsch.exe |22/10/2006 13:22:00 C:\WINNT\system32\nvsvc32.exe |22/10/2006 13:22:00 C:\WINNT\system32\nvudisp.exe |24/01/2007 21:04:47 C:\WINNT\system32\NVUNINST.EXE |24/01/2007 21:04:39 C:\WINNT\system32\nw16.exe |16/12/1999 10:00:00 C:\WINNT\system32\nwiz.exe |22/10/2006 13:22:00 C:\WINNT\system32\Process.exe |27/03/2007 19:14:13 C:\WINNT\system32\PSDrvCheck.exe |23/02/2007 15:25:18 C:\WINNT\system32\pxhpinst.exe |11/03/2007 20:17:53 C:\WINNT\system32\redir.exe |16/12/1999 10:00:00 C:\WINNT\system32\setver.exe |16/12/1999 10:00:00 C:\WINNT\system32\share.exe |16/12/1999 10:00:00 C:\WINNT\system32\Shutdown.exe |24/03/2007 19:35:56 C:\WINNT\system32\SrchSTS.exe |27/03/2007 19:14:13 C:\WINNT\system32\swreg.exe |27/03/2007 19:14:13 C:\WINNT\system32\swsc.exe |27/03/2007 19:14:13 C:\WINNT\system32\swxcacls.exe |27/03/2007 19:14:13 C:\WINNT\system32\vwipxspx.exe |16/12/1999 10:00:00 C:\WINNT\system32\x.264.exe |25/02/2007 13:35:08 C:\WINNT\system32\amstream.dll |29/01/2007 21:22:26 C:\WINNT\system32\atmfd.dll |19/06/2003 12:05:04 C:\WINNT\system32\atmlib.dll |19/06/2003 12:05:04 C:\WINNT\system32\avisynth.dll |25/02/2007 13:35:08 C:\WINNT\system32\AVSredirect.dll |25/02/2007 13:35:09 C:\WINNT\system32\cbrowser.dll |24/01/2007 21:53:26 C:\WINNT\system32\CNDCK170.dll |07/03/2007 15:18:10 C:\WINNT\system32\CNDUK170.dll |07/03/2007 15:18:10 C:\WINNT\system32\ComLib.dll |24/01/2007 21:53:26 C:\WINNT\system32\devil.dll |25/02/2007 13:35:08 C:\WINNT\system32\dfrgres.dll |16/12/1999 10:00:00 C:\WINNT\system32\dfrgsnap.dll |19/06/2003 12:05:04 C:\WINNT\system32\dfrgui.dll |16/12/1999 10:00:00 C:\WINNT\system32\dgrpsetu.dll |24/01/2007 20:34:06 C:\WINNT\system32\dgsetup.dll |24/01/2007 20:34:06 C:\WINNT\system32\dmconfig.dll |19/06/2003 12:05:04 C:\WINNT\system32\dmintf.dll |19/06/2003 12:05:04 C:\WINNT\system32\dmserver.dll |19/06/2003 12:05:04 C:\WINNT\system32\dmutil.dll |19/06/2003 12:05:04 C:\WINNT\system32\efsadu.dll |16/12/1999 10:00:00 C:\WINNT\system32\EqnClass.Dll |24/01/2007 20:34:06 C:\WINNT\system32\flvDX.dll |25/02/2007 13:32:52 C:\WINNT\system32\hpzcoi08.dll |26/03/2003 08:21:58 C:\WINNT\system32\hpzcon08.dll |26/03/2003 08:23:10 C:\WINNT\system32\hpzlnt08.dll |26/03/2003 08:32:24 C:\WINNT\system32\hticons.dll |24/01/2007 20:40:35 C:\WINNT\system32\hypertrm.dll |24/01/2007 20:40:35 C:\WINNT\system32\i420vfw.dll |25/02/2007 13:35:08 C:\WINNT\system32\iccvid.dll |16/12/1999 10:00:00 C:\WINNT\system32\imagr5.dll |29/01/2007 20:12:05 C:\WINNT\system32\imagx5.dll |29/01/2007 20:12:05 C:\WINNT\system32\ImagXpr5.dll |29/01/2007 20:12:05 C:\WINNT\system32\imgcmn.dll |24/01/2007 20:40:37 C:\WINNT\system32\imgshl.dll |24/01/2007 20:40:37 C:\WINNT\system32\ir32_32.dll |16/12/1999 10:00:00 C:\WINNT\system32\ir41_qc.dll |16/12/1999 10:00:00 C:\WINNT\system32\ir41_qcx.dll |16/12/1999 10:00:00 C:\WINNT\system32\ir50_32.dll |16/12/1999 10:00:00 C:\WINNT\system32\ir50_qc.dll |16/12/1999 10:00:00 C:\WINNT\system32\ir50_qcx.dll |16/12/1999 10:00:00 C:\WINNT\system32\jpeg1x32.dll |24/01/2007 20:40:37 C:\WINNT\system32\jpeg2x32.dll |24/01/2007 20:40:37 C:\WINNT\system32\mciqtz32.dll |29/01/2007 21:22:26 C:\WINNT\system32\meter.dll |11/07/2002 11:38:14 C:\WINNT\system32\msdmo.dll |29/01/2007 21:22:27 C:\WINNT\system32\msencode.dll |30/08/2002 19:24:06 C:\WINNT\system32\msswch.dll |19/06/2003 12:05:04 C:\WINNT\system32\MusInputMod.dll |11/07/2002 11:39:36 C:\WINNT\system32\N067UFW.dll |24/01/2007 21:12:14 C:\WINNT\system32\NMOCOD.DLL |25/01/2007 09:27:08 C:\WINNT\system32\NMORENU.DLL |25/01/2007 09:27:09 C:\WINNT\system32\NMSCKN.DLL |25/01/2007 09:27:09 C:\WINNT\system32\NMW3VWN.DLL |25/01/2007 09:27:09 C:\WINNT\system32\nsp.dll |23/02/2007 15:25:13 C:\WINNT\system32\nspa6.dll |23/02/2007 15:25:17 C:\WINNT\system32\nspm5.dll |23/02/2007 15:25:19 C:\WINNT\system32\nspm6.dll |23/02/2007 15:25:19 C:\WINNT\system32\nspp6.dll |23/02/2007 15:25:18 C:\WINNT\system32\nsppx.dll |23/02/2007 15:25:16 C:\WINNT\system32\nspw7.dll |23/02/2007 15:25:13 C:\WINNT\system32\nv4_disp.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvapi.