Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Virus won’t allow me to run MBAM and get on internet, also shut down m


  • Please log in to reply

#61
happy01

happy01

    Member

  • Topic Starter
  • Member
  • PipPip
  • 54 posts
Here it is


! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\.NET CLR Data

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\.NET CLR Data\Linkage
Export REG_SZ 2e,00,4e,00,45,00,54,00,20,00,43,00,4c,00,52,00,20,00,44,00,61,00,74,00,61,00,00,00,00,00

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\.NET CLR Data\Performance
Open REG_SZ OpenPerformanceData
Collect REG_SZ CollectPerformanceData
Close REG_SZ ClosePerformanceData
Library REG_SZ netfxperf.dll
Counter Types REG_BINARY 3600350035003300360000003600350035003300360000003600350035003300360000003600350035003300360000003600350035003300360000003600350035003300360000000000
Counter Names REG_BINARY 530071006C0043006C00690065006E0074003A002000430075007200720065006E00740020002300200070006F006F006C0065006400200061006E00640020006E006F006E0070006F006F006C0065006400200063006F006E006E0065006300740069006F006E0073000000530071006C0043006C00690065006E0074003A002000430075007200720065006E00740020002300200070006F006F006C0065006400200063006F006E006E0065006300740069006F006E0073000000530071006C0043006C00690065006E0074003A002000430075007200720065006E00740020002300200063006F006E006E0065006300740069006F006E00200070006F006F006C0073000000530071006C0043006C00690065006E0074003A0020005000650061006B0020002300200070006F006F006C0065006400200063006F006E006E0065006300740069006F006E0073000000530071006C0043006C00690065006E0074003A00200054006F00740061006C002000230020006600610069006C0065006400200063006F006E006E0065006300740073000000530071006C0043006C00690065006E0074003A00200054006F00740061006C002000230020006600610069006C0065006400200063006F006D006D0061006E006400730000000000
Last Counter REG_DWORD 0xbc0
Last Help REG_DWORD 0xbc1
First Counter REG_DWORD 0xbb4
First Help REG_DWORD 0xbb5
Object List REG_SZ 2996
WbemAdapFileSignature REG_BINARY 203D5ECB5CCDA683053CDA42DFF03573
WbemAdapFileTime REG_BINARY 0066A727685FCA01
WbemAdapFileSize REG_DWORD 0xc150
WbemAdapStatus REG_DWORD 0x0
CategoryOptions REG_DWORD 0x1
IsMultiInstance REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\.NET CLR Networking

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\.NET CLR Networking\Linkage
Export REG_SZ 2e,00,4e,00,45,00,54,00,20,00,43,00,4c,00,52,00,20,00,4e,00,65,00,74,00,77,00,6f,00,72,00,6b,00,69,00,6e,00,67,00,00,00,00,00

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\.NET CLR Networking\Performance
Open REG_SZ OpenPerformanceData
Collect REG_SZ CollectPerformanceData
Close REG_SZ ClosePerformanceData
Library REG_SZ netfxperf.dll
Counter Types REG_BINARY 3600350035003300360000003600350037003900320000003600350037003900320000003600350035003300360000003600350035003300360000000000
Counter Names REG_BINARY 43006F006E006E0065006300740069006F006E0073002000450073007400610062006C00690073006800650064000000420079007400650073002000520065006300650069007600650064000000420079007400650073002000530065006E007400000044006100740061006700720061006D007300200052006500630065006900760065006400000044006100740061006700720061006D0073002000530065006E00740000000000
Last Counter REG_DWORD 0xbcc
Last Help REG_DWORD 0xbcd
First Counter REG_DWORD 0xbc2
First Help REG_DWORD 0xbc3
Object List REG_SZ 3010 3010 3010 3010 3010 3010 3010 3010 3010 3010 3010 3010 3010 3010 3010 3010 3010 3010 3010 3010 3010
WbemAdapFileSignature REG_BINARY 203D5ECB5CCDA683053CDA42DFF03573
WbemAdapFileTime REG_BINARY 0066A727685FCA01
WbemAdapFileSize REG_DWORD 0xc150
WbemAdapStatus REG_DWORD 0x0
IsMultiInstance REG_DWORD 0x1
FileMappingSize REG_DWORD 0x20000
CategoryOptions REG_DWORD 0x3

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\.NET Data Provider for Oracle

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\.NET Data Provider for Oracle\Linkage
Export REG_SZ 2e,00,4e,00,45,00,54,00,20,00,44,00,61,00,74,00,61,00,20,00,50,00,72,00,6f,00,76,00,69,00,64,00,65,00,72,00,20,00,66,00,6f,00,72,00,20,00,4f,00,72,00,61,00,63,00,6c,00,65,00,00,00,00,00

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\.NET Data Provider for Oracle\Performance
CategoryOptions REG_DWORD 0x3
IsMultiInstance REG_DWORD 0x1
Counter Types REG_BINARY 32003700320036003900360033003200300000003200370032003600390036003300320030000000320037003200360039003600330032003000000032003700320036003900360033003200300000003600350035003300360000003600350035003300360000003600350035003300360000003600350035003300360000003600350035003300360000003600350035003300360000003600350035003300360000003600350035003300360000003600350035003300360000003600350035003300360000000000
Library REG_SZ netfxperf.dll
Collect REG_SZ CollectPerformanceData
FileMappingSize REG_DWORD 0x20000
Counter Names REG_BINARY 480061007200640043006F006E006E0065006300740073005000650072005300650063006F006E0064000000480061007200640044006900730063006F006E006E0065006300740073005000650072005300650063006F006E006400000053006F006600740043006F006E006E0065006300740073005000650072005300650063006F006E006400000053006F006600740044006900730063006F006E006E0065006300740073005000650072005300650063006F006E00640000004E0075006D006200650072004F0066004E006F006E0050006F006F006C006500640043006F006E006E0065006300740069006F006E00730000004E0075006D006200650072004F00660050006F006F006C006500640043006F006E006E0065006300740069006F006E00730000004E0075006D006200650072004F00660041006300740069007600650043006F006E006E0065006300740069006F006E0050006F006F006C00470072006F0075007000730000004E0075006D006200650072004F00660049006E0061006300740069007600650043006F006E006E0065006300740069006F006E0050006F006F006C00470072006F0075007000730000004E0075006D006200650072004F00660041006300740069007600650043006F006E006E0065006300740069006F006E0050006F006F006C00730000004E0075006D006200650072004F00660049006E0061006300740069007600650043006F006E006E0065006300740069006F006E0050006F006F006C00730000004E0075006D006200650072004F00660041006300740069007600650043006F006E006E0065006300740069006F006E00730000004E0075006D006200650072004F006600460072006500650043006F006E006E0065006300740069006F006E00730000004E0075006D006200650072004F00660053007400610073006900730043006F006E006E0065006300740069006F006E00730000004E0075006D006200650072004F0066005200650063006C00610069006D006500640043006F006E006E0065006300740069006F006E00730000000000
Close REG_SZ ClosePerformanceData
Open REG_SZ OpenPerformanceData
Last Counter REG_DWORD 0x100c
Last Help REG_DWORD 0x100d
First Counter REG_DWORD 0xff0
First Help REG_DWORD 0xff1
Object List REG_SZ 4080 4080 4080 4080 4080 4080 4080 4080 4080 4080 4080 4080 4080 4080 4080 4080 4080 4080 4080 4080 4080 4080 4080 4080
WbemAdapFileSignature REG_BINARY 203D5ECB5CCDA683053CDA42DFF03573
WbemAdapFileTime REG_BINARY 0066A727685FCA01
WbemAdapFileSize REG_DWORD 0xc150
WbemAdapStatus REG_DWORD 0x0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\.NET Data Provider for SqlServer

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\.NET Data Provider for SqlServer\Linkage
Export REG_SZ 2e,00,4e,00,45,00,54,00,20,00,44,00,61,00,74,00,61,00,20,00,50,00,72,00,6f,00,76,00,69,00,64,00,65,00,72,00,20,00,66,00,6f,00,72,00,20,00,53,00,71,00,6c,00,53,00,65,00,72,00,76,00,65,00,72,00,00,00,00,00

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\.NET Data Provider for SqlServer\Performance
FileMappingSize REG_DWORD 0x20000
CategoryOptions REG_DWORD 0x3
IsMultiInstance REG_DWORD 0x1
Counter Names REG_BINARY 480061007200640043006F006E006E0065006300740073005000650072005300650063006F006E0064000000480061007200640044006900730063006F006E006E0065006300740073005000650072005300650063006F006E006400000053006F006600740043006F006E006E0065006300740073005000650072005300650063006F006E006400000053006F006600740044006900730063006F006E006E0065006300740073005000650072005300650063006F006E00640000004E0075006D006200650072004F0066004E006F006E0050006F006F006C006500640043006F006E006E0065006300740069006F006E00730000004E0075006D006200650072004F00660050006F006F006C006500640043006F006E006E0065006300740069006F006E00730000004E0075006D006200650072004F00660041006300740069007600650043006F006E006E0065006300740069006F006E0050006F006F006C00470072006F0075007000730000004E0075006D006200650072004F00660049006E0061006300740069007600650043006F006E006E0065006300740069006F006E0050006F006F006C00470072006F0075007000730000004E0075006D006200650072004F00660041006300740069007600650043006F006E006E0065006300740069006F006E0050006F006F006C00730000004E0075006D006200650072004F00660049006E0061006300740069007600650043006F006E006E0065006300740069006F006E0050006F006F006C00730000004E0075006D006200650072004F00660041006300740069007600650043006F006E006E0065006300740069006F006E00730000004E0075006D006200650072004F006600460072006500650043006F006E006E0065006300740069006F006E00730000004E0075006D006200650072004F00660053007400610073006900730043006F006E006E0065006300740069006F006E00730000004E0075006D006200650072004F0066005200650063006C00610069006D006500640043006F006E006E0065006300740069006F006E00730000000000
Counter Types REG_BINARY 32003700320036003900360033003200300000003200370032003600390036003300320030000000320037003200360039003600330032003000000032003700320036003900360033003200300000003600350035003300360000003600350035003300360000003600350035003300360000003600350035003300360000003600350035003300360000003600350035003300360000003600350035003300360000003600350035003300360000003600350035003300360000003600350035003300360000000000
Library REG_SZ netfxperf.dll
Close REG_SZ ClosePerformanceData
Collect REG_SZ CollectPerformanceData
Open REG_SZ OpenPerformanceData
Last Counter REG_DWORD 0x102a
Last Help REG_DWORD 0x102b
First Counter REG_DWORD 0x100e
First Help REG_DWORD 0x100f
Object List REG_SZ 4110 4110 4110 4110 4110 4110 4110 4110 4110 4110 4110 4110 4110 4110 4110 4110 4110 4110 4110 4110 4110 4110 4110 4110
WbemAdapFileSignature REG_BINARY 203D5ECB5CCDA683053CDA42DFF03573
WbemAdapFileTime REG_BINARY 0066A727685FCA01
WbemAdapFileSize REG_DWORD 0xc150
WbemAdapStatus REG_DWORD 0x0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\.NETFramework

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\.NETFramework\Performance
Close REG_SZ CloseCtrs
Collect REG_SZ CollectCtrs
Open REG_SZ OpenCtrs
Library REG_SZ mscoree.dll
Last Counter REG_DWORD 0xc7c
Last Help REG_DWORD 0xc7d
First Counter REG_DWORD 0xbce
First Help REG_DWORD 0xbcf
WbemAdapFileSignature REG_BINARY 08A73B0E7EE6E32983B5F9E540A8E380
WbemAdapFileTime REG_BINARY 000C4525685FCA01
WbemAdapFileSize REG_DWORD 0x48b50
WbemAdapStatus REG_DWORD 0x0
Error Count REG_DWORD 0x45

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\.redbook
Type REG_DWORD 0x1
Start REG_DWORD 0x3
ImagePath REG_SZ \*

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Aavmker4
Type REG_DWORD 0x1
Start REG_DWORD 0x1
ErrorControl REG_DWORD 0x1
DisplayName REG_SZ avast! Asynchronous Virus Monitor
Description REG_SZ avast! Asynchronous Virus Monitor

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Aavmker4\Security
Security REG_BINARY 01001480900000009C000000140000003000000002001C000100000002801400FF010F00010100000000000100000000020060000400000000001400FD01020001010000000000051200000000001800FF010F0001020000000000052000000020020000000014008D01020001010000000000050B00000000001800FD01020001020000000000052000000023020000010100000000000512000000010100000000000512000000

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Aavmker4\Enum
0 REG_SZ Root\LEGACY_AAVMKER4\0000
Count REG_DWORD 0x1
NextInstance REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Abiosdsk
ErrorControl REG_DWORD 0x0
Group REG_SZ Primary disk
Start REG_DWORD 0x4
Tag REG_DWORD 0x3
Type REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\abp480n5
ErrorControl REG_DWORD 0x1
Group REG_SZ SCSI miniport
Start REG_DWORD 0x4
Tag REG_DWORD 0x38
Type REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\abp480n5\Parameters

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\abp480n5\Parameters\PnpInterface
5 REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\ACPI
ErrorControl REG_DWORD 0x1
Group REG_SZ Boot Bus Extender
Start REG_DWORD 0x0
Tag REG_DWORD 0x1
Type REG_DWORD 0x1
DisplayName REG_SZ Microsoft ACPI Driver
ImagePath REG_EXPAND_SZ system32\DRIVERS\ACPI.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\ACPI\Parameters
AMLIMaxCTObjs REG_BINARY 1B000000

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\ACPI\Parameters\WakeUp
FixedEventMask REG_BINARY 2001
FixedEventStatus REG_BINARY 0085
GenericEventMask REG_BINARY 00000001
GenericEventStatus REG_BINARY 0000FFDE

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\ACPI\Enum
0 REG_SZ ACPI_HAL\PNP0C08\0
Count REG_DWORD 0x1
NextInstance REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\ACPIEC
ErrorControl REG_DWORD 0x1
Group REG_SZ System Bus Extender
Start REG_DWORD 0x0
Tag REG_DWORD 0x2
Type REG_DWORD 0x1
DisplayName REG_SZ Microsoft Embedded Controller Driver
ImagePath REG_EXPAND_SZ system32\DRIVERS\ACPIEC.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\ACPIEC\Enum
0 REG_SZ ACPI\PNP0C09\0
Count REG_DWORD 0x1
NextInstance REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\AcPrfMgrSvc
DisplayName REG_SZ Ac Profile Manager Service
ErrorControl REG_DWORD 0x1
ImagePath REG_SZ C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
ObjectName REG_SZ LocalSystem
Start REG_DWORD 0x2
Type REG_DWORD 0x10
DependOnService REG_MULTI_SZ RPCSS\0\0
FailureActions REG_BINARY 00000000000000000000000003000000530065000100000060EA00000100000060EA00000000000060EA0000

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\AcPrfMgrSvc\Enum
0 REG_SZ Root\LEGACY_ACPRFMGRSVC\0000
Count REG_DWORD 0x1
NextInstance REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\AcSvc
DisplayName REG_SZ Access Connections Main Service
ErrorControl REG_DWORD 0x1
ImagePath REG_SZ C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
ObjectName REG_SZ LocalSystem
Start REG_DWORD 0x2
Type REG_DWORD 0x110
DependOnService REG_MULTI_SZ RPCSS\0winmgmt\0\0
FailureActions REG_BINARY 00000000000000000000000003000000530065000100000060EA00000100000060EA00000000000060EA0000

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\AcSvc\Enum
0 REG_SZ Root\LEGACY_ACSVC\0000
Count REG_DWORD 0x1
NextInstance REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Adobe LM Service
Type REG_DWORD 0x10
Start REG_DWORD 0x3
ErrorControl REG_DWORD 0x1
ImagePath REG_EXPAND_SZ "C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe"
DisplayName REG_SZ Adobe LM Service
ObjectName REG_SZ LocalSystem
Description REG_SZ AdobeLM Service

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Adobe LM Service\Security
Security REG_BINARY 01001480A4000000B0000000140000003000000002001C000100000002801400FF010F000101000000000001000000000200740005000000000014009D01020001010000000000010000000000001400FD01020001010000000000051200000000001800FF010F0001020000000000052000000020020000000014008D01020001010000000000050B00000000001800FD01020001020000000000052000000023020000010100000000000512000000010100000000000512000000

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\adpu160m
ErrorControl REG_DWORD 0x1
Group REG_SZ SCSI miniport
Start REG_DWORD 0x4
Tag REG_DWORD 0x3c
Type REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\adpu160m\Parameters

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\adpu160m\Parameters\PnpInterface
5 REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\aeaudio
Type REG_DWORD 0x1
Start REG_DWORD 0x3
ErrorControl REG_DWORD 0x1
ImagePath REG_EXPAND_SZ system32\drivers\aeaudio.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\aeaudio\Security
Security REG_BINARY 01001480900000009C000000140000003000000002001C000100000002801400FF010F00010100000000000100000000020060000400000000001400FD01020001010000000000051200000000001800FF010F0001020000000000052000000020020000000014008D01020001010000000000050B00000000001800FD01020001020000000000052000000023020000010100000000000512000000010100000000000512000000

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\aeaudio\Enum
0 REG_SZ PCI\VEN_8086&DEV_266E&SUBSYS_05671014&REV_03\3&b1bfb68&0&F2
Count REG_DWORD 0x1
NextInstance REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\aec
Type REG_DWORD 0x1
Start REG_DWORD 0x3
ErrorControl REG_DWORD 0x1
ImagePath REG_EXPAND_SZ system32\drivers\aec.sys
DisplayName REG_SZ Microsoft Kernel Acoustic Echo Canceller

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\aec\Security
Security REG_BINARY 01001480900000009C000000140000003000000002001C000100000002801400FF010F00010100000000000100000000020060000400000000001400FD01020001010000000000051200000000001800FF010F0001020000000000052000000020020000000014008D01020001010000000000050B00000000001800FD01020001020000000000052000000023020000010100000000000512000000010100000000000512000000

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\aec\Enum
Count REG_DWORD 0x0
NextInstance REG_DWORD 0x0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\AegisP
Type REG_DWORD 0x1
Start REG_DWORD 0x2
ErrorControl REG_DWORD 0x1
Tag REG_DWORD 0xd
ImagePath REG_EXPAND_SZ system32\DRIVERS\AegisP.sys
DisplayName REG_SZ AEGIS Protocol (IEEE 802.1x) v3.4.10.0
Group REG_SZ PNP_TDI
Description REG_SZ AEGIS Protocol (IEEE 802.1x) v3.4.10.0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\AegisP\Linkage
Bind REG_MULTI_SZ \Device\{3A259CC5-DB5E-4B98-BF9A-D50DB73C4EB1}\0\Device\s24trans_{3A259CC5-DB5E-4B98-BF9A-D50DB73C4EB1}\0\0
Route REG_MULTI_SZ "{3A259CC5-DB5E-4B98-BF9A-D50DB73C4EB1}"\0"s24trans" "{3A259CC5-DB5E-4B98-BF9A-D50DB73C4EB1}"\0\0
Export REG_MULTI_SZ \Device\AegisP_{3A259CC5-DB5E-4B98-BF9A-D50DB73C4EB1}\0\Device\AegisP_s24trans_{3A259CC5-DB5E-4B98-BF9A-D50DB73C4EB1}\0\0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\AegisP\Security
Security REG_BINARY 01001480900000009C000000140000003000000002001C000100000002801400FF010F00010100000000000100000000020060000400000000001400FD01020001010000000000051200000000001800FF010F0001020000000000052000000020020000000014008D01020001010000000000050B00000000001800FD01020001020000000000052000000023020000010100000000000512000000010100000000000512000000

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\AegisP\Enum
0 REG_SZ Root\LEGACY_AEGISP\0000
Count REG_DWORD 0x1
NextInstance REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\AFD

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\AFD\Parameters

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\AFD\Enum
0 REG_SZ Root\LEGACY_AFD\0000
Count REG_DWORD 0x1
NextInstance REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Aha154x
ErrorControl REG_DWORD 0x1
Group REG_SZ SCSI miniport
Start REG_DWORD 0x4
Tag REG_DWORD 0x6
Type REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Aha154x\Parameters
LegacyAdapterDetection REG_DWORD 0x0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Aha154x\Parameters\PnpInterface
1 REG_DWORD 0x1
3 REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\aic78u2
ErrorControl REG_DWORD 0x1
Group REG_SZ SCSI miniport
Start REG_DWORD 0x4
Tag REG_DWORD 0x34
Type REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\aic78u2\Parameters

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\aic78u2\Parameters\PnpInterface
5 REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\aic78xx
ErrorControl REG_DWORD 0x1
Group REG_SZ SCSI miniport
Start REG_DWORD 0x4
Tag REG_DWORD 0x1e
Type REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\aic78xx\Parameters

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\aic78xx\Parameters\PnpInterface
5 REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Alerter
Type REG_DWORD 0x20
Start REG_DWORD 0x4
ErrorControl REG_DWORD 0x1
ImagePath REG_EXPAND_SZ %SystemRoot%\system32\svchost.exe -k LocalService
DisplayName REG_SZ Alerter
DependOnService REG_MULTI_SZ LanmanWorkstation\0\0
DependOnGroup REG_MULTI_SZ \0
ObjectName REG_SZ NT AUTHORITY\LocalService
Description REG_SZ Notifies selected users and computers of administrative alerts. If the service is stopped, programs that use administrative alerts will not receive them. If this service is disabled, any services that explicitly depend on it will fail to start.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Alerter\Parameters
AlertNames REG_MULTI_SZ \0
ServiceDll REG_EXPAND_SZ %SystemRoot%\system32\alrsvc.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Alerter\Security
Security REG_BINARY 01001480900000009C000000140000003000000002001C000100000002801400FF010F00010100000000000100000000020060000400000000001400FD01020001010000000000051200000000001800FF010F0001020000000000052000000020020000000014008D01020001010000000000050B00000000001800FD01020001020000000000052000000023020000010100000000000512000000010100000000000512000000

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\ALG
Description REG_SZ Provides support for 3rd party protocol plug-ins for Internet Connection Sharing and the Windows Firewall.
Type REG_DWORD 0x10
Start REG_DWORD 0x3
ErrorControl REG_DWORD 0x1
ImagePath REG_EXPAND_SZ %SystemRoot%\System32\alg.exe
DisplayName REG_SZ Application Layer Gateway Service
ObjectName REG_SZ NT AUTHORITY\LocalService

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\ALG\Security
Security REG_BINARY 01001480900000009C000000140000003000000002001C000100000002801400FF010F00010100000000000100000000020060000400000000001400FD01020001010000000000051200000000001800FF010F0001020000000000052000000020020000000014008D01020001010000000000050B00000000001800FD01020001020000000000052000000023020000010100000000000512000000010100000000000512000000

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\ALG\Enum
0 REG_SZ Root\LEGACY_ALG\0000
Count REG_DWORD 0x1
NextInstance REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\AliIde
ErrorControl REG_DWORD 0x1
Group REG_SZ System Bus Extender
Start REG_DWORD 0x4
Tag REG_DWORD 0x4
Type REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\amsint
ErrorControl REG_DWORD 0x1
Group REG_SZ SCSI miniport
Start REG_DWORD 0x4
Tag REG_DWORD 0x24
Type REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\amsint\Parameters

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\amsint\Parameters\PnpInterface
5 REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\ANC
Type REG_DWORD 0x1
Start REG_DWORD 0x1
ErrorControl REG_DWORD 0x1
ImagePath REG_SZ System32\drivers\ANC.SYS

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\ANC\Security
Security REG_BINARY 01001480900000009C000000140000003000000002001C000100000002801400FF010F00010100000000000100000000020060000400000000001400FD01020001010000000000051200000000001800FF010F0001020000000000052000000020020000000014008D01020001010000000000050B00000000001800FD01020001020000000000052000000023020000010100000000000512000000010100000000000512000000

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\ANC\Enum
0 REG_SZ Root\LEGACY_ANC\0000
Count REG_DWORD 0x1
NextInstance REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\AntiVirSchedulerService
Type REG_DWORD 0x110
Start REG_DWORD 0x2
ErrorControl REG_DWORD 0x1
ImagePath REG_EXPAND_SZ "C:\Program Files\Avira\AntiVir Desktop\sched.exe"
DisplayName REG_SZ Avira AntiVir Scheduler
Group REG_SZ NetworkProvider
ObjectName REG_SZ LocalSystem
FailureActions REG_BINARY 8051010000000000000000000300000053006500010000000000000001000000000000000000000000000000
Description REG_SZ Service to schedule Avira AntiVir Personal - Free Antivirus jobs and updates.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\AntiVirSchedulerService\Security
Security REG_BINARY 01001480900000009C000000140000003000000002001C000100000002801400FF010F00010100000000000100000000020060000400000000001400FD01020001010000000000051200000000001800FF010F0001020000000000052000000020020000000014008D01020001010000000000050B00000000001800FD01020001020000000000052000000023020000010100000000000512000000010100000000000512000000

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\AntiVirSchedulerService\Enum
0 REG_SZ Root\LEGACY_ANTIVIRSCHEDULERSERVICE\0000
Count REG_DWORD 0x1
NextInstance REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\AntiVirService
Type REG_DWORD 0x110
Start REG_DWORD 0x2
ErrorControl REG_DWORD 0x1
ImagePath REG_EXPAND_SZ "C:\Program Files\Avira\AntiVir Desktop\avguard.exe"
DisplayName REG_SZ Avira AntiVir Guard
ObjectName REG_SZ LocalSystem
FailureActions REG_BINARY 8051010000000000000000000300000053006500010000000000000001000000000000000000000000000000
Description REG_SZ Offers permanent protection against viruses and malware with the AntiVir search engine.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\AntiVirService\Security
Security REG_BINARY 01001480900000009C000000140000003000000002001C000100000002801400FF010F00010100000000000100000000020060000400000000001400FD01020001010000000000051200000000001800FF010F0001020000000000052000000020020000000014008D01020001010000000000050B00000000001800FD01020001020000000000052000000023020000010100000000000512000000010100000000000512000000

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\AntiVirService\Enum
0 REG_SZ Root\LEGACY_ANTIVIRSERVICE\0000
Count REG_DWORD 0x1
NextInstance REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\ApfiltrService
Type REG_DWORD 0x1
Start REG_DWORD 0x3
ErrorControl REG_DWORD 0x0
Tag REG_DWORD 0x4
ImagePath REG_EXPAND_SZ system32\DRIVERS\Apfiltr.sys
DisplayName REG_SZ Alps Touch Pad Filter Driver for Windows 2000/XP
Group REG_SZ Pointer Port

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\ApfiltrService\Security
Security REG_BINARY 01001480900000009C000000140000003000000002001C000100000002801400FF010F00010100000000000100000000020060000400000000001400FD01020001010000000000051200000000001800FF010F0001020000000000052000000020020000000014008D01020001010000000000050B00000000001800FD01020001020000000000052000000023020000010100000000000512000000010100000000000512000000

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\AppMgmt
Description REG_SZ Provides software installation services such as Assign, Publish, and Remove.
DisplayName REG_SZ Application Management
ErrorControl REG_DWORD 0x1
ImagePath REG_EXPAND_SZ %SystemRoot%\system32\svchost.exe -k netsvcs
ObjectName REG_SZ LocalSystem
Start REG_DWORD 0x3
Type REG_DWORD 0x20

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\AppMgmt\Parameters
ServiceDll REG_EXPAND_SZ %SystemRoot%\System32\appmgmts.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\AppMgmt\Security
Security REG_BINARY 01001480A8000000B4000000140000003000000002001C000100000002801400FF010F000101000000000001000000000200780005000000000014008D00020001010000000000050B00000000001800FF010F0001020000000000052000000020020000000018008D00020001020000000000052000000023020000000014009D000000010100000000000504000000000018009D00000001020000000000052000000021020000010100000000000512000000010100000000000512000000

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\AppMgmt\Enum
0 REG_SZ Root\LEGACY_APPMGMT\0000
Count REG_DWORD 0x1
NextInstance REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\asc
ErrorControl REG_DWORD 0x1
Group REG_SZ SCSI miniport
Start REG_DWORD 0x4
Tag REG_DWORD 0x29
Type REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\asc\Parameters

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\asc\Parameters\PnpInterface
5 REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\asc3350p
ErrorControl REG_DWORD 0x1
Group REG_SZ SCSI miniport
Start REG_DWORD 0x4
Tag REG_DWORD 0x39
Type REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\asc3350p\Parameters

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\asc3350p\Parameters\PnpInterface
1 REG_DWORD 0x11

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\asc3550
ErrorControl REG_DWORD 0x1
Group REG_SZ SCSI miniport
Start REG_DWORD 0x4
Tag REG_DWORD 0x2a
Type REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\asc3550\Parameters

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\asc3550\Parameters\PnpInterface
5 REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\ASP

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\ASP\Performance
Library REG_SZ aspperf.dll
Open REG_SZ OpenASPPerformanceData
Close REG_SZ CloseASPPerformanceData
Collect REG_SZ CollectASPPerformanceData
Last Counter REG_DWORD 0xa48
Last Help REG_DWORD 0xa49
First Counter REG_DWORD 0xa00
First Help REG_DWORD 0xa01
Object List REG_SZ 2560
Library Validation Code REG_BINARY 387A98E46A7BC5010028000000000000
WbemAdapFileSignature REG_BINARY 6BD9EC5CC983BE5463A78EC92478E930
WbemAdapFileTime REG_BINARY 387A98E46A7BC501
WbemAdapFileSize REG_DWORD 0x2800
WbemAdapStatus REG_DWORD 0x0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\ASP.NET

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\ASP.NET\Performance
Library REG_SZ C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_perf.dll
Open REG_SZ OpenPerfCommonData
Close REG_SZ ClosePerfCommonData
Collect REG_SZ CollectPerfCommonData
WbemAdapFileSignature REG_BINARY 74E81A65879FFE881A7AF525A0254AD8
WbemAdapFileTime REG_BINARY 003C1D7069EEC801
WbemAdapFileSize REG_DWORD 0x4408
WbemAdapStatus REG_DWORD 0xffffffff
Last Counter REG_DWORD 0x3700
Last Help REG_DWORD 0x3701
First Counter REG_DWORD 0x3634
First Help REG_DWORD 0x3635
Object List REG_SZ 13876 13878 13876 13878 13876 13878 13876 13878 13876 13878 13876 13878 13876 13878 13876 13878 13876 13878 13876 13878 13876 13878 13876 13878 13876 13878 13876 13878 13876 13878 13876 13878 13876 13878 13876 13878 13876 13878 13876 13878 13876 13878 13876 13878

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\ASP.NET_2.0.50727

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\ASP.NET_2.0.50727\Names

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\ASP.NET_2.0.50727\Performance
Library REG_SZ C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_perf.dll
Open REG_SZ OpenVersionedPerfData
Close REG_SZ CloseVersionedPerfData
Collect REG_SZ CollectVersionedPerfData
Last Counter REG_DWORD 0x3632
Last Help REG_DWORD 0x3633
First Counter REG_DWORD 0x3566
First Help REG_DWORD 0x3567
Object List REG_SZ 13670 13672 13670 13672 13670 13672 13670 13672 13670 13672 13670 13672 13670 13672 13670 13672 13670 13672 13670 13672 13670 13672 13670 13672 13670 13672 13670 13672 13670 13672 13670 13672 13670 13672 13670 13672 13670 13672 13670 13672 13670 13672 13670 13672

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\aspnet_state
Type REG_DWORD 0x10
Start REG_DWORD 0x3
ErrorControl REG_DWORD 0x1
ImagePath REG_EXPAND_SZ %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
DisplayName REG_SZ ASP.NET State Service
ObjectName REG_SZ NT AUTHORITY\NetworkService
Description REG_SZ Provides support for out-of-process session states for ASP.NET. If this service is stopped, out-of-process requests will not be processed. If this service is disabled, any services that explicitly depend on it will fail to start.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\aspnet_state\Parameters
Port REG_DWORD 0xa5b8
AllowRemoteConnection REG_DWORD 0x0
DontResetOnUpgradeAllowRemoteConnection REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\aspnet_state\Performance
Library REG_SZ C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_perf.dll
Open REG_SZ OpenStateServicePerfData
Close REG_SZ CloseStateServicePerfData
Collect REG_SZ CollectStateServicePerfData
WbemAdapFileSignature REG_BINARY F1430F5D20F4BB71A003209C3DB3ADDF
WbemAdapFileTime REG_BINARY 003C1D7069EEC801
WbemAdapFileSize REG_DWORD 0x8408
WbemAdapStatus REG_DWORD 0x0
Last Counter REG_DWORD 0x3564
Last Help REG_DWORD 0x3565
First Counter REG_DWORD 0x3490
First Help REG_DWORD 0x3491
Object List REG_SZ 13456 13456 13456 13456 13456 13456 13456 13456 13456 13456 13456 13456 13456 13456 13456 13456 13456 13456 13456 13456 13456 13456

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\aspnet_state\Security
Security REG_BINARY 01001480900000009C000000140000003000000002001C000100000002801400FF010F00010100000000000100000000020060000400000000001400FD01020001010000000000051200000000001800FF010F0001020000000000052000000020020000000014008D01020001010000000000050B00000000001800FD01020001020000000000052000000023020000010100000000000512000000010100000000000512000000

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\aswFsBlk
Type REG_DWORD 0x2
Start REG_DWORD 0x2
ErrorControl REG_DWORD 0x1
DisplayName REG_SZ aswFsBlk
Group REG_SZ FSFilter Activity Monitor
DependOnService REG_MULTI_SZ FltMgr\0\0
DependOnGroup REG_MULTI_SZ \0
Description REG_SZ avast! mini-filter driver (aswFsBlk)
Tag REG_DWORD 0x4

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\aswFsBlk\Instances
DefaultInstance REG_SZ aswFsBlk Instance

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\aswFsBlk\Instances\aswFsBlk Instance
Altitude REG_SZ 388400
Flags REG_DWORD 0x0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\aswFsBlk\Security
Security REG_BINARY 01001480900000009C000000140000003000000002001C000100000002801400FF010F00010100000000000100000000020060000400000000001400FD01020001010000000000051200000000001800FF010F0001020000000000052000000020020000000014008D01020001010000000000050B00000000001800FD01020001020000000000052000000023020000010100000000000512000000010100000000000512000000

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\aswFsBlk\Enum
0 REG_SZ Root\LEGACY_ASWFSBLK\0000
Count REG_DWORD 0x1
NextInstance REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\aswMon2
Type REG_DWORD 0x2
Start REG_DWORD 0x2
ErrorControl REG_DWORD 0x1
DisplayName REG_SZ aswMon2
Description REG_SZ avast! Standard Shield Support

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\aswMon2\Parameters
ProgramFolder REG_SZ \Device\HarddiskVolume1\Program Files\AVAST Software\Avast

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\aswMon2\Security
Security REG_BINARY 01001480900000009C000000140000003000000002001C000100000002801400FF010F00010100000000000100000000020060000400000000001400FD01020001010000000000051200000000001800FF010F0001020000000000052000000020020000000014008D01020001010000000000050B00000000001800FD01020001020000000000052000000023020000010100000000000512000000010100000000000512000000

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\aswMon2\Enum
0 REG_SZ Root\LEGACY_ASWMON2\0000
Count REG_DWORD 0x1
NextInstance REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\aswRdr
Type REG_DWORD 0x1
Start REG_DWORD 0x1
ErrorControl REG_DWORD 0x1
DisplayName REG_SZ aswRdr
Group REG_SZ PNP_TDI
DependOnService REG_MULTI_SZ tcpip\0\0
DependOnGroup REG_MULTI_SZ \0
Description REG_SZ avast! TDI Redirect driver

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\aswRdr\Parameters
DisableAutostart REG_DWORD 0x1
MSIgnoreLSPDefault REG_SZ

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\aswRdr\Parameters\Protocol_Catalog9
Num_Catalog_Entries REG_DWORD 0x1
Next_Catalog_Entry_ID REG_DWORD 0x3f7
Serial_Access_Num REG_DWORD 0x5

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\aswRdr\Parameters\Protocol_Catalog9\Catalog_Entries

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\aswRdr\Parameters\Protocol_Catalog9\Catalog_Entries\000000000001
PackedCatalogItem REG_BINARY 2553797374656D526F6F74255C73797374656D33325C6D7377736F636B2E646C6C000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000046004306000200000000000000000000000000080000003D527239F12AD111B65500805F3642CCE90300000100000000000000000000000000000000000000000000000000000000000000020000001A0000002000000008000000010000000100000000000000000000000000000000000000000000004D0053004100460044002000490072006400610020005B0049007200440041005D0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\aswRdr\Security
Security REG_BINARY 01001480900000009C000000140000003000000002001C000100000002801400FF010F00010100000000000100000000020060000400000000001400FD01020001010000000000051200000000001800FF010F0001020000000000052000000020020000000014008D01020001010000000000050B00000000001800FD01020001020000000000052000000023020000010100000000000512000000010100000000000512000000

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\aswRdr\Enum
0 REG_SZ Root\LEGACY_ASWRDR\0000
Count REG_DWORD 0x1
NextInstance REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\aswSnx
Type REG_DWORD 0x2
Start REG_DWORD 0x1
ErrorControl REG_DWORD 0x1
DisplayName REG_SZ aswSnx
Group REG_SZ FSFilter Virtualization
DependOnService REG_MULTI_SZ FltMgr\0\0
DependOnGroup REG_MULTI_SZ \0
Description REG_SZ avast! virtualization driver (aswSnx)
Tag REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\aswSnx\Instances
DefaultInstance REG_SZ aswSnx Instance

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\aswSnx\Instances\aswSnx Instance
Altitude REG_SZ 137600
Flags REG_DWORD 0x0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\aswSnx\Parameters
ProgramFolder REG_SZ \DosDevices\C:\Program Files\AVAST Software\Avast
DataFolder REG_SZ \DosDevices\D:\Documents and Settings\All Users\Application Data\AVAST Software\Avast