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvcod.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvcodins.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvcpl.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvcpluir.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvdisps.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvdispsr.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvexpbar.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvgames.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvgamesr.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvhwvid.dll |22/10/2006 13:22:00 C:\WINNT\system32\nview.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvmccs.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvmccsrs.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvmccss.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvmccssr.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvmctray.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvmobls.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvmoblsr.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvnt4cpl.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvoglnt.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvrsar.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvrscs.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvrsda.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvrsde.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvrsel.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvrseng.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvrses.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvrsesm.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvrsfi.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvrsfr.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvrshe.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvrshu.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvrsit.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvrsja.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvrsko.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvrsnl.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvrsno.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvrspl.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvrspt.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvrsptb.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvrsru.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvrssk.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvrssl.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvrssv.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvrstr.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvrszhc.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvrszht.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvshell.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvvitvs.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvvitvsr.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvwddi.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvwdmcpl.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvwimg.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvwrsar.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvwrscs.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvwrsda.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvwrsde.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvwrsel.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvwrseng.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvwrses.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvwrsesm.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvwrsfi.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvwrsfr.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvwrshe.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvwrshu.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvwrsit.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvwrsja.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvwrsko.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvwrsnl.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvwrsno.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvwrspl.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvwrspt.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvwrsptb.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvwrsru.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvwrssk.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvwrssl.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvwrssv.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvwrstr.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvwrszhc.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvwrszht.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvwss.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvwssr.dll |22/10/2006 13:22:00 C:\WINNT\system32\oieng400.dll |24/01/2007 20:40:34 C:\WINNT\system32\oiprt400.dll |24/01/2007 20:40:37 C:\WINNT\system32\oislb400.dll |24/01/2007 20:40:37 C:\WINNT\system32\oissq400.dll |24/01/2007 20:40:37 C:\WINNT\system32\oitwa400.dll |24/01/2007 20:40:37 C:\WINNT\system32\oiui400.dll |24/01/2007 20:40:34 C:\WINNT\system32\Packet.dll |25/01/2007 19:31:34 C:\WINNT\system32\picn20.dll |29/01/2007 20:12:05 C:\WINNT\system32\pncrt.dll |02/02/2007 10:34:38 C:\WINNT\system32\pndx5016.dll |02/02/2007 10:34:38 C:\WINNT\system32\pndx5032.dll |02/02/2007 10:34:38 C:\WINNT\system32\PSCLK170.dll |07/03/2007 15:18:10 C:\WINNT\system32\psisdecd.dll |02/02/2007 20:06:12 C:\WINNT\system32\pthreadVC.dll |25/01/2007 19:31:36 C:\WINNT\system32\px.dll |11/03/2007 20:17:53 C:\WINNT\system32\pxdrv.dll |11/03/2007 20:17:53 C:\WINNT\system32\pxmas.dll |11/03/2007 20:17:53 C:\WINNT\system32\pxwave.dll |11/03/2007 20:17:53 C:\WINNT\system32\qcut.dll |16/12/1999 10:00:00 C:\WINNT\system32\qedwipes.dll |29/01/2007 21:22:28 C:\WINNT\system32\rmoc3260.dll |02/02/2007 10:34:38 C:\WINNT\system32\SG62CPL.DLL |24/01/2007 21:12:14 C:\WINNT\system32\SG62UUD.DLL |24/01/2007 21:12:14 C:\WINNT\system32\Smab.dll |25/02/2007 13:35:07 C:\WINNT\system32\sockspy.dll |24/01/2007 21:32:13 C:\WINNT\system32\spxcoins.dll |24/01/2007 20:34:06 C:\WINNT\system32\tifflt.dll |24/01/2007 20:40:37 C:\WINNT\system32\tsbyuv.dll |15/12/1999 01:30:06 C:\WINNT\system32\tsd32.dll |16/12/1999 10:00:00 C:\WINNT\system32\UCS32P.DLL |24/01/2007 21:12:15 C:\WINNT\system32\vxblock.dll |11/03/2007 20:17:53 C:\WINNT\system32\WanPacket.dll |25/01/2007 19:31:34 C:\WINNT\system32\wavdest.dll |02/09/1998 10:24:30 C:\WINNT\system32\WBCustomizer.dll |08/01/2001 14:47:44 C:\WINNT\system32\win87em.dll |16/12/1999 10:00:00 C:\WINNT\system32\wpcap.dll |25/01/2007 19:31:36 C:\WINNT\system32\xcomm.dll |02/10/2003 13:15:34 C:\WINNT\system32\xiffr3_0.dll |24/01/2007 20:40:37 C:\WINNT\system32\xreglib.dll |06/12/2002 18:37:06 C:\WINNT\system32\yv12vfw.dll |25/02/2007 13:35:08 C:\WINNT\system32\ZPORT4AS.dll |04/04/2007 07:12:21 Le volume dans le lecteur C s'appelle Vingt Doses Le numéro de série du volume est F06D-02CC Répertoire de C:\WINNT\system32 19/06/2003 12:05 5 392 csrss.exe 1 fichier(s) 5 392 octets 0 Rép(s) 4 932 493 312 octets libres Contenu de Downloaded Program Files Le volume dans le lecteur C s'appelle Vingt Doses Le numéro de série du volume est F06D-02CC Répertoire de C:\WINNT\Downloaded Program Files 04/04/2007 09:30 <DIR> . 04/04/2007 09:30 <DIR> .. 24/08/2006 08:28 141 424 asinst.dll 22/08/2006 09:06 537 asinst.inf 13/11/2006 20:48 946 296 asquared.ocx 07/12/2004 17:07 32 bdcore.dll 01/03/2005 15:08 118 784 bdupd.dll 25/02/2007 13:31 65 desktop.ini 01/03/2005 15:08 53 248 ipsupd.dll 08/08/2006 12:45 576 kavwebscan.inf 16/03/2005 12:34 7 407 lang.ini 07/12/2004 17:07 32 libfn.dll 14/03/2005 14:38 126 live.ini 01/03/2005 12:15 1 246 oscan8.inf 16/03/2005 12:31 475 136 oscan8.ocx 14/03/2005 14:58 7 073 scanoptions.tsi 26/05/2005 05:19 291 wuweb.inf 02/11/2005 19:01 1 777 xscan.inf 02/11/2005 19:07 435 712 xscan53.ocx 17 fichier(s) 2 189 762 octets Total des fichiers listés : 17 fichier(s) 2 189 762 octets 2 Rép(s) 4 932 427 776 octets libres Recherche de rootkit! (Merci S!Ri) Recherche d'infections connues catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006 http://www.gmer.net scanning hidden processes ... scanning hidden services ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 Le volume dans le lecteur C s'appelle Vingt Doses Le numéro de série du volume est F06D-02CC Répertoire de C:\Program Files 04/04/2007 23:08 <DIR> . 