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\aswSnx\Security
Security REG_BINARY 01001480900000009C000000140000003000000002001C000100000002801400FF010F00010100000000000100000000020060000400000000001400FD01020001010000000000051200000000001800FF010F0001020000000000052000000020020000000014008D01020001010000000000050B00000000001800FD01020001020000000000052000000023020000010100000000000512000000010100000000000512000000

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\aswSnx\Enum
0 REG_SZ Root\LEGACY_ASWSNX\0000
Count REG_DWORD 0x1
NextInstance REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\aswSP
Type REG_DWORD 0x1
Start REG_DWORD 0x1
ErrorControl REG_DWORD 0x1
DisplayName REG_SZ aswSP
Description REG_SZ avast! Self Protection

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\aswSP\Parameters
BehavShield REG_DWORD 0x1
ProgramFolder REG_SZ \DosDevices\C:\Program Files\AVAST Software\Avast
DataFolder REG_SZ \DosDevices\D:\Documents and Settings\All Users\Application Data\AVAST Software\Avast

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\aswSP\Security
Security REG_BINARY 01001480900000009C000000140000003000000002001C000100000002801400FF010F00010100000000000100000000020060000400000000001400FD01020001010000000000051200000000001800FF010F0001020000000000052000000020020000000014008D01020001010000000000050B00000000001800FD01020001020000000000052000000023020000010100000000000512000000010100000000000512000000

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\aswSP\Enum
0 REG_SZ Root\LEGACY_ASWSP\0000
Count REG_DWORD 0x1
NextInstance REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\aswTdi
Type REG_DWORD 0x1
Start REG_DWORD 0x1
ErrorControl REG_DWORD 0x1
DisplayName REG_SZ avast! Network Shield Support
Group REG_SZ PNP_TDI
DependOnService REG_MULTI_SZ tcpip\0\0
DependOnGroup REG_MULTI_SZ \0
Description REG_SZ avast! Network Shield TDI driver
Tag REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\aswTdi\Parameters
DisableAutostart REG_DWORD 0x1
ProviderStart REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\aswTdi\Security
Security REG_BINARY 01001480900000009C000000140000003000000002001C000100000002801400FF010F00010100000000000100000000020060000400000000001400FD01020001010000000000051200000000001800FF010F0001020000000000052000000020020000000014008D01020001010000000000050B00000000001800FD01020001020000000000052000000023020000010100000000000512000000010100000000000512000000

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\aswTdi\Enum
0 REG_SZ Root\LEGACY_ASWTDI\0000
Count REG_DWORD 0x1
NextInstance REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\AsyncMac
Type REG_DWORD 0x1
Start REG_DWORD 0x3
ErrorControl REG_DWORD 0x1
ImagePath REG_EXPAND_SZ system32\DRIVERS\asyncmac.sys
DisplayName REG_SZ RAS Asynchronous Media Driver
Description REG_SZ RAS Asynchronous Media Driver

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\AsyncMac\Security
Security REG_BINARY 01001480900000009C000000140000003000000002001C000100000002801400FF010F00010100000000000100000000020060000400000000001400FD01020001010000000000051200000000001800FF010F0001020000000000052000000020020000000014008D01020001010000000000050B00000000001800FD01020001020000000000052000000023020000010100000000000512000000010100000000000512000000

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\atapi
ErrorControl REG_DWORD 0x1
Group REG_SZ SCSI miniport
Start REG_DWORD 0x0
Tag REG_DWORD 0x19
Type REG_DWORD 0x1
DisplayName REG_SZ Standard IDE/ESDI Hard Disk Controller
ImagePath REG_EXPAND_SZ system32\DRIVERS\atapi.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\atapi\Parameters
LegacyDetection REG_DWORD 0x1
GhostSlave REG_MULTI_SZ SunDisk \0\0
UseCheckPowerForFlush REG_MULTI_SZ SAMSUNG WNR-31601A (1600MB) \0SAMSUNG WNR-31601A (1.6GB) \0IBM-DTCA-24090 TC6OAA2A\0IBM-DTCA-24090 TC6IAA2A\0IBM-DPLA-25120 PL8OAA2A\0IBM-DPLA-25120 PL8IAA2A\0IBM-DPLA-25120 PL8IAA4A\0IBM-DTCA-23240 TC5OAA2A\0IBM-DTCA-23240 TC5IAA2A\0IBM-DPLA-24480 PL7OAA2A\0IBM-DPLA-24480 PL7IAA2A\0\0
NoFlushDevice REG_MULTI_SZ QUANTUM_LPS525A \0SCR-730 \0\0
PioOnlyDevice REG_MULTI_SZ Conner Peripherals 425MB - CFS425A \0MATSHITA CR-581 \0FX600S \0CD-44E \0QUANTUM TRB850A \0QUANTUM MARVERICK 540A \0 MAXTOR MXT-540 AT \0Maxtor 71260 AT \0Maxtor 7850 AV \0Maxtor 7540 AV \0Maxtor 7213 AT \0Maxtor 7345 \0Maxtor 7245 AT \0Maxtor 7245 \0Maxtor 7211AU \0Maxtor 7171 AT \0CD-316E \0SAMSUNG_SCR-2430\0CR-2801TE\0\0
NonRemovableMedia REG_MULTI_SZ Kingston Technology DataPak 340 \0SunDisk SDP5A-10 \0SunDisk SDCFB-10 \0SunDisk SDP3B-20 \0SunDisk SDP3B-175 \0SunDisk SDP5-2.5 \0Calluna Technology CT260MC \0BN-S004AC-S 1.00\0Calluna Technology CT520RM\0Hitachi CV 5.1.1\0 ATA_FLASH \0Mitsubishi ATA Card \0LEXAR ATA_FLASH\0Micron MTCF004A\0Micron MTCF008A\0SunDisk SDP3B-110\0SunDisk SDCFB-4\0BN-CAB-T\0MEMORYSTICK\0MEMORYSTICK 8M 8K\0\0
NoPowerDownDevice REG_MULTI_SZ RD-DRC001-M \0CS-R37 0 \0\0
AutoEjectZipDevice REG_MULTI_SZ IOMEGA ZIP 100 ATAPI 23.D \0IOMEGA ZIP 100 ATAPI 21.D \0IOMEGA ZIP 100 ATAPI 20.D \0IOMEGA ZIP 100 ATAPI 91.D \0IOMEGA ZIP 100 B.29 \0IOMEGA ZIP 100 B.22 \0\0
NeedIdentDevice REG_MULTI_SZ QUANTUM FIREBALL\0\0
DefaultPioAtapiDevice REG_MULTI_SZ TORiSAN DVD-ROM DRD-N216\0IDE-CD R/RW 2x2x24\0\0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\atapi\Enum
0 REG_SZ PCIIDE\IDEChannel\4&345649fa&0&0
Count REG_DWORD 0x2
NextInstance REG_DWORD 0x2
1 REG_SZ PCIIDE\IDEChannel\4&345649fa&0&1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Atdisk
ErrorControl REG_DWORD 0x0
Group REG_SZ Primary disk
Start REG_DWORD 0x4
Tag REG_DWORD 0x1
Type REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Ati HotKey Poller
Type REG_DWORD 0x110
Start REG_DWORD 0x2
ErrorControl REG_DWORD 0x1
ImagePath REG_EXPAND_SZ %SystemRoot%\system32\Ati2evxx.exe
Group REG_SZ Event log
ObjectName REG_SZ LocalSystem
DisplayName REG_SZ Ati HotKey Poller

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Ati HotKey Poller\Security
Security REG_BINARY 01001480900000009C000000140000003000000002001C000100000002801400FF010F00010100000000000100000000020060000400000000001400FD01020001010000000000051200000000001800FF010F0001020000000000052000000020020000000014008D01020001010000000000050B00000000001800FD01020001020000000000052000000023020000010100000000000512000000010100000000000512000000

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Ati HotKey Poller\Enum
0 REG_SZ Root\LEGACY_ATI_HOTKEY_POLLER\0000
Count REG_DWORD 0x1
NextInstance REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\ati2mtag
Type REG_DWORD 0x1
Start REG_DWORD 0x3
ErrorControl REG_DWORD 0x0
Tag REG_DWORD 0x1
ImagePath REG_EXPAND_SZ system32\DRIVERS\ati2mtag.sys
Group REG_SZ Video

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\ati2mtag\Device0
InstalledDisplayDrivers REG_MULTI_SZ ati2dvag\0\0
MultiFunctionSupported REG_DWORD 0x1
GCOOPTION_DisableGPIOPowerSaveMode REG_DWORD 0x1
ReleaseVersion REG_SZ 8.163.1.1.1-060121a-030334C
BuildNumber REG_SZ 30332
drv REG_SZ ati2dvag.dll
DALGameGammaScale REG_DWORD 0x646464
UseNewOGLRegPath REG_DWORD 0x1
DALRULE_DYNAMICFIXEDDISPLAYMODEREPORTING REG_DWORD 0x1
DALRULE_GETVGAEXPANSIONATBOOT REG_DWORD 0x1
DisableHotPlugDFP REG_DWORD 0x1
ExtEvent_EnableAlpsMouseOrientation REG_DWORD 0x0
ExtEvent_SafeEscapeSupport REG_DWORD 0x1
DALRULE_DISABLEPSEUDOLARGEDESKTOP REG_DWORD 0x0
OvlTheaterMode REG_BINARY 00000000
DisableOvlTheaterMode REG_DWORD 0x0
UseVMRPitch REG_DWORD 0x0
DisableMMSnifferCode REG_DWORD 0x0
DisableProgPCILatency REG_DWORD 0x0
DALRULE_GetTVFakeEDID REG_DWORD 0x0
Catalyst_Version REG_SZ 0
DALRULE_REGISTRYACCESS REG_DWORD 0x1
DALRULE_RESTRICTCRTANALOGDETECTIONONEDIDMISMATCH REG_DWORD 0x0
DALRULE_ENABLEDRIVERMODEPRUNNING REG_DWORD 0x0
GCORULE_ENABLETILEDMEMORYCALCULATION REG_DWORD 0x1
DALRULE_MACROVISIONINFOREPORT REG_DWORD 0x0
DALRULE_BANDWIDTHMODEENUM REG_DWORD 0x1
ExtEvent_LCDSetNativeModeOnResume REG_DWORD 0x0
DALRULE_LIMITTMDSMODES REG_DWORD 0x0
DALRULE_RESTRICT640x480MODE REG_DWORD 0x0
DALRULE_RESTRICT8BPPON2NDDRV REG_DWORD 0x0
TVForceDetection REG_DWORD 0x0
DALRULE_DISABLECWDDEDETECTION REG_DWORD 0x0
DALRULE_USECMOSDISPLAYSETTINGS REG_DWORD 0x1
DALRULE_NOCRTANDDFPACTIVESIMULTANEOUSLY REG_DWORD 0x0
DisableTabletPCRotation REG_DWORD 0x1
DALRULE_DISABLEDISPLAYSWITCHINGIFOVERLAYALLOCATED REG_DWORD 0x1
ExtEvent_EnableMultiSessions REG_DWORD 0x1
DALRULE_USEENABLEDATBOOTSCHEME REG_DWORD 0x1
RotationSupportLevel REG_DWORD 0x2
NewRotation REG_SZ 1
UseBT601CSC REG_SZ 1
DALRULE_DYNAMICMODESUPPORT REG_DWORD 0x1
GSettingControl REG_DWORD 0x4
DFPOption_SingleLink REG_DWORD 0x1
DFPXOption_SingleLink REG_DWORD 0x1
DALRULE_ALLOWMONITORRANGELIMITMODESCRT REG_DWORD 0x1
DALRULE_NOTVANDLCDONCRTC REG_DWORD 0x1
WmAgpMaxIdleClk REG_DWORD 0x20
GCORULE_FlickerWA REG_DWORD 0x1
SMOOTHVISION_NAME REG_SZ SMOOTHVISION 2.1
DALRULE_NOCRTTVANDDVIACTIVESIMULTANEOUSLY REG_DWORD 0x1
DALRULE_ENABLEDALFSDOSTOWINDOWSSELECTION REG_DWORD 0x1
GCORULE_DISABLEEXPAT1280WITHCRT REG_DWORD 0x1
DALRULE_DONOTREPORTCUSTOMREFRESHRATE REG_DWORD 0x1
R6LCD_ENABLESSJITTERDISPLAYPATH REG_DWORD 0x1
DALRULE_ENABLEDALRESUMESUPPORT REG_DWORD 0x1
GCORULE_DisableHotKeyIfDDExclusiveMode REG_DWORD 0x1
GCORULE_DisableGPIOPowerSaveMode REG_DWORD 0x1
TVDisableModes REG_DWORD 0x0
DALRULE_LCDSHOWRESOLUTIONCHANGEMESSAGE REG_DWORD 0x0
DALRULE_GETLCDFAKEEDID REG_DWORD 0x0
GCORULE_ENABLERMXFILTER REG_DWORD 0x1
OVShiftOddDown REG_DWORD 0x0
DALRULE_RESTRICT2ACTIVEDISPLAYS REG_DWORD 0x0
DALRULE_POWERPLAYOPTIONCOLORDEPTHREDUCTION REG_DWORD 0x0
R6LCD_FOLLOWLIDSTATE REG_DWORD 0x1
DisableFakeOSDualViewNotify REG_DWORD 0x1
DisableD3DExclusiveModeChange REG_DWORD 0x1
DisableOpenGLExclusiveModeChange REG_DWORD 0x1
TVM6Flag REG_DWORD 0x0
DisableDalValidateChild REG_DWORD 0x1
DALRULE_SETMODEAFTERPOWERSTATECHANGE REG_DWORD 0x1
DALRULE_USEOLDPOWERPLAYINTERFACE REG_DWORD 0x0
DALRULE_USEOLDPOWERPLAYPROPERTYPAGE REG_DWORD 0x0
DALRULE_ENABLESHOWACSLIDER REG_DWORD 0x1
DALRULE_ENABLESHOWDCLOWSLIDER REG_DWORD 0x1
ExtEvent_RestoreLargeDesktopOnResume REG_DWORD 0x1
ExtEvent_EnableAutoDisplayConfig REG_DWORD 0x1
DALRULE_USERDEVICEPROFILEUPDATE REG_DWORD 0x1
ExtEvent_EnableMpAtDocking REG_DWORD 0x1
ExtEvent_SaveProfileBySelected REG_DWORD 0x1
DALRULE_DISABLEPOWERPLAYMESSAGES REG_DWORD 0x1
ApplyRotationDefaultMode REG_DWORD 0x1
GCORULE_PPForceBlankDisplays REG_DWORD 0x1
DXVA_WMV REG_SZ 0
DALRULE_UNRESTRICTSXGAPCRTONOWNCRTC REG_DWORD 0x1
ExtEvent_EnableADCAtUndocking REG_DWORD 0x1
DfpUsePixSlip REG_DWORD 0x1
Device Description REG_SZ ATI MOBILITY RADEON X300
DALRULE_DONTSHOWWADOPTION REG_DWORD 0x1
DXVA_WMV_DEF REG_SZ 0
GCORULE_X1DETECT REG_DWORD 0x1
DALRULE_OTHEREXPANSIONMODEDEFAULT REG_DWORD 0x1
DALRULE_WADSUPPORT REG_DWORD 0x1
GCORULE_WADSUPPORT REG_DWORD 0x1
GCORULE_PowerPlayClearMemBase REG_DWORD 0x1
ExtEvent_EnableADCLogicalMapping REG_DWORD 0x1
DDC2Disabled REG_DWORD 0x0
DisableBlockWrite REG_DWORD 0x1
DisableDMACopy REG_DWORD 0x0
TestEnv REG_DWORD 0x0
TimingSelection REG_DWORD 0x0
VgaCompatible REG_DWORD 0x0
Adaptive De-interlacing REG_DWORD 0x1
VPE Adaptive De-interlacing REG_DWORD 0x1
DisableTimeStampWriteBack REG_DWORD 0x0
DisableTiling REG_DWORD 0x0
ExtEvent_EnableHotPlug REG_DWORD 0x0
ExtEvent_EnableMouseRotation REG_DWORD 0x1
DFPRULE_HotplugSupported REG_DWORD 0x1
DALRULE_NOTVANDCRTONSAMECONTROLLER REG_DWORD 0x1
DALRULE_NOCRTANDLCDONSAMECONTROLLER REG_DWORD 0x0
DALRULE_DISPLAYSRESTRICTMODES REG_DWORD 0x0
VPURecover_NA REG_SZ 1
DisableSmartSave_DEF REG_DWORD 0x1
VPUEnableSubmissionBox_DEF REG_SZ 0
DALRULE_ADDNATIVEMODESTOMODETABLE REG_DWORD 0x1
AutoColorDepthReduction_NA REG_DWORD 0x1
DisableIDCT REG_DWORD 0x0
DALR6 CRT_MaxModeInfo REG_BINARY 0000000040060000B0040000000000003C000000
DisableFullAdapterInit REG_DWORD 0x0
MemInitLatencyTimer REG_DWORD 0x775771bf
GI_DEF REG_SZ 0
DALNonStandardModesBCD1 REG_BINARY 080004800000006010240480000000601024060000000060128006000000006012800768000000601400105000000060
DALRestrictedModesBCD1 REG_BINARY 08000480000000001152086400000000128007680000000012801024000001601600120000000120179213440000000018001440000000001856139200000000
DALRestrictedModesBCD2 REG_BINARY 1920108000000000192012000000000019201440000000002048153600000085
DALOPTION_MaxResBCD REG_BINARY 0000000000000160
DisableDualView REG_DWORD 0x0
DisableDualviewWithHotKey REG_DWORD 0x1
ExtEvent_EnablePolling REG_DWORD 0x1
ExtEvent_BroadcastDispChange REG_DWORD 0x0
ExtEvent_UpdateAdapterInfoOnHK REG_DWORD 0x1
GCORULE_DisableHotKeyIfOverlayAllocated REG_DWORD 0x1
ExtEvent_LCDSetMaxResOnDockChg REG_DWORD 0x1
DALRULE_NOCRTANDDFPONSAMECONTROLLER REG_DWORD 0x1
GCORULE_IntTMDSReduceBlankTiming REG_DWORD 0x1
DisableSWInterrupt REG_DWORD 0x0
ExtEvent_BIOSEventByInterrupt REG_DWORD 0x1
ExtEvent_EnableChgLCDResOnHotKey REG_DWORD 0x0
R6LCD_RETURNALLBIOSMODES REG_DWORD 0x0
ExtEvent_OverDriveSupport REG_DWORD 0x1
Main3D_DEF REG_SZ 3
AntiAlias_DEF REG_SZ 1
AntiAliasSamples_DEF REG_SZ 0
AnisoType_DEF REG_SZ 0
AnisoDegree_DEF REG_SZ 0
TextureOpt_DEF REG_SZ 0
TextureLod_DEF REG_SZ 0
TruformMode_DEF REG_SZ 0
VSyncControl_DEF REG_SZ 1
SwapEffect_DEF REG_SZ 0
TemporalAAMultiplier_DEF REG_SZ 0
ExportCompressedTex_DEF REG_SZ 1
PixelCenter_DEF REG_SZ 0
ForceZBufferDepth_DEF REG_SZ 0
EnableTripleBuffering_DEF REG_SZ 0
ColourDesktopGamma_DEF REG_SZ 1.0 1.0 1.0
ColourDesktopBrightness_DEF REG_SZ 0 0 0
ColourDesktopContrast_DEF REG_SZ 1.0 1.0 1.0
ColourFullscreenGamma_DEF REG_SZ 1.0 1.0 1.0
ColourFullscreenBrightness_DEF REG_SZ 0 0 0
ColourFullscreenContrast_DEF REG_SZ 1.0 1.0 1.0
3D_Refresh_Rate_Override_DEF REG_DWORD 0x0
Display_Detection_DEF REG_DWORD 0x0
Panning_Mode_DEF REG_DWORD 0x0
Mouse_Track_Orientation_DEF REG_DWORD 0x1
Force_TV_Detection_DEF REG_DWORD 0x0
CatalystAI_DEF REG_SZ 1
DisableEnumAllChilds REG_DWORD 0x0
DALRULE_NOFORCEBOOT REG_DWORD 0x0
DALOPTION_MinResBCD REG_BINARY 0000000000000060
CurrentProfile REG_SZ Default
RebootFlags REG_DWORD 0x0
RebootFlagsEx REG_DWORD 0xf0010001
CapabilitiesEx REG_DWORD 0x0
Capabilities REG_DWORD 0x0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\ati2mtag\Device0\ATI WDM Configurations
PnP ID Version REG_SZ 34

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\ati2mtag\Device0\MMLIB
ForceOneField REG_DWORD 0x0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\ati2mtag\Device1
InstalledDisplayDrivers REG_MULTI_SZ ati2dvag\0\0
MultiFunctionSupported REG_DWORD 0x1
GCOOPTION_DisableGPIOPowerSaveMode REG_DWORD 0x1
ReleaseVersion REG_SZ 8.163.1.1.1-060121a-030334C
BuildNumber REG_SZ 30332
drv REG_SZ ati2dvag.dll
DALGameGammaScale REG_DWORD 0x646464
UseNewOGLRegPath REG_DWORD 0x1
DALRULE_DYNAMICFIXEDDISPLAYMODEREPORTING REG_DWORD 0x1
DALRULE_GETVGAEXPANSIONATBOOT REG_DWORD 0x1
DisableHotPlugDFP REG_DWORD 0x1
ExtEvent_EnableAlpsMouseOrientation REG_DWORD 0x0
ExtEvent_SafeEscapeSupport REG_DWORD 0x1
DALRULE_DISABLEPSEUDOLARGEDESKTOP REG_DWORD 0x0
OvlTheaterMode REG_BINARY 00000000
DisableOvlTheaterMode REG_DWORD 0x0
UseVMRPitch REG_DWORD 0x0
DisableMMSnifferCode REG_DWORD 0x0
DisableProgPCILatency REG_DWORD 0x0
DALRULE_GetTVFakeEDID REG_DWORD 0x0
Catalyst_Version REG_SZ 0
DALRULE_REGISTRYACCESS REG_DWORD 0x1
DALRULE_RESTRICTCRTANALOGDETECTIONONEDIDMISMATCH REG_DWORD 0x0
DALRULE_ENABLEDRIVERMODEPRUNNING REG_DWORD 0x0
GCORULE_ENABLETILEDMEMORYCALCULATION REG_DWORD 0x1
DALRULE_MACROVISIONINFOREPORT REG_DWORD 0x0
DALRULE_BANDWIDTHMODEENUM REG_DWORD 0x1
ExtEvent_LCDSetNativeModeOnResume REG_DWORD 0x0
DALRULE_LIMITTMDSMODES REG_DWORD 0x0
DALRULE_RESTRICT640x480MODE REG_DWORD 0x0
DALRULE_RESTRICT8BPPON2NDDRV REG_DWORD 0x0
TVForceDetection REG_DWORD 0x0
DALRULE_DISABLECWDDEDETECTION REG_DWORD 0x0
DALRULE_USECMOSDISPLAYSETTINGS REG_DWORD 0x1
DALRULE_NOCRTANDDFPACTIVESIMULTANEOUSLY REG_DWORD 0x0
DisableTabletPCRotation REG_DWORD 0x1
DALRULE_DISABLEDISPLAYSWITCHINGIFOVERLAYALLOCATED REG_DWORD 0x1
ExtEvent_EnableMultiSessions REG_DWORD 0x1
DALRULE_USEENABLEDATBOOTSCHEME REG_DWORD 0x1
RotationSupportLevel REG_DWORD 0x2
NewRotation REG_SZ 1
UseBT601CSC REG_SZ 1
DALRULE_DYNAMICMODESUPPORT REG_DWORD 0x1
GSettingControl REG_DWORD 0x4
DFPOption_SingleLink REG_DWORD 0x1
DFPXOption_SingleLink REG_DWORD 0x1
DALRULE_ALLOWMONITORRANGELIMITMODESCRT REG_DWORD 0x1
DALRULE_NOTVANDLCDONCRTC REG_DWORD 0x1
WmAgpMaxIdleClk REG_DWORD 0x20
GCORULE_FlickerWA REG_DWORD 0x1
SMOOTHVISION_NAME REG_SZ SMOOTHVISION 2.1
DALRULE_NOCRTTVANDDVIACTIVESIMULTANEOUSLY REG_DWORD 0x1
DALRULE_ENABLEDALFSDOSTOWINDOWSSELECTION REG_DWORD 0x1
GCORULE_DISABLEEXPAT1280WITHCRT REG_DWORD 0x1
DALRULE_DONOTREPORTCUSTOMREFRESHRATE REG_DWORD 0x1
R6LCD_ENABLESSJITTERDISPLAYPATH REG_DWORD 0x1
DALRULE_ENABLEDALRESUMESUPPORT REG_DWORD 0x1
GCORULE_DisableHotKeyIfDDExclusiveMode REG_DWORD 0x1
GCORULE_DisableGPIOPowerSaveMode REG_DWORD 0x1
TVDisableModes REG_DWORD 0x0
DALRULE_LCDSHOWRESOLUTIONCHANGEMESSAGE REG_DWORD 0x0
DALRULE_GETLCDFAKEEDID REG_DWORD 0x0
GCORULE_ENABLERMXFILTER REG_DWORD 0x1
OVShiftOddDown REG_DWORD 0x0
DALRULE_RESTRICT2ACTIVEDISPLAYS REG_DWORD 0x0
DALRULE_POWERPLAYOPTIONCOLORDEPTHREDUCTION REG_DWORD 0x0
R6LCD_FOLLOWLIDSTATE REG_DWORD 0x1
DisableFakeOSDualViewNotify REG_DWORD 0x1
DisableD3DExclusiveModeChange REG_DWORD 0x1
DisableOpenGLExclusiveModeChange REG_DWORD 0x1
TVM6Flag REG_DWORD 0x0
DisableDalValidateChild REG_DWORD 0x1
DALRULE_SETMODEAFTERPOWERSTATECHANGE REG_DWORD 0x1
DALRULE_USEOLDPOWERPLAYINTERFACE REG_DWORD 0x0
DALRULE_USEOLDPOWERPLAYPROPERTYPAGE REG_DWORD 0x0
DALRULE_ENABLESHOWACSLIDER REG_DWORD 0x1
DALRULE_ENABLESHOWDCLOWSLIDER REG_DWORD 0x1
ExtEvent_RestoreLargeDesktopOnResume REG_DWORD 0x1
ExtEvent_EnableAutoDisplayConfig REG_DWORD 0x1
DALRULE_USERDEVICEPROFILEUPDATE REG_DWORD 0x1
ExtEvent_EnableMpAtDocking REG_DWORD 0x1
ExtEvent_SaveProfileBySelected REG_DWORD 0x1
DALRULE_DISABLEPOWERPLAYMESSAGES REG_DWORD 0x1
ApplyRotationDefaultMode REG_DWORD 0x1
GCORULE_PPForceBlankDisplays REG_DWORD 0x1
DXVA_WMV REG_SZ 0
DALRULE_UNRESTRICTSXGAPCRTONOWNCRTC REG_DWORD 0x1
ExtEvent_EnableADCAtUndocking REG_DWORD 0x1
DfpUsePixSlip REG_DWORD 0x1
Device Description REG_SZ ATI MOBILITY RADEON X300
DALRULE_DONTSHOWWADOPTION REG_DWORD 0x1
DXVA_WMV_DEF REG_SZ 0
GCORULE_X1DETECT REG_DWORD 0x1
DALRULE_OTHEREXPANSIONMODEDEFAULT REG_DWORD 0x1
DALRULE_WADSUPPORT REG_DWORD 0x1
GCORULE_WADSUPPORT REG_DWORD 0x1
GCORULE_PowerPlayClearMemBase REG_DWORD 0x1
ExtEvent_EnableADCLogicalMapping REG_DWORD 0x1
DDC2Disabled REG_DWORD 0x0
DisableBlockWrite REG_DWORD 0x1
DisableDMACopy REG_DWORD 0x0
TestEnv REG_DWORD 0x0
TimingSelection REG_DWORD 0x0
VgaCompatible REG_DWORD 0x0
Adaptive De-interlacing REG_DWORD 0x1
VPE Adaptive De-interlacing REG_DWORD 0x1
DisableTimeStampWriteBack REG_DWORD 0x0
DisableTiling REG_DWORD 0x0
ExtEvent_EnableHotPlug REG_DWORD 0x0
ExtEvent_EnableMouseRotation REG_DWORD 0x1
DFPRULE_HotplugSupported REG_DWORD 0x1
DALRULE_NOTVANDCRTONSAMECONTROLLER REG_DWORD 0x1
DALRULE_NOCRTANDLCDONSAMECONTROLLER REG_DWORD 0x0
DALRULE_DISPLAYSRESTRICTMODES REG_DWORD 0x0
VPURecover_NA REG_SZ 1
DisableSmartSave_DEF REG_DWORD 0x1
VPUEnableSubmissionBox_DEF REG_SZ 0
DALRULE_ADDNATIVEMODESTOMODETABLE REG_DWORD 0x1
AutoColorDepthReduction_NA REG_DWORD 0x1
DisableIDCT REG_DWORD 0x0
DALR6 CRT_MaxModeInfo REG_BINARY 0000000040060000B0040000000000003C000000
DisableFullAdapterInit REG_DWORD 0x0
MemInitLatencyTimer REG_DWORD 0x775771bf
GI_DEF REG_SZ 0
DALNonStandardModesBCD1 REG_BINARY 080004800000006010240480000000601024060000000060128006000000006012800768000000601400105000000060
DALRestrictedModesBCD1 REG_BINARY 08000480000000001152086400000000128007680000000012801024000001601600120000000120179213440000000018001440000000001856139200000000
DALRestrictedModesBCD2 REG_BINARY 1920108000000000192012000000000019201440000000002048153600000085
DALOPTION_MaxResBCD REG_BINARY 0000000000000160
DisableDualView REG_DWORD 0x0
DisableDualviewWithHotKey REG_DWORD 0x1
ExtEvent_EnablePolling REG_DWORD 0x1
ExtEvent_BroadcastDispChange REG_DWORD 0x0
ExtEvent_UpdateAdapterInfoOnHK REG_DWORD 0x1
GCORULE_DisableHotKeyIfOverlayAllocated REG_DWORD 0x1
ExtEvent_LCDSetMaxResOnDockChg REG_DWORD 0x1
DALRULE_NOCRTANDDFPONSAMECONTROLLER REG_DWORD 0x1
GCORULE_IntTMDSReduceBlankTiming REG_DWORD 0x1
DisableSWInterrupt REG_DWORD 0x0
ExtEvent_BIOSEventByInterrupt REG_DWORD 0x1
ExtEvent_EnableChgLCDResOnHotKey REG_DWORD 0x0
R6LCD_RETURNALLBIOSMODES REG_DWORD 0x0
ExtEvent_OverDriveSupport REG_DWORD 0x1
Main3D_DEF REG_SZ 3
AntiAlias_DEF REG_SZ 1
AntiAliasSamples_DEF REG_SZ 0
AnisoType_DEF REG_SZ 0
AnisoDegree_DEF REG_SZ 0
TextureOpt_DEF REG_SZ 0
TextureLod_DEF REG_SZ 0
TruformMode_DEF REG_SZ 0
VSyncControl_DEF REG_SZ 1
SwapEffect_DEF REG_SZ 0
TemporalAAMultiplier_DEF REG_SZ 0
ExportCompressedTex_DEF REG_SZ 1
PixelCenter_DEF REG_SZ 0
ForceZBufferDepth_DEF REG_SZ 0
EnableTripleBuffering_DEF REG_SZ 0
ColourDesktopGamma_DEF REG_SZ 1.0 1.0 1.0
ColourDesktopBrightness_DEF REG_SZ 0 0 0
ColourDesktopContrast_DEF REG_SZ 1.0 1.0 1.0
ColourFullscreenGamma_DEF REG_SZ 1.0 1.0 1.0
ColourFullscreenBrightness_DEF REG_SZ 0 0 0
ColourFullscreenContrast_DEF REG_SZ 1.0 1.0 1.0
3D_Refresh_Rate_Override_DEF REG_DWORD 0x0
Display_Detection_DEF REG_DWORD 0x0
Panning_Mode_DEF REG_DWORD 0x0
Mouse_Track_Orientation_DEF REG_DWORD 0x1
Force_TV_Detection_DEF REG_DWORD 0x0
CatalystAI_DEF REG_SZ 1
DisableEnumAllChilds REG_DWORD 0x0
DALRULE_NOFORCEBOOT REG_DWORD 0x0
DALOPTION_MinResBCD REG_BINARY 0000000000000060
CurrentProfile REG_SZ Default
RebootFlags REG_DWORD 0x0
RebootFlagsEx REG_DWORD 0xf0010001
CapabilitiesEx REG_DWORD 0x0
Capabilities REG_DWORD 0x0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\ati2mtag\Device1\ATI WDM Configurations
PnP ID Version REG_SZ 34

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\ati2mtag\Device1\MMLIB
ForceOneField REG_DWORD 0x0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\ati2mtag\Device2
InstalledDisplayDrivers REG_MULTI_SZ ati2dvag\0\0
MultiFunctionSupported REG_DWORD 0x1
GCOOPTION_DisableGPIOPowerSaveMode REG_DWORD 0x1
ReleaseVersion REG_SZ 8.163.1.1.1-060121a-030334C
BuildNumber REG_SZ 30332
drv REG_SZ ati2dvag.dll
DALGameGammaScale REG_DWORD 0x646464
UseNewOGLRegPath REG_DWORD 0x1
DALRULE_DYNAMICFIXEDDISPLAYMODEREPORTING REG_DWORD 0x1
DALRULE_GETVGAEXPANSIONATBOOT REG_DWORD 0x1
DisableHotPlugDFP REG_DWORD 0x1
ExtEvent_EnableAlpsMouseOrientation REG_DWORD 0x0
ExtEvent_SafeEscapeSupport REG_DWORD 0x1
DALRULE_DISABLEPSEUDOLARGEDESKTOP REG_DWORD 0x0
OvlTheaterMode REG_BINARY 00000000
DisableOvlTheaterMode REG_DWORD 0x0
UseVMRPitch REG_DWORD 0x0
DisableMMSnifferCode REG_DWORD 0x0
DisableProgPCILatency REG_DWORD 0x0
DALRULE_GetTVFakeEDID REG_DWORD 0x0
Catalyst_Version REG_SZ 0
DALRULE_REGISTRYACCESS REG_DWORD 0x1
DALRULE_RESTRICTCRTANALOGDETECTIONONEDIDMISMATCH REG_DWORD 0x0
DALRULE_ENABLEDRIVERMODEPRUNNING REG_DWORD 0x0
GCORULE_ENABLETILEDMEMORYCALCULATION REG_DWORD 0x1
DALRULE_MACROVISIONINFOREPORT REG_DWORD 0x0
DALRULE_BANDWIDTHMODEENUM REG_DWORD 0x1
ExtEvent_LCDSetNativeModeOnResume REG_DWORD 0x0
DALRULE_LIMITTMDSMODES REG_DWORD 0x0
DALRULE_RESTRICT640x480MODE REG_DWORD 0x0
DALRULE_RESTRICT8BPPON2NDDRV REG_DWORD 0x0
TVForceDetection REG_DWORD 0x0
DALRULE_DISABLECWDDEDETECTION REG_DWORD 0x0
DALRULE_USECMOSDISPLAYSETTINGS REG_DWORD 0x1
DALRULE_NOCRTANDDFPACTIVESIMULTANEOUSLY REG_DWORD 0x0
DisableTabletPCRotation REG_DWORD 0x1
DALRULE_DISABLEDISPLAYSWITCHINGIFOVERLAYALLOCATED REG_DWORD 0x1
ExtEvent_EnableMultiSessions REG_DWORD 0x1
DALRULE_USEENABLEDATBOOTSCHEME REG_DWORD 0x1
RotationSupportLevel REG_DWORD 0x2
NewRotation REG_SZ 1
UseBT601CSC REG_SZ 1
DALRULE_DYNAMICMODESUPPORT REG_DWORD 0x1
GSettingControl REG_DWORD 0x4
DFPOption_SingleLink REG_DWORD 0x1
DFPXOption_SingleLink REG_DWORD 0x1
DALRULE_ALLOWMONITORRANGELIMITMODESCRT REG_DWORD 0x1
DALRULE_NOTVANDLCDONCRTC REG_DWORD 0x1
WmAgpMaxIdleClk REG_DWORD 0x20
GCORULE_FlickerWA REG_DWORD 0x1
SMOOTHVISION_NAME REG_SZ SMOOTHVISION 2.1
DALRULE_NOCRTTVANDDVIACTIVESIMULTANEOUSLY REG_DWORD 0x1
DALRULE_ENABLEDALFSDOSTOWINDOWSSELECTION REG_DWORD 0x1
GCORULE_DISABLEEXPAT1280WITHCRT REG_DWORD 0x1
DALRULE_DONOTREPORTCUSTOMREFRESHRATE REG_DWORD 0x1
R6LCD_ENABLESSJITTERDISPLAYPATH REG_DWORD 0x1
DALRULE_ENABLEDALRESUMESUPPORT REG_DWORD 0x1
GCORULE_DisableHotKeyIfDDExclusiveMode REG_DWORD 0x1
GCORULE_DisableGPIOPowerSaveMode REG_DWORD 0x1
TVDisableModes REG_DWORD 0x0
DALRULE_LCDSHOWRESOLUTIONCHANGEMESSAGE REG_DWORD 0x0
DALRULE_GETLCDFAKEEDID REG_DWORD 0x0
GCORULE_ENABLERMXFILTER REG_DWORD 0x1
OVShiftOddDown REG_DWORD 0x0
DALRULE_RESTRICT2ACTIVEDISPLAYS REG_DWORD 0x0
DALRULE_POWERPLAYOPTIONCOLORDEPTHREDUCTION REG_DWORD 0x0
R6LCD_FOLLOWLIDSTATE REG_DWORD 0x1
DisableFakeOSDualViewNotify REG_DWORD 0x1
DisableD3DExclusiveModeChange REG_DWORD 0x1
DisableOpenGLExclusiveModeChange REG_DWORD 0x1
TVM6Flag REG_DWORD 0x0
DisableDalValidateChild REG_DWORD 0x1
DALRULE_SETMODEAFTERPOWERSTATECHANGE REG_DWORD 0x1
DALRULE_USEOLDPOWERPLAYINTERFACE REG_DWORD 0x0
DALRULE_USEOLDPOWERPLAYPROPERTYPAGE REG_DWORD 0x0
DALRULE_ENABLESHOWACSLIDER REG_DWORD 0x1
DALRULE_ENABLESHOWDCLOWSLIDER REG_DWORD 0x1
ExtEvent_RestoreLargeDesktopOnResume REG_DWORD 0x1
ExtEvent_EnableAutoDisplayConfig REG_DWORD 0x1
DALRULE_USERDEVICEPROFILEUPDATE REG_DWORD 0x1
ExtEvent_EnableMpAtDocking REG_DWORD 0x1
ExtEvent_SaveProfileBySelected REG_DWORD 0x1
DALRULE_DISABLEPOWERPLAYMESSAGES REG_DWORD 0x1
ApplyRotationDefaultMode REG_DWORD 0x1
GCORULE_PPForceBlankDisplays REG_DWORD 0x1
DXVA_WMV REG_SZ 0
DALRULE_UNRESTRICTSXGAPCRTONOWNCRTC REG_DWORD 0x1
ExtEvent_EnableADCAtUndocking REG_DWORD 0x1
DfpUsePixSlip REG_DWORD 0x1
Device Description REG_SZ ATI MOBILITY RADEON X300
DALRULE_DONTSHOWWADOPTION REG_DWORD 0x1
DXVA_WMV_DEF REG_SZ 0
GCORULE_X1DETECT REG_DWORD 0x1
DALRULE_OTHEREXPANSIONMODEDEFAULT REG_DWORD 0x1
DALRULE_WADSUPPORT REG_DWORD 0x1
GCORULE_WADSUPPORT REG_DWORD 0x1
GCORULE_PowerPlayClearMemBase REG_DWORD 0x1
ExtEvent_EnableADCLogicalMapping REG_DWORD 0x1
DDC2Disabled REG_DWORD 0x0
DisableBlockWrite REG_DWORD 0x1
DisableDMACopy REG_DWORD 0x0
TestEnv REG_DWORD 0x0
TimingSelection REG_DWORD 0x0
VgaCompatible REG_DWORD 0x0
Adaptive De-interlacing REG_DWORD 0x1
VPE Adaptive De-interlacing REG_DWORD 0x1
DisableTimeStampWriteBack REG_DWORD 0x0
DisableTiling REG_DWORD 0x0
ExtEvent_EnableHotPlug REG_DWORD 0x0
ExtEvent_EnableMouseRotation REG_DWORD 0x1
DFPRULE_HotplugSupported REG_DWORD 0x1
DALRULE_NOTVANDCRTONSAMECONTROLLER REG_DWORD 0x1
DALRULE_NOCRTANDLCDONSAMECONTROLLER REG_DWORD 0x0
DALRULE_DISPLAYSRESTRICTMODES REG_DWORD 0x0
VPURecover_NA REG_SZ 1
DisableSmartSave_DEF REG_DWORD 0x1
VPUEnableSubmissionBox_DEF REG_SZ 0
DALRULE_ADDNATIVEMODESTOMODETABLE REG_DWORD 0x1
AutoColorDepthReduction_NA REG_DWORD 0x1
DisableIDCT REG_DWORD 0x0
DALR6 CRT_MaxModeInfo REG_BINARY 0000000040060000B0040000000000003C000000
DisableFullAdapterInit REG_DWORD 0x0
MemInitLatencyTimer REG_DWORD 0x775771bf
GI_DEF REG_SZ 0
DALNonStandardModesBCD1 REG_BINARY 080004800000006010240480000000601024060000000060128006000000006012800768000000601400105000000060
DALRestrictedModesBCD1 REG_BINARY 08000480000000001152086400000000128007680000000012801024000001601600120000000120179213440000000018001440000000001856139200000000
DALRestrictedModesBCD2 REG_BINARY 1920108000000000192012000000000019201440000000002048153600000085
DALOPTION_MaxResBCD REG_BINARY 0000000000000160
DisableDualView REG_DWORD 0x0
DisableDualviewWithHotKey REG_DWORD 0x1
ExtEvent_EnablePolling REG_DWORD 0x1
ExtEvent_BroadcastDispChange REG_DWORD 0x0
ExtEvent_UpdateAdapterInfoOnHK REG_DWORD 0x1
GCORULE_DisableHotKeyIfOverlayAllocated REG_DWORD 0x1
ExtEvent_LCDSetMaxResOnDockChg REG_DWORD 0x1
DALRULE_NOCRTANDDFPONSAMECONTROLLER REG_DWORD 0x1
GCORULE_IntTMDSReduceBlankTiming REG_DWORD 0x1
DisableSWInterrupt REG_DWORD 0x0
ExtEvent_BIOSEventByInterrupt REG_DWORD 0x1
ExtEvent_EnableChgLCDResOnHotKey REG_DWORD 0x0
R6LCD_RETURNALLBIOSMODES REG_DWORD 0x0
ExtEvent_OverDriveSupport REG_DWORD 0x1
Main3D_DEF REG_SZ 3
AntiAlias_DEF REG_SZ 1
AntiAliasSamples_DEF REG_SZ 0
AnisoType_DEF REG_SZ 0
AnisoDegree_DEF REG_SZ 0
TextureOpt_DEF REG_SZ 0
TextureLod_DEF REG_SZ 0
TruformMode_DEF REG_SZ 0
VSyncControl_DEF REG_SZ 1
SwapEffect_DEF REG_SZ 0
TemporalAAMultiplier_DEF REG_SZ 0
ExportCompressedTex_DEF REG_SZ 1
PixelCenter_DEF REG_SZ 0
ForceZBufferDepth_DEF REG_SZ 0
EnableTripleBuffering_DEF REG_SZ 0
ColourDesktopGamma_DEF REG_SZ 1.0 1.0 1.0
ColourDesktopBrightness_DEF REG_SZ 0 0 0
ColourDesktopContrast_DEF REG_SZ 1.0 1.0 1.0
ColourFullscreenGamma_DEF REG_SZ 1.0 1.0 1.0
ColourFullscreenBrightness_DEF REG_SZ 0 0 0
ColourFullscreenContrast_DEF REG_SZ 1.0 1.0 1.0
3D_Refresh_Rate_Override_DEF REG_DWORD 0x0
Display_Detection_DEF REG_DWORD 0x0
Panning_Mode_DEF REG_DWORD 0x0
Mouse_Track_Orientation_DEF REG_DWORD 0x1
Force_TV_Detection_DEF REG_DWORD 0x0
CatalystAI_DEF REG_SZ 1
DisableEnumAllChilds REG_DWORD 0x0
DALRULE_NOFORCEBOOT REG_DWORD 0x0
DALOPTION_MinResBCD REG_BINARY 0000000000000060
CurrentProfile REG_SZ Default
RebootFlags REG_DWORD 0x0
RebootFlagsEx REG_DWORD 0xf0010001
CapabilitiesEx REG_DWORD 0x0
Capabilities REG_DWORD 0x0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\ati2mtag\Device2\ATI WDM Configurations
PnP ID Version REG_SZ 34

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\ati2mtag\Device2\MMLIB
ForceOneField REG_DWORD 0x0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\ati2mtag\Device3
InstalledDisplayDrivers REG_MULTI_SZ ati2dvag\0\0
MultiFunctionSupported REG_DWORD 0x1
GCOOPTION_DisableGPIOPowerSaveMode REG_DWORD 0x1
ReleaseVersion REG_SZ 8.163.1.1.1-060121a-030334C
BuildNumber REG_SZ 30332
drv REG_SZ ati2dvag.dll
DALGameGammaScale REG_DWORD 0x646464
UseNewOGLRegPath REG_DWORD 0x1
DALRULE_DYNAMICFIXEDDISPLAYMODEREPORTING REG_DWORD 0x1
DALRULE_GETVGAEXPANSIONATBOOT REG_DWORD 0x1
DisableHotPlugDFP REG_DWORD 0x1
ExtEvent_EnableAlpsMouseOrientation REG_DWORD 0x0
ExtEvent_SafeEscapeSupport REG_DWORD 0x1
DALRULE_DISABLEPSEUDOLARGEDESKTOP REG_DWORD 0x0
OvlTheaterMode REG_BINARY 00000000
DisableOvlTheaterMode REG_DWORD 0x0
UseVMRPitch REG_DWORD 0x0
DisableMMSnifferCode REG_DWORD 0x0
DisableProgPCILatency REG_DWORD 0x0
DALRULE_GetTVFakeEDID REG_DWORD 0x0
Catalyst_Version REG_SZ 0
DALRULE_REGISTRYACCESS REG_DWORD 0x1
DALRULE_RESTRICTCRTANALOGDETECTIONONEDIDMISMATCH REG_DWORD 0x0
DALRULE_ENABLEDRIVERMODEPRUNNING REG_DWORD 0x0
GCORULE_ENABLETILEDMEMORYCALCULATION REG_DWORD 0x1
DALRULE_MACROVISIONINFOREPORT REG_DWORD 0x0
DALRULE_BANDWIDTHMODEENUM REG_DWORD 0x1
ExtEvent_LCDSetNativeModeOnResume REG_DWORD 0x0
DALRULE_LIMITTMDSMODES REG_DWORD 0x0
DALRULE_RESTRICT640x480MODE REG_DWORD 0x0
DALRULE_RESTRICT8BPPON2NDDRV REG_DWORD 0x0
TVForceDetection REG_DWORD 0x0
DALRULE_DISABLECWDDEDETECTION REG_DWORD 0x0
DALRULE_USECMOSDISPLAYSETTINGS REG_DWORD 0x1
DALRULE_NOCRTANDDFPACTIVESIMULTANEOUSLY REG_DWORD 0x0
DisableTabletPCRotation REG_DWORD 0x1
DALRULE_DISABLEDISPLAYSWITCHINGIFOVERLAYALLOCATED REG_DWORD 0x1
ExtEvent_EnableMultiSessions REG_DWORD 0x1
DALRULE_USEENABLEDATBOOTSCHEME REG_DWORD 0x1
RotationSupportLevel REG_DWORD 0x2
NewRotation REG_SZ 1
UseBT601CSC REG_SZ 1
DALRULE_DYNAMICMODESUPPORT REG_DWORD 0x1
GSettingControl REG_DWORD 0x4
DFPOption_SingleLink REG_DWORD 0x1
DFPXOption_SingleLink REG_DWORD 0x1
DALRULE_ALLOWMONITORRANGELIMITMODESCRT REG_DWORD 0x1
DALRULE_NOTVANDLCDONCRTC REG_DWORD 0x1
WmAgpMaxIdleClk REG_DWORD 0x20
GCORULE_FlickerWA REG_DWORD 0x1
SMOOTHVISION_NAME REG_SZ SMOOTHVISION 2.1
DALRULE_NOCRTTVANDDVIACTIVESIMULTANEOUSLY REG_DWORD 0x1
DALRULE_ENABLEDALFSDOSTOWINDOWSSELECTION REG_DWORD 0x1
GCORULE_DISABLEEXPAT1280WITHCRT REG_DWORD 0x1
DALRULE_DONOTREPORTCUSTOMREFRESHRATE REG_DWORD 0x1
R6LCD_ENABLESSJITTERDISPLAYPATH REG_DWORD 0x1
DALRULE_ENABLEDALRESUMESUPPORT REG_DWORD 0x1
GCORULE_DisableHotKeyIfDDExclusiveMode REG_DWORD 0x1
GCORULE_DisableGPIOPowerSaveMode REG_DWORD 0x1
TVDisableModes REG_DWORD 0x0
DALRULE_LCDSHOWRESOLUTIONCHANGEMESSAGE REG_DWORD 0x0
DALRULE_GETLCDFAKEEDID REG_DWORD 0x0
GCORULE_ENABLERMXFILTER REG_DWORD 0x1
OVShiftOddDown REG_DWORD 0x0
DALRULE_RESTRICT2ACTIVEDISPLAYS REG_DWORD 0x0
DALRULE_POWERPLAYOPTIONCOLORDEPTHREDUCTION REG_DWORD 0x0
R6LCD_FOLLOWLIDSTATE REG_DWORD 0x1
DisableFakeOSDualViewNotify REG_DWORD 0x1
DisableD3DExclusiveModeChange REG_DWORD 0x1
DisableOpenGLExclusiveModeChange REG_DWORD 0x1
TVM6Flag REG_DWORD 0x0
DisableDalValidateChild REG_DWORD 0x1
DALRULE_SETMODEAFTERPOWERSTATECHANGE REG_DWORD 0x1
DALRULE_USEOLDPOWERPLAYINTERFACE REG_DWORD 0x0
DALRULE_USEOLDPOWERPLAYPROPERTYPAGE REG_DWORD 0x0
DALRULE_ENABLESHOWACSLIDER REG_DWORD 0x1
DALRULE_ENABLESHOWDCLOWSLIDER REG_DWORD 0x1
ExtEvent_RestoreLargeDesktopOnResume REG_DWORD 0x1
ExtEvent_EnableAutoDisplayConfig REG_DWORD 0x1
DALRULE_USERDEVICEPROFILEUPDATE REG_DWORD 0x1
ExtEvent_EnableMpAtDocking REG_DWORD 0x1
ExtEvent_SaveProfileBySelected REG_DWORD 0x1
DALRULE_DISABLEPOWERPLAYMESSAGES REG_DWORD 0x1
ApplyRotationDefaultMode REG_DWORD 0x1
GCORULE_PPForceBlankDisplays REG_DWORD 0x1
DXVA_WMV REG_SZ 0
DALRULE_UNRESTRICTSXGAPCRTONOWNCRTC REG_DWORD 0x1
ExtEvent_EnableADCAtUndocking REG_DWORD 0x1
DfpUsePixSlip REG_DWORD 0x1
Device Description REG_SZ ATI MOBILITY RADEON X300
DALRULE_DONTSHOWWADOPTION REG_DWORD 0x1
DXVA_WMV_DEF REG_SZ 0
GCORULE_X1DETECT REG_DWORD 0x1
DALRULE_OTHEREXPANSIONMODEDEFAULT REG_DWORD 0x1
DALRULE_WADSUPPORT REG_DWORD 0x1
GCORULE_WADSUPPORT REG_DWORD 0x1
GCORULE_PowerPlayClearMemBase REG_DWORD 0x1
ExtEvent_EnableADCLogicalMapping REG_DWORD 0x1
DDC2Disabled REG_DWORD 0x0
DisableBlockWrite REG_DWORD 0x1
DisableDMACopy REG_DWORD 0x0
TestEnv REG_DWORD 0x0
TimingSelection REG_DWORD 0x0
VgaCompatible REG_DWORD 0x0
Adaptive De-interlacing REG_DWORD 0x1
VPE Adaptive De-interlacing REG_DWORD 0x1
DisableTimeStampWriteBack REG_DWORD 0x0
DisableTiling REG_DWORD 0x0
ExtEvent_EnableHotPlug REG_DWORD 0x0
ExtEvent_EnableMouseRotation REG_DWORD 0x1
DFPRULE_HotplugSupported REG_DWORD 0x1
DALRULE_NOTVANDCRTONSAMECONTROLLER REG_DWORD 0x1
DALRULE_NOCRTANDLCDONSAMECONTROLLER REG_DWORD 0x0
DALRULE_DISPLAYSRESTRICTMODES REG_DWORD 0x0
VPURecover_NA REG_SZ 1
DisableSmartSave_DEF REG_DWORD 0x1
VPUEnableSubmissionBox_DEF REG_SZ 0
DALRULE_ADDNATIVEMODESTOMODETABLE REG_DWORD 0x1
AutoColorDepthReduction_NA REG_DWORD 0x1
DisableIDCT REG_DWORD 0x0
DALR6 CRT_MaxModeInfo REG_BINARY 0000000040060000B0040000000000003C000000
DisableFullAdapterInit REG_DWORD 0x0
MemInitLatencyTimer REG_DWORD 0x775771bf
GI_DEF REG_SZ 0
DALNonStandardModesBCD1 REG_BINARY 080004800000006010240480000000601024060000000060128006000000006012800768000000601400105000000060
DALRestrictedModesBCD1 REG_BINARY 08000480000000001152086400000000128007680000000012801024000001601600120000000120179213440000000018001440000000001856139200000000
DALRestrictedModesBCD2 REG_BINARY 1920108000000000192012000000000019201440000000002048153600000085
DALOPTION_MaxResBCD REG_BINARY 0000000000000160
DisableDualView REG_DWORD 0x0
DisableDualviewWithHotKey REG_DWORD 0x1
ExtEvent_EnablePolling REG_DWORD 0x1
ExtEvent_BroadcastDispChange REG_DWORD 0x0
ExtEvent_UpdateAdapterInfoOnHK REG_DWORD 0x1
GCORULE_DisableHotKeyIfOverlayAllocated REG_DWORD 0x1
ExtEvent_LCDSetMaxResOnDockChg REG_DWORD 0x1
DALRULE_NOCRTANDDFPONSAMECONTROLLER REG_DWORD 0x1
GCORULE_IntTMDSReduceBlankTiming REG_DWORD 0x1
DisableSWInterrupt REG_DWORD 0x0
ExtEvent_BIOSEventByInterrupt REG_DWORD 0x1
ExtEvent_EnableChgLCDResOnHotKey REG_DWORD 0x0
R6LCD_RETURNALLBIOSMODES REG_DWORD 0x0
ExtEvent_OverDriveSupport REG_DWORD 0x1
Main3D_DEF REG_SZ 3
AntiAlias_DEF REG_SZ 1
AntiAliasSamples_DEF REG_SZ 0
AnisoType_DEF REG_SZ 0
AnisoDegree_DEF REG_SZ 0
TextureOpt_DEF REG_SZ 0
TextureLod_DEF REG_SZ 0
TruformMode_DEF REG_SZ 0
VSyncControl_DEF REG_SZ 1
SwapEffect_DEF REG_SZ 0
TemporalAAMultiplier_DEF REG_SZ 0
ExportCompressedTex_DEF REG_SZ 1
PixelCenter_DEF REG_SZ 0
ForceZBufferDepth_DEF REG_SZ 0
EnableTripleBuffering_DEF REG_SZ 0
ColourDesktopGamma_DEF REG_SZ 1.0 1.0 1.0
ColourDesktopBrightness_DEF REG_SZ 0 0 0
ColourDesktopContrast_DEF REG_SZ 1.0 1.0 1.0
ColourFullscreenGamma_DEF REG_SZ 1.0 1.0 1.0
ColourFullscreenBrightness_DEF REG_SZ 0 0 0
ColourFullscreenContrast_DEF REG_SZ 1.0 1.0 1.0
3D_Refresh_Rate_Override_DEF REG_DWORD 0x0
Display_Detection_DEF REG_DWORD 0x0
Panning_Mode_DEF REG_DWORD 0x0
Mouse_Track_Orientation_DEF REG_DWORD 0x1
Force_TV_Detection_DEF REG_DWORD 0x0
CatalystAI_DEF REG_SZ 1
DisableEnumAllChilds REG_DWORD 0x0
DALRULE_NOFORCEBOOT REG_DWORD 0x0
DALOPTION_MinResBCD REG_BINARY 0000000000000060
CurrentProfile REG_SZ Default
RebootFlags REG_DWORD 0x0
RebootFlagsEx REG_DWORD 0xf0010001
CapabilitiesEx REG_DWORD 0x0
Capabilities REG_DWORD 0x0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\ati2mtag\Device3\ATI WDM Configurations
PnP ID Version REG_SZ 34

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\ati2mtag\Device3\MMLIB
ForceOneField REG_DWORD 0x0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\ati2mtag\Security
Security REG_BINARY 01001480900000009C000000140000003000000002001C000100000002801400FF010F00010100000000000100000000020060000400000000001400FD01020001010000000000051200000000001800FF010F0001020000000000052000000020020000000014008D01020001010000000000050B00000000001800FD01020001020000000000052000000023020000010100000000000512000000010100000000000512000000

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\ati2mtag\Video
Service REG_SZ ati2mtag

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\ati2mtag\Enum
0 REG_SZ PCI\VEN_1002&DEV_5460&SUBSYS_056E1014&REV_00\4&266c3fa7&0&0008
Count REG_DWORD 0x1
NextInstance REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Atierecord
eRecordEnable REG_DWORD 0x1
eRecordEnablePopups REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Atmarpc
Type REG_DWORD 0x1
Start REG_DWORD 0x3
ErrorControl REG_DWORD 0x1
Tag REG_DWORD 0xc
ImagePath REG_EXPAND_SZ system32\DRIVERS\atmarpc.sys
DisplayName REG_SZ ATM ARP Client Protocol
Group REG_SZ NDIS
DependOnService REG_MULTI_SZ Tcpip\0\0
DependOnGroup REG_MULTI_SZ \0
Description REG_SZ ATM ARP Client Protocol

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Atmarpc\Security
Security REG_BINARY 01001480900000009C000000140000003000000002001C000100000002801400FF010F00010100000000000100000000020060000400000000001400FD01020001010000000000051200000000001800FF010F0001020000000000052000000020020000000014008D01020001010000000000050B00000000001800FD01020001020000000000052000000023020000010100000000000512000000010100000000000512000000

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\AudioSrv
DependOnService REG_MULTI_SZ PlugPlay\0RpcSs\0\0
Description REG_SZ Manages audio devices for Windows-based programs. If this service is stopped, audio devices and effects will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
DisplayName REG_SZ Windows Audio
ErrorControl REG_DWORD 0x1
Group REG_SZ AudioGroup
ImagePath REG_EXPAND_SZ %SystemRoot%\System32\svchost.exe -k netsvcs
ObjectName REG_SZ LocalSystem
Start REG_DWORD 0x2
Type REG_DWORD 0x20

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\AudioSrv\Parameters
ServiceDll REG_EXPAND_SZ %SystemRoot%\System32\audiosrv.dll
ServiceDllUnloadOnStop REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\AudioSrv\Enum
0 REG_SZ Root\LEGACY_AUDIOSRV\0000
Count REG_DWORD 0x1
NextInstance REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\audstub
Type REG_DWORD 0x1
Start REG_DWORD 0x3
ErrorControl REG_DWORD 0x1
ImagePath REG_EXPAND_SZ system32\DRIVERS\audstub.sys
DisplayName REG_SZ Audio Stub Driver

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\audstub\Security
Security REG_BINARY 01001480900000009C000000140000003000000002001C000100000002801400FF010F00010100000000000100000000020060000400000000001400FD01020001010000000000051200000000001800FF010F0001020000000000052000000020020000000014008D01020001010000000000050B00000000001800FD01020001020000000000052000000023020000010100000000000512000000010100000000000512000000

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\audstub\Enum
0 REG_SZ Root\MEDIA\MS_MMACM
Count REG_DWORD 0x5
NextInstance REG_DWORD 0x5
1 REG_SZ Root\MEDIA\MS_MMDRV
2 REG_SZ Root\MEDIA\MS_MMMCI
3 REG_SZ Root\MEDIA\MS_MMVCD
4 REG_SZ Root\MEDIA\MS_MMVID

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\avast! Antivirus
Type REG_DWORD 0x20
Start REG_DWORD 0x2
ErrorControl REG_DWORD 0x1
ImagePath REG_EXPAND_SZ "C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
DisplayName REG_SZ avast! Antivirus
Group REG_SZ ShellSvcGroup
DependOnService REG_MULTI_SZ aswMon2\0RpcSS\0\0
DependOnGroup REG_MULTI_SZ \0
ObjectName REG_SZ LocalSystem
ServiceSidType REG_DWORD 0x1
Description REG_SZ Manages and implements avast! antivirus services for this computer. This includes the resident protection, the virus chest and the scheduler.
FailureActions REG_BINARY 100E000000000000000000000300000077004D00010000008813000001000000881300000000000088130000

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\avast! Antivirus\Security
Security REG_BINARY 01001480900000009C000000140000003000000002001C000100000002801400FF010F00010100000000000100000000020060000400000000001400FD01020001010000000000051200000000001800FF010F0001020000000000052000000020020000000014008D01020001010000000000050B00000000001800FD01020001020000000000052000000023020000010100000000000512000000010100000000000512000000

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\avast! Antivirus\Enum
0 REG_SZ Root\LEGACY_AVAST!_ANTIVIRUS\0000
Count REG_DWORD 0x1
NextInstance REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\avgio
Type REG_DWORD 0x1
Start REG_DWORD 0x1
ErrorControl REG_DWORD 0x1
ImagePath REG_EXPAND_SZ \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys
DisplayName REG_SZ avgio
DependOnService REG_MULTI_SZ FltMgr\0\0
DependOnGroup REG_MULTI_SZ \0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\avgio\Security
Security REG_BINARY 01001480900000009C000000140000003000000002001C000100000002801400FF010F00010100000000000100000000020060000400000000001400FD01020001010000000000051200000000001800FF010F0001020000000000052000000020020000000014008D01020001010000000000050B00000000001800FD01020001020000000000052000000023020000010100000000000512000000010100000000000512000000

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\avgio\Enum
0 REG_SZ Root\LEGACY_AVGIO\0000
Count REG_DWORD 0x1
NextInstance REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\avgntflt
Type REG_DWORD 0x2
Start REG_DWORD 0x2
ErrorControl REG_DWORD 0x1
Tag REG_DWORD 0x5
ImagePath REG_EXPAND_SZ system32\DRIVERS\avgntflt.sys
DisplayName REG_SZ avgntflt
Group REG_SZ FSFilter Anti-Virus
DependOnService REG_MULTI_SZ FltMgr\0\0
DependOnGroup REG_MULTI_SZ \0
Description REG_SZ Avira files mini-filter driver

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\avgntflt\Instances
DefaultInstance REG_SZ avgntflt

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\avgntflt\Instances\avgntflt
Altitude REG_SZ 320500
Flags REG_DWORD 0x0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\avgntflt\Security
Security REG_BINARY 01001480900000009C000000140000003000000002001C000100000002801400FF010F00010100000000000100000000020060000400000000001400FD01020001010000000000051200000000001800FF010F0001020000000000052000000020020000000014008D01020001010000000000050B00000000001800FD01020001020000000000052000000023020000010100000000000512000000010100000000000512000000

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\avgntflt\Enum
0 REG_SZ Root\LEGACY_AVGNTFLT\0000
Count REG_DWORD 0x1
NextInstance REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\avipbb
Type REG_DWORD 0x1
Start REG_DWORD 0x1
ErrorControl REG_DWORD 0x1
ImagePath REG_EXPAND_SZ system32\DRIVERS\avipbb.sys
DisplayName REG_SZ avipbb
Description REG_SZ Avira's Driver for RootKit Detection
DebugFlags REG_SZ 0
AviraRegAcl REG_BINARY E72DA19FB670CCBC63F4DFDB3480E71BB98D8B5E2BAA5FE2C5C9166EE909907B8E4C2098A3CF22B62D5BE8F5B167DB38308499BB38A272473BE1C753F1244F70B6A7158E5B3308CDE93FED107F5CAA93477A261F16B9EC2B03FB7F47DA7E4F6580091EA3481508E5C730E067094EFBF1788B09FC04CCA317374EBC34EBD7587118E27BB287FC22339719ECBCA7556BC64E96F2E01417D7FCE19FA5387FA98C78E2C24CF8C5DD2B80DE198989BE5803A26CD80ABD1460E9F8FF689C372D81DFB6349B143E43D6C646A7151C5FF3945079341C63B4B7240BF26E3C9A713F5682F74B8F3DFE71CCCE15184A8F2EDBCF646755D623A4DAEC6521F905EDA6E03D35AC9279B2C11CF5C7D85879DD10DE7EE34B3E93AAC623A9744A32E0FD4EC51B606391966A794E1A0AB03D1E29EA4832D96540488DE74B7D04EA6BB698FC362F8F11C8B0A5454FB2AC7DBEC369F5C2D61C75F60A93769A416C87B9B86D99553868CCBB3826034B49E87A5E5BAAF87B8C0DF76BC18F0636379817DEB4A0475CB2BA7BDEBF66EFD1CE056BE3FDBA67DC302074BAA31D82491F3BB10F1B2EE39226E7558633F9CE935F45C87D90D6D25A01F2DE3679C20AA172EE393E7BB8A837857A2027B018183DDE821FDD4C8928C0C19A5072B7807CE6BC6CE8F7C32C5CFBEAC250E6154B55D3803E5BDBF24D8070E553A9BBE76A12F1EB2282EB0F9F73F8361B74809D6A76A30C64982CFB78BD8DF91122F5F9338EFC19BD7BEB3C3478A49F4D769C0A589400F571B5B0EF3C16DDEB0B7EC607BA67E0265960D0856A5AAEEB7A7356D25D90FAC852ECD8BF32501CD6EE3419F09727E74A841CEEAB8F30948CA847217DB09E436F86FC568036DB7695CAC940E91BB84D4500C7EE2128D9960C022BB2F80183C004A45CF1133D45A462A42E96B7AB36F88CE1411071988C655793DE4A5C4DB1B3643C92B3AB6274BDF95C7575C8B579CBA5B2BC0B83A207798138D27482FEAC66C23E875E0A6F8234D1777FF4A799BA247D82FC5E725FBF9F6A049096A15F62B6DFAD526A9DBA46176ACE796238DDB3A724B66CFF137235F44292FD1276E5E4F72A29CEB2EC5FF6A3AF1F26109271D574777893C09A785196C49B2DA36DD00C5F26202BE1DE094F34B526F25C8ECFA4B8A5655688C39F268660DAF88D0B250AFBB74322558269B9A34E3C5ED559AE03156A10C603F95C8BEB97B08E6435D298C5F0F32017AEC0B68FA9754CC6ABDEFFDE2B3BB5C3B99FA84347DDA2ECF2FC1A4CA0F4A08F8B7326ED7DE5C906EC286E646AFB51F0E63E3943810AA0E71D5E1517F72988A1D58F18E83219AACF9C8A79A005224E108C66A1FE14B3017CD91760E8A3EADB3CEAA957693F3512D393AED09303D20D77753A57FB24FF9F87D6BD03FA0761691645230C1C81BDB2CFD801D5A8307D0612C66235D0600A8050770BCBD799B352D1B96BDDBBF5D2E482317AF86EAA600B3C28793A99226B68562828D24A2B0A400B4A972A4F685B2058C2391316207F22C0F9932E8DDC8075AEBC98BFCFB7168636B2085818E85F2731229111F8D698F8D894D51B0350F7417B27EEE2AFFA988CF3093534041BCCF55EA6D8B4513C36AEECCDD6A82A78B01EB921959DD5046E196FE9E3AD4B487D40A6B0E80B7D1478D8D390A01EB509F26D33BBA8B68D6D7D19269A277845CFFE106AFE40A83446F4B90C894ED2C4054BE58A805A1006756437AE712195C86609F2EF72C7C75D794CA42EB89B7932F5E665EDAA2A4CA9665A6A051B5D8778E66A1BB3AB4AB416A6CA45709F65EC780FCA8D9C835A6378EF8A36D070E37F77EA6FCD3A99FC128045DD6BF5669ABC7E8B5C434AA750C57BD690BB4DFC25B53D5743A510AD4DA8D4778AA18D43B1CDF30498F429D7B28E91A0FA2A949C08BA5A92AA5C43FA76F343648EBC28C01E7EF52E5BB2AA90FCE509239A0CDAAE9F424DAAA06C35A54CC61E925318698F03D94F7E2B99B19B6049E4AF8407E8321FB7C1B28C9478221068199F53A9DE0D99E64FA75B133637464CB3335E74342B35C83B100410BAFF24C1EFDCED6D07E4560648DFC4A87A444A3984A2E4F16EEA959A3E3BE2AD2C7845B8FADD92ABCF31B7A6C1ECDF8B609F0498FD3A01935BDB87F3EC64A9498F138F853DAE4EC6BCAE0CEE73A24B3B7F7C5B73A358250E011B139B7BFFC20BD5CC687C35FB2AD1C71A1847981BFFA4E41BED61DFFDC20C25FE7A97F8E4E81F
AviraFileAcl REG_BINARY E72DA19FA070ECBC52F4FFDB0480D61BB78D9A5E16AA60E2E0C9316EC809AA7BAB4C339890CF1DB6375BE3F5A0679D380D84BBBB2FA241471DE1C353F9245070F7A70F8E73330ACDF83FF710755C8293437A6F1F20B9E82B2CFB5547C07E546599096AA31A1528E5DD30D3676C4EAAF14F8B2FFC2ECC9417224ECD3484D758717BE250B2CAFC41338819E0BC8B5553C66296CDE02217E4FCCF9FB0387AA98978F4C240F8EADD0380E4198789A15805A264D81CBD7B60CEF88368C3372C8192B63A9B433E1ED6D146F9150D5FA4945B79601C6EB4D0240DF27E3CD6717B568EF74E8F2DFE1ECCA215174A862E98CF546745D67FA4C9EC21219D05CEA6A73D7CAC8379F9C144F5F4D81679C310B17EAF4B4293BCC607A9474A1AE0F24ED01B4463A1964479621A17B03F1E0FEA7532FE655348B8E76A7D6BEA69B6A9FC122FA511EEB08F4563B2A87DD0C367F5DAD61975EC0A9076E4417587D0B8059918381FCC993858034549E97A7C5B95F8418C3AF75CC18A062237B417EDB4874770B29A7BE3BF48EFDBCE396BF6FDBC67C5302074E4A31D824E1F21B11E1B29E39A26EC559C33CECE8F5F0BC86890CAD25101BEDE3679C20AA172C639247BB3A822857F2012B03A1834DE9D1FA14CBD28DDC18B5069B7857CD3BC5FE8F4C3395CE5EADD50EC154955C280755B8FF271806AE560A9DAE73C12CCEB2C82EF0FAE73D8363A74B59D6476BB0C569815FB50BD98F93022CEF95D8EFD19847BCB3C2678A39F5676890A699416F57DB587EF1D16F3EB4C7E93079C6799264160BE853C5A80EB51735FD27890F6C845ECE1BF1D5031D6FD341DF09A27E04A881CEEABB830A38CA947397DAC9E586F8AFC158019DB4295EBC96BE93BB877453BC7D82106D9960C1E2BB3F80383CC04AA5CA7132D45C362922EDEB7B5368E8CA6413E71B98C7C57B5DE755C77B197640C9288AB107483F9647545C8DF79B9A5AEBC748389072A8163D25B82CEAC66C225876B0A4F8224D1597FCEA79DBA387D92FC797259BF826A1B90B2A15F62B6DF8B52629DAB467A6AE1795038E6B39F249B6CD3134035D44292FD0076EAE4ED2A2DCEB5EC50F6B2AF16261E922FD571771193949A4151B6C4AD2DB86DF80C7A26132BDDDE244F0EB507F2698EA2A483A55556B5C3F826E160DBF8CE0B210A8FB726223882
InternalFlags REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\avipbb\Security
Security REG_BINARY 01001480900000009C000000140000003000000002001C000100000002801400FF010F00010100000000000100000000020060000400000000001400FD01020001010000000000051200000000001800FF010F0001020000000000052000000020020000000014008D01020001010000000000050B00000000001800FD01020001020000000000052000000023020000010100000000000512000000010100000000000512000000

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\avipbb\Enum
0 REG_SZ Root\LEGACY_AVIPBB\0000
Count REG_DWORD 0x1
NextInstance REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\b57w2k
Type REG_DWORD 0x1
Start REG_DWORD 0x3
ErrorControl REG_DWORD 0x1
Tag REG_DWORD 0xa
ImagePath REG_EXPAND_SZ system32\DRIVERS\b57xp32.sys
DisplayName REG_SZ Broadcom NetXtreme Gigabit Ethernet
Group REG_SZ NDIS

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\b57w2k\Security
Security REG_BINARY 01001480900000009C000000140000003000000002001C000100000002801400FF010F00010100000000000100000000020060000400000000001400FD01020001010000000000051200000000001800FF010F0001020000000000052000000020020000000014008D01020001010000000000050B00000000001800FD01020001020000000000052000000023020000010100000000000512000000010100000000000512000000

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\b57w2k\Enum
0 REG_SZ PCI\VEN_14E4&DEV_167D&SUBSYS_05771014&REV_11\4&111a1fd8&0&00E0
Count REG_DWORD 0x1
NextInstance REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\BattC
MofImagePath REG_EXPAND_SZ System32\Drivers\battc.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Beep
ErrorControl REG_DWORD 0x1
Group REG_SZ Base
Start REG_DWORD 0x1
Tag REG_DWORD 0x2
Type REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Beep\Enum
0 REG_SZ Root\LEGACY_BEEP\0000
Count REG_DWORD 0x1
NextInstance REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\BITS
Type REG_DWORD 0x20
Start REG_DWORD 0x3
ErrorControl REG_DWORD 0x1
ImagePath REG_EXPAND_SZ %SystemRoot%\system32\svchost.exe -k netsvcs
DisplayName REG_SZ Background Intelligent Transfer Service
DependOnService REG_MULTI_SZ Rpcss\0\0
DependOnGroup REG_MULTI_SZ \0
ObjectName REG_SZ LocalSystem
Description REG_SZ Transfers files in the background using idle network bandwidth. If the service is stopped, features such as Windows Update, and MSN Explorer will be unable to automatically download programs and other information. If this service is disabled, any services that explicitly depend on it may fail to transfer files if they do not have a fail safe mechanism to transfer files directly through IE in case BITS has been disabled.
FailureActions REG_BINARY 0000000000000000000000000300000068E30C000100000060EA00000100000060EA00000100000060EA0000

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\BITS\Parameters
ServiceDll REG_EXPAND_SZ %systemroot%\system32\qmgr.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\BITS\Security
Security REG_BINARY 01001480900000009C000000140000003000000002001C000100000002801400FF010F00010100000000000100000000020060000400000000001400FD01020001010000000000051200000000001800FF010F0001020000000000052000000020020000000014008D01020001010000000000050B00000000001800FD01020001020000000000052000000023020000010100000000000512000000010100000000000512000000