04/04/2007 23:08 <DIR> .. 24/01/2007 20:40 <DIR> Accessoires 11/02/2007 13:23 <DIR> AddOnsOO2 25/01/2007 13:32 <DIR> Adobe 25/02/2007 13:35 <DIR> AviSynth 2.5 24/02/2007 20:44 <DIR> Common Files 24/01/2007 20:41 <DIR> ComPlus Applications 28/01/2007 20:21 <DIR> directx 20/03/2007 23:42 <DIR> Fichiers communs 11/03/2007 20:17 <DIR> Google 02/02/2007 10:16 <DIR> Hewlett-Packard 04/04/2007 08:02 <DIR> Internet Explorer 31/03/2007 08:47 <DIR> Java 24/01/2007 20:40 <DIR> Lecteur Windows Media 02/02/2007 10:39 <DIR> Media Player Classic 24/01/2007 23:20 <DIR> microsoft frontpage 24/01/2007 23:34 <DIR> Microsoft Office 28/03/2007 14:50 <DIR> NetMeeting 11/02/2007 13:24 <DIR> OOoHG 11/02/2007 13:19 <DIR> OpenOffice.org 2.0 30/03/2007 13:33 <DIR> Optimisation Windows 29/03/2007 20:07 <DIR> Outlook Express 14/03/2007 22:02 <DIR> Picasa2 23/02/2007 15:25 <DIR> Pinnacle 24/01/2007 21:22 <DIR> Softwin 23/02/2007 15:25 <DIR> VOB 29/03/2007 20:08 <DIR> Windows Media Player 24/01/2007 20:40 <DIR> Windows NT 21/02/2007 14:41 <DIR> WinPcap 26/02/2007 19:52 <DIR> Yahoo! 0 fichier(s) 0 octets 31 Rép(s) 4 932 489 216 octets libres Le volume dans le lecteur C s'appelle Vingt Doses Le numéro de série du volume est F06D-02CC Répertoire de C:\Program Files\fichiers communs 20/03/2007 23:42 <DIR> . 20/03/2007 23:42 <DIR> .. 25/01/2007 09:00 <DIR> Adobe 29/01/2007 20:12 <DIR> Ahead 07/03/2007 15:11 <DIR> InstallShield 11/02/2007 13:14 <DIR> Java 25/02/2007 13:31 <DIR> Microsoft Shared 02/02/2007 10:15 <DIR> MSSoap 24/01/2007 20:34 <DIR> ODBC 25/02/2007 13:31 <DIR> Services 24/01/2007 21:21 <DIR> Softwin 29/03/2007 20:07 <DIR> System 0 fichier(s) 0 octets 12 Rép(s) 4 932 489 216 octets libres Le volume dans le lecteur C s'appelle Vingt Doses Le numéro de série du volume est F06D-02CC Répertoire de C:\Program Files\fichiers communs\Microsoft Shared\Web Folders 04/04/2007 08:01 <DIR> . 04/04/2007 08:01 <DIR> .. 04/11/1999 02:38 561 210 MSONSEXT.DLL 03/06/1999 21:09 122 937 MSOWS409.DLL 07/03/2001 16:00 127 033 MSOWS40c.DLL 3 fichier(s) 811 180 octets 2 Rép(s) 4 932 485 120 octets libres Le volume dans le lecteur C s'appelle Vingt Doses Le numéro de série du volume est F06D-02CC Répertoire de C:\Program Files\common files 24/02/2007 20:44 <DIR> . 24/02/2007 20:44 <DIR> .. 24/02/2007 20:53 <DIR> System 0 fichier(s) 0 octets 3 Rép(s) 4 932 485 120 octets libres Le volume dans le lecteur C s'appelle Vingt Doses Le numéro de série du volume est F06D-02CC Répertoire de C:\ 11/11/2001 00:00 68 096 diff.exe 27/08/2006 14:10 103 424 grep.exe 2 fichier(s) 171 520 octets 0 Rép(s) 4 932 485 120 octets libres c:\Documents and Settings\Administrateur\.housecall6.6\getMac.exe c:\Documents and Settings\Administrateur\.housecall6.6\patch.exe c:\Documents and Settings\Administrateur\.housecall6.6\tsc.exe c:\Documents and Settings\Administrateur\Bureau\a2AntiMalwareSetup.exe c:\Documents and Settings\Administrateur\Bureau\Antisasser-FR.exe c:\Documents and Settings\Administrateur\Bureau\ATF-Cleaner.exe c:\Documents and Settings\Administrateur\Bureau\avg-anti-spyware_avg_anti-spyware_francais_27645.exe c:\Documents and Settings\Administrateur\Bureau\BattleLANv04.exe c:\Documents and Settings\Administrateur\Bureau\BigFix1.6b.exe c:\Documents and Settings\Administrateur\Bureau\blbeta.exe c:\Documents and Settings\Administrateur\Bureau\clamwin-0.90.1-setup.exe c:\Documents and Settings\Administrateur\Bureau\ComboFix.exe c:\Documents and Settings\Administrateur\Bureau\HijackThis.exe c:\Documents and Settings\Administrateur\Bureau\mwav.exe c:\Documents and