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\BITS\Enum
0 REG_SZ Root\LEGACY_BITS\0000
Count REG_DWORD 0x1
NextInstance REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Browser
Type REG_DWORD 0x20
Start REG_DWORD 0x4
ErrorControl REG_DWORD 0x1
ImagePath REG_EXPAND_SZ %SystemRoot%\system32\svchost.exe -k netsvcs
DisplayName REG_SZ Computer Browser
DependOnService REG_MULTI_SZ LanmanWorkstation\0LanmanServer\0\0
DependOnGroup REG_MULTI_SZ \0
ObjectName REG_SZ LocalSystem
Description REG_SZ Maintains an updated list of computers on the network and supplies this list to computers designated as browsers. If this service is stopped, this list will not be updated or maintained. If this service is disabled, any services that explicitly depend on it will fail to start.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Browser\Parameters
IsDomainMaster REG_SZ FALSE
MaintainServerList REG_SZ Auto
ServiceDll REG_EXPAND_SZ %SystemRoot%\System32\browser.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Browser\Security
Security REG_BINARY 01001480900000009C000000140000003000000002001C000100000002801400FF010F000101000000000001000000000200600004000000000014008D01020001010000000000050B000000000018009D0102000102000000000005200000002302000000001800FF010F000102000000000005200000002002000000001400FD010200010100000000000512000000010100000000000512000000010100000000000512000000

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Browser\Enum
0 REG_SZ Root\LEGACY_BROWSER\0000
Count REG_DWORD 0x1
NextInstance REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\catchme
Type REG_DWORD 0x1
ErrorControl REG_DWORD 0x1
Start REG_DWORD 0x3
ImagePath REG_EXPAND_SZ \??\D:\DOCUME~1\User\LOCALS~1\Temp\catchme.sys
Group REG_EXPAND_SZ Base

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\catchme\Enum
0 REG_SZ Root\LEGACY_CATCHME\0000
Count REG_DWORD 0x1
NextInstance REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\cbidf2k
ErrorControl REG_DWORD 0x1
Group REG_SZ SCSI miniport
Start REG_DWORD 0x4
Tag REG_DWORD 0x19
Type REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\cbidf2k\Parameters

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\cbidf2k\Parameters\PnpInterface
1 REG_DWORD 0x1
5 REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\cd20xrnt
ErrorControl REG_DWORD 0x1
Group REG_SZ SCSI miniport
Start REG_DWORD 0x4
Tag REG_DWORD 0x3a
Type REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\cd20xrnt\Parameters

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\cd20xrnt\Parameters\PnpInterface
1 REG_DWORD 0x11

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Cdaudio
ErrorControl REG_DWORD 0x0
Group REG_SZ Filter
Start REG_DWORD 0x1
Tag REG_DWORD 0x6
Type REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Cdaudio\Enum
Count REG_DWORD 0x0
NextInstance REG_DWORD 0x0
INITSTARTFAILED REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Cdfs
DependOnGroup REG_MULTI_SZ SCSI CDROM Class\0\0
ErrorControl REG_DWORD 0x1
Group REG_SZ File system
Start REG_DWORD 0x4
Type REG_DWORD 0x2

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Cdfs\Enum
0 REG_SZ Root\LEGACY_CDFS\0000
Count REG_DWORD 0x1
NextInstance REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Cdrom
DependOnGroup REG_MULTI_SZ SCSI miniport\0\0
ErrorControl REG_DWORD 0x1
Group REG_SZ SCSI CDROM Class
Start REG_DWORD 0x1
Tag REG_DWORD 0x2
Type REG_DWORD 0x1
DisplayName REG_SZ CD-ROM Driver
ImagePath REG_EXPAND_SZ system32\DRIVERS\cdrom.sys
AutoRun REG_DWORD 0x1
AutoRunAlwaysDisable REG_MULTI_SZ NEC MBR-7 \0NEC MBR-7.4 \0PIONEER CHANGR DRM-1804X\0PIONEER CD-ROM DRM-6324X\0PIONEER CD-ROM DRM-624X \0TORiSAN CD-ROM CDR_C36\0\0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Cdrom\Enum
0 REG_SZ IDE\CdRomMATSHITA_DVD-RAM_UJ-822S________________1.61____\5&2ba179a6&0&0.0.0
Count REG_DWORD 0x1
NextInstance REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Changer
ErrorControl REG_DWORD 0x0
Group REG_SZ Filter
Start REG_DWORD 0x1
Tag REG_DWORD 0x5
Type REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\cisvc
Type REG_DWORD 0x120
Start REG_DWORD 0x3
ErrorControl REG_DWORD 0x1
ImagePath REG_EXPAND_SZ %SystemRoot%\system32\cisvc.exe
DisplayName REG_SZ Indexing Service
DependOnService REG_MULTI_SZ RPCSS\0\0
DependOnGroup REG_MULTI_SZ \0
ObjectName REG_SZ LocalSystem
Description REG_SZ Indexes contents and properties of files on local and remote computers; provides rapid access to files through flexible querying language.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\cisvc\Security
Security REG_BINARY 01001480900000009C000000140000003000000002001C000100000002801400FF010F00010100000000000100000000020060000400000000001400FD01020001010000000000051200000000001800FF010F0001020000000000052000000020020000000014008D01020001010000000000050B00000000001800FD01020001020000000000052000000023020000010100000000000512000000010100000000000512000000

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\cisvc\Enum
0 REG_SZ Root\LEGACY_CISVC\0000
Count REG_DWORD 0x1
NextInstance REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\ClipSrv
DependOnService REG_MULTI_SZ NetDDE\0\0
Description REG_SZ Enables ClipBook Viewer to store information and share it with remote computers. If the service is stopped, ClipBook Viewer will not be able to share information with remote computers. If this service is disabled, any services that explicitly depend on it will fail to start.
DisplayName REG_SZ ClipBook
ErrorControl REG_DWORD 0x1
ImagePath REG_EXPAND_SZ %SystemRoot%\system32\clipsrv.exe
ObjectName REG_SZ LocalSystem
Start REG_DWORD 0x3
Type REG_DWORD 0x10

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\ClipSrv\Security
Security REG_BINARY 01001480900000009C000000140000003000000002001C000100000002801400FF010F000101000000000001000000000200600004000000000014008D00020001010000000000050B00000000001800FF010F0001020000000000052000000020020000000018008D00020001020000000000052000000023020000000014009D000000010100000000000504000000010100000000000512000000010100000000000512000000

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\clr_optimization_v2.0.50727_32
Type REG_DWORD 0x10
Start REG_DWORD 0x3
ErrorControl REG_DWORD 0x0
ImagePath REG_EXPAND_SZ C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
DisplayName REG_SZ .NET Runtime Optimization Service v2.0.50727_X86
ObjectName REG_SZ LocalSystem
Description REG_SZ Microsoft .NET Framework NGEN
FailureActions REG_BINARY 80510100000000000000000004000000490042000100000060EA00000100000000A60E00010000000060EA000000000000000000

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\clr_optimization_v2.0.50727_32\Security
Security REG_BINARY 01001480900000009C000000140000003000000002001C000100000002801400FF010F00010100000000000100000000020060000400000000001400FD01020001010000000000051200000000001800FF010F0001020000000000052000000020020000000014008D01020001010000000000050B00000000001800FD01020001020000000000052000000023020000010100000000000512000000010100000000000512000000

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\clr_optimization_v2.0.50727_32\Enum
0 REG_SZ Root\LEGACY_CLR_OPTIMIZATION_V2.0.50727_32\0000
Count REG_DWORD 0x1
NextInstance REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\CmBatt
Type REG_DWORD 0x1
Start REG_DWORD 0x3
ErrorControl REG_DWORD 0x1
ImagePath REG_EXPAND_SZ system32\DRIVERS\CmBatt.sys
DisplayName REG_SZ Microsoft AC Adapter Driver

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\CmBatt\Security
Security REG_BINARY 01001480900000009C000000140000003000000002001C000100000002801400FF010F00010100000000000100000000020060000400000000001400FD01020001010000000000051200000000001800FF010F0001020000000000052000000020020000000014008D01020001010000000000050B00000000001800FD01020001020000000000052000000023020000010100000000000512000000010100000000000512000000

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\CmBatt\Enum
0 REG_SZ ACPI\PNP0C0A\0
Count REG_DWORD 0x2
NextInstance REG_DWORD 0x2
1 REG_SZ ACPI\ACPI0003\0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\CmdIde
ErrorControl REG_DWORD 0x1
Group REG_SZ System Bus Extender
Start REG_DWORD 0x4
Tag REG_DWORD 0x4
Type REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Compbatt
Type REG_DWORD 0x1
Start REG_DWORD 0x0
ErrorControl REG_DWORD 0x1
Tag REG_DWORD 0x7
ImagePath REG_EXPAND_SZ system32\DRIVERS\compbatt.sys
DisplayName REG_SZ Microsoft Composite Battery Driver
Group REG_SZ System Bus Extender

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Compbatt\Security
Security REG_BINARY 01001480900000009C000000140000003000000002001C000100000002801400FF010F00010100000000000100000000020060000400000000001400FD01020001010000000000051200000000001800FF010F0001020000000000052000000020020000000014008D01020001010000000000050B00000000001800FD01020001020000000000052000000023020000010100000000000512000000010100000000000512000000

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Compbatt\Enum
0 REG_SZ Root\COMPOSITE_BATTERY\0000
Count REG_DWORD 0x1
NextInstance REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\COMSysApp
Type REG_DWORD 0x10
Start REG_DWORD 0x3
ErrorControl REG_DWORD 0x1
ImagePath REG_EXPAND_SZ %SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
DisplayName REG_SZ COM+ System Application
DependOnService REG_MULTI_SZ rpcss\0\0
DependOnGroup REG_MULTI_SZ \0
ObjectName REG_SZ LocalSystem
Description REG_SZ Manages the configuration and tracking of Component Object Model (COM)+-based components. If the service is stopped, most COM+-based components will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
FailureActions REG_BINARY 1E0000000000000000000000030000000000000001000000E8030000010000008813000000000000E8030000

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\COMSysApp\Security
Security REG_BINARY 01001480900000009C000000140000003000000002001C000100000002801400FF010F00010100000000000100000000020060000400000000001400FD01020001010000000000051200000000001800FF010F0001020000000000052000000020020000000014008D01020001010000000000050B00000000001800FD01020001020000000000052000000023020000010100000000000512000000010100000000000512000000

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\COMSysApp\Enum
0 REG_SZ Root\LEGACY_COMSYSAPP\0000
Count REG_DWORD 0x1
NextInstance REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\ContentFilter

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\ContentFilter\Linkage
Bind REG_SZ \Dummy
Export REG_SZ \Dummy
Route REG_SZ \Dummy

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\ContentFilter\Performance
Close REG_SZ DoneFILTERPerformanceData
Collect REG_SZ CollectFILTERPerformanceData
Open REG_SZ InitializeFILTERPerformanceData
Library REG_EXPAND_SZ %SystemRoot%\System32\query.dll
WbemAdapFileSignature REG_BINARY 43E4758953F454090CAD65C303796ED5
WbemAdapFileTime REG_BINARY 5094996B7E7BC501
WbemAdapFileSize REG_DWORD 0x15e800
WbemAdapStatus REG_DWORD 0x0
Last Counter REG_DWORD 0x209a
Last Help REG_DWORD 0x209b
First Counter REG_DWORD 0x2094
First Help REG_DWORD 0x2095
Object List REG_SZ 8340

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\ContentIndex

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\ContentIndex\Linkage
Bind REG_SZ \Dummy
Export REG_SZ \Dummy
Route REG_SZ \Dummy

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\ContentIndex\Performance
Close REG_SZ DoneCIPerformanceData
Collect REG_SZ CollectCIPerformanceData
Open REG_SZ InitializeCIPerformanceData
Library REG_EXPAND_SZ %SystemRoot%\System32\query.dll
WbemAdapFileSignature REG_BINARY 43E4758953F454090CAD65C303796ED5
WbemAdapFileTime REG_BINARY 5094996B7E7BC501
WbemAdapFileSize REG_DWORD 0x15e800
WbemAdapStatus REG_DWORD 0x0
Last Counter REG_DWORD 0x2092
Last Help REG_DWORD 0x2093
First Counter REG_DWORD 0x207c
First Help REG_DWORD 0x207d
Object List REG_SZ 8316

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Cpqarray
ErrorControl REG_DWORD 0x1
Group REG_SZ SCSI miniport
Start REG_DWORD 0x4
Tag REG_DWORD 0x100
Type REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Cpqarray\Parameters

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Cpqarray\Parameters\PnpInterface
2 REG_DWORD 0x1
5 REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\CryptSvc
DependOnService REG_MULTI_SZ RpcSs\0\0
Description REG_SZ Provides three management services: Catalog Database Service, which confirms the signatures of Windows files; Protected Root Service, which adds and removes Trusted Root Certification Authority certificates from this computer; and Key Service, which helps enroll this computer for certificates. If this service is stopped, these management services will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
DisplayName REG_SZ CryptSvc
ErrorControl REG_DWORD 0x1
ImagePath REG_EXPAND_SZ %SystemRoot%\system32\svchost.exe -k netsvcs
ObjectName REG_SZ LocalSystem
Start REG_DWORD 0x2
Type REG_DWORD 0x20

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\CryptSvc\Parameters
ServiceDll REG_EXPAND_SZ %SystemRoot%\System32\cryptsvc.dll
ServiceMain REG_SZ CryptServiceMain

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\CryptSvc\Security
Security REG_BINARY 00000E0001

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\CryptSvc\Enum
0 REG_SZ Root\LEGACY_CRYPTSVC\0000
Count REG_DWORD 0x1
NextInstance REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\dac2w2k
Group REG_SZ SCSI miniport
Start REG_DWORD 0x4
Tag REG_DWORD 0x20
Type REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\dac2w2k\Parameters

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\dac2w2k\Parameters\PnpInterface
2 REG_DWORD 0x1
5 REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\dac960nt
ErrorControl REG_DWORD 0x1
Group REG_SZ SCSI miniport
Start REG_DWORD 0x4
Tag REG_DWORD 0x20
Type REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\dac960nt\Parameters

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\dac960nt\Parameters\PnpInterface
2 REG_DWORD 0x1
5 REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\DcomLaunch
Description REG_SZ Provides launch functionality for DCOM services.
DisplayName REG_SZ DCOM Server Process Launcher
ErrorControl REG_DWORD 0x1
Group REG_SZ Event Log
ImagePath REG_EXPAND_SZ %SystemRoot%\system32\svchost.exe -k DcomLaunch
ObjectName REG_SZ LocalSystem
Start REG_DWORD 0x2
Type REG_DWORD 0x20
FailureActions REG_BINARY 00000000000000000000000001000000000000000200000060EA0000

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\DcomLaunch\Parameters
ServiceDll REG_EXPAND_SZ %SystemRoot%\system32\rpcss.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\DcomLaunch\Security
Security REG_BINARY 01001480B4000000C00000001400000034000000020020000100000002801800FF010F00010100000000000100000000200200000200800005000000000318008D0002000101000000000001000000000000000000031800FF010F0001020000000000052000000020020000000318008F00020001020000000000052000000023020000000318009D00000001010000000000050400000023020000000318009D00000001020000000000052000000021020000010100000000000512000000010100000000000512000000

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\DcomLaunch\Enum
0 REG_SZ Root\LEGACY_DCOMLAUNCH\0000
Count REG_DWORD 0x1
NextInstance REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Dhcp
Type REG_DWORD 0x20
Start REG_DWORD 0x2
ErrorControl REG_DWORD 0x1
ImagePath REG_EXPAND_SZ %SystemRoot%\system32\svchost.exe -k netsvcs
DisplayName REG_SZ DHCP Client
Group REG_SZ TDI
DependOnService REG_MULTI_SZ Tcpip\0Afd\0NetBT\0\0
DependOnGroup REG_MULTI_SZ \0
ObjectName REG_SZ LocalSystem
Description REG_SZ Manages network configuration by registering and updating IP addresses and DNS names.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Dhcp\Configurations
Options REG_BINARY 32000000000000000400000000000000FFFFFF7F0000000001000000000000000400000000000000FFFFFF7F00000000

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Dhcp\Linkage

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Dhcp\Linkage\Disabled

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Dhcp\Parameters
ServiceDll REG_EXPAND_SZ %SystemRoot%\System32\dhcpcsvc.dll
{2047D367-C156-4789-9677-4A6228DF08FB} REG_BINARY 06000000000000000000000000000000F00FCA4203000000000000000000000000000000F00FCA4201000000000000000000000000000000F00FCA4236000000000000000000000000000000F00FCA4235000000000000000000000000000000F00FCA4233000000000000000000000000000000F00FCA42
{FA171F19-8802-4BDB-B89E-14F21C76F3A2} REG_BINARY 2E0000000000000001000000000000000907E043020000002C0000000000000004000000000000000907E04394A60810060000000000000008000000000000000907E04394A6080C94A60812030000000000000004000000000000000907E04394A690010F0000000000000010000000000000000907E04373616372656468656172742E65647500010000000000000004000000000000000907E043FFFFFC00360000000000000004000000000000000907E04394A60C0A330000000000000004000000000000000907E043000003843B0000000000000004000000000000000907E043000003133A0000000000000004000000000000000907E043000001C2350000000000000001000000000000000907E04305000000
{05EB3BBA-E10F-4F25-A580-514A93108E4D} REG_BINARY 0C000000000000000C000000000000007F78704C3030313132353137643634381F0000000000000001000000000000007F78704C01000000060000000000000008000000000000007F78704CD03BF72DD03BF72E030000000000000004000000000000007F78704CCFACA8010F000000000000000D000000000000007F78704C6361626C652E72636E2E636F6D000000050000000000000008000000000000007F78704CD03BF72DD03BF72E010000000000000004000000000000007F78704CFFFFFC00330000000000000004000000000000007F78704C00093A80360000000000000004000000000000007F78704CD17A405B350000000000000001000000000000007F78704C05000000
{3A259CC5-DB5E-4B98-BF9A-D50DB73C4EB1} REG_BINARY 06000000000000000400000000000000BC07574EC0A80A0103000000000000000400000000000000BC07574EC0A80A0101000000000000000400000000000000BC07574EFFFFFF0036000000000000000400000000000000BC07574EC0A80A0135000000000000000100000000000000BC07574E05000000FC0000000000000000000000000000002DB7554E33000000000000000400000000000000BC07574E00015180

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Dhcp\Parameters\Options

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Dhcp\Parameters\Options\1
KeyType REG_DWORD 0x7
RegLocation REG_MULTI_SZ SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\?\DhcpSubnetMaskOpt\0SYSTEM\CurrentControlSet\Services\?\Parameters\Tcpip\DhcpSubnetMaskOpt\0\0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Dhcp\Parameters\Options\15
KeyType REG_DWORD 0x1
RegLocation REG_MULTI_SZ SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\?\DhcpDomain\0SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DhcpDomain\0\0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Dhcp\Parameters\Options\220
KeyType REG_DWORD 0x3
VendorType REG_DWORD 0x1
RegSendLocation REG_MULTI_SZ SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\?\SoHRequest\0\0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Dhcp\Parameters\Options\3
KeyType REG_DWORD 0x7
RegLocation REG_MULTI_SZ SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\?\DhcpDefaultGateway\0SYSTEM\CurrentControlSet\Services\?\Parameters\Tcpip\DhcpDefaultGateway\0\0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Dhcp\Parameters\Options\44
KeyType REG_DWORD 0x1
RegLocation REG_MULTI_SZ SYSTEM\CurrentControlSet\Services\NetBT\Parameters\Interfaces\Tcpip_?\DhcpNameServerList\0SYSTEM\CurrentControlSet\Services\NetBT\Adapters\?\DhcpNameServer\0\0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Dhcp\Parameters\Options\46
KeyType REG_DWORD 0x4
RegLocation REG_SZ SYSTEM\CurrentControlSet\Services\NetBT\Parameters\DhcpNodeType

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Dhcp\Parameters\Options\47
KeyType REG_DWORD 0x1
RegLocation REG_SZ SYSTEM\CurrentControlSet\Services\NetBT\Parameters\DhcpScopeID

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Dhcp\Parameters\Options\6
KeyType REG_DWORD 0x1
RegLocation REG_MULTI_SZ SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\?\DhcpNameServer\0SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DhcpNameServer\0\0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Dhcp\Parameters\Options\DhcpNetbiosOptions
KeyType REG_DWORD 0x4
OptionId REG_DWORD 0x1
VendorType REG_DWORD 0x1
RegLocation REG_MULTI_SZ SYSTEM\CurrentControlSet\Services\NetBT\Parameters\Interfaces\Tcpip_?\DhcpNetbiosOptions\0\0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Dhcp\Security
Security REG_BINARY 01001480900000009C000000140000003000000002001C000100000002801400FF010F000101000000000001000000000200600004000000000014008D01020001010000000000050B00000000001800FD0102000102000000000005200000002C02000000001800FF010F000102000000000005200000002002000000001400FD010200010100000000000512000000010100000000000512000000010100000000000512000000

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Dhcp\Enum
0 REG_SZ Root\LEGACY_DHCP\0000
Count REG_DWORD 0x1
NextInstance REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Disk
DependOnGroup REG_MULTI_SZ SCSI miniport\0\0
ErrorControl REG_DWORD 0x1
Group REG_SZ SCSI Class
Start REG_DWORD 0x0
Tag REG_DWORD 0x2
Type REG_DWORD 0x1
DisplayName REG_SZ Disk Driver
ImagePath REG_EXPAND_SZ system32\DRIVERS\disk.sys
AutoRunAlwaysDisable REG_MULTI_SZ Brother RemovableDisk(U)\0\0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Disk\Enum
0 REG_SZ IDE\DiskHTS541080G9AT00_________________________MB4IA60A\5&2c06044&0&0.0.0
Count REG_DWORD 0x2
NextInstance REG_DWORD 0x2
1 REG_SZ USBSTOR\Disk&Ven_&Prod_USB_Flash_Memory&Rev_1.00\0611170920483&0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\dmadmin
DependOnService REG_MULTI_SZ RpcSs\0PlugPlay\0DmServer\0\0
Type REG_DWORD 0x20
Start REG_DWORD 0x3
ErrorControl REG_DWORD 0x1
ImagePath REG_EXPAND_SZ %SystemRoot%\System32\dmadmin.exe /com
DisplayName REG_SZ Logical Disk Manager Administrative Service
ObjectName REG_SZ LocalSystem
Description REG_SZ Configures hard disk drives and volumes. The service only runs for configuration processes and then stops.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\dmadmin\Parameters
EnableDynamicConversionFor1394 REG_DWORD 0x0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\dmadmin\Enum
0 REG_SZ Root\LEGACY_DMADMIN\0000
Count REG_DWORD 0x1
NextInstance REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\dmboot
Type REG_DWORD 0x1
Start REG_DWORD 0x4
ErrorControl REG_DWORD 0x1
Group REG_SZ Filter
Tag REG_DWORD 0xb
ImagePath REG_EXPAND_SZ System32\drivers\dmboot.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\dmboot\Enum
0 REG_SZ Root\LEGACY_DMBOOT\0000
Count REG_DWORD 0x1
NextInstance REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\dmio
Type REG_DWORD 0x1
Start REG_DWORD 0x4
ErrorControl REG_DWORD 0x1
Group REG_SZ System Bus Extender
Tag REG_DWORD 0xd
ImagePath REG_EXPAND_SZ System32\drivers\dmio.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\dmload
Type REG_DWORD 0x1
Start REG_DWORD 0x4
ErrorControl REG_DWORD 0x1
Group REG_SZ System Bus Extender
Tag REG_DWORD 0xc
ImagePath REG_EXPAND_SZ System32\drivers\dmload.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\dmload\Enum
0 REG_SZ Root\LEGACY_DMLOAD\0000
Count REG_DWORD 0x1
NextInstance REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\dmserver
DependOnService REG_MULTI_SZ RpcSs\0PlugPlay\0\0
Type REG_DWORD 0x20
Start REG_DWORD 0x3
ErrorControl REG_DWORD 0x1
ImagePath REG_EXPAND_SZ %SystemRoot%\System32\svchost.exe -k netsvcs
DisplayName REG_SZ Logical Disk Manager
ObjectName REG_SZ LocalSystem
Description REG_SZ Detects and monitors new hard disk drives and sends disk volume information to Logical Disk Manager Administrative Service for configuration. If this service is stopped, dynamic disk status and configuration information may become out of date. If this service is disabled, any services that explicitly depend on it will fail to start.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\dmserver\Parameters
ServiceDll REG_EXPAND_SZ %SystemRoot%\System32\dmserver.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\dmserver\Security
Security REG_BINARY 01001480900000009C000000140000003000000002001C000100000002801400FF010F000101000000000001000000000200600004000000000014008D01020001010000000000050B000000000018009D0102000102000000000005200000002302000000001800FF010F000102000000000005200000002002000000001400FD010200010100000000000512000000010100000000000512000000010100000000000512000000

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\dmserver\Enum
0 REG_SZ Root\LEGACY_DMSERVER\0000
Count REG_DWORD 0x1
NextInstance REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\DMusic
Type REG_DWORD 0x1
Start REG_DWORD 0x3
ErrorControl REG_DWORD 0x1
ImagePath REG_EXPAND_SZ system32\drivers\DMusic.sys
DisplayName REG_SZ Microsoft Kernel DLS Syntheiszer

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\DMusic\Security
Security REG_BINARY 01001480900000009C000000140000003000000002001C000100000002801400FF010F00010100000000000100000000020060000400000000001400FD01020001010000000000051200000000001800FF010F0001020000000000052000000020020000000014008D01020001010000000000050B00000000001800FD01020001020000000000052000000023020000010100000000000512000000010100000000000512000000

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\DMusic\Enum
Count REG_DWORD 0x0
NextInstance REG_DWORD 0x0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Dnscache
Type REG_DWORD 0x20
Start REG_DWORD 0x2
ErrorControl REG_DWORD 0x1
ImagePath REG_EXPAND_SZ %SystemRoot%\system32\svchost.exe -k NetworkService
DisplayName REG_SZ DNS Client
Group REG_SZ TDI
DependOnService REG_MULTI_SZ Tcpip\0\0
DependOnGroup REG_MULTI_SZ \0
ObjectName REG_SZ NT AUTHORITY\NetworkService
Description REG_SZ Resolves and caches Domain Name System (DNS) names for this computer. If this service is stopped, this computer will not be able to resolve DNS names and locate Active Directory domain controllers. If this service is disabled, any services that explicitly depend on it will fail to start.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Dnscache\Parameters
ServiceDll REG_EXPAND_SZ %SystemRoot%\System32\dnsrslvr.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Dnscache\Security
Security REG_BINARY 01001480A8000000B4000000140000003000000002001C000100000002801400FF010F000101000000000001000000000200780005000000000014008D01020001010000000000050B000000000018009D0102000102000000000005200000002302000000001800FD0102000102000000000005200000002C02000000001800FF010F000102000000000005200000002002000000001400FD010200010100000000000512000000010100000000000512000000010100000000000512000000

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Dnscache\Enum
0 REG_SZ Root\LEGACY_DNSCACHE\0000
Count REG_DWORD 0x1
NextInstance REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Dot3svc
DependOnService REG_MULTI_SZ Ndisuio\0eaphost\0\0
Description REG_SZ This service performs IEEE 802.1X authentication on Ethernet interfaces
DisplayName REG_SZ Wired AutoConfig
ErrorControl REG_DWORD 0x1
ImagePath REG_EXPAND_SZ %SystemRoot%\System32\svchost.exe -k dot3svc
ObjectName REG_SZ LocalSystem
Type REG_DWORD 0x20
Group REG_SZ TDI
FailureActions REG_BINARY 5A0000000000000000000000020000006500790001000000C0D4010001000000E0930400
Start REG_DWORD 0x3

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Dot3svc\Parameters
ServiceDll REG_EXPAND_SZ %SystemRoot%\System32\dot3svc.dll
ServiceMain REG_SZ Dot3SvcMain
ServiceDllUnloadOnStop REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\DozeHDD
Type REG_DWORD 0x1
Start REG_DWORD 0x0
ErrorControl REG_DWORD 0x1
ImagePath REG_EXPAND_SZ System32\DRIVERS\DozeHDD.sys
Group REG_SZ Pointer Port
Tag REG_DWORD 0x8

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\DozeHDD\Enum
0 REG_SZ IDE\DiskHTS541080G9AT00_________________________MB4IA60A\5&2c06044&0&0.0.0
Count REG_DWORD 0x2
NextInstance REG_DWORD 0x2
1 REG_SZ USBSTOR\Disk&Ven_&Prod_USB_Flash_Memory&Rev_1.00\0611170920483&0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\DozeSvc
Type REG_DWORD 0x110
Start REG_DWORD 0x2
ErrorControl REG_DWORD 0x1
ImagePath REG_EXPAND_SZ C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE
DisplayName REG_SZ Lenovo Doze Mode Service
ObjectName REG_SZ LocalSystem

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\DozeSvc\Security
Security REG_BINARY 01001480900000009C000000140000003000000002001C000100000002801400FF010F00010100000000000100000000020060000400000000001400FD01020001010000000000051200000000001800FF010F0001020000000000052000000020020000000014008D01020001010000000000050B00000000001800FD01020001020000000000052000000023020000010100000000000512000000010100000000000512000000

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\DozeSvc\Enum
0 REG_SZ Root\LEGACY_DOZESVC\0000
Count REG_DWORD 0x1
NextInstance REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\dpti2o
ErrorControl REG_DWORD 0x1
Group REG_SZ SCSI miniport
Start REG_DWORD 0x4
Tag REG_DWORD 0x3c
Type REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\dpti2o\Parameters

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\dpti2o\Parameters\PnpInterface
5 REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\drmkaud
Type REG_DWORD 0x1
Start REG_DWORD 0x3
ErrorControl REG_DWORD 0x1
ImagePath REG_EXPAND_SZ system32\drivers\drmkaud.sys
DisplayName REG_SZ Microsoft Kernel DRM Audio Descrambler

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\drmkaud\Security
Security REG_BINARY 01001480900000009C000000140000003000000002001C000100000002801400FF010F00010100000000000100000000020060000400000000001400FD01020001010000000000051200000000001800FF010F0001020000000000052000000020020000000014008D01020001010000000000050B00000000001800FD01020001020000000000052000000023020000010100000000000512000000010100000000000512000000

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\drmkaud\Enum
Count REG_DWORD 0x0
NextInstance REG_DWORD 0x0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\drvmcdb

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\drvncdb

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\drvnddm

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\drvnddm\Enum
0 REG_SZ Root\LEGACY_DRVNDDM\0000
Count REG_DWORD 0x1
NextInstance REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\EapHost
DisplayName REG_SZ Extensible Authentication Protocol Service
Description REG_SZ Provides windows clients Extensible Authentication Protocol Service
Type REG_DWORD 0x20
Start REG_DWORD 0x3
ErrorControl REG_DWORD 0x1
ImagePath REG_EXPAND_SZ %SystemRoot%\System32\svchost.exe -k eapsvcs
DependOnService REG_MULTI_SZ RpcSs\0\0
ObjectName REG_SZ localSystem
FailureActions REG_BINARY 5A0000000000000000000000020000006500790001000000C0D4010001000000E0930400

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\EapHost\Methods

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\EapHost\Parameters
ServiceDll REG_EXPAND_SZ %SystemRoot%\System32\eapsvc.dll
ServiceDllUnloadOnStop REG_DWORD 0x1
PeerInstalled REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\EGATHDRV
Type REG_DWORD 0x1
Start REG_DWORD 0x2
ErrorControl REG_DWORD 0x1
ImagePath REG_EXPAND_SZ \??\C:\WINDOWS\SYSTEM32\EGATHDRV.SYS
DisplayName REG_SZ IBM eGatherer

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\EGATHDRV\Security
Security REG_BINARY 01001480A4000000B0000000140000003000000002001C000100000002801400FF010F000101000000000001000000000200740005000000000014003000000001010000000000010000000000001400FD01020001010000000000051200000000001800FF010F0001020000000000052000000020020000000014008D01020001010000000000050B00000000001800FD01020001020000000000052000000023020000010100000000000512000000010100000000000512000000

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\EGATHDRV\Users
Z096Z REG_SZ

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\EGATHDRV\Enum
0 REG_SZ Root\LEGACY_EGATHDRV\0000
Count REG_DWORD 0x1
NextInstance REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\ERSvc
DependOnService REG_MULTI_SZ RpcSs\0\0
Description REG_SZ Allows error reporting for services and applictions running in non-standard environments.
DisplayName REG_SZ Error Reporting Service
ErrorControl REG_DWORD 0x0
ImagePath REG_EXPAND_SZ %SystemRoot%\System32\svchost.exe -k netsvcs
ObjectName REG_SZ LocalSystem
Start REG_DWORD 0x2
Type REG_DWORD 0x20

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\ERSvc\Parameters
ServiceDll REG_EXPAND_SZ %SystemRoot%\System32\ersvc.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\ERSvc\Security
Security REG_BINARY 01001480900000009C000000140000003000000002001C000100000002801400FF010F00010100000000000100000000020060000400000000001400FD01020001010000000000051200000000001800FF010F0001020000000000052000000020020000000014008D01020001010000000000050B00000000001800FD01020001020000000000052000000023020000010100000000000512000000010100000000000512000000

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\ERSvc\Enum
0 REG_SZ Root\LEGACY_ERSVC\0000
Count REG_DWORD 0x1
NextInstance REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Eventlog
Description REG_SZ Enables event log messages issued by Windows-based programs and components to be viewed in Event Viewer. This service cannot be stopped.
DisplayName REG_SZ Event Log
ErrorControl REG_DWORD 0x1
Group REG_SZ Event log
ImagePath REG_EXPAND_SZ %SystemRoot%\system32\services.exe
ObjectName REG_SZ LocalSystem
PlugPlayServiceType REG_DWORD 0x3
Start REG_DWORD 0x2
Type REG_DWORD 0x20
ComputerName REG_SZ IBM-T43V062

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Eventlog\Application
DisplayNameFile REG_EXPAND_SZ %SystemRoot%\system32\els.dll
DisplayNameID REG_DWORD 0x100
File REG_EXPAND_SZ %SystemRoot%\system32\config\AppEvent.Evt
MaxSize REG_DWORD 0x80000
PrimaryModule REG_SZ Application
Retention REG_DWORD 0x0
RestrictGuestAccess REG_DWORD 0x1
Sources REG_MULTI_SZ Microsoft H.323 Telephony Service Provider\0WSH\0Workstation Event Service\0WMIAdapter\0WmdmPmSN\0WinMgmt\0Winlogon\0Windows Workstation Event\0Windows Product Activation\0Windows 3.1 Migration\0WgaSetup\0WebClient\0W3Ctrs\0VSS\0Visual Studio Analyzer RPC bridge\0Visual Studio - VsTemplate\0VBSDIDB\0VBRuntime\0Userinit\0Userenv\0Tlntsvr\0System.ServiceModel.Install 3.0.0.0\0System.ServiceModel 3.0.0.0\0System.Runtime.Serialization 3.0.0.0\0System.IO.Log 3.0.0.0\0System.IdentityModel 3.0.0.0\0SysmonLog\0SVCMONR\0Starter\0Spybot - Search & Destroy 2\0SpoolerCtrs\0Software Restriction Policies\0Software Installation\0SNL HiveManager\0ServiceModel Audit 3.0.0.0\0SecurityCenter\0SclgNtfy\0SceSrv\0SceCli\0safrslv\0SAFrdms\0RPC\0Remote Assistance\0RawViewer\0Picasa3\0PerfProc\0PerfOS\0PerfNet\0Perfmon\0Perflib\0PerfDisk\0Perfctrs\0Outlook\0Offline Files\0Oakley\0ntbackup\0NDP1.1sp1-KB979906-X86\0NDP1.1sp1-KB953297-X86\0NDP1.1sp1-KB2416447-X86\0MSSQLSERVER/MSDE\0MSSOAP\0MSSHA\0MsiInstaller\0MSDTC Client\0MSDTC\0MSDMine\0mnmsrvc\0Microsoft.Transactions.Bridge 3.0.0.0\0Microsoft Office Document Imaging\0Microsoft Office 11\0Microsoft Fax\0Microsoft Development Environment\0Microsoft ® Visual C# 2005 Compiler\0MDM\0LoadPerf\0Java VM\0IISInfoCtrs\0IISADMIN\0HTTPEXT\0HotFixInstaller\0HelpSvc\0FtpCtrs\0FrontPage 4.0\0Folder Redirection\0File Deployment\0EventSystem\0ESENT\0DrWatson\0Dot3Svc\0DiskQuota\0devenv\0DataTransformationServices\0crypt32\0COM+\0COM\0Ci\0Chkdsk\0CardSpace 3.0.0.0\0Bonjour Service\0Avira AntiVir\0Automation Manager\0AutoEnrollment\0Autochk\0ASP.NET 2.0.50727.0\0Application Management\0Application Hang\0Application Error\0apphelp\0AegisP\0Active Server Pages\0.NET Runtime Optimization Service\0.NET Runtime 2.0 Error Reporting\0.NET Runtime\0Application\0\0
AutoBackupLogFiles REG_DWORD 0x0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Eventlog\Application\.NET Runtime
TypesSupported REG_DWORD 0x7
EventMessageFile REG_SZ C:\WINDOWS\system32\mscoree.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Eventlog\Application\.NET Runtime 2.0 Error Reporting
EventMessageFile REG_SZ c:\Program Files\Common Files\Microsoft Shared\DW\DW20.EXE
TypesSupported REG_DWORD 0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Eventlog\Application\.NET Runtime Optimization Service
EventMessageFile REG_SZ C:\WINDOWS\system32\mscoree.dll
TypesSupported REG_DWORD 0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Eventlog\Application\Active Server Pages
EventMessageFile REG_EXPAND_SZ C:\WINDOWS\system32\inetsrv\ASP.DLL
TypesSupported REG_DWORD 0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Eventlog\Application\AegisP
EventMessageFile REG_EXPAND_SZ %SystemRoot%\system32\AegisE5.dll
TypesSupported REG_DWORD 0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Eventlog\Application\apphelp
EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\apphelp.dll
TypesSupported REG_DWORD 0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Eventlog\Application\Application
CategoryCount REG_DWORD 0x7
CategoryMessageFile REG_EXPAND_SZ %SystemRoot%\system32\eventlog.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Eventlog\Application\Application Error
EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\faultrep.dll;%SystemRoot%\System32\xpsp2res.dll
TypesSupported REG_DWORD 0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Eventlog\Application\Application Hang
EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\faultrep.dll
TypesSupported REG_DWORD 0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Eventlog\Application\Application Management
EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\appmgmts.dll
ParameterMessageFile REG_EXPAND_SZ %SystemRoot%\System32\kernel32.dll
TypesSupported REG_DWORD 0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Eventlog\Application\ASP.NET 2.0.50727.0
TypesSupported REG_DWORD 0x7
EventMessageFile REG_EXPAND_SZ C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_rc.dll
CategoryCount REG_DWORD 0x5
CategoryMessageFile REG_EXPAND_SZ C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_rc.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Eventlog\Application\Autochk
EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\winlogon.exe
TypesSupported REG_DWORD 0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Eventlog\Application\AutoEnrollment
EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\pautoenr.dll
TypesSupported REG_DWORD 0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Eventlog\Application\Automation Manager
EventMessageFile REG_SZ C:\WINDOWS\system32\Autmgr32.exe
TypesSupported REG_DWORD 0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Eventlog\Application\Avira AntiVir
CategoryMessageFile REG_SZ C:\Program Files\Avira\AntiVir Desktop\avevtrc.dll
EventMessageFile REG_SZ C:\Program Files\Avira\AntiVir Desktop\avevtrc.dll
TypesSupported REG_DWORD 0x7
CategoryCount REG_DWORD 0x3