Settings\Administrateur\Bureau\sd4hide.exe c:\Documents and Settings\Administrateur\Bureau\spywarefighter.exe c:\Documents and Settings\Administrateur\Bureau\URLSnooper.exe c:\Documents and Settings\Administrateur\Bureau\Windows2000-KB828028-x86-FRA.EXE c:\Documents and Settings\Administrateur\Bureau\Windows2000-KB835732-x86-FRA(2).EXE c:\Documents and Settings\Administrateur\Bureau\Windows2000-KB835732-x86-FRA.EXE c:\Documents and Settings\Administrateur\Bureau\Windows2000-KB891861-v2-x86-FRA.EXE c:\Documents and Settings\Administrateur\Bureau\Arret_Demarrage\Arrêt programmé.exe c:\Documents and Settings\Administrateur\Bureau\avenger\avenger.exe c:\Documents and Settings\Administrateur\Bureau\DiagHelp\DiagHelp\catchme.exe c:\Documents and Settings\Administrateur\Bureau\DiagHelp\DiagHelp\diff.exe c:\Documents and Settings\Administrateur\Bureau\DiagHelp\DiagHelp\dumphive.exe c:\Documents and Settings\Administrateur\Bureau\DiagHelp\DiagHelp\FilesInfoCmd.exe c:\Documents and Settings\Administrateur\Bureau\DiagHelp\DiagHelp\Fport.exe c:\Documents and Settings\Administrateur\Bureau\DiagHelp\DiagHelp\grep.exe c:\Documents and Settings\Administrateur\Bureau\DiagHelp\DiagHelp\LFiles.exe c:\Documents and Settings\Administrateur\Bureau\DiagHelp\DiagHelp\LISTDLLS.exe c:\Documents and Settings\Administrateur\Bureau\DiagHelp\DiagHelp\pslist.exe c:\Documents and Settings\Administrateur\Bureau\DiagHelp\DiagHelp\streams.exe c:\Documents and Settings\Administrateur\Bureau\DiagHelp\DiagHelp\swreg.exe c:\Documents and Settings\Administrateur\Bureau\gmer\gmer.exe c:\Documents and Settings\Administrateur\Bureau\OptimisationWindows3-0-4\setup.exe c:\Documents and Settings\Administrateur\Bureau\RootkitRevealer\RootkitRevealer.exe c:\Documents and Settings\Administrateur\Bureau\SDFix\Catchme.exe c:\Documents and Settings\Administrateur\Bureau\SDFix\apps\cliptext.exe c:\Documents and Settings\Administrateur\Bureau\SDFix\apps\download.exe c:\Documents and Settings\Administrateur\Bureau\SDFix\apps\LS.exe c:\Documents and Settings\Administrateur\Bureau\SDFix\apps\MD5File.exe c:\Documents and Settings\Administrateur\Bureau\SDFix\apps\MoveEx.exe c:\Documents and Settings\Administrateur\Bureau\SDFix\apps\RegDACL.exe c:\Documents and Settings\Administrateur\Bureau\SDFix\apps\RestartIt!.exe c:\Documents and Settings\Administrateur\Bureau\SDFix\apps\sc.exe c:\Documents and Settings\Administrateur\Bureau\SDFix\apps\SF.exe c:\Documents and Settings\Administrateur\Bureau\SDFix\apps\swreg.exe c:\Documents and Settings\Administrateur\Bureau\SDFix\apps\swsc.exe c:\Documents and Settings\Administrateur\Bureau\SDFix\apps\unzip.exe c:\Documents and Settings\Administrateur\Bureau\SDFix\apps\zip.exe c:\Documents and Settings\Administrateur\Bureau\SDFix\apps\Replace\W2K.exe c:\Documents and Settings\Administrateur\Bureau\SDFix\apps\Replace\XP.exe c:\Documents and Settings\Administrateur\Bureau\SDFix\backups\attrib.exe c:\Documents and Settings\Administrateur\Bureau\SDFix\backups\find.exe c:\Documents and Settings\Administrateur\Bureau\SDFix\backups\findstr.exe c:\Documents and Settings\Administrateur\Bureau\SDFix\backups\regedit.exe c:\Documents and Settings\Administrateur\Bureau\SDFix\backups_old1\attrib.exe c:\Documents and Settings\Administrateur\Bureau\SDFix\backups_old1\find.exe c:\Documents and Settings\Administrateur\Bureau\SDFix\backups_old1\findstr.exe c:\Documents and Settings\Administrateur\Bureau\SDFix\backups_old1\regedit.exe c:\Documents and Settings\Administrateur\Bureau\SDFix\backups_old2\attrib.exe c:\Documents and Settings\Administrateur\Bureau\SDFix\backups_old2\find.exe c:\Documents and Settings\Administrateur\Bureau\SDFix\backups_old2\findstr.exe c:\Documents and Settings\Administrateur\Bureau\SDFix\backups_old2\regedit.exe c:\Documents and Settings\Administrateur\Bureau\SDFix\backups_old3\attrib.exe c:\Documents and Settings\Administrateur\Bureau\SDFix\backups_old3\find.exe c:\Documents and Settings\Administrateur\Bureau\SDFix\backups_old3\findstr.exe c:\Documents and Settings\Administrateur\Bureau\SDFix\backups_old3\regedit.exe c:\Documents and Settings\Administrateur\Bureau\SDFix\backups_old4\attrib.exe c:\Documents and Settings\Administrateur\Bureau\SDFix\backups_old4\find.exe c:\Documents and Settings\Administrateur\Bureau\SDFix\backups_old4\findstr.exe c:\Documents and Settings\Administrateur\Bureau\SDFix\backups_old4\regedit.exe c:\Documents and Settings\Administrateur\Bureau\Util\Wu\Win2k\1_Maj critiques\Fr\WU\Software\fr\com_microsoft.internetexplorer50x\x86win2k\com_microsoft.Q318089_W2K_IE5_5218\vbs51nfr.exe c:\Documents and Settings\Administrateur\Bureau\Util\Wu\Win2k\1_Maj critiques\Fr\WU\Software\fr\com_microsoft.internetexplorer50x\x86win2k\com_microsoft.Q330994_OEPatch31_IE55SP2\q330994.exe c:\Documents and Settings\Administrateur\Bureau\Util\Wu\Win2k\1_Maj critiques\Fr\WU\Software\fr\com_microsoft.internetexplorer50x\x86win2k\com_microsoft.Q822925_IE501_SP4\q822925.exe c:\Documents and Settings\Administrateur\Bureau\Util\Wu\Win2k\1_Maj critiques\Fr\WU\Software\fr\com_microsoft.internetexplorer55x\x86win2k\com_microsoft.Q330994_OEPatch31_IE55SP2\q330994.exe c:\Documents and Settings\Administrateur\Bureau\Util\Wu\Win2k\1_Maj critiques\Fr\WU\Software\fr\com_microsoft.internetexplorer55x\x86win2k\com_microsoft.Q822925_IE_55SP2\q822925.exe c:\Documents and Settings\Administrateur\Bureau\Util\Wu\Win2k\1_Maj critiques\Fr\WU\Software\fr\com_microsoft.internetexplorer6x\x86win2k\com_microsoft.813951_urlmon_5995\q813951.exe c:\Documents and Settings\Administrateur\Bureau\Util\Wu\Win2k\1_Maj critiques\Fr\WU\Software\fr\com_microsoft.internetexplorer6x\x86win2k\com_microsoft.Q318089_W2K_XP_IE6_5226\vbs56nfr.exe c:\Documents and Settings\Administrateur\Bureau\Util\Wu\Win2k\1_Maj critiques\Fr\WU\Software\fr\com_microsoft.internetexplorer6x\x86win2k\com_microsoft.Q330994_OEPatch_IE6SP1_32\q330994.exe c:\Documents and Settings\Administrateur\Bureau\Util\Wu\Win2k\1_Maj critiques\Fr\WU\Software\fr\com_microsoft.internetexplorer6x\x86win2k\com_microsoft.Q822925_IE6_SP1\q822925.exe c:\Documents and Settings\Administrateur\Bureau\Util\Wu\Win2k\1_Maj critiques\Fr\WU\Software\fr\com_microsoft.windows2000\x86win2k\com_microsoft.817787_WMZ_MSRC_1640_WMP71\WindowsMedia71-KB817787-x86-FRA.exe c:\Documents and Settings\Administrateur\Bureau\Util\Wu\Win2k\1_Maj critiques\Fr\WU\Software\fr\com_microsoft.windows2000\x86win2k\com_microsoft.819696_nonDirectX_9_0B_CRITICAL\DirectX9-KB819696-x86-FRA.exe c:\Documents and Settings\Administrateur\Bureau\Util\Wu\Win2k\1_Maj critiques\Fr\WU\Software\fr\com_microsoft.windows2000\x86win2k\com_microsoft.823559_W2K_SP5_WinSE_48630\Windows2000-KB823559-x86-FRA.exe c:\Documents and Settings\Administrateur\Bureau\Util\Wu\Win2k\1_Maj critiques\Fr\WU\Software\fr\com_microsoft.windows2000\x86win2k\com_microsoft.823980_W2K_SP5_WinSE_48715_Critical\Windows2000-KB823980-x86-FRA.exe c:\Documents and Settings\Administrateur\Bureau\Util\Wu\Win2k\1_Maj critiques\Fr\WU\Software\fr\com_microsoft.windows2000\x86win2k\com_microsoft.824105_W2K_SP5_WinSE_48089_Critical\Windows2000-KB824105-x86-FRA.exe c:\Documents and Settings\Administrateur\Bureau\Util\Wu\Win2k\1_Maj critiques\Fr\WU\Software\fr\com_microsoft.windows2000\x86win2k\com_microsoft.824146_W2K_SP5_WinSE_49650\Windows2000-KB824146-x86-FRA.exe c:\Documents and Settings\Administrateur\Bureau\Util\Wu\Win2k\1_Maj critiques\Fr\WU\Software\fr\com_microsoft.windows2000\x86win2k\com_microsoft.IIS_SecPatch_IIS5_5415\Q321599_W2K.exe c:\Documents and Settings\Administrateur\Bureau\Util\Wu\Win2k\1_Maj critiques\Fr\WU\Software\fr\com_microsoft.windows2000\x86win2k\com_microsoft.Jscript_ win2K_55_6001\js55nfr.exe c:\Documents and Settings\Administrateur\Bureau\Util\Wu\Win2k\1_Maj critiques\Fr\WU\Software\fr\com_microsoft.windows2000\x86win2k\com_microsoft.Jscript_ win2K_XP_56_6003\js56nfr.exe c:\Documents and Settings\Administrateur\Bureau\Util\Wu\Win2k\1_Maj critiques\Fr\WU\Software\fr\com_microsoft.windows2000\x86win2k\com_microsoft.Jscript_Win2K_51_5999\js51nfr.exe c:\Documents and Settings\Administrateur\Bureau\Util\Wu\Win2k\1_Maj