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Eventlog\Application\Bonjour Service
EventMessageFile REG_EXPAND_SZ C:\Program Files\Bonjour\mDNSResponder.exe
TypesSupported REG_DWORD 0x1f

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Eventlog\Application\CardSpace 3.0.0.0
EventMessageFile REG_SZ c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelEvents.dll.mui;c:\WINDOWS\system32\icardres.dll.mui
CategoryMessageFile REG_SZ c:\WINDOWS\system32\icardres.dll.mui
CategoryCount REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Eventlog\Application\Chkdsk
EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\ulib.dll
TypesSupported REG_DWORD 0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Eventlog\Application\Ci
EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\query.dll
CategoryMessageFile REG_EXPAND_SZ %SystemRoot%\System32\query.dll
TypesSupported REG_DWORD 0x7
CategoryCount REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Eventlog\Application\COM
EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\netevent.dll;%SystemRoot%\System32\xpsp2res.dll
ParameterMessageFile REG_EXPAND_SZ %SystemRoot%\System32\kernel32.dll
TypesSupported REG_DWORD 0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Eventlog\Application\COM+
EventMessageFile REG_EXPAND_SZ C:\WINDOWS\system32\COMRes.dll
CategoryMessageFile REG_EXPAND_SZ C:\WINDOWS\system32\COMRes.dll
ParameterMessageFile REG_EXPAND_SZ C:\WINDOWS\system32\COMRes.dll
TypeSupported REG_DWORD 0x7
CategoryCount REG_DWORD 0x75

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Eventlog\Application\crypt32
EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\crypt32.dll
TypesSupported REG_DWORD 0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Eventlog\Application\DataTransformationServices
EventMessageFile REG_SZ C:\Program Files\Microsoft SQL Server\80\Tools\Binn\Resources\1033\dtspkg.RLL
TypesSupported REG_DWORD 0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Eventlog\Application\devenv
EventMessageFile REG_SZ C:\Program Files\Microsoft Visual Studio .NET 2003\Common7\IDE\devenv.exe
TypesSupported REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Eventlog\Application\DiskQuota
EventMessageFile REG_SZ %SystemRoot%\System32\dskquota.dll
TypesSupported REG_SZ 0x00000007

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Eventlog\Application\Dot3Svc
EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\dot3svc.dll
TypesSupported REG_DWORD 0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Eventlog\Application\DrWatson
EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\drwtsn32.exe
TypesSupported REG_DWORD 0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Eventlog\Application\ESENT
EventMessageFile REG_EXPAND_SZ c:\windows\system32\ESENT.dll
CategoryMessageFile REG_EXPAND_SZ c:\windows\system32\ESENT.dll
CategoryCount REG_DWORD 0x10
TypesSupported REG_DWORD 0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Eventlog\Application\EventSystem
CategoryCount REG_DWORD 0x6
TypesSupported REG_DWORD 0x7
CategoryMessageFile REG_EXPAND_SZ C:\WINDOWS\system32\COMRes.dll
EventMessageFile REG_EXPAND_SZ C:\WINDOWS\system32\COMRes.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Eventlog\Application\File Deployment
EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\fdeploy.dll
ParameterMessageFile REG_EXPAND_SZ %SystemRoot%\System32\kernel32.dll
TypesSupported REG_DWORD 0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Eventlog\Application\Folder Redirection
EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\fdeploy.dll
ParameterMessageFile REG_EXPAND_SZ %SystemRoot%\System32\kernel32.dll
TypesSupported REG_DWORD 0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Eventlog\Application\FrontPage 4.0
EventMessageFile REG_EXPAND_SZ C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\40\bin\fp4Autl.dll
TypesSupported REG_DWORD 0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Eventlog\Application\FtpCtrs
EventMessageFile REG_EXPAND_SZ C:\WINDOWS\system32\ftpctrs2.dll
TypesSupported REG_DWORD 0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Eventlog\Application\HelpSvc
EventMessageFile REG_SZ C:\WINDOWS\PCHealth\HelpCtr\Binaries\HCAppRes.dll
TypesSupported REG_DWORD 0x1f

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Eventlog\Application\HotFixInstaller
EventMessageFile REG_EXPAND_SZ C:\PROGRA~1\COMMON~1\MICROS~1\DW\DW20.EXE
TypesSupported REG_DWORD 0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Eventlog\Application\HTTPEXT
EventMessageFile REG_EXPAND_SZ C:\WINDOWS\system32\inetsrv\httpext.dll
TypesSupported REG_DWORD 0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Eventlog\Application\IISADMIN
EventMessageFile REG_EXPAND_SZ C:\WINDOWS\system32\inetsrv\svcext.dll
TypesSupported REG_DWORD 0xf

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Eventlog\Application\IISInfoCtrs
EventMessageFile REG_EXPAND_SZ C:\WINDOWS\system32\infoctrs.dll
TypesSupported REG_DWORD 0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Eventlog\Application\Java VM
EventMessageFile REG_SZ C:\WINDOWS\system32\vmhelper.dll
TypesSupported REG_BINARY 07000000

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Eventlog\Application\LoadPerf
EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\loadperf.dll
TypesSupported REG_DWORD 0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Eventlog\Application\MDM
EventMessageFile REG_SZ C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
TypesSupported REG_DWORD 0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Eventlog\Application\Microsoft ® Visual C# 2005 Compiler
EventMessageFile REG_SZ c:\Program Files\Common Files\Microsoft Shared\DW\DW20.EXE
TypesSupported REG_DWORD 0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Eventlog\Application\Microsoft Development Environment
TypesSupported REG_DWORD 0x7
EventMessageFile REG_SZ C:\Program Files\Microsoft Visual Studio .NET 2003\Common7\IDE\DW.EXE

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Eventlog\Application\Microsoft Fax
EventMessageFile REG_EXPAND_SZ %systemroot%\system32\fxsevent.dll
CategoryMessageFile REG_EXPAND_SZ %systemroot%\system32\fxsevent.dll
CategoryCount REG_DWORD 0x4
TypesSupported REG_DWORD 0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Eventlog\Application\Microsoft Office 11
TypesSupported REG_DWORD 0x7
EventMessageFile REG_SZ C:\PROGRA~1\COMMON~1\MICROS~1\DW\DW20.EXE

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Eventlog\Application\Microsoft Office Document Imaging
CategoryCount REG_DWORD 0x1
EventMessageFile REG_SZ C:\PROGRA~1\COMMON~1\MICROS~1\MODI\11.0\MSPFILT.DLL
LoggingLevel REG_DWORD 0x0
TypesSupported REG_DWORD 0x7
CategoryMessageFile REG_SZ C:\PROGRA~1\COMMON~1\MICROS~1\MODI\11.0\MSPFILT.DLL

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Eventlog\Application\Microsoft.Transactions.Bridge 3.0.0.0
CategoryMessageFile REG_SZ c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelEvents.dll.mui
CategoryCount REG_DWORD 0xe
EventMessageFile REG_SZ c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelEvents.dll.mui

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Eventlog\Application\mnmsrvc
EventMessageFile REG_SZ %SystemRoot%\System32\nmevtmsg.dll
TypeSupported REG_BINARY 07000000

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Eventlog\Application\MSDMine
CategoryMessageFile REG_SZ C:\PROGRA~1\COMMON~1\SYSTEM\OLEDB~1\MSDMINE.DLL
CategoryCount REG_DWORD 0x2
TypesSupported REG_BINARY 0012B858
EventMessageFile REG_SZ C:\PROGRA~1\COMMON~1\SYSTEM\OLEDB~1\MSDMINE.DLL

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Eventlog\Application\MSDTC
EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\comres.dll;%SystemRoot%\System32\xpsp2res.dll
TypesSupported REG_DWORD 0x7
CategoryMessageFile REG_EXPAND_SZ C:\WINDOWS\system32\COMRES.DLL;C:\WINDOWS\system32\xpsp2res.dll
CategoryCount REG_DWORD 0xf

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Eventlog\Application\MSDTC Client
EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\comres.dll;%SystemRoot%\System32\xpsp2res.dll
TypesSupported REG_DWORD 0x7
CategoryMessageFile REG_EXPAND_SZ C:\WINDOWS\system32\COMRES.DLL;C:\WINDOWS\system32\xpsp2res.dll
CategoryCount REG_DWORD 0xf

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Eventlog\Application\MsiInstaller
EventMessageFile REG_SZ C:\WINDOWS\system32\msi.dll
TypesSupported REG_DWORD 0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Eventlog\Application\MSSHA
TypesSupported REG_DWORD 0x7
EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\msshavmsg.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Eventlog\Application\MSSOAP
CategoryMessageFile REG_SZ C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSSOAP30.DLL
EventMessageFile REG_SZ C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSSOAP30.DLL
CategoryCount REG_DWORD 0x4
TypesSupported REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Eventlog\Application\MSSQLSERVER/MSDE
EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\xpsp2res.dll
TypesSupported REG_DWORD 0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Eventlog\Application\NDP1.1sp1-KB2416447-X86
EventMessageFile REG_EXPAND_SZ C:\PROGRA~1\COMMON~1\MICROS~1\DW\DW20.EXE
TypesSupported REG_DWORD 0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Eventlog\Application\NDP1.1sp1-KB953297-X86
EventMessageFile REG_EXPAND_SZ C:\PROGRA~1\COMMON~1\MICROS~1\DW\DW20.EXE
TypesSupported REG_DWORD 0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Eventlog\Application\NDP1.1sp1-KB979906-X86
EventMessageFile REG_EXPAND_SZ C:\PROGRA~1\COMMON~1\MICROS~1\DW\DW20.EXE
TypesSupported REG_DWORD 0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Eventlog\Application\ntbackup
EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\ntbackup.exe
TypesSupported REG_DWORD 0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Eventlog\Application\Oakley
EventMessageFile REG_SZ %SystemRoot%\System32\oakley.dll
TypesSupported REG_DWORD 0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Eventlog\Application\Offline Files
EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\cscui.dll
TypesSupported REG_SZ 0x00000007

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Eventlog\Application\Outlook
EventMessageFile REG_SZ C:\PROGRA~1\COMMON~1\SYSTEM\MSMAPI\1033\MAPIR.DLL
Version REG_DWORD 0xd
TypesSupported REG_DWORD 0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Eventlog\Application\Perfctrs
EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\perfctrs.dll
TypesSupported REG_DWORD 0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Eventlog\Application\PerfDisk
EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\perfdisk.dll
TypesSupported REG_DWORD 0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Eventlog\Application\Perflib
EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\prflbmsg.dll
TypesSupported REG_DWORD 0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Eventlog\Application\Perfmon
EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\perfmon.exe
TypesSupported REG_DWORD 0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Eventlog\Application\PerfNet
EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\perfnet.dll
TypesSupported REG_DWORD 0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Eventlog\Application\PerfOS
EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\perfOS.dll
TypesSupported REG_DWORD 0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Eventlog\Application\PerfProc
EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\perfproc.dll
TypesSupported REG_DWORD 0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Eventlog\Application\Picasa3
EventMessageFile REG_SZ C:\Program Files\Google\Picasa3\Picasa3.exe
TypesSupported REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Eventlog\Application\RawViewer
EventMessageFile REG_SZ C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\EventLogMessages.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Eventlog\Application\Remote Assistance
EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\xpsp2res.dll
TypesSupported REG_DWORD 0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Eventlog\Application\RPC
EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\xpsp3res.dll;%SystemRoot%\System32\xpsp4res.dll
TypesSupported REG_DWORD 0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Eventlog\Application\SAFrdms
EventMessageFile REG_SZ C:\WINDOWS\system32\safrdm.dll
TypesSupported REG_DWORD 0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Eventlog\Application\safrslv
EventMessageFile REG_SZ C:\WINDOWS\system32\safrslv.dll
TypesSupported REG_DWORD 0x1f

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Eventlog\Application\SceCli
EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\scecli.dll
TypesSupported REG_DWORD 0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Eventlog\Application\SceSrv
EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\scesrv.dll
TypesSupported REG_DWORD 0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Eventlog\Application\SclgNtfy
EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\sclgntfy.dll
TypesSupported REG_DWORD 0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Eventlog\Application\SecurityCenter
EventMessageFile REG_EXPAND_SZ %SystemRoot%\system32\xpsp2res.dll
TypesSupported REG_DWORD 0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Eventlog\Application\ServiceModel Audit 3.0.0.0
TypesSupported REG_DWORD 0x1f
EventMessageFile REG_SZ c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelEvents.dll.mui
CategoryCount REG_DWORD 0x2
CategoryMessageFile REG_SZ c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelEvents.dll.mui

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Eventlog\Application\SNL HiveManager
EventMessageFile REG_EXPAND_SZ
TypesSupported REG_DWORD 0x7
CategoryMessageFile REG_EXPAND_SZ
CategoryCount REG_DWORD 0x2

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Eventlog\Application\Software Installation
EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\appmgr.dll
TypesSupported REG_DWORD 0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Eventlog\Application\Software Restriction Policies
EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\ntdll.dll
TypesSupported REG_DWORD 0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Eventlog\Application\SpoolerCtrs
EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\winspool.drv
TypesSupported REG_DWORD 0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Eventlog\Application\Spybot - Search & Destroy 2
EventMessageFile REG_EXPAND_SZ SDEvents.dll
TypesSupported REG_DWORD 0x7
CategoryMessageFile REG_EXPAND_SZ SDEvents.dll
CategoryCount REG_DWORD 0x2

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Eventlog\Application\Starter
EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\xpsp2res.dll
TypesSupported REG_DWORD 0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Eventlog\Application\SVCMONR
EventMessageFile REG_SZ C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\EventLogMessages.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Eventlog\Application\SysmonLog
EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\smlogsvc.exe
TypesSupported REG_DWORD 0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Eventlog\Application\System.IdentityModel 3.0.0.0
EventMessageFile REG_SZ c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelEvents.dll.mui
CategoryCount REG_DWORD 0xe
CategoryMessageFile REG_SZ c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelEvents.dll.mui

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Eventlog\Application\System.IO.Log 3.0.0.0
EventMessageFile REG_SZ c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelEvents.dll.mui
CategoryCount REG_DWORD 0xe
CategoryMessageFile REG_SZ c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelEvents.dll.mui

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Eventlog\Application\System.Runtime.Serialization 3.0.0.0
CategoryMessageFile REG_SZ c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelEvents.dll.mui
EventMessageFile REG_SZ c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelEvents.dll.mui
CategoryCount REG_DWORD 0xe

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Eventlog\Application\System.ServiceModel 3.0.0.0
CategoryCount REG_DWORD 0xe
EventMessageFile REG_SZ c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelEvents.dll.mui
CategoryMessageFile REG_SZ c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelEvents.dll.mui

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Eventlog\Application\System.ServiceModel.Install 3.0.0.0
EventMessageFile REG_EXPAND_SZ c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\EventLogMessages.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Eventlog\Application\Tlntsvr
EventMessageFile REG_SZ C:\WINDOWS\system32\tlntsvr.exe;C:\WINDOWS\system32\xpsp1res.dll
TypesSupported REG_DWORD 0x1f

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Eventlog\Application\Userenv
EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\userenv.dll;%SystemRoot%\System32\xpsp1res.dll;%SystemRoot%\System32\xpsp2res.dll
TypesSupported REG_DWORD 0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Eventlog\Application\Userinit
EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\userinit.exe
TypesSupported REG_DWORD 0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Eventlog\Application\VBRuntime
EventMessageFile REG_SZ C:\WINDOWS\system32\msvbvm60.dll
TypesSupported REG_DWORD 0x4

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Eventlog\Application\VBSDIDB
EventMessageFile REG_EXPAND_SZ C:\Program Files\Microsoft Visual Studio\VB98\Tsql\vbsdidb.dll
TypesSupported REG_DWORD 0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Eventlog\Application\Visual Studio - VsTemplate
EventMessageFile REG_EXPAND_SZ C:\Program Files\Common Files\Microsoft Shared\Help 8\msenv.dll
TypesSupported REG_DWORD 0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Eventlog\Application\Visual Studio Analyzer RPC bridge
EventMessageFile REG_EXPAND_SZ C:\Program Files\Microsoft Visual Studio\Common\Tools\VS-Ent98\Vanalyzr\varpc.exe
TypesSupported REG_DWORD 0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Eventlog\Application\VSS
TypesSupported REG_DWORD 0x7
EventMessageFile REG_SZ C:\WINDOWS\system32\vssvc.exe

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Eventlog\Application\W3Ctrs
EventMessageFile REG_EXPAND_SZ C:\WINDOWS\system32\w3ctrs.dll
TypesSupported REG_DWORD 0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Eventlog\Application\WebClient
EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\netevent.dll
TypesSupported REG_DWORD 0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Eventlog\Application\WgaSetup
TypesSupported REG_DWORD 0x7
EventMessageFile REG_SZ C:\WINDOWS\system32\KB905474\wgasetup.exe

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Eventlog\Application\Windows 3.1 Migration
EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\advapi32.dll
TypesSupported REG_DWORD 0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Eventlog\Application\Windows Product Activation
EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\dpcdll.dll
TypesSupported REG_DWORD 0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Eventlog\Application\Windows Workstation Event
EventMessageFile REG_SZ C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\EventLogMessages.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Eventlog\Application\Winlogon
EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\winlogon.exe
TypesSupported REG_DWORD 0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Eventlog\Application\WinMgmt
EventMessageFile REG_EXPAND_SZ %SystemRoot%\system32\WBEM\WinMgmtR.dll;%SystemRoot%\system32\xpsp2res.dll
TypesSupported REG_DWORD 0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Eventlog\Application\WmdmPmSN
EventMessageFile REG_EXPAND_SZ C:\WINDOWS\system32\MsPMSNSv.dll
TypesSupported REG_DWORD 0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Eventlog\Application\WMIAdapter
EventMessageFile REG_EXPAND_SZ %SystemRoot%\system32\WBEM\WMIApRes.dll
TypesSupported REG_DWORD 0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Eventlog\Application\Workstation Event Service
EventMessageFile REG_SZ C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\EventLogMessages.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Eventlog\Application\WSH
EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\wshext.dll
TypesSupported REG_DWORD 0x1f

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Eventlog\Internet Explorer
Sources REG_MULTI_SZ Internet Explorer\0\0
  • 0

Advertisements


#62
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,029 posts
  • MVP
Avira is still installed. Make sure you uninstall it.

Try the afd.reg file again. There is no sign that it got installed.
  • 0

#63
happy01

happy01

    Member

  • Topic Starter
  • Member
  • PipPip
  • 54 posts
I know I deleted avira though the control panel add/remove programs before, it must have came back from a restore point. But now I cannot uninstall it though add/remove programs although the icon is there. I see the icon in the control panel, but it will not execute and I cannot start it either. I see the files there in the program files as well. I deleted Avast so i don't have two antiviruses running.

I did install the afd.reg file again. I did it several times actually. Each time it said it was installed successfully.

Here is the new junk.txt file.

I will not be able to work on this again until tomorrow night.

Thank you for your help


! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\.NET CLR Data

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\.NET CLR Data\Linkage
Export REG_SZ 2e,00,4e,00,45,00,54,00,20,00,43,00,4c,00,52,00,20,00,44,00,61,00,74,00,61,00,00,00,00,00

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\.NET CLR Data\Performance
Open REG_SZ OpenPerformanceData
Collect REG_SZ CollectPerformanceData
Close REG_SZ ClosePerformanceData
Library REG_SZ netfxperf.dll
Counter Types REG_BINARY 3600350035003300360000003600350035003300360000003600350035003300360000003600350035003300360000003600350035003300360000003600350035003300360000000000
Counter Names REG_BINARY 530071006C0043006C00690065006E0074003A002000430075007200720065006E00740020002300200070006F006F006C0065006400200061006E00640020006E006F006E0070006F006F006C0065006400200063006F006E006E0065006300740069006F006E0073000000530071006C0043006C00690065006E0074003A002000430075007200720065006E00740020002300200070006F006F006C0065006400200063006F006E006E0065006300740069006F006E0073000000530071006C0043006C00690065006E0074003A002000430075007200720065006E00740020002300200063006F006E006E0065006300740069006F006E00200070006F006F006C0073000000530071006C0043006C00690065006E0074003A0020005000650061006B0020002300200070006F006F006C0065006400200063006F006E006E0065006300740069006F006E0073000000530071006C0043006C00690065006E0074003A00200054006F00740061006C002000230020006600610069006C0065006400200063006F006E006E0065006300740073000000530071006C0043006C00690065006E0074003A00200054006F00740061006C002000230020006600610069006C0065006400200063006F006D006D0061006E006400730000000000
Last Counter REG_DWORD 0xbc0
Last Help REG_DWORD 0xbc1
First Counter REG_DWORD 0xbb4
First Help REG_DWORD 0xbb5
Object List REG_SZ 2996
WbemAdapFileSignature REG_BINARY 203D5ECB5CCDA683053CDA42DFF03573
WbemAdapFileTime REG_BINARY 0066A727685FCA01
WbemAdapFileSize REG_DWORD 0xc150
WbemAdapStatus REG_DWORD 0x0
CategoryOptions REG_DWORD 0x1
IsMultiInstance REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\.NET CLR Networking

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\.NET CLR Networking\Linkage
Export REG_SZ 2e,00,4e,00,45,00,54,00,20,00,43,00,4c,00,52,00,20,00,4e,00,65,00,74,00,77,00,6f,00,72,00,6b,00,69,00,6e,00,67,00,00,00,00,00

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\.NET CLR Networking\Performance
Open REG_SZ OpenPerformanceData
Collect REG_SZ CollectPerformanceData
Close REG_SZ ClosePerformanceData
Library REG_SZ netfxperf.dll
Counter Types REG_BINARY 3600350035003300360000003600350037003900320000003600350037003900320000003600350035003300360000003600350035003300360000000000
Counter Names REG_BINARY 43006F006E006E0065006300740069006F006E0073002000450073007400610062006C00690073006800650064000000420079007400650073002000520065006300650069007600650064000000420079007400650073002000530065006E007400000044006100740061006700720061006D007300200052006500630065006900760065006400000044006100740061006700720061006D0073002000530065006E00740000000000
Last Counter REG_DWORD 0xbcc
Last Help REG_DWORD 0xbcd
First Counter REG_DWORD 0xbc2
First Help REG_DWORD 0xbc3
Object List REG_SZ 3010 3010 3010 3010 3010 3010 3010 3010 3010 3010 3010 3010 3010 3010 3010 3010 3010 3010 3010 3010 3010
WbemAdapFileSignature REG_BINARY 203D5ECB5CCDA683053CDA42DFF03573
WbemAdapFileTime REG_BINARY 0066A727685FCA01
WbemAdapFileSize REG_DWORD 0xc150
WbemAdapStatus REG_DWORD 0x0
IsMultiInstance REG_DWORD 0x1
FileMappingSize REG_DWORD 0x20000
CategoryOptions REG_DWORD 0x3

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\.NET Data Provider for Oracle

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\.NET Data Provider for Oracle\Linkage
Export REG_SZ 2e,00,4e,00,45,00,54,00,20,00,44,00,61,00,74,00,61,00,20,00,50,00,72,00,6f,00,76,00,69,00,64,00,65,00,72,00,20,00,66,00,6f,00,72,00,20,00,4f,00,72,00,61,00,63,00,6c,00,65,00,00,00,00,00

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\.NET Data Provider for Oracle\Performance
CategoryOptions REG_DWORD 0x3
IsMultiInstance REG_DWORD 0x1
Counter Types REG_BINARY 32003700320036003900360033003200300000003200370032003600390036003300320030000000320037003200360039003600330032003000000032003700320036003900360033003200300000003600350035003300360000003600350035003300360000003600350035003300360000003600350035003300360000003600350035003300360000003600350035003300360000003600350035003300360000003600350035003300360000003600350035003300360000003600350035003300360000000000
Library REG_SZ netfxperf.dll
Collect REG_SZ CollectPerformanceData
FileMappingSize REG_DWORD 0x20000
Counter Names REG_BINARY 480061007200640043006F006E006E0065006300740073005000650072005300650063006F006E0064000000480061007200640044006900730063006F006E006E0065006300740073005000650072005300650063006F006E006400000053006F006600740043006F006E006E0065006300740073005000650072005300650063006F006E006400000053006F006600740044006900730063006F006E006E0065006300740073005000650072005300650063006F006E00640000004E0075006D006200650072004F0066004E006F006E0050006F006F006C006500640043006F006E006E0065006300740069006F006E00730000004E0075006D006200650072004F00660050006F006F006C006500640043006F006E006E0065006300740069006F006E00730000004E0075006D006200650072004F00660041006300740069007600650043006F006E006E0065006300740069006F006E0050006F006F006C00470072006F0075007000730000004E0075006D006200650072004F00660049006E0061006300740069007600650043006F006E006E0065006300740069006F006E0050006F006F006C00470072006F0075007000730000004E0075006D006200650072004F00660041006300740069007600650043006F006E006E0065006300740069006F006E0050006F006F006C00730000004E0075006D006200650072004F00660049006E0061006300740069007600650043006F006E006E0065006300740069006F006E0050006F006F006C00730000004E0075006D006200650072004F00660041006300740069007600650043006F006E006E0065006300740069006F006E00730000004E0075006D006200650072004F006600460072006500650043006F006E006E0065006300740069006F006E00730000004E0075006D006200650072004F00660053007400610073006900730043006F006E006E0065006300740069006F006E00730000004E0075006D006200650072004F0066005200650063006C00610069006D006500640043006F006E006E0065006300740069006F006E00730000000000
Close REG_SZ ClosePerformanceData
Open REG_SZ OpenPerformanceData
Last Counter REG_DWORD 0x100c
Last Help REG_DWORD 0x100d
First Counter REG_DWORD 0xff0
First Help REG_DWORD 0xff1
Object List REG_SZ 4080 4080 4080 4080 4080 4080 4080 4080 4080 4080 4080 4080 4080 4080 4080 4080 4080 4080 4080 4080 4080 4080 4080 4080
WbemAdapFileSignature REG_BINARY 203D5ECB5CCDA683053CDA42DFF03573
WbemAdapFileTime REG_BINARY 0066A727685FCA01
WbemAdapFileSize REG_DWORD 0xc150
WbemAdapStatus REG_DWORD 0x0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\.NET Data Provider for SqlServer

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\.NET Data Provider for SqlServer\Linkage
Export REG_SZ 2e,00,4e,00,45,00,54,00,20,00,44,00,61,00,74,00,61,00,20,00,50,00,72,00,6f,00,76,00,69,00,64,00,65,00,72,00,20,00,66,00,6f,00,72,00,20,00,53,00,71,00,6c,00,53,00,65,00,72,00,76,00,65,00,72,00,00,00,00,00

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\.NET Data Provider for SqlServer\Performance
FileMappingSize REG_DWORD 0x20000
CategoryOptions REG_DWORD 0x3
IsMultiInstance REG_DWORD 0x1
Counter Names REG_BINARY 480061007200640043006F006E006E0065006300740073005000650072005300650063006F006E0064000000480061007200640044006900730063006F006E006E0065006300740073005000650072005300650063006F006E006400000053006F006600740043006F006E006E0065006300740073005000650072005300650063006F006E006400000053006F006600740044006900730063006F006E006E0065006300740073005000650072005300650063006F006E00640000004E0075006D006200650072004F0066004E006F006E0050006F006F006C006500640043006F006E006E0065006300740069006F006E00730000004E0075006D006200650072004F00660050006F006F006C006500640043006F006E006E0065006300740069006F006E00730000004E0075006D006200650072004F00660041006300740069007600650043006F006E006E0065006300740069006F006E0050006F006F006C00470072006F0075007000730000004E0075006D006200650072004F00660049006E0061006300740069007600650043006F006E006E0065006300740069006F006E0050006F006F006C00470072006F0075007000730000004E0075006D006200650072004F00660041006300740069007600650043006F006E006E0065006300740069006F006E0050006F006F006C00730000004E0075006D006200650072004F00660049006E0061006300740069007600650043006F006E006E0065006300740069006F006E0050006F006F006C00730000004E0075006D006200650072004F00660041006300740069007600650043006F006E006E0065006300740069006F006E00730000004E0075006D006200650072004F006600460072006500650043006F006E006E0065006300740069006F006E00730000004E0075006D006200650072004F00660053007400610073006900730043006F006E006E0065006300740069006F006E00730000004E0075006D006200650072004F0066005200650063006C00610069006D006500640043006F006E006E0065006300740069006F006E00730000000000
Counter Types REG_BINARY 32003700320036003900360033003200300000003200370032003600390036003300320030000000320037003200360039003600330032003000000032003700320036003900360033003200300000003600350035003300360000003600350035003300360000003600350035003300360000003600350035003300360000003600350035003300360000003600350035003300360000003600350035003300360000003600350035003300360000003600350035003300360000003600350035003300360000000000
Library REG_SZ netfxperf.dll
Close REG_SZ ClosePerformanceData
Collect REG_SZ CollectPerformanceData
Open REG_SZ OpenPerformanceData
Last Counter REG_DWORD 0x102a
Last Help REG_DWORD 0x102b
First Counter REG_DWORD 0x100e
First Help REG_DWORD 0x100f
Object List REG_SZ 4110 4110 4110 4110 4110 4110 4110 4110 4110 4110 4110 4110 4110 4110 4110 4110 4110 4110 4110 4110 4110 4110 4110 4110
WbemAdapFileSignature REG_BINARY 203D5ECB5CCDA683053CDA42DFF03573
WbemAdapFileTime REG_BINARY 0066A727685FCA01
WbemAdapFileSize REG_DWORD 0xc150
WbemAdapStatus REG_DWORD 0x0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\.NETFramework

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\.NETFramework\Performance
Close REG_SZ CloseCtrs
Collect REG_SZ CollectCtrs
Open REG_SZ OpenCtrs
Library REG_SZ mscoree.dll
Last Counter REG_DWORD 0xc7c
Last Help REG_DWORD 0xc7d
First Counter REG_DWORD 0xbce
First Help REG_DWORD 0xbcf
WbemAdapFileSignature REG_BINARY 08A73B0E7EE6E32983B5F9E540A8E380
WbemAdapFileTime REG_BINARY 000C4525685FCA01
WbemAdapFileSize REG_DWORD 0x48b50
WbemAdapStatus REG_DWORD 0x0
Error Count REG_DWORD 0x45

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\.redbook
Type REG_DWORD 0x1
Start REG_DWORD 0x3
ImagePath REG_SZ \*

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Aavmker4
Type REG_DWORD 0x1
Start REG_DWORD 0x1
ErrorControl REG_DWORD 0x1
DisplayName REG_SZ avast! Asynchronous Virus Monitor
Description REG_SZ avast! Asynchronous Virus Monitor

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Aavmker4\Security
Security REG_BINARY 01001480900000009C000000140000003000000002001C000100000002801400FF010F00010100000000000100000000020060000400000000001400FD01020001010000000000051200000000001800FF010F0001020000000000052000000020020000000014008D01020001010000000000050B00000000001800FD01020001020000000000052000000023020000010100000000000512000000010100000000000512000000

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Aavmker4\Enum
0 REG_SZ Root\LEGACY_AAVMKER4\0000
Count REG_DWORD 0x1
NextInstance REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Abiosdsk
ErrorControl REG_DWORD 0x0
Group REG_SZ Primary disk
Start REG_DWORD 0x4
Tag REG_DWORD 0x3
Type REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\abp480n5
ErrorControl REG_DWORD 0x1
Group REG_SZ SCSI miniport
Start REG_DWORD 0x4
Tag REG_DWORD 0x38
Type REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\abp480n5\Parameters

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\abp480n5\Parameters\PnpInterface
5 REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\ACPI
ErrorControl REG_DWORD 0x1
Group REG_SZ Boot Bus Extender
Start REG_DWORD 0x0
Tag REG_DWORD 0x1
Type REG_DWORD 0x1
DisplayName REG_SZ Microsoft ACPI Driver
ImagePath REG_EXPAND_SZ system32\DRIVERS\ACPI.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\ACPI\Parameters
AMLIMaxCTObjs REG_BINARY 1B000000

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\ACPI\Parameters\WakeUp
FixedEventMask REG_BINARY 2001
FixedEventStatus REG_BINARY 0085
GenericEventMask REG_BINARY 00000001
GenericEventStatus REG_BINARY 0000FFDE

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\ACPI\Enum
0 REG_SZ ACPI_HAL\PNP0C08\0
Count REG_DWORD 0x1
NextInstance REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\ACPIEC
ErrorControl REG_DWORD 0x1
Group REG_SZ System Bus Extender
Start REG_DWORD 0x0
Tag REG_DWORD 0x2
Type REG_DWORD 0x1
DisplayName REG_SZ Microsoft Embedded Controller Driver
ImagePath REG_EXPAND_SZ system32\DRIVERS\ACPIEC.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\ACPIEC\Enum
0 REG_SZ ACPI\PNP0C09\0
Count REG_DWORD 0x1
NextInstance REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\AcPrfMgrSvc
DisplayName REG_SZ Ac Profile Manager Service
ErrorControl REG_DWORD 0x1
ImagePath REG_SZ C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
ObjectName REG_SZ LocalSystem
Start REG_DWORD 0x2
Type REG_DWORD 0x10
DependOnService REG_MULTI_SZ RPCSS\0\0
FailureActions REG_BINARY 00000000000000000000000003000000530065000100000060EA00000100000060EA00000000000060EA0000

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\AcPrfMgrSvc\Enum
0 REG_SZ Root\LEGACY_ACPRFMGRSVC\0000
Count REG_DWORD 0x1
NextInstance REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\AcSvc
DisplayName REG_SZ Access Connections Main Service
ErrorControl REG_DWORD 0x1
ImagePath REG_SZ C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
ObjectName REG_SZ LocalSystem
Start REG_DWORD 0x2
Type REG_DWORD 0x110
DependOnService REG_MULTI_SZ RPCSS\0winmgmt\0\0
FailureActions REG_BINARY 00000000000000000000000003000000530065000100000060EA00000100000060EA00000000000060EA0000

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\AcSvc\Enum
0 REG_SZ Root\LEGACY_ACSVC\0000
Count REG_DWORD 0x1
NextInstance REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Adobe LM Service
Type REG_DWORD 0x10
Start REG_DWORD 0x3
ErrorControl REG_DWORD 0x1
ImagePath REG_EXPAND_SZ "C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe"
DisplayName REG_SZ Adobe LM Service
ObjectName REG_SZ LocalSystem
Description REG_SZ AdobeLM Service

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Adobe LM Service\Security
Security REG_BINARY 01001480A4000000B0000000140000003000000002001C000100000002801400FF010F000101000000000001000000000200740005000000000014009D01020001010000000000010000000000001400FD01020001010000000000051200000000001800FF010F0001020000000000052000000020020000000014008D01020001010000000000050B00000000001800FD01020001020000000000052000000023020000010100000000000512000000010100000000000512000000

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\adpu160m
ErrorControl REG_DWORD 0x1
Group REG_SZ SCSI miniport
Start REG_DWORD 0x4
Tag REG_DWORD 0x3c
Type REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\adpu160m\Parameters

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\adpu160m\Parameters\PnpInterface
5 REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\aeaudio
Type REG_DWORD 0x1
Start REG_DWORD 0x3
ErrorControl REG_DWORD 0x1
ImagePath REG_EXPAND_SZ system32\drivers\aeaudio.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\aeaudio\Security
Security REG_BINARY 01001480900000009C000000140000003000000002001C000100000002801400FF010F00010100000000000100000000020060000400000000001400FD01020001010000000000051200000000001800FF010F0001020000000000052000000020020000000014008D01020001010000000000050B00000000001800FD01020001020000000000052000000023020000010100000000000512000000010100000000000512000000

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\aeaudio\Enum
0 REG_SZ PCI\VEN_8086&DEV_266E&SUBSYS_05671014&REV_03\3&b1bfb68&0&F2
Count REG_DWORD 0x1
NextInstance REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\aec
Type REG_DWORD 0x1
Start REG_DWORD 0x3
ErrorControl REG_DWORD 0x1
ImagePath REG_EXPAND_SZ system32\drivers\aec.sys
DisplayName REG_SZ Microsoft Kernel Acoustic Echo Canceller