critiques\Fr\WU\Software\fr\com_microsoft.windows2000\x86win2k\com_microsoft.Q261255_SP1_4094\q261255.exe c:\Documents and Settings\Administrateur\Bureau\Util\Wu\Win2k\1_Maj critiques\Fr\WU\Software\fr\com_microsoft.windows2000\x86win2k\com_microsoft.Q270676_SP2_CORP_4127\Q270676.EXE c:\Documents and Settings\Administrateur\Bureau\Util\Wu\Win2k\1_Maj critiques\Fr\WU\Software\fr\com_microsoft.windows2000\x86win2k\com_microsoft.Q274372_SP2_W2k_CORP_4280\Q274372.EXE c:\Documents and Settings\Administrateur\Bureau\Util\Wu\Win2k\1_Maj critiques\Fr\WU\Software\fr\com_microsoft.windows2000\x86win2k\com_microsoft.Q280838_SP2_W2k_4305\Q280838.EXE c:\Documents and Settings\Administrateur\Bureau\Util\Wu\Win2k\1_Maj critiques\Fr\WU\Software\fr\com_microsoft.windows2000\x86win2k\com_microsoft.Q296185_W2K_SP3_CORP_4594\q296185_W2K.exe c:\Documents and Settings\Administrateur\Bureau\Util\Wu\Win2k\1_Maj critiques\Fr\WU\Software\fr\com_microsoft.windows2000\x86win2k\com_microsoft.Q299553_W2K_SP3_CORP_4674\Q299553.EXE c:\Documents and Settings\Administrateur\Bureau\Util\Wu\Win2k\1_Maj critiques\Fr\WU\Software\fr\com_microsoft.windows2000\x86win2k\com_microsoft.Q311967_W2K_SP3_5304\Q311967.exe c:\Documents and Settings\Administrateur\Bureau\Util\Wu\Win2k\1_Maj critiques\Fr\WU\Software\fr\com_microsoft.windows2000\x86win2k\com_microsoft.Q312897_VS_NET_JA_5433\NDP10_SP_Q321897_Ja.exe c:\Documents and Settings\Administrateur\Bureau\Util\Wu\Win2k\1_Maj critiques\Fr\WU\Software\fr\com_microsoft.windows2000\x86win2k\com_microsoft.Q313450_W2K_Cons_5256\Q313450SP3.exe c:\Documents and Settings\Administrateur\Bureau\Util\Wu\Win2k\1_Maj critiques\Fr\WU\Software\fr\com_microsoft.windows2000\x86win2k\com_microsoft.Q313829_W2K_5282\Q313829.exe c:\Documents and Settings\Administrateur\Bureau\Util\Wu\Win2k\1_Maj critiques\Fr\WU\Software\fr\com_microsoft.windows2000\x86win2k\com_microsoft.Q314147_W2K_5265\Q314147_W2K.exe c:\Documents and Settings\Administrateur\Bureau\Util\Wu\Win2k\1_Maj critiques\Fr\WU\Software\fr\com_microsoft.windows2000\x86win2k\com_microsoft.Q317244_XML40_5255\Q317244.exe c:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\QuickTime 7.1.3.100\QuickTimeInstallerAdmin.exe j'ai me semble t il un fiichier suspect (voire plusieurs) ds system32 c'est un fichier rien.exe caché (il apparait commme ça : .exe grisé) il n'a pas de version microsoft ds les proprietés donc ne semble pas légitime et j'ai beau l'effacer (possible uniquement en mode SE) il revient à chaque démarrage. idem pour x.264.exe qu'en penses tu? bonne journée et à +

salut charles ingals servicefilter The script did not recognize the services listed below. This does not mean that they are a problem. To copy the entire contents of this document for posting: At the top of this window click "Edit" then "Select All" Next click "Edit" again then "Copy" Now right click in the forum post box then click "Paste" ######################################## ServiceFilter 1.1 by rand1038 Microsoft Windows 2000 Professionnel Version: 5.0.2195 Service Pack 4 avr. 5, 2007 07:20:43 ---> Begin Service Listing <--- Unknown Service # 1 Service Name: AVG Anti-Spyware Guard Display Name: AVG Anti-Spyware Guard Start Mode: Auto Start Name: LocalSystem Description: AVG Anti-Spyware ... Service Type: Own Process Path: d:\avg anti-spyware 7.5\guard.exe State: Running Process ID: 520 Started: Vrai Exit Code: 0 Accept Pause: Faux Accept Stop: Faux Unknown Service # 2 Service Name: bdss Display Name: BitDefender Scan Server Start Mode: Auto Start Name: LocalSystem Description: BitDefender Scan ... Service Type: Own Process Path: c:\program files\fichiers communs\softwin\bitdefender scan server\bdss.exe /service State: Running Process ID: 884 Started: Vrai Exit Code: 0 Accept Pause: Faux Accept Stop: Vrai Unknown Service # 3 Service Name: Event Display Name: Events Log Start Mode: Auto Start Name: .