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\aec\Security
Security REG_BINARY 01001480900000009C000000140000003000000002001C000100000002801400FF010F00010100000000000100000000020060000400000000001400FD01020001010000000000051200000000001800FF010F0001020000000000052000000020020000000014008D01020001010000000000050B00000000001800FD01020001020000000000052000000023020000010100000000000512000000010100000000000512000000

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\aec\Enum
Count REG_DWORD 0x0
NextInstance REG_DWORD 0x0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\AegisP
Type REG_DWORD 0x1
Start REG_DWORD 0x2
ErrorControl REG_DWORD 0x1
Tag REG_DWORD 0xd
ImagePath REG_EXPAND_SZ system32\DRIVERS\AegisP.sys
DisplayName REG_SZ AEGIS Protocol (IEEE 802.1x) v3.4.10.0
Group REG_SZ PNP_TDI
Description REG_SZ AEGIS Protocol (IEEE 802.1x) v3.4.10.0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\AegisP\Linkage
Bind REG_MULTI_SZ \Device\{3A259CC5-DB5E-4B98-BF9A-D50DB73C4EB1}\0\Device\s24trans_{3A259CC5-DB5E-4B98-BF9A-D50DB73C4EB1}\0\0
Route REG_MULTI_SZ "{3A259CC5-DB5E-4B98-BF9A-D50DB73C4EB1}"\0"s24trans" "{3A259CC5-DB5E-4B98-BF9A-D50DB73C4EB1}"\0\0
Export REG_MULTI_SZ \Device\AegisP_{3A259CC5-DB5E-4B98-BF9A-D50DB73C4EB1}\0\Device\AegisP_s24trans_{3A259CC5-DB5E-4B98-BF9A-D50DB73C4EB1}\0\0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\AegisP\Security
Security REG_BINARY 01001480900000009C000000140000003000000002001C000100000002801400FF010F00010100000000000100000000020060000400000000001400FD01020001010000000000051200000000001800FF010F0001020000000000052000000020020000000014008D01020001010000000000050B00000000001800FD01020001020000000000052000000023020000010100000000000512000000010100000000000512000000

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\AegisP\Enum
0 REG_SZ Root\LEGACY_AEGISP\0000
Count REG_DWORD 0x1
NextInstance REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\AFD

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\AFD\Parameters

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\AFD\Enum
0 REG_SZ Root\LEGACY_AFD\0000
Count REG_DWORD 0x1
NextInstance REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Aha154x
ErrorControl REG_DWORD 0x1
Group REG_SZ SCSI miniport
Start REG_DWORD 0x4
Tag REG_DWORD 0x6
Type REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Aha154x\Parameters
LegacyAdapterDetection REG_DWORD 0x0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Aha154x\Parameters\PnpInterface
1 REG_DWORD 0x1
3 REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\aic78u2
ErrorControl REG_DWORD 0x1
Group REG_SZ SCSI miniport
Start REG_DWORD 0x4
Tag REG_DWORD 0x34
Type REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\aic78u2\Parameters

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\aic78u2\Parameters\PnpInterface
5 REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\aic78xx
ErrorControl REG_DWORD 0x1
Group REG_SZ SCSI miniport
Start REG_DWORD 0x4
Tag REG_DWORD 0x1e
Type REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\aic78xx\Parameters

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\aic78xx\Parameters\PnpInterface
5 REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Alerter
Type REG_DWORD 0x20
Start REG_DWORD 0x4
ErrorControl REG_DWORD 0x1
ImagePath REG_EXPAND_SZ %SystemRoot%\system32\svchost.exe -k LocalService
DisplayName REG_SZ Alerter
DependOnService REG_MULTI_SZ LanmanWorkstation\0\0
DependOnGroup REG_MULTI_SZ \0
ObjectName REG_SZ NT AUTHORITY\LocalService
Description REG_SZ Notifies selected users and computers of administrative alerts. If the service is stopped, programs that use administrative alerts will not receive them. If this service is disabled, any services that explicitly depend on it will fail to start.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Alerter\Parameters
AlertNames REG_MULTI_SZ \0
ServiceDll REG_EXPAND_SZ %SystemRoot%\system32\alrsvc.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Alerter\Security
Security REG_BINARY 01001480900000009C000000140000003000000002001C000100000002801400FF010F00010100000000000100000000020060000400000000001400FD01020001010000000000051200000000001800FF010F0001020000000000052000000020020000000014008D01020001010000000000050B00000000001800FD01020001020000000000052000000023020000010100000000000512000000010100000000000512000000

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\ALG
Description REG_SZ Provides support for 3rd party protocol plug-ins for Internet Connection Sharing and the Windows Firewall.
Type REG_DWORD 0x10
Start REG_DWORD 0x3
ErrorControl REG_DWORD 0x1
ImagePath REG_EXPAND_SZ %SystemRoot%\System32\alg.exe
DisplayName REG_SZ Application Layer Gateway Service
ObjectName REG_SZ NT AUTHORITY\LocalService

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\ALG\Security
Security REG_BINARY 01001480900000009C000000140000003000000002001C000100000002801400FF010F00010100000000000100000000020060000400000000001400FD01020001010000000000051200000000001800FF010F0001020000000000052000000020020000000014008D01020001010000000000050B00000000001800FD01020001020000000000052000000023020000010100000000000512000000010100000000000512000000

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\ALG\Enum
0 REG_SZ Root\LEGACY_ALG\0000
Count REG_DWORD 0x1
NextInstance REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\AliIde
ErrorControl REG_DWORD 0x1
Group REG_SZ System Bus Extender
Start REG_DWORD 0x4
Tag REG_DWORD 0x4
Type REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\amsint
ErrorControl REG_DWORD 0x1
Group REG_SZ SCSI miniport
Start REG_DWORD 0x4
Tag REG_DWORD 0x24
Type REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\amsint\Parameters

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\amsint\Parameters\PnpInterface
5 REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\ANC
Type REG_DWORD 0x1
Start REG_DWORD 0x1
ErrorControl REG_DWORD 0x1
ImagePath REG_SZ System32\drivers\ANC.SYS

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\ANC\Security
Security REG_BINARY 01001480900000009C000000140000003000000002001C000100000002801400FF010F00010100000000000100000000020060000400000000001400FD01020001010000000000051200000000001800FF010F0001020000000000052000000020020000000014008D01020001010000000000050B00000000001800FD01020001020000000000052000000023020000010100000000000512000000010100000000000512000000

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\ANC\Enum
0 REG_SZ Root\LEGACY_ANC\0000
Count REG_DWORD 0x1
NextInstance REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\AntiVirSchedulerService
Type REG_DWORD 0x110
Start REG_DWORD 0x2
ErrorControl REG_DWORD 0x1
ImagePath REG_EXPAND_SZ "C:\Program Files\Avira\AntiVir Desktop\sched.exe"
DisplayName REG_SZ Avira AntiVir Scheduler
Group REG_SZ NetworkProvider
ObjectName REG_SZ LocalSystem
FailureActions REG_BINARY 8051010000000000000000000300000053006500010000000000000001000000000000000000000000000000
Description REG_SZ Service to schedule Avira AntiVir Personal - Free Antivirus jobs and updates.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\AntiVirSchedulerService\Security
Security REG_BINARY 01001480900000009C000000140000003000000002001C000100000002801400FF010F00010100000000000100000000020060000400000000001400FD01020001010000000000051200000000001800FF010F0001020000000000052000000020020000000014008D01020001010000000000050B00000000001800FD01020001020000000000052000000023020000010100000000000512000000010100000000000512000000

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\AntiVirSchedulerService\Enum
0 REG_SZ Root\LEGACY_ANTIVIRSCHEDULERSERVICE\0000
Count REG_DWORD 0x1
NextInstance REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\AntiVirService
Type REG_DWORD 0x110
Start REG_DWORD 0x2
ErrorControl REG_DWORD 0x1
ImagePath REG_EXPAND_SZ "C:\Program Files\Avira\AntiVir Desktop\avguard.exe"
DisplayName REG_SZ Avira AntiVir Guard
ObjectName REG_SZ LocalSystem
FailureActions REG_BINARY 8051010000000000000000000300000053006500010000000000000001000000000000000000000000000000
Description REG_SZ Offers permanent protection against viruses and malware with the AntiVir search engine.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\AntiVirService\Security
Security REG_BINARY 01001480900000009C000000140000003000000002001C000100000002801400FF010F00010100000000000100000000020060000400000000001400FD01020001010000000000051200000000001800FF010F0001020000000000052000000020020000000014008D01020001010000000000050B00000000001800FD01020001020000000000052000000023020000010100000000000512000000010100000000000512000000

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\AntiVirService\Enum
0 REG_SZ Root\LEGACY_ANTIVIRSERVICE\0000
Count REG_DWORD 0x1
NextInstance REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\ApfiltrService
Type REG_DWORD 0x1
Start REG_DWORD 0x3
ErrorControl REG_DWORD 0x0
Tag REG_DWORD 0x4
ImagePath REG_EXPAND_SZ system32\DRIVERS\Apfiltr.sys
DisplayName REG_SZ Alps Touch Pad Filter Driver for Windows 2000/XP
Group REG_SZ Pointer Port

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\ApfiltrService\Security
Security REG_BINARY 01001480900000009C000000140000003000000002001C000100000002801400FF010F00010100000000000100000000020060000400000000001400FD01020001010000000000051200000000001800FF010F0001020000000000052000000020020000000014008D01020001010000000000050B00000000001800FD01020001020000000000052000000023020000010100000000000512000000010100000000000512000000

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\AppMgmt
Description REG_SZ Provides software installation services such as Assign, Publish, and Remove.
DisplayName REG_SZ Application Management
ErrorControl REG_DWORD 0x1
ImagePath REG_EXPAND_SZ %SystemRoot%\system32\svchost.exe -k netsvcs
ObjectName REG_SZ LocalSystem
Start REG_DWORD 0x3
Type REG_DWORD 0x20

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\AppMgmt\Parameters
ServiceDll REG_EXPAND_SZ %SystemRoot%\System32\appmgmts.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\AppMgmt\Security
Security REG_BINARY 01001480A8000000B4000000140000003000000002001C000100000002801400FF010F000101000000000001000000000200780005000000000014008D00020001010000000000050B00000000001800FF010F0001020000000000052000000020020000000018008D00020001020000000000052000000023020000000014009D000000010100000000000504000000000018009D00000001020000000000052000000021020000010100000000000512000000010100000000000512000000

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\AppMgmt\Enum
0 REG_SZ Root\LEGACY_APPMGMT\0000
Count REG_DWORD 0x1
NextInstance REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\asc
ErrorControl REG_DWORD 0x1
Group REG_SZ SCSI miniport
Start REG_DWORD 0x4
Tag REG_DWORD 0x29
Type REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\asc\Parameters

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\asc\Parameters\PnpInterface
5 REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\asc3350p
ErrorControl REG_DWORD 0x1
Group REG_SZ SCSI miniport
Start REG_DWORD 0x4
Tag REG_DWORD 0x39
Type REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\asc3350p\Parameters

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\asc3350p\Parameters\PnpInterface
1 REG_DWORD 0x11

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\asc3550
ErrorControl REG_DWORD 0x1
Group REG_SZ SCSI miniport
Start REG_DWORD 0x4
Tag REG_DWORD 0x2a
Type REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\asc3550\Parameters

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\asc3550\Parameters\PnpInterface
5 REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\ASP

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\ASP\Performance
Library REG_SZ aspperf.dll
Open REG_SZ OpenASPPerformanceData
Close REG_SZ CloseASPPerformanceData
Collect REG_SZ CollectASPPerformanceData
Last Counter REG_DWORD 0xa48
Last Help REG_DWORD 0xa49
First Counter REG_DWORD 0xa00
First Help REG_DWORD 0xa01
Object List REG_SZ 2560
Library Validation Code REG_BINARY 387A98E46A7BC5010028000000000000
WbemAdapFileSignature REG_BINARY 6BD9EC5CC983BE5463A78EC92478E930
WbemAdapFileTime REG_BINARY 387A98E46A7BC501
WbemAdapFileSize REG_DWORD 0x2800
WbemAdapStatus REG_DWORD 0x0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\ASP.NET

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\ASP.NET\Performance
Library REG_SZ C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_perf.dll
Open REG_SZ OpenPerfCommonData
Close REG_SZ ClosePerfCommonData
Collect REG_SZ CollectPerfCommonData
WbemAdapFileSignature REG_BINARY 74E81A65879FFE881A7AF525A0254AD8
WbemAdapFileTime REG_BINARY 003C1D7069EEC801
WbemAdapFileSize REG_DWORD 0x4408
WbemAdapStatus REG_DWORD 0xffffffff
Last Counter REG_DWORD 0x3700
Last Help REG_DWORD 0x3701
First Counter REG_DWORD 0x3634
First Help REG_DWORD 0x3635
Object List REG_SZ 13876 13878 13876 13878 13876 13878 13876 13878 13876 13878 13876 13878 13876 13878 13876 13878 13876 13878 13876 13878 13876 13878 13876 13878 13876 13878 13876 13878 13876 13878 13876 13878 13876 13878 13876 13878 13876 13878 13876 13878 13876 13878 13876 13878

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\ASP.NET_2.0.50727

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\ASP.NET_2.0.50727\Names

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\ASP.NET_2.0.50727\Performance
Library REG_SZ C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_perf.dll
Open REG_SZ OpenVersionedPerfData
Close REG_SZ CloseVersionedPerfData
Collect REG_SZ CollectVersionedPerfData
Last Counter REG_DWORD 0x3632
Last Help REG_DWORD 0x3633
First Counter REG_DWORD 0x3566
First Help REG_DWORD 0x3567
Object List REG_SZ 13670 13672 13670 13672 13670 13672 13670 13672 13670 13672 13670 13672 13670 13672 13670 13672 13670 13672 13670 13672 13670 13672 13670 13672 13670 13672 13670 13672 13670 13672 13670 13672 13670 13672 13670 13672 13670 13672 13670 13672 13670 13672 13670 13672

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\aspnet_state
Type REG_DWORD 0x10
Start REG_DWORD 0x3
ErrorControl REG_DWORD 0x1
ImagePath REG_EXPAND_SZ %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
DisplayName REG_SZ ASP.NET State Service
ObjectName REG_SZ NT AUTHORITY\NetworkService
Description REG_SZ Provides support for out-of-process session states for ASP.NET. If this service is stopped, out-of-process requests will not be processed. If this service is disabled, any services that explicitly depend on it will fail to start.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\aspnet_state\Parameters
Port REG_DWORD 0xa5b8
AllowRemoteConnection REG_DWORD 0x0
DontResetOnUpgradeAllowRemoteConnection REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\aspnet_state\Performance
Library REG_SZ C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_perf.dll
Open REG_SZ OpenStateServicePerfData
Close REG_SZ CloseStateServicePerfData
Collect REG_SZ CollectStateServicePerfData
WbemAdapFileSignature REG_BINARY F1430F5D20F4BB71A003209C3DB3ADDF
WbemAdapFileTime REG_BINARY 003C1D7069EEC801
WbemAdapFileSize REG_DWORD 0x8408
WbemAdapStatus REG_DWORD 0x0
Last Counter REG_DWORD 0x3564
Last Help REG_DWORD 0x3565
First Counter REG_DWORD 0x3490
First Help REG_DWORD 0x3491
Object List REG_SZ 13456 13456 13456 13456 13456 13456 13456 13456 13456 13456 13456 13456 13456 13456 13456 13456 13456 13456 13456 13456 13456 13456

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\aspnet_state\Security
Security REG_BINARY 01001480900000009C000000140000003000000002001C000100000002801400FF010F00010100000000000100000000020060000400000000001400FD01020001010000000000051200000000001800FF010F0001020000000000052000000020020000000014008D01020001010000000000050B00000000001800FD01020001020000000000052000000023020000010100000000000512000000010100000000000512000000

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\aswFsBlk
Type REG_DWORD 0x2
Start REG_DWORD 0x2
ErrorControl REG_DWORD 0x1
DisplayName REG_SZ aswFsBlk
Group REG_SZ FSFilter Activity Monitor
DependOnService REG_MULTI_SZ FltMgr\0\0
DependOnGroup REG_MULTI_SZ \0
Description REG_SZ avast! mini-filter driver (aswFsBlk)
Tag REG_DWORD 0x4

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\aswFsBlk\Instances
DefaultInstance REG_SZ aswFsBlk Instance

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\aswFsBlk\Instances\aswFsBlk Instance
Altitude REG_SZ 388400
Flags REG_DWORD 0x0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\aswFsBlk\Security
Security REG_BINARY 01001480900000009C000000140000003000000002001C000100000002801400FF010F00010100000000000100000000020060000400000000001400FD01020001010000000000051200000000001800FF010F0001020000000000052000000020020000000014008D01020001010000000000050B00000000001800FD01020001020000000000052000000023020000010100000000000512000000010100000000000512000000

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\aswFsBlk\Enum
0 REG_SZ Root\LEGACY_ASWFSBLK\0000
Count REG_DWORD 0x1
NextInstance REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\aswMon2
Type REG_DWORD 0x2
Start REG_DWORD 0x2
ErrorControl REG_DWORD 0x1
DisplayName REG_SZ aswMon2
Description REG_SZ avast! Standard Shield Support

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\aswMon2\Parameters
ProgramFolder REG_SZ \Device\HarddiskVolume1\Program Files\AVAST Software\Avast

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\aswMon2\Security
Security REG_BINARY 01001480900000009C000000140000003000000002001C000100000002801400FF010F00010100000000000100000000020060000400000000001400FD01020001010000000000051200000000001800FF010F0001020000000000052000000020020000000014008D01020001010000000000050B00000000001800FD01020001020000000000052000000023020000010100000000000512000000010100000000000512000000

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\aswMon2\Enum
0 REG_SZ Root\LEGACY_ASWMON2\0000
Count REG_DWORD 0x1
NextInstance REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\aswRdr
Type REG_DWORD 0x1
Start REG_DWORD 0x1
ErrorControl REG_DWORD 0x1
DisplayName REG_SZ aswRdr
Group REG_SZ PNP_TDI
DependOnService REG_MULTI_SZ tcpip\0\0
DependOnGroup REG_MULTI_SZ \0
Description REG_SZ avast! TDI Redirect driver

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\aswRdr\Parameters
DisableAutostart REG_DWORD 0x1
MSIgnoreLSPDefault REG_SZ

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\aswRdr\Parameters\Protocol_Catalog9
Num_Catalog_Entries REG_DWORD 0x1
Next_Catalog_Entry_ID REG_DWORD 0x3f7
Serial_Access_Num REG_DWORD 0x5

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\aswRdr\Parameters\Protocol_Catalog9\Catalog_Entries

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\aswRdr\Parameters\Protocol_Catalog9\Catalog_Entries\000000000001
PackedCatalogItem REG_BINARY 2553797374656D526F6F74255C73797374656D33325C6D7377736F636B2E646C6C000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000046004306000200000000000000000000000000080000003D527239F12AD111B65500805F3642CCE90300000100000000000000000000000000000000000000000000000000000000000000020000001A0000002000000008000000010000000100000000000000000000000000000000000000000000004D0053004100460044002000490072006400610020005B0049007200440041005D0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\aswRdr\Security
Security REG_BINARY 01001480900000009C000000140000003000000002001C000100000002801400FF010F00010100000000000100000000020060000400000000001400FD01020001010000000000051200000000001800FF010F0001020000000000052000000020020000000014008D01020001010000000000050B00000000001800FD01020001020000000000052000000023020000010100000000000512000000010100000000000512000000

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\aswRdr\Enum
0 REG_SZ Root\LEGACY_ASWRDR\0000
Count REG_DWORD 0x1
NextInstance REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\aswSnx
Type REG_DWORD 0x2
Start REG_DWORD 0x1
ErrorControl REG_DWORD 0x1
DisplayName REG_SZ aswSnx
Group REG_SZ FSFilter Virtualization
DependOnService REG_MULTI_SZ FltMgr\0\0
DependOnGroup REG_MULTI_SZ \0
Description REG_SZ avast! virtualization driver (aswSnx)
Tag REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\aswSnx\Instances
DefaultInstance REG_SZ aswSnx Instance

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\aswSnx\Instances\aswSnx Instance
Altitude REG_SZ 137600
Flags REG_DWORD 0x0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\aswSnx\Parameters
ProgramFolder REG_SZ \DosDevices\C:\Program Files\AVAST Software\Avast
DataFolder REG_SZ \DosDevices\D:\Documents and Settings\All Users\Application Data\AVAST Software\Avast

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\aswSnx\Security
Security REG_BINARY 01001480900000009C000000140000003000000002001C000100000002801400FF010F00010100000000000100000000020060000400000000001400FD01020001010000000000051200000000001800FF010F0001020000000000052000000020020000000014008D01020001010000000000050B00000000001800FD01020001020000000000052000000023020000010100000000000512000000010100000000000512000000

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\aswSnx\Enum
0 REG_SZ Root\LEGACY_ASWSNX\0000
Count REG_DWORD 0x1
NextInstance REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\aswSP
Type REG_DWORD 0x1
Start REG_DWORD 0x1
ErrorControl REG_DWORD 0x1
DisplayName REG_SZ aswSP
Description REG_SZ avast! Self Protection

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\aswSP\Parameters
BehavShield REG_DWORD 0x1
ProgramFolder REG_SZ \DosDevices\C:\Program Files\AVAST Software\Avast
DataFolder REG_SZ \DosDevices\D:\Documents and Settings\All Users\Application Data\AVAST Software\Avast

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\aswSP\Security
Security REG_BINARY 01001480900000009C000000140000003000000002001C000100000002801400FF010F00010100000000000100000000020060000400000000001400FD01020001010000000000051200000000001800FF010F0001020000000000052000000020020000000014008D01020001010000000000050B00000000001800FD01020001020000000000052000000023020000010100000000000512000000010100000000000512000000

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\aswSP\Enum
0 REG_SZ Root\LEGACY_ASWSP\0000
Count REG_DWORD 0x1
NextInstance REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\aswTdi
Type REG_DWORD 0x1
Start REG_DWORD 0x1
ErrorControl REG_DWORD 0x1
DisplayName REG_SZ avast! Network Shield Support
Group REG_SZ PNP_TDI
DependOnService REG_MULTI_SZ tcpip\0\0
DependOnGroup REG_MULTI_SZ \0
Description REG_SZ avast! Network Shield TDI driver
Tag REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\aswTdi\Parameters
DisableAutostart REG_DWORD 0x1
ProviderStart REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\aswTdi\Security
Security REG_BINARY 01001480900000009C000000140000003000000002001C000100000002801400FF010F00010100000000000100000000020060000400000000001400FD01020001010000000000051200000000001800FF010F0001020000000000052000000020020000000014008D01020001010000000000050B00000000001800FD01020001020000000000052000000023020000010100000000000512000000010100000000000512000000

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\aswTdi\Enum
0 REG_SZ Root\LEGACY_ASWTDI\0000
Count REG_DWORD 0x1
NextInstance REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\AsyncMac
Type REG_DWORD 0x1
Start REG_DWORD 0x3
ErrorControl REG_DWORD 0x1
ImagePath REG_EXPAND_SZ system32\DRIVERS\asyncmac.sys
DisplayName REG_SZ RAS Asynchronous Media Driver
Description REG_SZ RAS Asynchronous Media Driver

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\AsyncMac\Security
Security REG_BINARY 01001480900000009C000000140000003000000002001C000100000002801400FF010F00010100000000000100000000020060000400000000001400FD01020001010000000000051200000000001800FF010F0001020000000000052000000020020000000014008D01020001010000000000050B00000000001800FD01020001020000000000052000000023020000010100000000000512000000010100000000000512000000

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\atapi
ErrorControl REG_DWORD 0x1
Group REG_SZ SCSI miniport
Start REG_DWORD 0x0
Tag REG_DWORD 0x19
Type REG_DWORD 0x1
DisplayName REG_SZ Standard IDE/ESDI Hard Disk Controller
ImagePath REG_EXPAND_SZ system32\DRIVERS\atapi.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\atapi\Parameters
LegacyDetection REG_DWORD 0x1
GhostSlave REG_MULTI_SZ SunDisk \0\0
UseCheckPowerForFlush REG_MULTI_SZ SAMSUNG WNR-31601A (1600MB) \0SAMSUNG WNR-31601A (1.6GB) \0IBM-DTCA-24090 TC6OAA2A\0IBM-DTCA-24090 TC6IAA2A\0IBM-DPLA-25120 PL8OAA2A\0IBM-DPLA-25120 PL8IAA2A\0IBM-DPLA-25120 PL8IAA4A\0IBM-DTCA-23240 TC5OAA2A\0IBM-DTCA-23240 TC5IAA2A\0IBM-DPLA-24480 PL7OAA2A\0IBM-DPLA-24480 PL7IAA2A\0\0
NoFlushDevice REG_MULTI_SZ QUANTUM_LPS525A \0SCR-730 \0\0
PioOnlyDevice REG_MULTI_SZ Conner Peripherals 425MB - CFS425A \0MATSHITA CR-581 \0FX600S \0CD-44E \0QUANTUM TRB850A \0QUANTUM MARVERICK 540A \0 MAXTOR MXT-540 AT \0Maxtor 71260 AT \0Maxtor 7850 AV \0Maxtor 7540 AV \0Maxtor 7213 AT \0Maxtor 7345 \0Maxtor 7245 AT \0Maxtor 7245 \0Maxtor 7211AU \0Maxtor 7171 AT \0CD-316E \0SAMSUNG_SCR-2430\0CR-2801TE\0\0
NonRemovableMedia REG_MULTI_SZ Kingston Technology DataPak 340 \0SunDisk SDP5A-10 \0SunDisk SDCFB-10 \0SunDisk SDP3B-20 \0SunDisk SDP3B-175 \0SunDisk SDP5-2.5 \0Calluna Technology CT260MC \0BN-S004AC-S 1.00\0Calluna Technology CT520RM\0Hitachi CV 5.1.1\0 ATA_FLASH \0Mitsubishi ATA Card \0LEXAR ATA_FLASH\0Micron MTCF004A\0Micron MTCF008A\0SunDisk SDP3B-110\0SunDisk SDCFB-4\0BN-CAB-T\0MEMORYSTICK\0MEMORYSTICK 8M 8K\0\0
NoPowerDownDevice REG_MULTI_SZ RD-DRC001-M \0CS-R37 0 \0\0
AutoEjectZipDevice REG_MULTI_SZ IOMEGA ZIP 100 ATAPI 23.D \0IOMEGA ZIP 100 ATAPI 21.D \0IOMEGA ZIP 100 ATAPI 20.D \0IOMEGA ZIP 100 ATAPI 91.D \0IOMEGA ZIP 100 B.29 \0IOMEGA ZIP 100 B.22 \0\0
NeedIdentDevice REG_MULTI_SZ QUANTUM FIREBALL\0\0
DefaultPioAtapiDevice REG_MULTI_SZ TORiSAN DVD-ROM DRD-N216\0IDE-CD R/RW 2x2x24\0\0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\atapi\Enum
0 REG_SZ PCIIDE\IDEChannel\4&345649fa&0&0
Count REG_DWORD 0x2
NextInstance REG_DWORD 0x2
1 REG_SZ PCIIDE\IDEChannel\4&345649fa&0&1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Atdisk
ErrorControl REG_DWORD 0x0
Group REG_SZ Primary disk
Start REG_DWORD 0x4
Tag REG_DWORD 0x1
Type REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Ati HotKey Poller
Type REG_DWORD 0x110
Start REG_DWORD 0x2
ErrorControl REG_DWORD 0x1
ImagePath REG_EXPAND_SZ %SystemRoot%\system32\Ati2evxx.exe
Group REG_SZ Event log
ObjectName REG_SZ LocalSystem
DisplayName REG_SZ Ati HotKey Poller

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Ati HotKey Poller\Security
Security REG_BINARY 01001480900000009C000000140000003000000002001C000100000002801400FF010F00010100000000000100000000020060000400000000001400FD01020001010000000000051200000000001800FF010F0001020000000000052000000020020000000014008D01020001010000000000050B00000000001800FD01020001020000000000052000000023020000010100000000000512000000010100000000000512000000

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Ati HotKey Poller\Enum
0 REG_SZ Root\LEGACY_ATI_HOTKEY_POLLER\0000
Count REG_DWORD 0x1
NextInstance REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\ati2mtag
Type REG_DWORD 0x1
Start REG_DWORD 0x3
ErrorControl REG_DWORD 0x0
Tag REG_DWORD 0x1
ImagePath REG_EXPAND_SZ system32\DRIVERS\ati2mtag.sys
Group REG_SZ Video

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\ati2mtag\Device0
InstalledDisplayDrivers REG_MULTI_SZ ati2dvag\0\0
MultiFunctionSupported REG_DWORD 0x1
GCOOPTION_DisableGPIOPowerSaveMode REG_DWORD 0x1
ReleaseVersion REG_SZ 8.163.1.1.1-060121a-030334C
BuildNumber REG_SZ 30332
drv REG_SZ ati2dvag.dll
DALGameGammaScale REG_DWORD 0x646464
UseNewOGLRegPath REG_DWORD 0x1
DALRULE_DYNAMICFIXEDDISPLAYMODEREPORTING REG_DWORD 0x1
DALRULE_GETVGAEXPANSIONATBOOT REG_DWORD 0x1
DisableHotPlugDFP REG_DWORD 0x1
ExtEvent_EnableAlpsMouseOrientation REG_DWORD 0x0
ExtEvent_SafeEscapeSupport REG_DWORD 0x1
DALRULE_DISABLEPSEUDOLARGEDESKTOP REG_DWORD 0x0
OvlTheaterMode REG_BINARY 00000000
DisableOvlTheaterMode REG_DWORD 0x0
UseVMRPitch REG_DWORD 0x0
DisableMMSnifferCode REG_DWORD 0x0
DisableProgPCILatency REG_DWORD 0x0
DALRULE_GetTVFakeEDID REG_DWORD 0x0
Catalyst_Version REG_SZ 0
DALRULE_REGISTRYACCESS REG_DWORD 0x1
DALRULE_RESTRICTCRTANALOGDETECTIONONEDIDMISMATCH REG_DWORD 0x0
DALRULE_ENABLEDRIVERMODEPRUNNING REG_DWORD 0x0
GCORULE_ENABLETILEDMEMORYCALCULATION REG_DWORD 0x1
DALRULE_MACROVISIONINFOREPORT REG_DWORD 0x0
DALRULE_BANDWIDTHMODEENUM REG_DWORD 0x1
ExtEvent_LCDSetNativeModeOnResume REG_DWORD 0x0
DALRULE_LIMITTMDSMODES REG_DWORD 0x0
DALRULE_RESTRICT640x480MODE REG_DWORD 0x0
DALRULE_RESTRICT8BPPON2NDDRV REG_DWORD 0x0
TVForceDetection REG_DWORD 0x0
DALRULE_DISABLECWDDEDETECTION REG_DWORD 0x0
DALRULE_USECMOSDISPLAYSETTINGS REG_DWORD 0x1
DALRULE_NOCRTANDDFPACTIVESIMULTANEOUSLY REG_DWORD 0x0
DisableTabletPCRotation REG_DWORD 0x1
DALRULE_DISABLEDISPLAYSWITCHINGIFOVERLAYALLOCATED REG_DWORD 0x1
ExtEvent_EnableMultiSessions REG_DWORD 0x1
DALRULE_USEENABLEDATBOOTSCHEME REG_DWORD 0x1
RotationSupportLevel REG_DWORD 0x2
NewRotation REG_SZ 1
UseBT601CSC REG_SZ 1
DALRULE_DYNAMICMODESUPPORT REG_DWORD 0x1
GSettingControl REG_DWORD 0x4
DFPOption_SingleLink REG_DWORD 0x1
DFPXOption_SingleLink REG_DWORD 0x1
DALRULE_ALLOWMONITORRANGELIMITMODESCRT REG_DWORD 0x1
DALRULE_NOTVANDLCDONCRTC REG_DWORD 0x1
WmAgpMaxIdleClk REG_DWORD 0x20
GCORULE_FlickerWA REG_DWORD 0x1
SMOOTHVISION_NAME REG_SZ SMOOTHVISION 2.1
DALRULE_NOCRTTVANDDVIACTIVESIMULTANEOUSLY REG_DWORD 0x1
DALRULE_ENABLEDALFSDOSTOWINDOWSSELECTION REG_DWORD 0x1
GCORULE_DISABLEEXPAT1280WITHCRT REG_DWORD 0x1
DALRULE_DONOTREPORTCUSTOMREFRESHRATE REG_DWORD 0x1
R6LCD_ENABLESSJITTERDISPLAYPATH REG_DWORD 0x1
DALRULE_ENABLEDALRESUMESUPPORT REG_DWORD 0x1
GCORULE_DisableHotKeyIfDDExclusiveMode REG_DWORD 0x1
GCORULE_DisableGPIOPowerSaveMode REG_DWORD 0x1
TVDisableModes REG_DWORD 0x0
DALRULE_LCDSHOWRESOLUTIONCHANGEMESSAGE REG_DWORD 0x0
DALRULE_GETLCDFAKEEDID REG_DWORD 0x0
GCORULE_ENABLERMXFILTER REG_DWORD 0x1
OVShiftOddDown REG_DWORD 0x0
DALRULE_RESTRICT2ACTIVEDISPLAYS REG_DWORD 0x0
DALRULE_POWERPLAYOPTIONCOLORDEPTHREDUCTION REG_DWORD 0x0
R6LCD_FOLLOWLIDSTATE REG_DWORD 0x1
DisableFakeOSDualViewNotify REG_DWORD 0x1
DisableD3DExclusiveModeChange REG_DWORD 0x1
DisableOpenGLExclusiveModeChange REG_DWORD 0x1
TVM6Flag REG_DWORD 0x0
DisableDalValidateChild REG_DWORD 0x1
DALRULE_SETMODEAFTERPOWERSTATECHANGE REG_DWORD 0x1
DALRULE_USEOLDPOWERPLAYINTERFACE REG_DWORD 0x0
DALRULE_USEOLDPOWERPLAYPROPERTYPAGE REG_DWORD 0x0
DALRULE_ENABLESHOWACSLIDER REG_DWORD 0x1
DALRULE_ENABLESHOWDCLOWSLIDER REG_DWORD 0x1
ExtEvent_RestoreLargeDesktopOnResume REG_DWORD 0x1
ExtEvent_EnableAutoDisplayConfig REG_DWORD 0x1
DALRULE_USERDEVICEPROFILEUPDATE REG_DWORD 0x1
ExtEvent_EnableMpAtDocking REG_DWORD 0x1
ExtEvent_SaveProfileBySelected REG_DWORD 0x1
DALRULE_DISABLEPOWERPLAYMESSAGES REG_DWORD 0x1
ApplyRotationDefaultMode REG_DWORD 0x1
GCORULE_PPForceBlankDisplays REG_DWORD 0x1
DXVA_WMV REG_SZ 0
DALRULE_UNRESTRICTSXGAPCRTONOWNCRTC REG_DWORD 0x1
ExtEvent_EnableADCAtUndocking REG_DWORD 0x1
DfpUsePixSlip REG_DWORD 0x1
Device Description REG_SZ ATI MOBILITY RADEON X300
DALRULE_DONTSHOWWADOPTION REG_DWORD 0x1
DXVA_WMV_DEF REG_SZ 0
GCORULE_X1DETECT REG_DWORD 0x1
DALRULE_OTHEREXPANSIONMODEDEFAULT REG_DWORD 0x1
DALRULE_WADSUPPORT REG_DWORD 0x1
GCORULE_WADSUPPORT REG_DWORD 0x1
GCORULE_PowerPlayClearMemBase REG_DWORD 0x1
ExtEvent_EnableADCLogicalMapping REG_DWORD 0x1
DDC2Disabled REG_DWORD 0x0
DisableBlockWrite REG_DWORD 0x1
DisableDMACopy REG_DWORD 0x0
TestEnv REG_DWORD 0x0
TimingSelection REG_DWORD 0x0
VgaCompatible REG_DWORD 0x0
Adaptive De-interlacing REG_DWORD 0x1
VPE Adaptive De-interlacing REG_DWORD 0x1
DisableTimeStampWriteBack REG_DWORD 0x0
DisableTiling REG_DWORD 0x0
ExtEvent_EnableHotPlug REG_DWORD 0x0
ExtEvent_EnableMouseRotation REG_DWORD 0x1
DFPRULE_HotplugSupported REG_DWORD 0x1
DALRULE_NOTVANDCRTONSAMECONTROLLER REG_DWORD 0x1
DALRULE_NOCRTANDLCDONSAMECONTROLLER REG_DWORD 0x0
DALRULE_DISPLAYSRESTRICTMODES REG_DWORD 0x0
VPURecover_NA REG_SZ 1
DisableSmartSave_DEF REG_DWORD 0x1
VPUEnableSubmissionBox_DEF REG_SZ 0
DALRULE_ADDNATIVEMODESTOMODETABLE REG_DWORD 0x1
AutoColorDepthReduction_NA REG_DWORD 0x1
DisableIDCT REG_DWORD 0x0
DALR6 CRT_MaxModeInfo REG_BINARY 0000000040060000B0040000000000003C000000
DisableFullAdapterInit REG_DWORD 0x0
MemInitLatencyTimer REG_DWORD 0x775771bf
GI_DEF REG_SZ 0
DALNonStandardModesBCD1 REG_BINARY 080004800000006010240480000000601024060000000060128006000000006012800768000000601400105000000060
DALRestrictedModesBCD1 REG_BINARY 08000480000000001152086400000000128007680000000012801024000001601600120000000120179213440000000018001440000000001856139200000000
DALRestrictedModesBCD2 REG_BINARY 1920108000000000192012000000000019201440000000002048153600000085
DALOPTION_MaxResBCD REG_BINARY 0000000000000160
DisableDualView REG_DWORD 0x0
DisableDualviewWithHotKey REG_DWORD 0x1
ExtEvent_EnablePolling REG_DWORD 0x1
ExtEvent_BroadcastDispChange REG_DWORD 0x0
ExtEvent_UpdateAdapterInfoOnHK REG_DWORD 0x1
GCORULE_DisableHotKeyIfOverlayAllocated REG_DWORD 0x1
ExtEvent_LCDSetMaxResOnDockChg REG_DWORD 0x1
DALRULE_NOCRTANDDFPONSAMECONTROLLER REG_DWORD 0x1
GCORULE_IntTMDSReduceBlankTiming REG_DWORD 0x1
DisableSWInterrupt REG_DWORD 0x0
ExtEvent_BIOSEventByInterrupt REG_DWORD 0x1
ExtEvent_EnableChgLCDResOnHotKey REG_DWORD 0x0
R6LCD_RETURNALLBIOSMODES REG_DWORD 0x0
ExtEvent_OverDriveSupport REG_DWORD 0x1
Main3D_DEF REG_SZ 3
AntiAlias_DEF REG_SZ 1
AntiAliasSamples_DEF REG_SZ 0
AnisoType_DEF REG_SZ 0
AnisoDegree_DEF REG_SZ 0
TextureOpt_DEF REG_SZ 0
TextureLod_DEF REG_SZ 0
TruformMode_DEF REG_SZ 0
VSyncControl_DEF REG_SZ 1
SwapEffect_DEF REG_SZ 0
TemporalAAMultiplier_DEF REG_SZ 0
ExportCompressedTex_DEF REG_SZ 1
PixelCenter_DEF REG_SZ 0
ForceZBufferDepth_DEF REG_SZ 0
EnableTripleBuffering_DEF REG_SZ 0
ColourDesktopGamma_DEF REG_SZ 1.0 1.0 1.0
ColourDesktopBrightness_DEF REG_SZ 0 0 0
ColourDesktopContrast_DEF REG_SZ 1.0 1.0 1.0
ColourFullscreenGamma_DEF REG_SZ 1.0 1.0 1.0
ColourFullscreenBrightness_DEF REG_SZ 0 0 0
ColourFullscreenContrast_DEF REG_SZ 1.0 1.0 1.0
3D_Refresh_Rate_Override_DEF REG_DWORD 0x0
Display_Detection_DEF REG_DWORD 0x0
Panning_Mode_DEF REG_DWORD 0x0
Mouse_Track_Orientation_DEF REG_DWORD 0x1
Force_TV_Detection_DEF REG_DWORD 0x0
CatalystAI_DEF REG_SZ 1
DisableEnumAllChilds REG_DWORD 0x0
DALRULE_NOFORCEBOOT REG_DWORD 0x0
DALOPTION_MinResBCD REG_BINARY 0000000000000060
CurrentProfile REG_SZ Default
RebootFlags REG_DWORD 0x0
RebootFlagsEx REG_DWORD 0xf0010001
CapabilitiesEx REG_DWORD 0x0
Capabilities REG_DWORD 0x0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\ati2mtag\Device0\ATI WDM Configurations
PnP ID Version REG_SZ 34