\Administrateur Description: Events ... Service Type: Own Process Path: c:\winnt\system32\drivers\csrss.exe -k networkservice State: Stopped Process ID: 0 Started: Faux Exit Code: 0 Accept Pause: Faux Accept Stop: Faux Unknown Service # 4 Service Name: gusvc Display Name: Google Updater Service Start Mode: Disabled Start Name: LocalSystem Description: Google Updater ... Service Type: Own Process Path: "c:\program files\google\common\google updater\googleupdaterservice.exe" State: Stopped Process ID: 0 Started: Faux Exit Code: 1077 Accept Pause: Faux Accept Stop: Faux Unknown Service # 5 Service Name: StarWindService Display Name: StarWind iSCSI Service Start Mode: Auto Start Name: LocalSystem Description: StarWind iSCSI ... Service Type: Own Process Path: d:\alcohol 120\starwind\starwindservice.exe State: Running Process ID: 716 Started: Vrai Exit Code: 0 Accept Pause: Faux Accept Stop: Vrai Unknown Service # 6 Service Name: VSSERV Display Name: BitDefender Virus Shield Start Mode: Auto Start Name: LocalSystem Description: BitDefender Virus ... Service Type: Own Process Path: c:\program files\softwin\bitdefender8\vsserv.exe /service State: Running Process ID: 928 Started: Vrai Exit Code: 0 Accept Pause: Faux Accept Stop: Vrai Unknown Service # 7 Service Name: XCOMM Display Name: BitDefender Communicator Start Mode: Auto Start Name: LocalSystem Description: BitDefender ... Service Type: Own Process Path: c:\program files\fichiers communs\softwin\bitdefender communicator\xcommsvr.exe /service State: Running Process ID: 852 Started: Vrai Exit Code: 0 Accept Pause: Faux Accept Stop: Vrai ---> End Service Listing <--- There are 65 Win32 services on this machine. 7 were unrecognized. Script Execution Time: 3,28125 seconds. juste comme je viens de coller le rapport (pc allumé depuis 5 mn) à nouveau winnt\system32\drivers\csrss.exe bloqué par bitdefender!!! y doit bien y avoir qquechose qui la reactive à chaque fois cette saloperie? je fais le diaghelp et te le poste

merci encore une fois pour cette session charles ingals je te souhaite une bonne nuit et j'espere que ça ira mieux demain je regarderais demain matin au cas ou il y ait des ordres à executer!! lol j'arrive pas à comprendre que ces fichiers soit invisibles!!!

bon c'est fait voili le rapport Logfile of The Avenger version 1, by Swandog46 Running from registry key: \Registry\Machine\System\CurrentControlSet\Services\wmgeycoi ******************* Script file located at: \??\C:\Program Files\tfqtqpgh.txt Script file opened successfully. Script file read successfully Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: Registry key HKLM\SYSTEM\CurrentControlSet\Services\ACNLFCKLWIINLRTIAQINK deleted successfully. Registry key HKLM\SYSTEM\CurrentControlSet\Services\JZDEPB deleted successfully. Registry key HKLM\SYSTEM\CurrentControlSet\Services\msnntlp deleted successfully. Registry key HKLM\SYSTEM\CurrentControlSet\Services\MTZN deleted successfully. Registry key HKLM\SYSTEM\CurrentControlSet\Services\NJV deleted successfully. Registry key HKLM\SYSTEM\CurrentControlSet\Services\QYACU deleted successfully. Registry key HKLM\SYSTEM\CurrentControlSet\Services\Windows NT-Session Manager deleted successfully. Registry key HKLM\SYSTEM\CurrentControlSet\Services\WPQX deleted successfully. Registry key HKLM\SYSTEM\CurrentControlSet\Services\WWPSR deleted successfully. Registry key HKLM\SYSTEM\CurrentControlSet\Services\Event deleted successfully. File C:\winnt\system32\drivers\csrss.exe not found! Deletion of file C:\winnt\system32\drivers\csrss.exe failed! Could not process line: C:\winnt\system32\drivers\csrss.exe Status: 0xc0000034 File c:\winnt\smss.exe deleted successfully. File c:\winnt\system\msnntlp.exe not found! Deletion of file c:\winnt\system\msnntlp.exe failed! Could not process line: c:\winnt\system\msnntlp.exe Status: 0xc0000034 Completed script processing. ******************* Finished! Terminate. en plus d'etre invisibles elles ont l'air super tenaces ces bebettes...

et bitdefender qui s'agite à nouveau ===> backdoor.sbot fichier incriminé c:\winnt\system32\drivers\csrss.exe qui est introuvable dans le repertoire mentionné!!! j'y comprends pas il est invisible ou quoi?