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\ati2mtag\Device0\MMLIB
ForceOneField REG_DWORD 0x0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\ati2mtag\Device1
InstalledDisplayDrivers REG_MULTI_SZ ati2dvag\0\0
MultiFunctionSupported REG_DWORD 0x1
GCOOPTION_DisableGPIOPowerSaveMode REG_DWORD 0x1
ReleaseVersion REG_SZ 8.163.1.1.1-060121a-030334C
BuildNumber REG_SZ 30332
drv REG_SZ ati2dvag.dll
DALGameGammaScale REG_DWORD 0x646464
UseNewOGLRegPath REG_DWORD 0x1
DALRULE_DYNAMICFIXEDDISPLAYMODEREPORTING REG_DWORD 0x1
DALRULE_GETVGAEXPANSIONATBOOT REG_DWORD 0x1
DisableHotPlugDFP REG_DWORD 0x1
ExtEvent_EnableAlpsMouseOrientation REG_DWORD 0x0
ExtEvent_SafeEscapeSupport REG_DWORD 0x1
DALRULE_DISABLEPSEUDOLARGEDESKTOP REG_DWORD 0x0
OvlTheaterMode REG_BINARY 00000000
DisableOvlTheaterMode REG_DWORD 0x0
UseVMRPitch REG_DWORD 0x0
DisableMMSnifferCode REG_DWORD 0x0
DisableProgPCILatency REG_DWORD 0x0
DALRULE_GetTVFakeEDID REG_DWORD 0x0
Catalyst_Version REG_SZ 0
DALRULE_REGISTRYACCESS REG_DWORD 0x1
DALRULE_RESTRICTCRTANALOGDETECTIONONEDIDMISMATCH REG_DWORD 0x0
DALRULE_ENABLEDRIVERMODEPRUNNING REG_DWORD 0x0
GCORULE_ENABLETILEDMEMORYCALCULATION REG_DWORD 0x1
DALRULE_MACROVISIONINFOREPORT REG_DWORD 0x0
DALRULE_BANDWIDTHMODEENUM REG_DWORD 0x1
ExtEvent_LCDSetNativeModeOnResume REG_DWORD 0x0
DALRULE_LIMITTMDSMODES REG_DWORD 0x0
DALRULE_RESTRICT640x480MODE REG_DWORD 0x0
DALRULE_RESTRICT8BPPON2NDDRV REG_DWORD 0x0
TVForceDetection REG_DWORD 0x0
DALRULE_DISABLECWDDEDETECTION REG_DWORD 0x0
DALRULE_USECMOSDISPLAYSETTINGS REG_DWORD 0x1
DALRULE_NOCRTANDDFPACTIVESIMULTANEOUSLY REG_DWORD 0x0
DisableTabletPCRotation REG_DWORD 0x1
DALRULE_DISABLEDISPLAYSWITCHINGIFOVERLAYALLOCATED REG_DWORD 0x1
ExtEvent_EnableMultiSessions REG_DWORD 0x1
DALRULE_USEENABLEDATBOOTSCHEME REG_DWORD 0x1
RotationSupportLevel REG_DWORD 0x2
NewRotation REG_SZ 1
UseBT601CSC REG_SZ 1
DALRULE_DYNAMICMODESUPPORT REG_DWORD 0x1
GSettingControl REG_DWORD 0x4
DFPOption_SingleLink REG_DWORD 0x1
DFPXOption_SingleLink REG_DWORD 0x1
DALRULE_ALLOWMONITORRANGELIMITMODESCRT REG_DWORD 0x1
DALRULE_NOTVANDLCDONCRTC REG_DWORD 0x1
WmAgpMaxIdleClk REG_DWORD 0x20
GCORULE_FlickerWA REG_DWORD 0x1
SMOOTHVISION_NAME REG_SZ SMOOTHVISION 2.1
DALRULE_NOCRTTVANDDVIACTIVESIMULTANEOUSLY REG_DWORD 0x1
DALRULE_ENABLEDALFSDOSTOWINDOWSSELECTION REG_DWORD 0x1
GCORULE_DISABLEEXPAT1280WITHCRT REG_DWORD 0x1
DALRULE_DONOTREPORTCUSTOMREFRESHRATE REG_DWORD 0x1
R6LCD_ENABLESSJITTERDISPLAYPATH REG_DWORD 0x1
DALRULE_ENABLEDALRESUMESUPPORT REG_DWORD 0x1
GCORULE_DisableHotKeyIfDDExclusiveMode REG_DWORD 0x1
GCORULE_DisableGPIOPowerSaveMode REG_DWORD 0x1
TVDisableModes REG_DWORD 0x0
DALRULE_LCDSHOWRESOLUTIONCHANGEMESSAGE REG_DWORD 0x0
DALRULE_GETLCDFAKEEDID REG_DWORD 0x0
GCORULE_ENABLERMXFILTER REG_DWORD 0x1
OVShiftOddDown REG_DWORD 0x0
DALRULE_RESTRICT2ACTIVEDISPLAYS REG_DWORD 0x0
DALRULE_POWERPLAYOPTIONCOLORDEPTHREDUCTION REG_DWORD 0x0
R6LCD_FOLLOWLIDSTATE REG_DWORD 0x1
DisableFakeOSDualViewNotify REG_DWORD 0x1
DisableD3DExclusiveModeChange REG_DWORD 0x1
DisableOpenGLExclusiveModeChange REG_DWORD 0x1
TVM6Flag REG_DWORD 0x0
DisableDalValidateChild REG_DWORD 0x1
DALRULE_SETMODEAFTERPOWERSTATECHANGE REG_DWORD 0x1
DALRULE_USEOLDPOWERPLAYINTERFACE REG_DWORD 0x0
DALRULE_USEOLDPOWERPLAYPROPERTYPAGE REG_DWORD 0x0
DALRULE_ENABLESHOWACSLIDER REG_DWORD 0x1
DALRULE_ENABLESHOWDCLOWSLIDER REG_DWORD 0x1
ExtEvent_RestoreLargeDesktopOnResume REG_DWORD 0x1
ExtEvent_EnableAutoDisplayConfig REG_DWORD 0x1
DALRULE_USERDEVICEPROFILEUPDATE REG_DWORD 0x1
ExtEvent_EnableMpAtDocking REG_DWORD 0x1
ExtEvent_SaveProfileBySelected REG_DWORD 0x1
DALRULE_DISABLEPOWERPLAYMESSAGES REG_DWORD 0x1
ApplyRotationDefaultMode REG_DWORD 0x1
GCORULE_PPForceBlankDisplays REG_DWORD 0x1
DXVA_WMV REG_SZ 0
DALRULE_UNRESTRICTSXGAPCRTONOWNCRTC REG_DWORD 0x1
ExtEvent_EnableADCAtUndocking REG_DWORD 0x1
DfpUsePixSlip REG_DWORD 0x1
Device Description REG_SZ ATI MOBILITY RADEON X300
DALRULE_DONTSHOWWADOPTION REG_DWORD 0x1
DXVA_WMV_DEF REG_SZ 0
GCORULE_X1DETECT REG_DWORD 0x1
DALRULE_OTHEREXPANSIONMODEDEFAULT REG_DWORD 0x1
DALRULE_WADSUPPORT REG_DWORD 0x1
GCORULE_WADSUPPORT REG_DWORD 0x1
GCORULE_PowerPlayClearMemBase REG_DWORD 0x1
ExtEvent_EnableADCLogicalMapping REG_DWORD 0x1
DDC2Disabled REG_DWORD 0x0
DisableBlockWrite REG_DWORD 0x1
DisableDMACopy REG_DWORD 0x0
TestEnv REG_DWORD 0x0
TimingSelection REG_DWORD 0x0
VgaCompatible REG_DWORD 0x0
Adaptive De-interlacing REG_DWORD 0x1
VPE Adaptive De-interlacing REG_DWORD 0x1
DisableTimeStampWriteBack REG_DWORD 0x0
DisableTiling REG_DWORD 0x0
ExtEvent_EnableHotPlug REG_DWORD 0x0
ExtEvent_EnableMouseRotation REG_DWORD 0x1
DFPRULE_HotplugSupported REG_DWORD 0x1
DALRULE_NOTVANDCRTONSAMECONTROLLER REG_DWORD 0x1
DALRULE_NOCRTANDLCDONSAMECONTROLLER REG_DWORD 0x0
DALRULE_DISPLAYSRESTRICTMODES REG_DWORD 0x0
VPURecover_NA REG_SZ 1
DisableSmartSave_DEF REG_DWORD 0x1
VPUEnableSubmissionBox_DEF REG_SZ 0
DALRULE_ADDNATIVEMODESTOMODETABLE REG_DWORD 0x1
AutoColorDepthReduction_NA REG_DWORD 0x1
DisableIDCT REG_DWORD 0x0
DALR6 CRT_MaxModeInfo REG_BINARY 0000000040060000B0040000000000003C000000
DisableFullAdapterInit REG_DWORD 0x0
MemInitLatencyTimer REG_DWORD 0x775771bf
GI_DEF REG_SZ 0
DALNonStandardModesBCD1 REG_BINARY 080004800000006010240480000000601024060000000060128006000000006012800768000000601400105000000060
DALRestrictedModesBCD1 REG_BINARY 08000480000000001152086400000000128007680000000012801024000001601600120000000120179213440000000018001440000000001856139200000000
DALRestrictedModesBCD2 REG_BINARY 1920108000000000192012000000000019201440000000002048153600000085
DALOPTION_MaxResBCD REG_BINARY 0000000000000160
DisableDualView REG_DWORD 0x0
DisableDualviewWithHotKey REG_DWORD 0x1
ExtEvent_EnablePolling REG_DWORD 0x1
ExtEvent_BroadcastDispChange REG_DWORD 0x0
ExtEvent_UpdateAdapterInfoOnHK REG_DWORD 0x1
GCORULE_DisableHotKeyIfOverlayAllocated REG_DWORD 0x1
ExtEvent_LCDSetMaxResOnDockChg REG_DWORD 0x1
DALRULE_NOCRTANDDFPONSAMECONTROLLER REG_DWORD 0x1
GCORULE_IntTMDSReduceBlankTiming REG_DWORD 0x1
DisableSWInterrupt REG_DWORD 0x0
ExtEvent_BIOSEventByInterrupt REG_DWORD 0x1
ExtEvent_EnableChgLCDResOnHotKey REG_DWORD 0x0
R6LCD_RETURNALLBIOSMODES REG_DWORD 0x0
ExtEvent_OverDriveSupport REG_DWORD 0x1
Main3D_DEF REG_SZ 3
AntiAlias_DEF REG_SZ 1
AntiAliasSamples_DEF REG_SZ 0
AnisoType_DEF REG_SZ 0
AnisoDegree_DEF REG_SZ 0
TextureOpt_DEF REG_SZ 0
TextureLod_DEF REG_SZ 0
TruformMode_DEF REG_SZ 0
VSyncControl_DEF REG_SZ 1
SwapEffect_DEF REG_SZ 0
TemporalAAMultiplier_DEF REG_SZ 0
ExportCompressedTex_DEF REG_SZ 1
PixelCenter_DEF REG_SZ 0
ForceZBufferDepth_DEF REG_SZ 0
EnableTripleBuffering_DEF REG_SZ 0
ColourDesktopGamma_DEF REG_SZ 1.0 1.0 1.0
ColourDesktopBrightness_DEF REG_SZ 0 0 0
ColourDesktopContrast_DEF REG_SZ 1.0 1.0 1.0
ColourFullscreenGamma_DEF REG_SZ 1.0 1.0 1.0
ColourFullscreenBrightness_DEF REG_SZ 0 0 0
ColourFullscreenContrast_DEF REG_SZ 1.0 1.0 1.0
3D_Refresh_Rate_Override_DEF REG_DWORD 0x0
Display_Detection_DEF REG_DWORD 0x0
Panning_Mode_DEF REG_DWORD 0x0
Mouse_Track_Orientation_DEF REG_DWORD 0x1
Force_TV_Detection_DEF REG_DWORD 0x0
CatalystAI_DEF REG_SZ 1
DisableEnumAllChilds REG_DWORD 0x0
DALRULE_NOFORCEBOOT REG_DWORD 0x0
DALOPTION_MinResBCD REG_BINARY 0000000000000060
CurrentProfile REG_SZ Default
RebootFlags REG_DWORD 0x0
RebootFlagsEx REG_DWORD 0xf0010001
CapabilitiesEx REG_DWORD 0x0
Capabilities REG_DWORD 0x0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\ati2mtag\Device1\ATI WDM Configurations
PnP ID Version REG_SZ 34

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\ati2mtag\Device1\MMLIB
ForceOneField REG_DWORD 0x0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\ati2mtag\Device2
InstalledDisplayDrivers REG_MULTI_SZ ati2dvag\0\0
MultiFunctionSupported REG_DWORD 0x1
GCOOPTION_DisableGPIOPowerSaveMode REG_DWORD 0x1
ReleaseVersion REG_SZ 8.163.1.1.1-060121a-030334C
BuildNumber REG_SZ 30332
drv REG_SZ ati2dvag.dll
DALGameGammaScale REG_DWORD 0x646464
UseNewOGLRegPath REG_DWORD 0x1
DALRULE_DYNAMICFIXEDDISPLAYMODEREPORTING REG_DWORD 0x1
DALRULE_GETVGAEXPANSIONATBOOT REG_DWORD 0x1
DisableHotPlugDFP REG_DWORD 0x1
ExtEvent_EnableAlpsMouseOrientation REG_DWORD 0x0
ExtEvent_SafeEscapeSupport REG_DWORD 0x1
DALRULE_DISABLEPSEUDOLARGEDESKTOP REG_DWORD 0x0
OvlTheaterMode REG_BINARY 00000000
DisableOvlTheaterMode REG_DWORD 0x0
UseVMRPitch REG_DWORD 0x0
DisableMMSnifferCode REG_DWORD 0x0
DisableProgPCILatency REG_DWORD 0x0
DALRULE_GetTVFakeEDID REG_DWORD 0x0
Catalyst_Version REG_SZ 0
DALRULE_REGISTRYACCESS REG_DWORD 0x1
DALRULE_RESTRICTCRTANALOGDETECTIONONEDIDMISMATCH REG_DWORD 0x0
DALRULE_ENABLEDRIVERMODEPRUNNING REG_DWORD 0x0
GCORULE_ENABLETILEDMEMORYCALCULATION REG_DWORD 0x1
DALRULE_MACROVISIONINFOREPORT REG_DWORD 0x0
DALRULE_BANDWIDTHMODEENUM REG_DWORD 0x1
ExtEvent_LCDSetNativeModeOnResume REG_DWORD 0x0
DALRULE_LIMITTMDSMODES REG_DWORD 0x0
DALRULE_RESTRICT640x480MODE REG_DWORD 0x0
DALRULE_RESTRICT8BPPON2NDDRV REG_DWORD 0x0
TVForceDetection REG_DWORD 0x0
DALRULE_DISABLECWDDEDETECTION REG_DWORD 0x0
DALRULE_USECMOSDISPLAYSETTINGS REG_DWORD 0x1
DALRULE_NOCRTANDDFPACTIVESIMULTANEOUSLY REG_DWORD 0x0
DisableTabletPCRotation REG_DWORD 0x1
DALRULE_DISABLEDISPLAYSWITCHINGIFOVERLAYALLOCATED REG_DWORD 0x1
ExtEvent_EnableMultiSessions REG_DWORD 0x1
DALRULE_USEENABLEDATBOOTSCHEME REG_DWORD 0x1
RotationSupportLevel REG_DWORD 0x2
NewRotation REG_SZ 1
UseBT601CSC REG_SZ 1
DALRULE_DYNAMICMODESUPPORT REG_DWORD 0x1
GSettingControl REG_DWORD 0x4
DFPOption_SingleLink REG_DWORD 0x1
DFPXOption_SingleLink REG_DWORD 0x1
DALRULE_ALLOWMONITORRANGELIMITMODESCRT REG_DWORD 0x1
DALRULE_NOTVANDLCDONCRTC REG_DWORD 0x1
WmAgpMaxIdleClk REG_DWORD 0x20
GCORULE_FlickerWA REG_DWORD 0x1
SMOOTHVISION_NAME REG_SZ SMOOTHVISION 2.1
DALRULE_NOCRTTVANDDVIACTIVESIMULTANEOUSLY REG_DWORD 0x1
DALRULE_ENABLEDALFSDOSTOWINDOWSSELECTION REG_DWORD 0x1
GCORULE_DISABLEEXPAT1280WITHCRT REG_DWORD 0x1
DALRULE_DONOTREPORTCUSTOMREFRESHRATE REG_DWORD 0x1
R6LCD_ENABLESSJITTERDISPLAYPATH REG_DWORD 0x1
DALRULE_ENABLEDALRESUMESUPPORT REG_DWORD 0x1
GCORULE_DisableHotKeyIfDDExclusiveMode REG_DWORD 0x1
GCORULE_DisableGPIOPowerSaveMode REG_DWORD 0x1
TVDisableModes REG_DWORD 0x0
DALRULE_LCDSHOWRESOLUTIONCHANGEMESSAGE REG_DWORD 0x0
DALRULE_GETLCDFAKEEDID REG_DWORD 0x0
GCORULE_ENABLERMXFILTER REG_DWORD 0x1
OVShiftOddDown REG_DWORD 0x0
DALRULE_RESTRICT2ACTIVEDISPLAYS REG_DWORD 0x0
DALRULE_POWERPLAYOPTIONCOLORDEPTHREDUCTION REG_DWORD 0x0
R6LCD_FOLLOWLIDSTATE REG_DWORD 0x1
DisableFakeOSDualViewNotify REG_DWORD 0x1
DisableD3DExclusiveModeChange REG_DWORD 0x1
DisableOpenGLExclusiveModeChange REG_DWORD 0x1
TVM6Flag REG_DWORD 0x0
DisableDalValidateChild REG_DWORD 0x1
DALRULE_SETMODEAFTERPOWERSTATECHANGE REG_DWORD 0x1
DALRULE_USEOLDPOWERPLAYINTERFACE REG_DWORD 0x0
DALRULE_USEOLDPOWERPLAYPROPERTYPAGE REG_DWORD 0x0
DALRULE_ENABLESHOWACSLIDER REG_DWORD 0x1
DALRULE_ENABLESHOWDCLOWSLIDER REG_DWORD 0x1
ExtEvent_RestoreLargeDesktopOnResume REG_DWORD 0x1
ExtEvent_EnableAutoDisplayConfig REG_DWORD 0x1
DALRULE_USERDEVICEPROFILEUPDATE REG_DWORD 0x1
ExtEvent_EnableMpAtDocking REG_DWORD 0x1
ExtEvent_SaveProfileBySelected REG_DWORD 0x1
DALRULE_DISABLEPOWERPLAYMESSAGES REG_DWORD 0x1
ApplyRotationDefaultMode REG_DWORD 0x1
GCORULE_PPForceBlankDisplays REG_DWORD 0x1
DXVA_WMV REG_SZ 0
DALRULE_UNRESTRICTSXGAPCRTONOWNCRTC REG_DWORD 0x1
ExtEvent_EnableADCAtUndocking REG_DWORD 0x1
DfpUsePixSlip REG_DWORD 0x1
Device Description REG_SZ ATI MOBILITY RADEON X300
DALRULE_DONTSHOWWADOPTION REG_DWORD 0x1
DXVA_WMV_DEF REG_SZ 0
GCORULE_X1DETECT REG_DWORD 0x1
DALRULE_OTHEREXPANSIONMODEDEFAULT REG_DWORD 0x1
DALRULE_WADSUPPORT REG_DWORD 0x1
GCORULE_WADSUPPORT REG_DWORD 0x1
GCORULE_PowerPlayClearMemBase REG_DWORD 0x1
ExtEvent_EnableADCLogicalMapping REG_DWORD 0x1
DDC2Disabled REG_DWORD 0x0
DisableBlockWrite REG_DWORD 0x1
DisableDMACopy REG_DWORD 0x0
TestEnv REG_DWORD 0x0
TimingSelection REG_DWORD 0x0
VgaCompatible REG_DWORD 0x0
Adaptive De-interlacing REG_DWORD 0x1
VPE Adaptive De-interlacing REG_DWORD 0x1
DisableTimeStampWriteBack REG_DWORD 0x0
DisableTiling REG_DWORD 0x0
ExtEvent_EnableHotPlug REG_DWORD 0x0
ExtEvent_EnableMouseRotation REG_DWORD 0x1
DFPRULE_HotplugSupported REG_DWORD 0x1
DALRULE_NOTVANDCRTONSAMECONTROLLER REG_DWORD 0x1
DALRULE_NOCRTANDLCDONSAMECONTROLLER REG_DWORD 0x0
DALRULE_DISPLAYSRESTRICTMODES REG_DWORD 0x0
VPURecover_NA REG_SZ 1
DisableSmartSave_DEF REG_DWORD 0x1
VPUEnableSubmissionBox_DEF REG_SZ 0
DALRULE_ADDNATIVEMODESTOMODETABLE REG_DWORD 0x1
AutoColorDepthReduction_NA REG_DWORD 0x1
DisableIDCT REG_DWORD 0x0
DALR6 CRT_MaxModeInfo REG_BINARY 0000000040060000B0040000000000003C000000
DisableFullAdapterInit REG_DWORD 0x0
MemInitLatencyTimer REG_DWORD 0x775771bf
GI_DEF REG_SZ 0
DALNonStandardModesBCD1 REG_BINARY 080004800000006010240480000000601024060000000060128006000000006012800768000000601400105000000060
DALRestrictedModesBCD1 REG_BINARY 08000480000000001152086400000000128007680000000012801024000001601600120000000120179213440000000018001440000000001856139200000000
DALRestrictedModesBCD2 REG_BINARY 1920108000000000192012000000000019201440000000002048153600000085
DALOPTION_MaxResBCD REG_BINARY 0000000000000160
DisableDualView REG_DWORD 0x0
DisableDualviewWithHotKey REG_DWORD 0x1
ExtEvent_EnablePolling REG_DWORD 0x1
ExtEvent_BroadcastDispChange REG_DWORD 0x0
ExtEvent_UpdateAdapterInfoOnHK REG_DWORD 0x1
GCORULE_DisableHotKeyIfOverlayAllocated REG_DWORD 0x1
ExtEvent_LCDSetMaxResOnDockChg REG_DWORD 0x1
DALRULE_NOCRTANDDFPONSAMECONTROLLER REG_DWORD 0x1
GCORULE_IntTMDSReduceBlankTiming REG_DWORD 0x1
DisableSWInterrupt REG_DWORD 0x0
ExtEvent_BIOSEventByInterrupt REG_DWORD 0x1
ExtEvent_EnableChgLCDResOnHotKey REG_DWORD 0x0
R6LCD_RETURNALLBIOSMODES REG_DWORD 0x0
ExtEvent_OverDriveSupport REG_DWORD 0x1
Main3D_DEF REG_SZ 3
AntiAlias_DEF REG_SZ 1
AntiAliasSamples_DEF REG_SZ 0
AnisoType_DEF REG_SZ 0
AnisoDegree_DEF REG_SZ 0
TextureOpt_DEF REG_SZ 0
TextureLod_DEF REG_SZ 0
TruformMode_DEF REG_SZ 0
VSyncControl_DEF REG_SZ 1
SwapEffect_DEF REG_SZ 0
TemporalAAMultiplier_DEF REG_SZ 0
ExportCompressedTex_DEF REG_SZ 1
PixelCenter_DEF REG_SZ 0
ForceZBufferDepth_DEF REG_SZ 0
EnableTripleBuffering_DEF REG_SZ 0
ColourDesktopGamma_DEF REG_SZ 1.0 1.0 1.0
ColourDesktopBrightness_DEF REG_SZ 0 0 0
ColourDesktopContrast_DEF REG_SZ 1.0 1.0 1.0
ColourFullscreenGamma_DEF REG_SZ 1.0 1.0 1.0
ColourFullscreenBrightness_DEF REG_SZ 0 0 0
ColourFullscreenContrast_DEF REG_SZ 1.0 1.0 1.0
3D_Refresh_Rate_Override_DEF REG_DWORD 0x0
Display_Detection_DEF REG_DWORD 0x0
Panning_Mode_DEF REG_DWORD 0x0
Mouse_Track_Orientation_DEF REG_DWORD 0x1
Force_TV_Detection_DEF REG_DWORD 0x0
CatalystAI_DEF REG_SZ 1
DisableEnumAllChilds REG_DWORD 0x0
DALRULE_NOFORCEBOOT REG_DWORD 0x0
DALOPTION_MinResBCD REG_BINARY 0000000000000060
CurrentProfile REG_SZ Default
RebootFlags REG_DWORD 0x0
RebootFlagsEx REG_DWORD 0xf0010001
CapabilitiesEx REG_DWORD 0x0
Capabilities REG_DWORD 0x0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\ati2mtag\Device2\ATI WDM Configurations
PnP ID Version REG_SZ 34

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\ati2mtag\Device2\MMLIB
ForceOneField REG_DWORD 0x0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\ati2mtag\Device3
InstalledDisplayDrivers REG_MULTI_SZ ati2dvag\0\0
MultiFunctionSupported REG_DWORD 0x1
GCOOPTION_DisableGPIOPowerSaveMode REG_DWORD 0x1
ReleaseVersion REG_SZ 8.163.1.1.1-060121a-030334C
BuildNumber REG_SZ 30332
drv REG_SZ ati2dvag.dll
DALGameGammaScale REG_DWORD 0x646464
UseNewOGLRegPath REG_DWORD 0x1
DALRULE_DYNAMICFIXEDDISPLAYMODEREPORTING REG_DWORD 0x1
DALRULE_GETVGAEXPANSIONATBOOT REG_DWORD 0x1
DisableHotPlugDFP REG_DWORD 0x1
ExtEvent_EnableAlpsMouseOrientation REG_DWORD 0x0
ExtEvent_SafeEscapeSupport REG_DWORD 0x1
DALRULE_DISABLEPSEUDOLARGEDESKTOP REG_DWORD 0x0
OvlTheaterMode REG_BINARY 00000000
DisableOvlTheaterMode REG_DWORD 0x0
UseVMRPitch REG_DWORD 0x0
DisableMMSnifferCode REG_DWORD 0x0
DisableProgPCILatency REG_DWORD 0x0
DALRULE_GetTVFakeEDID REG_DWORD 0x0
Catalyst_Version REG_SZ 0
DALRULE_REGISTRYACCESS REG_DWORD 0x1
DALRULE_RESTRICTCRTANALOGDETECTIONONEDIDMISMATCH REG_DWORD 0x0
DALRULE_ENABLEDRIVERMODEPRUNNING REG_DWORD 0x0
GCORULE_ENABLETILEDMEMORYCALCULATION REG_DWORD 0x1
DALRULE_MACROVISIONINFOREPORT REG_DWORD 0x0
DALRULE_BANDWIDTHMODEENUM REG_DWORD 0x1
ExtEvent_LCDSetNativeModeOnResume REG_DWORD 0x0
DALRULE_LIMITTMDSMODES REG_DWORD 0x0
DALRULE_RESTRICT640x480MODE REG_DWORD 0x0
DALRULE_RESTRICT8BPPON2NDDRV REG_DWORD 0x0
TVForceDetection REG_DWORD 0x0
DALRULE_DISABLECWDDEDETECTION REG_DWORD 0x0
DALRULE_USECMOSDISPLAYSETTINGS REG_DWORD 0x1
DALRULE_NOCRTANDDFPACTIVESIMULTANEOUSLY REG_DWORD 0x0
DisableTabletPCRotation REG_DWORD 0x1
DALRULE_DISABLEDISPLAYSWITCHINGIFOVERLAYALLOCATED REG_DWORD 0x1
ExtEvent_EnableMultiSessions REG_DWORD 0x1
DALRULE_USEENABLEDATBOOTSCHEME REG_DWORD 0x1
RotationSupportLevel REG_DWORD 0x2
NewRotation REG_SZ 1
UseBT601CSC REG_SZ 1
DALRULE_DYNAMICMODESUPPORT REG_DWORD 0x1
GSettingControl REG_DWORD 0x4
DFPOption_SingleLink REG_DWORD 0x1
DFPXOption_SingleLink REG_DWORD 0x1
DALRULE_ALLOWMONITORRANGELIMITMODESCRT REG_DWORD 0x1
DALRULE_NOTVANDLCDONCRTC REG_DWORD 0x1
WmAgpMaxIdleClk REG_DWORD 0x20
GCORULE_FlickerWA REG_DWORD 0x1
SMOOTHVISION_NAME REG_SZ SMOOTHVISION 2.1
DALRULE_NOCRTTVANDDVIACTIVESIMULTANEOUSLY REG_DWORD 0x1
DALRULE_ENABLEDALFSDOSTOWINDOWSSELECTION REG_DWORD 0x1
GCORULE_DISABLEEXPAT1280WITHCRT REG_DWORD 0x1
DALRULE_DONOTREPORTCUSTOMREFRESHRATE REG_DWORD 0x1
R6LCD_ENABLESSJITTERDISPLAYPATH REG_DWORD 0x1
DALRULE_ENABLEDALRESUMESUPPORT REG_DWORD 0x1
GCORULE_DisableHotKeyIfDDExclusiveMode REG_DWORD 0x1
GCORULE_DisableGPIOPowerSaveMode REG_DWORD 0x1
TVDisableModes REG_DWORD 0x0
DALRULE_LCDSHOWRESOLUTIONCHANGEMESSAGE REG_DWORD 0x0
DALRULE_GETLCDFAKEEDID REG_DWORD 0x0
GCORULE_ENABLERMXFILTER REG_DWORD 0x1
OVShiftOddDown REG_DWORD 0x0
DALRULE_RESTRICT2ACTIVEDISPLAYS REG_DWORD 0x0
DALRULE_POWERPLAYOPTIONCOLORDEPTHREDUCTION REG_DWORD 0x0
R6LCD_FOLLOWLIDSTATE REG_DWORD 0x1
DisableFakeOSDualViewNotify REG_DWORD 0x1
DisableD3DExclusiveModeChange REG_DWORD 0x1
DisableOpenGLExclusiveModeChange REG_DWORD 0x1
TVM6Flag REG_DWORD 0x0
DisableDalValidateChild REG_DWORD 0x1
DALRULE_SETMODEAFTERPOWERSTATECHANGE REG_DWORD 0x1
DALRULE_USEOLDPOWERPLAYINTERFACE REG_DWORD 0x0
DALRULE_USEOLDPOWERPLAYPROPERTYPAGE REG_DWORD 0x0
DALRULE_ENABLESHOWACSLIDER REG_DWORD 0x1
DALRULE_ENABLESHOWDCLOWSLIDER REG_DWORD 0x1
ExtEvent_RestoreLargeDesktopOnResume REG_DWORD 0x1
ExtEvent_EnableAutoDisplayConfig REG_DWORD 0x1
DALRULE_USERDEVICEPROFILEUPDATE REG_DWORD 0x1
ExtEvent_EnableMpAtDocking REG_DWORD 0x1
ExtEvent_SaveProfileBySelected REG_DWORD 0x1
DALRULE_DISABLEPOWERPLAYMESSAGES REG_DWORD 0x1
ApplyRotationDefaultMode REG_DWORD 0x1
GCORULE_PPForceBlankDisplays REG_DWORD 0x1
DXVA_WMV REG_SZ 0
DALRULE_UNRESTRICTSXGAPCRTONOWNCRTC REG_DWORD 0x1
ExtEvent_EnableADCAtUndocking REG_DWORD 0x1
DfpUsePixSlip REG_DWORD 0x1
Device Description REG_SZ ATI MOBILITY RADEON X300
DALRULE_DONTSHOWWADOPTION REG_DWORD 0x1
DXVA_WMV_DEF REG_SZ 0
GCORULE_X1DETECT REG_DWORD 0x1
DALRULE_OTHEREXPANSIONMODEDEFAULT REG_DWORD 0x1
DALRULE_WADSUPPORT REG_DWORD 0x1
GCORULE_WADSUPPORT REG_DWORD 0x1
GCORULE_PowerPlayClearMemBase REG_DWORD 0x1
ExtEvent_EnableADCLogicalMapping REG_DWORD 0x1
DDC2Disabled REG_DWORD 0x0
DisableBlockWrite REG_DWORD 0x1
DisableDMACopy REG_DWORD 0x0
TestEnv REG_DWORD 0x0
TimingSelection REG_DWORD 0x0
VgaCompatible REG_DWORD 0x0
Adaptive De-interlacing REG_DWORD 0x1
VPE Adaptive De-interlacing REG_DWORD 0x1
DisableTimeStampWriteBack REG_DWORD 0x0
DisableTiling REG_DWORD 0x0
ExtEvent_EnableHotPlug REG_DWORD 0x0
ExtEvent_EnableMouseRotation REG_DWORD 0x1
DFPRULE_HotplugSupported REG_DWORD 0x1
DALRULE_NOTVANDCRTONSAMECONTROLLER REG_DWORD 0x1
DALRULE_NOCRTANDLCDONSAMECONTROLLER REG_DWORD 0x0
DALRULE_DISPLAYSRESTRICTMODES REG_DWORD 0x0
VPURecover_NA REG_SZ 1
DisableSmartSave_DEF REG_DWORD 0x1
VPUEnableSubmissionBox_DEF REG_SZ 0
DALRULE_ADDNATIVEMODESTOMODETABLE REG_DWORD 0x1
AutoColorDepthReduction_NA REG_DWORD 0x1
DisableIDCT REG_DWORD 0x0
DALR6 CRT_MaxModeInfo REG_BINARY 0000000040060000B0040000000000003C000000
DisableFullAdapterInit REG_DWORD 0x0
MemInitLatencyTimer REG_DWORD 0x775771bf
GI_DEF REG_SZ 0
DALNonStandardModesBCD1 REG_BINARY 080004800000006010240480000000601024060000000060128006000000006012800768000000601400105000000060
DALRestrictedModesBCD1 REG_BINARY 08000480000000001152086400000000128007680000000012801024000001601600120000000120179213440000000018001440000000001856139200000000
DALRestrictedModesBCD2 REG_BINARY 1920108000000000192012000000000019201440000000002048153600000085
DALOPTION_MaxResBCD REG_BINARY 0000000000000160
DisableDualView REG_DWORD 0x0
DisableDualviewWithHotKey REG_DWORD 0x1
ExtEvent_EnablePolling REG_DWORD 0x1
ExtEvent_BroadcastDispChange REG_DWORD 0x0
ExtEvent_UpdateAdapterInfoOnHK REG_DWORD 0x1
GCORULE_DisableHotKeyIfOverlayAllocated REG_DWORD 0x1
ExtEvent_LCDSetMaxResOnDockChg REG_DWORD 0x1
DALRULE_NOCRTANDDFPONSAMECONTROLLER REG_DWORD 0x1
GCORULE_IntTMDSReduceBlankTiming REG_DWORD 0x1
DisableSWInterrupt REG_DWORD 0x0
ExtEvent_BIOSEventByInterrupt REG_DWORD 0x1
ExtEvent_EnableChgLCDResOnHotKey REG_DWORD 0x0
R6LCD_RETURNALLBIOSMODES REG_DWORD 0x0
ExtEvent_OverDriveSupport REG_DWORD 0x1
Main3D_DEF REG_SZ 3
AntiAlias_DEF REG_SZ 1
AntiAliasSamples_DEF REG_SZ 0
AnisoType_DEF REG_SZ 0
AnisoDegree_DEF REG_SZ 0
TextureOpt_DEF REG_SZ 0
TextureLod_DEF REG_SZ 0
TruformMode_DEF REG_SZ 0
VSyncControl_DEF REG_SZ 1
SwapEffect_DEF REG_SZ 0
TemporalAAMultiplier_DEF REG_SZ 0
ExportCompressedTex_DEF REG_SZ 1
PixelCenter_DEF REG_SZ 0
ForceZBufferDepth_DEF REG_SZ 0
EnableTripleBuffering_DEF REG_SZ 0
ColourDesktopGamma_DEF REG_SZ 1.0 1.0 1.0
ColourDesktopBrightness_DEF REG_SZ 0 0 0
ColourDesktopContrast_DEF REG_SZ 1.0 1.0 1.0
ColourFullscreenGamma_DEF REG_SZ 1.0 1.0 1.0
ColourFullscreenBrightness_DEF REG_SZ 0 0 0
ColourFullscreenContrast_DEF REG_SZ 1.0 1.0 1.0
3D_Refresh_Rate_Override_DEF REG_DWORD 0x0
Display_Detection_DEF REG_DWORD 0x0
Panning_Mode_DEF REG_DWORD 0x0
Mouse_Track_Orientation_DEF REG_DWORD 0x1
Force_TV_Detection_DEF REG_DWORD 0x0
CatalystAI_DEF REG_SZ 1
DisableEnumAllChilds REG_DWORD 0x0
DALRULE_NOFORCEBOOT REG_DWORD 0x0
DALOPTION_MinResBCD REG_BINARY 0000000000000060
CurrentProfile REG_SZ Default
RebootFlags REG_DWORD 0x0
RebootFlagsEx REG_DWORD 0xf0010001
CapabilitiesEx REG_DWORD 0x0
Capabilities REG_DWORD 0x0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\ati2mtag\Device3\ATI WDM Configurations
PnP ID Version REG_SZ 34

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\ati2mtag\Device3\MMLIB
ForceOneField REG_DWORD 0x0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\ati2mtag\Security
Security REG_BINARY 01001480900000009C000000140000003000000002001C000100000002801400FF010F00010100000000000100000000020060000400000000001400FD01020001010000000000051200000000001800FF010F0001020000000000052000000020020000000014008D01020001010000000000050B00000000001800FD01020001020000000000052000000023020000010100000000000512000000010100000000000512000000

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\ati2mtag\Video
Service REG_SZ ati2mtag

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\ati2mtag\Enum
0 REG_SZ PCI\VEN_1002&DEV_5460&SUBSYS_056E1014&REV_00\4&266c3fa7&0&0008
Count REG_DWORD 0x1
NextInstance REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Atierecord
eRecordEnable REG_DWORD 0x1
eRecordEnablePopups REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Atmarpc
Type REG_DWORD 0x1
Start REG_DWORD 0x3
ErrorControl REG_DWORD 0x1
Tag REG_DWORD 0xc
ImagePath REG_EXPAND_SZ system32\DRIVERS\atmarpc.sys
DisplayName REG_SZ ATM ARP Client Protocol
Group REG_SZ NDIS
DependOnService REG_MULTI_SZ Tcpip\0\0
DependOnGroup REG_MULTI_SZ \0
Description REG_SZ ATM ARP Client Protocol

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Atmarpc\Security
Security REG_BINARY 01001480900000009C000000140000003000000002001C000100000002801400FF010F00010100000000000100000000020060000400000000001400FD01020001010000000000051200000000001800FF010F0001020000000000052000000020020000000014008D01020001010000000000050B00000000001800FD01020001020000000000052000000023020000010100000000000512000000010100000000000512000000

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\AudioSrv
DependOnService REG_MULTI_SZ PlugPlay\0RpcSs\0\0
Description REG_SZ Manages audio devices for Windows-based programs. If this service is stopped, audio devices and effects will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
DisplayName REG_SZ Windows Audio
ErrorControl REG_DWORD 0x1
Group REG_SZ AudioGroup
ImagePath REG_EXPAND_SZ %SystemRoot%\System32\svchost.exe -k netsvcs
ObjectName REG_SZ LocalSystem
Start REG_DWORD 0x2
Type REG_DWORD 0x20

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\AudioSrv\Parameters
ServiceDll REG_EXPAND_SZ %SystemRoot%\System32\audiosrv.dll
ServiceDllUnloadOnStop REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\AudioSrv\Enum
0 REG_SZ Root\LEGACY_AUDIOSRV\0000
Count REG_DWORD 0x1
NextInstance REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\audstub
Type REG_DWORD 0x1
Start REG_DWORD 0x3
ErrorControl REG_DWORD 0x1
ImagePath REG_EXPAND_SZ system32\DRIVERS\audstub.sys
DisplayName REG_SZ Audio Stub Driver

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\audstub\Security
Security REG_BINARY 01001480900000009C000000140000003000000002001C000100000002801400FF010F00010100000000000100000000020060000400000000001400FD01020001010000000000051200000000001800FF010F0001020000000000052000000020020000000014008D01020001010000000000050B00000000001800FD01020001020000000000052000000023020000010100000000000512000000010100000000000512000000

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\audstub\Enum
0 REG_SZ Root\MEDIA\MS_MMACM
Count REG_DWORD 0x5
NextInstance REG_DWORD 0x5
1 REG_SZ Root\MEDIA\MS_MMDRV
2 REG_SZ Root\MEDIA\MS_MMMCI
3 REG_SZ Root\MEDIA\MS_MMVCD
4 REG_SZ Root\MEDIA\MS_MMVID

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\avast! Antivirus
Type REG_DWORD 0x20
Start REG_DWORD 0x2
ErrorControl REG_DWORD 0x1
ImagePath REG_EXPAND_SZ "C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
DisplayName REG_SZ avast! Antivirus
Group REG_SZ ShellSvcGroup
DependOnService REG_MULTI_SZ aswMon2\0RpcSS\0\0
DependOnGroup REG_MULTI_SZ \0
ObjectName REG_SZ LocalSystem
ServiceSidType REG_DWORD 0x1
Description REG_SZ Manages and implements avast! antivirus services for this computer. This includes the resident protection, the virus chest and the scheduler.
FailureActions REG_BINARY 100E000000000000000000000300000077004D00010000008813000001000000881300000000000088130000

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\avast! Antivirus\Security
Security REG_BINARY 01001480900000009C000000140000003000000002001C000100000002801400FF010F00010100000000000100000000020060000400000000001400FD01020001010000000000051200000000001800FF010F0001020000000000052000000020020000000014008D01020001010000000000050B00000000001800FD01020001020000000000052000000023020000010100000000000512000000010100000000000512000000

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\avast! Antivirus\Enum
0 REG_SZ Root\LEGACY_AVAST!_ANTIVIRUS\0000
Count REG_DWORD 0x1
NextInstance REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\avgio
Type REG_DWORD 0x1
Start REG_DWORD 0x1
ErrorControl REG_DWORD 0x1
ImagePath REG_EXPAND_SZ \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys
DisplayName REG_SZ avgio
DependOnService REG_MULTI_SZ FltMgr\0\0
DependOnGroup REG_MULTI_SZ \0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\avgio\Security
Security REG_BINARY 01001480900000009C000000140000003000000002001C000100000002801400FF010F00010100000000000100000000020060000400000000001400FD01020001010000000000051200000000001800FF010F0001020000000000052000000020020000000014008D01020001010000000000050B00000000001800FD01020001020000000000052000000023020000010100000000000512000000010100000000000512000000

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\avgio\Enum
0 REG_SZ Root\LEGACY_AVGIO\0000
Count REG_DWORD 0x1
NextInstance REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\avgntflt
Type REG_DWORD 0x2
Start REG_DWORD 0x2
ErrorControl REG_DWORD 0x1
Tag REG_DWORD 0x5
ImagePath REG_EXPAND_SZ system32\DRIVERS\avgntflt.sys
DisplayName REG_SZ avgntflt
Group REG_SZ FSFilter Anti-Virus
DependOnService REG_MULTI_SZ FltMgr\0\0
DependOnGroup REG_MULTI_SZ \0
Description REG_SZ Avira files mini-filter driver

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\avgntflt\Instances
DefaultInstance REG_SZ avgntflt

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\avgntflt\Instances\avgntflt
Altitude REG_SZ 320500
Flags REG_DWORD 0x0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\avgntflt\Security
Security REG_BINARY 01001480900000009C000000140000003000000002001C000100000002801400FF010F00010100000000000100000000020060000400000000001400FD01020001010000000000051200000000001800FF010F0001020000000000052000000020020000000014008D01020001010000000000050B00000000001800FD01020001020000000000052000000023020000010100000000000512000000010100000000000512000000

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\avgntflt\Enum
0 REG_SZ Root\LEGACY_AVGNTFLT\0000
Count REG_DWORD 0x1
NextInstance REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\avipbb
Type REG_DWORD 0x1
Start REG_DWORD 0x1
ErrorControl REG_DWORD 0x1
ImagePath REG_EXPAND_SZ system32\DRIVERS\avipbb.sys
DisplayName REG_SZ avipbb
Description REG_SZ Avira's Driver for RootKit Detection
DebugFlags REG_SZ 0
AviraRegAcl REG_BINARY E72DA19FB670CCBC63F4DFDB3480E71BB98D8B5E2BAA5FE2C5C9166EE909907B8E4C2098A3CF22B62D5BE8F5B167DB38308499BB38A272473BE1C753F1244F70B6A7158E5B3308CDE93FED107F5CAA93477A261F16B9EC2B03FB7F47DA7E4F6580091EA3481508E5C730E067094EFBF1788B09FC04CCA317374EBC34EBD7587118E27BB287FC22339719ECBCA7556BC64E96F2E01417D7FCE19FA5387FA98C78E2C24CF8C5DD2B80DE198989BE5803A26CD80ABD1460E9F8FF689C372D81DFB6349B143E43D6C646A7151C5FF3945079341C63B4B7240BF26E3C9A713F5682F74B8F3DFE71CCCE15184A8F2EDBCF646755D623A4DAEC6521F905EDA6E03D35AC9279B2C11CF5C7D85879DD10DE7EE34B3E93AAC623A9744A32E0FD4EC51B606391966A794E1A0AB03D1E29EA4832D96540488DE74B7D04EA6BB698FC362F8F11C8B0A5454FB2AC7DBEC369F5C2D61C75F60A93769A416C87B9B86D99553868CCBB3826034B49E87A5E5BAAF87B8C0DF76BC18F0636379817DEB4A0475CB2BA7BDEBF66EFD1CE056BE3FDBA67DC302074BAA31D82491F3BB10F1B2EE39226E7558633F9CE935F45C87D90D6D25A01F2DE3679C20AA172EE393E7BB8A837857A2027B018183DDE821FDD4C8928C0C19A5072B7807CE6BC6CE8F7C32C5CFBEAC250E6154B55D3803E5BDBF24D8070E553A9BBE76A12F1EB2282EB0F9F73F8361B74809D6A76A30C64982CFB78BD8DF91122F5F9338EFC19BD7BEB3C3478A49F4D769C0A589400F571B5B0EF3C16DDEB0B7EC607BA67E0265960D0856A5AAEEB7A7356D25D90FAC852ECD8BF32501CD6EE3419F09727E74A841CEEAB8F30948CA847217DB09E436F86FC568036DB7695CAC940E91BB84D4500C7EE2128D9960C022BB2F80183C004A45CF1133D45A462A42E96B7AB36F88CE1411071988C655793DE4A5C4DB1B3643C92B3AB6274BDF95C7575C8B579CBA5B2BC0B83A207798138D27482FEAC66C23E875E0A6F8234D1777FF4A799BA247D82FC5E725FBF9F6A049096A15F62B6DFAD526A9DBA46176ACE796238DDB3A724B66CFF137235F44292FD1276E5E4F72A29CEB2EC5FF6A3AF1F26109271D574777893C09A785196C49B2DA36DD00C5F26202BE1DE094F34B526F25C8ECFA4B8A5655688C39F268660DAF88D0B250AFBB74322558269B9A34E3C5ED559AE03156A10C603F95C8BEB97B08E6435D298C5F0F32017AEC0B68FA9754CC6ABDEFFDE2B3BB5C3B99FA84347DDA2ECF2FC1A4CA0F4A08F8B7326ED7DE5C906EC286E646AFB51F0E63E3943810AA0E71D5E1517F72988A1D58F18E83219AACF9C8A79A005224E108C66A1FE14B3017CD91760E8A3EADB3CEAA957693F3512D393AED09303D20D77753A57FB24FF9F87D6BD03FA0761691645230C1C81BDB2CFD801D5A8307D0612C66235D0600A8050770BCBD799B352D1B96BDDBBF5D2E482317AF86EAA600B3C28793A99226B68562828D24A2B0A400B4A972A4F685B2058C2391316207F22C0F9932E8DDC8075AEBC98BFCFB7168636B2085818E85F2731229111F8D698F8D894D51B0350F7417B27EEE2AFFA988CF3093534041BCCF55EA6D8B4513C36AEECCDD6A82A78B01EB921959DD5046E196FE9E3AD4B487D40A6B0E80B7D1478D8D390A01EB509F26D33BBA8B68D6D7D19269A277845CFFE106AFE40A83446F4B90C894ED2C4054BE58A805A1006756437AE712195C86609F2EF72C7C75D794CA42EB89B7932F5E665EDAA2A4CA9665A6A051B5D8778E66A1BB3AB4AB416A6CA45709F65EC780FCA8D9C835A6378EF8A36D070E37F77EA6FCD3A99FC128045DD6BF5669ABC7E8B5C434AA750C57BD690BB4DFC25B53D5743A510AD4DA8D4778AA18D43B1CDF30498F429D7B28E91A0FA2A949C08BA5A92AA5C43FA76F343648EBC28C01E7EF52E5BB2AA90FCE509239A0CDAAE9F424DAAA06C35A54CC61E925318698F03D94F7E2B99B19B6049E4AF8407E8321FB7C1B28C9478221068199F53A9DE0D99E64FA75B133637464CB3335E74342B35C83B100410BAFF24C1EFDCED6D07E4560648DFC4A87A444A3984A2E4F16EEA959A3E3BE2AD2C7845B8FADD92ABCF31B7A6C1ECDF8B609F0498FD3A01935BDB87F3EC64A9498F138F853DAE4EC6BCAE0CEE73A24B3B7F7C5B73A358250E011B139B7BFFC20BD5CC687C35FB2AD1C71A1847981BFFA4E41BED61DFFDC20C25FE7A97F8E4E81F
AviraFileAcl REG_BINARY E72DA19FA070ECBC52F4FFDB0480D61BB78D9A5E16AA60E2E0C9316EC809AA7BAB4C339890CF1DB6375BE3F5A0679D380D84BBBB2FA241471DE1C353F9245070F7A70F8E73330ACDF83FF710755C8293437A6F1F20B9E82B2CFB5547C07E546599096AA31A1528E5DD30D3676C4EAAF14F8B2FFC2ECC9417224ECD3484D758717BE250B2CAFC41338819E0BC8B5553C66296CDE02217E4FCCF9FB0387AA98978F4C240F8EADD0380E4198789A15805A264D81CBD7B60CEF88368C3372C8192B63A9B433E1ED6D146F9150D5FA4945B79601C6EB4D0240DF27E3CD6717B568EF74E8F2DFE1ECCA215174A862E98CF546745D67FA4C9EC21219D05CEA6A73D7CAC8379F9C144F5F4D81679C310B17EAF4B4293BCC607A9474A1AE0F24ED01B4463A1964479621A17B03F1E0FEA7532FE655348B8E76A7D6BEA69B6A9FC122FA511EEB08F4563B2A87DD0C367F5DAD61975EC0A9076E4417587D0B8059918381FCC993858034549E97A7C5B95F8418C3AF75CC18A062237B417EDB4874770B29A7BE3BF48EFDBCE396BF6FDBC67C5302074E4A31D824E1F21B11E1B29E39A26EC559C33CECE8F5F0BC86890CAD25101BEDE3679C20AA172C639247BB3A822857F2012B03A1834DE9D1FA14CBD28DDC18B5069B7857CD3BC5FE8F4C3395CE5EADD50EC154955C280755B8FF271806AE560A9DAE73C12CCEB2C82EF0FAE73D8363A74B59D6476BB0C569815FB50BD98F93022CEF95D8EFD19847BCB3C2678A39F5676890A699416F57DB587EF1D16F3EB4C7E93079C6799264160BE853C5A80EB51735FD27890F6C845ECE1BF1D5031D6FD341DF09A27E04A881CEEABB830A38CA947397DAC9E586F8AFC158019DB4295EBC96BE93BB877453BC7D82106D9960C1E2BB3F80383CC04AA5CA7132D45C362922EDEB7B5368E8CA6413E71B98C7C57B5DE755C77B197640C9288AB107483F9647545C8DF79B9A5AEBC748389072A8163D25B82CEAC66C225876B0A4F8224D1597FCEA79DBA387D92FC797259BF826A1B90B2A15F62B6DF8B52629DAB467A6AE1795038E6B39F249B6CD3134035D44292FD0076EAE4ED2A2DCEB5EC50F6B2AF16261E922FD571771193949A4151B6C4AD2DB86DF80C7A26132BDDDE244F0EB507F2698EA2A483A55556B5C3F826E160DBF8CE0B210A8FB726223882
InternalFlags REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\avipbb\Security
Security REG_BINARY 01001480900000009C000000140000003000000002001C000100000002801400FF010F00010100000000000100000000020060000400000000001400FD01020001010000000000051200000000001800FF010F0001020000000000052000000020020000000014008D01020001010000000000050B00000000001800FD01020001020000000000052000000023020000010100000000000512000000010100000000000512000000

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\avipbb\Enum
0 REG_SZ Root\LEGACY_AVIPBB\0000
Count REG_DWORD 0x1
NextInstance REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\b57w2k
Type REG_DWORD 0x1
Start REG_DWORD 0x3
ErrorControl REG_DWORD 0x1
Tag REG_DWORD 0xa
ImagePath REG_EXPAND_SZ system32\DRIVERS\b57xp32.sys
DisplayName REG_SZ Broadcom NetXtreme Gigabit Ethernet
Group REG_SZ NDIS

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\b57w2k\Security
Security REG_BINARY 01001480900000009C000000140000003000000002001C000100000002801400FF010F00010100000000000100000000020060000400000000001400FD01020001010000000000051200000000001800FF010F0001020000000000052000000020020000000014008D01020001010000000000050B00000000001800FD01020001020000000000052000000023020000010100000000000512000000010100000000000512000000

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\b57w2k\Enum
0 REG_SZ PCI\VEN_14E4&DEV_167D&SUBSYS_05771014&REV_11\4&111a1fd8&0&00E0
Count REG_DWORD 0x1
NextInstance REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\BattC
MofImagePath REG_EXPAND_SZ System32\Drivers\battc.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Beep
ErrorControl REG_DWORD 0x1
Group REG_SZ Base
Start REG_DWORD 0x1
Tag REG_DWORD 0x2
Type REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Beep\Enum
0 REG_SZ Root\LEGACY_BEEP\0000
Count REG_DWORD 0x1
NextInstance REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\BITS
Type REG_DWORD 0x20
Start REG_DWORD 0x3
ErrorControl REG_DWORD 0x1
ImagePath REG_EXPAND_SZ %SystemRoot%\system32\svchost.exe -k netsvcs
DisplayName REG_SZ Background Intelligent Transfer Service
DependOnService REG_MULTI_SZ Rpcss\0\0
DependOnGroup REG_MULTI_SZ \0
ObjectName REG_SZ LocalSystem
Description REG_SZ Transfers files in the background using idle network bandwidth. If the service is stopped, features such as Windows Update, and MSN Explorer will be unable to automatically download programs and other information. If this service is disabled, any services that explicitly depend on it may fail to transfer files if they do not have a fail safe mechanism to transfer files directly through IE in case BITS has been disabled.
FailureActions REG_BINARY 0000000000000000000000000300000068E30C000100000060EA00000100000060EA00000100000060EA0000

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\BITS\Parameters
ServiceDll REG_EXPAND_SZ %systemroot%\system32\qmgr.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\BITS\Security
Security REG_BINARY 01001480900000009C000000140000003000000002001C000100000002801400FF010F00010100000000000100000000020060000400000000001400FD01020001010000000000051200000000001800FF010F0001020000000000052000000020020000000014008D01020001010000000000050B00000000001800FD01020001020000000000052000000023020000010100000000000512000000010100000000000512000000

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\BITS\Enum
0 REG_SZ Root\LEGACY_BITS\0000
Count REG_DWORD 0x1
NextInstance REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Browser
Type REG_DWORD 0x20
Start REG_DWORD 0x4
ErrorControl REG_DWORD 0x1
ImagePath REG_EXPAND_SZ %SystemRoot%\system32\svchost.exe -k netsvcs
DisplayName REG_SZ Computer Browser
DependOnService REG_MULTI_SZ LanmanWorkstation\0LanmanServer\0\0
DependOnGroup REG_MULTI_SZ \0
ObjectName REG_SZ LocalSystem
Description REG_SZ Maintains an updated list of computers on the network and supplies this list to computers designated as browsers. If this service is stopped, this list will not be updated or maintained. If this service is disabled, any services that explicitly depend on it will fail to start.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Browser\Parameters
IsDomainMaster REG_SZ FALSE
MaintainServerList REG_SZ Auto
ServiceDll REG_EXPAND_SZ %SystemRoot%\System32\browser.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Browser\Security
Security REG_BINARY 01001480900000009C000000140000003000000002001C000100000002801400FF010F000101000000000001000000000200600004000000000014008D01020001010000000000050B000000000018009D0102000102000000000005200000002302000000001800FF010F000102000000000005200000002002000000001400FD010200010100000000000512000000010100000000000512000000010100000000000512000000

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Browser\Enum
0 REG_SZ Root\LEGACY_BROWSER\0000
Count REG_DWORD 0x1
NextInstance REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\catchme
Type REG_DWORD 0x1
ErrorControl REG_DWORD 0x1
Start REG_DWORD 0x3
ImagePath REG_EXPAND_SZ \??\D:\DOCUME~1\User\LOCALS~1\Temp\catchme.sys
Group REG_EXPAND_SZ Base

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\catchme\Enum
0 REG_SZ Root\LEGACY_CATCHME\0000
Count REG_DWORD 0x1
NextInstance REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\cbidf2k
ErrorControl REG_DWORD 0x1
Group REG_SZ SCSI miniport
Start REG_DWORD 0x4
Tag REG_DWORD 0x19
Type REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\cbidf2k\Parameters

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\cbidf2k\Parameters\PnpInterface
1 REG_DWORD 0x1
5 REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\cd20xrnt
ErrorControl REG_DWORD 0x1
Group REG_SZ SCSI miniport
Start REG_DWORD 0x4
Tag REG_DWORD 0x3a
Type REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\cd20xrnt\Parameters

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\cd20xrnt\Parameters\PnpInterface
1 REG_DWORD 0x11

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Cdaudio
ErrorControl REG_DWORD 0x0
Group REG_SZ Filter
Start REG_DWORD 0x1
Tag REG_DWORD 0x6
Type REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Cdaudio\Enum
Count REG_DWORD 0x0
NextInstance REG_DWORD 0x0
INITSTARTFAILED REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Cdfs
DependOnGroup REG_MULTI_SZ SCSI CDROM Class\0\0
ErrorControl REG_DWORD 0x1
Group REG_SZ File system
Start REG_DWORD 0x4
Type REG_DWORD 0x2

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Cdfs\Enum
0 REG_SZ Root\LEGACY_CDFS\0000
Count REG_DWORD 0x1
NextInstance REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Cdrom
DependOnGroup REG_MULTI_SZ SCSI miniport\0\0
ErrorControl REG_DWORD 0x1
Group REG_SZ SCSI CDROM Class
Start REG_DWORD 0x1
Tag REG_DWORD 0x2
Type REG_DWORD 0x1
DisplayName REG_SZ CD-ROM Driver
ImagePath REG_EXPAND_SZ system32\DRIVERS\cdrom.sys
AutoRun REG_DWORD 0x1
AutoRunAlwaysDisable REG_MULTI_SZ NEC MBR-7 \0NEC MBR-7.4 \0PIONEER CHANGR DRM-1804X\0PIONEER CD-ROM DRM-6324X\0PIONEER CD-ROM DRM-624X \0TORiSAN CD-ROM CDR_C36\0\0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Cdrom\Enum
0 REG_SZ IDE\CdRomMATSHITA_DVD-RAM_UJ-822S________________1.61____\5&2ba179a6&0&0.0.0
Count REG_DWORD 0x1
NextInstance REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Changer
ErrorControl REG_DWORD 0x0
Group REG_SZ Filter
Start REG_DWORD 0x1
Tag REG_DWORD 0x5
Type REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\cisvc
Type REG_DWORD 0x120
Start REG_DWORD 0x3
ErrorControl REG_DWORD 0x1
ImagePath REG_EXPAND_SZ %SystemRoot%\system32\cisvc.exe
DisplayName REG_SZ Indexing Service
DependOnService REG_MULTI_SZ RPCSS\0\0
DependOnGroup REG_MULTI_SZ \0
ObjectName REG_SZ LocalSystem
Description REG_SZ Indexes contents and properties of files on local and remote computers; provides rapid access to files through flexible querying language.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\cisvc\Security
Security REG_BINARY 01001480900000009C000000140000003000000002001C000100000002801400FF010F00010100000000000100000000020060000400000000001400FD01020001010000000000051200000000001800FF010F0001020000000000052000000020020000000014008D01020001010000000000050B00000000001800FD01020001020000000000052000000023020000010100000000000512000000010100000000000512000000

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\cisvc\Enum
0 REG_SZ Root\LEGACY_CISVC\0000
Count REG_DWORD 0x1
NextInstance REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\ClipSrv
DependOnService REG_MULTI_SZ NetDDE\0\0
Description REG_SZ Enables ClipBook Viewer to store information and share it with remote computers. If the service is stopped, ClipBook Viewer will not be able to share information with remote computers. If this service is disabled, any services that explicitly depend on it will fail to start.
DisplayName REG_SZ ClipBook
ErrorControl REG_DWORD 0x1
ImagePath REG_EXPAND_SZ %SystemRoot%\system32\clipsrv.exe
ObjectName REG_SZ LocalSystem
Start REG_DWORD 0x3
Type REG_DWORD 0x10

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\ClipSrv\Security
Security REG_BINARY 01001480900000009C000000140000003000000002001C000100000002801400FF010F000101000000000001000000000200600004000000000014008D00020001010000000000050B00000000001800FF010F0001020000000000052000000020020000000018008D00020001020000000000052000000023020000000014009D000000010100000000000504000000010100000000000512000000010100000000000512000000

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\clr_optimization_v2.0.50727_32
Type REG_DWORD 0x10
Start REG_DWORD 0x3
ErrorControl REG_DWORD 0x0
ImagePath REG_EXPAND_SZ C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
DisplayName REG_SZ .NET Runtime Optimization Service v2.0.50727_X86
ObjectName REG_SZ LocalSystem
Description REG_SZ Microsoft .NET Framework NGEN
FailureActions REG_BINARY 80510100000000000000000004000000490042000100000060EA00000100000000A60E00010000000060EA000000000000000000

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\clr_optimization_v2.0.50727_32\Security
Security REG_BINARY 01001480900000009C000000140000003000000002001C000100000002801400FF010F00010100000000000100000000020060000400000000001400FD01020001010000000000051200000000001800FF010F0001020000000000052000000020020000000014008D01020001010000000000050B00000000001800FD01020001020000000000052000000023020000010100000000000512000000010100000000000512000000

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\clr_optimization_v2.0.50727_32\Enum
0 REG_SZ Root\LEGACY_CLR_OPTIMIZATION_V2.0.50727_32\0000
Count REG_DWORD 0x1
NextInstance REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\CmBatt
Type REG_DWORD 0x1
Start REG_DWORD 0x3
ErrorControl REG_DWORD 0x1
ImagePath REG_EXPAND_SZ system32\DRIVERS\CmBatt.sys
DisplayName REG_SZ Microsoft AC Adapter Driver

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\CmBatt\Security
Security REG_BINARY 01001480900000009C000000140000003000000002001C000100000002801400FF010F00010100000000000100000000020060000400000000001400FD01020001010000000000051200000000001800FF010F0001020000000000052000000020020000000014008D01020001010000000000050B00000000001800FD01020001020000000000052000000023020000010100000000000512000000010100000000000512000000

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\CmBatt\Enum
0 REG_SZ ACPI\PNP0C0A\0
Count REG_DWORD 0x2
NextInstance REG_DWORD 0x2
1 REG_SZ ACPI\ACPI0003\0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\CmdIde
ErrorControl REG_DWORD 0x1
Group REG_SZ System Bus Extender
Start REG_DWORD 0x4
Tag REG_DWORD 0x4
Type REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Compbatt
Type REG_DWORD 0x1
Start REG_DWORD 0x0
ErrorControl REG_DWORD 0x1
Tag REG_DWORD 0x7
ImagePath REG_EXPAND_SZ system32\DRIVERS\compbatt.sys
DisplayName REG_SZ Microsoft Composite Battery Driver
Group REG_SZ System Bus Extender

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Compbatt\Security
Security REG_BINARY 01001480900000009C000000140000003000000002001C000100000002801400FF010F00010100000000000100000000020060000400000000001400FD01020001010000000000051200000000001800FF010F0001020000000000052000000020020000000014008D01020001010000000000050B00000000001800FD01020001020000000000052000000023020000010100000000000512000000010100000000000512000000

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Compbatt\Enum
0 REG_SZ Root\COMPOSITE_BATTERY\0000
Count REG_DWORD 0x1
NextInstance REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\COMSysApp
Type REG_DWORD 0x10
Start REG_DWORD 0x3
ErrorControl REG_DWORD 0x1
ImagePath REG_EXPAND_SZ %SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
DisplayName REG_SZ COM+ System Application
DependOnService REG_MULTI_SZ rpcss\0\0
DependOnGroup REG_MULTI_SZ \0
ObjectName REG_SZ LocalSystem
Description REG_SZ Manages the configuration and tracking of Component Object Model (COM)+-based components. If the service is stopped, most COM+-based components will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
FailureActions REG_BINARY 1E0000000000000000000000030000000000000001000000E8030000010000008813000000000000E8030000

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\COMSysApp\Security
Security REG_BINARY 01001480900000009C000000140000003000000002001C000100000002801400FF010F00010100000000000100000000020060000400000000001400FD01020001010000000000051200000000001800FF010F0001020000000000052000000020020000000014008D01020001010000000000050B00000000001800FD01020001020000000000052000000023020000010100000000000512000000010100000000000512000000

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\COMSysApp\Enum
0 REG_SZ Root\LEGACY_COMSYSAPP\0000
Count REG_DWORD 0x1
NextInstance REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\ContentFilter

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\ContentFilter\Linkage
Bind REG_SZ \Dummy
Export REG_SZ \Dummy
Route REG_SZ \Dummy

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\ContentFilter\Performance
Close REG_SZ DoneFILTERPerformanceData
Collect REG_SZ CollectFILTERPerformanceData
Open REG_SZ InitializeFILTERPerformanceData
Library REG_EXPAND_SZ %SystemRoot%\System32\query.dll
WbemAdapFileSignature REG_BINARY 43E4758953F454090CAD65C303796ED5
WbemAdapFileTime REG_BINARY 5094996B7E7BC501
WbemAdapFileSize REG_DWORD 0x15e800
WbemAdapStatus REG_DWORD 0x0
Last Counter REG_DWORD 0x209a
Last Help REG_DWORD 0x209b
First Counter REG_DWORD 0x2094
First Help REG_DWORD 0x2095
Object List REG_SZ 8340

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\ContentIndex

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\ContentIndex\Linkage
Bind REG_SZ \Dummy
Export REG_SZ \Dummy
Route REG_SZ \Dummy

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\ContentIndex\Performance
Close REG_SZ DoneCIPerformanceData
Collect REG_SZ CollectCIPerformanceData
Open REG_SZ InitializeCIPerformanceData
Library REG_EXPAND_SZ %SystemRoot%\System32\query.dll
WbemAdapFileSignature REG_BINARY 43E4758953F454090CAD65C303796ED5
WbemAdapFileTime REG_BINARY 5094996B7E7BC501
WbemAdapFileSize REG_DWORD 0x15e800
WbemAdapStatus REG_DWORD 0x0
Last Counter REG_DWORD 0x2092
Last Help REG_DWORD 0x2093
First Counter REG_DWORD 0x207c
First Help REG_DWORD 0x207d
Object List REG_SZ 8316

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Cpqarray
ErrorControl REG_DWORD 0x1
Group REG_SZ SCSI miniport
Start REG_DWORD 0x4
Tag REG_DWORD 0x100
Type REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Cpqarray\Parameters

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Cpqarray\Parameters\PnpInterface
2 REG_DWORD 0x1
5 REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\CryptSvc
DependOnService REG_MULTI_SZ RpcSs\0\0
Description REG_SZ Provides three management services: Catalog Database Service, which confirms the signatures of Windows files; Protected Root Service, which adds and removes Trusted Root Certification Authority certificates from this computer; and Key Service, which helps enroll this computer for certificates. If this service is stopped, these management services will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
DisplayName REG_SZ CryptSvc
ErrorControl REG_DWORD 0x1
ImagePath REG_EXPAND_SZ %SystemRoot%\system32\svchost.exe -k netsvcs
ObjectName REG_SZ LocalSystem
Start REG_DWORD 0x2
Type REG_DWORD 0x20

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\CryptSvc\Parameters
ServiceDll REG_EXPAND_SZ %SystemRoot%\System32\cryptsvc.dll
ServiceMain REG_SZ CryptServiceMain

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\CryptSvc\Security
Security REG_BINARY 00000E0001

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\CryptSvc\Enum
0 REG_SZ Root\LEGACY_CRYPTSVC\0000
Count REG_DWORD 0x1
NextInstance REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\dac2w2k
Group REG_SZ SCSI miniport
Start REG_DWORD 0x4
Tag REG_DWORD 0x20
Type REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\dac2w2k\Parameters

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\dac2w2k\Parameters\PnpInterface
2 REG_DWORD 0x1
5 REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\dac960nt
ErrorControl REG_DWORD 0x1
Group REG_SZ SCSI miniport
Start REG_DWORD 0x4
Tag REG_DWORD 0x20
Type REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\dac960nt\Parameters

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\dac960nt\Parameters\PnpInterface
2 REG_DWORD 0x1
5 REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\DcomLaunch
Description REG_SZ Provides launch functionality for DCOM services.
DisplayName REG_SZ DCOM Server Process Launcher
ErrorControl REG_DWORD 0x1
Group REG_SZ Event Log
ImagePath REG_EXPAND_SZ %SystemRoot%\system32\svchost.exe -k DcomLaunch
ObjectName REG_SZ LocalSystem
Start REG_DWORD 0x2
Type REG_DWORD 0x20
FailureActions REG_BINARY 00000000000000000000000001000000000000000200000060EA0000

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\DcomLaunch\Parameters
ServiceDll REG_EXPAND_SZ %SystemRoot%\system32\rpcss.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\DcomLaunch\Security
Security REG_BINARY 01001480B4000000C00000001400000034000000020020000100000002801800FF010F00010100000000000100000000200200000200800005000000000318008D0002000101000000000001000000000000000000031800FF010F0001020000000000052000000020020000000318008F00020001020000000000052000000023020000000318009D00000001010000000000050400000023020000000318009D00000001020000000000052000000021020000010100000000000512000000010100000000000512000000

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\DcomLaunch\Enum
0 REG_SZ Root\LEGACY_DCOMLAUNCH\0000
Count REG_DWORD 0x1
NextInstance REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Dhcp
Type REG_DWORD 0x20
Start REG_DWORD 0x2
ErrorControl REG_DWORD 0x1
ImagePath REG_EXPAND_SZ %SystemRoot%\system32\svchost.exe -k netsvcs
DisplayName REG_SZ DHCP Client
Group REG_SZ TDI
DependOnService REG_MULTI_SZ Tcpip\0Afd\0NetBT\0\0
DependOnGroup REG_MULTI_SZ \0
ObjectName REG_SZ LocalSystem
Description REG_SZ Manages network configuration by registering and updating IP addresses and DNS names.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Dhcp\Configurations
Options REG_BINARY 32000000000000000400000000000000FFFFFF7F0000000001000000000000000400000000000000FFFFFF7F00000000

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Dhcp\Linkage

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Dhcp\Linkage\Disabled

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Dhcp\Parameters
ServiceDll REG_EXPAND_SZ %SystemRoot%\System32\dhcpcsvc.dll
{2047D367-C156-4789-9677-4A6228DF08FB} REG_BINARY 06000000000000000000000000000000F00FCA4203000000000000000000000000000000F00FCA4201000000000000000000000000000000F00FCA4236000000000000000000000000000000F00FCA4235000000000000000000000000000000F00FCA4233000000000000000000000000000000F00FCA42
{FA171F19-8802-4BDB-B89E-14F21C76F3A2} REG_BINARY 2E0000000000000001000000000000000907E043020000002C0000000000000004000000000000000907E04394A60810060000000000000008000000000000000907E04394A6080C94A60812030000000000000004000000000000000907E04394A690010F0000000000000010000000000000000907E04373616372656468656172742E65647500010000000000000004000000000000000907E043FFFFFC00360000000000000004000000000000000907E04394A60C0A330000000000000004000000000000000907E043000003843B0000000000000004000000000000000907E043000003133A0000000000000004000000000000000907E043000001C2350000000000000001000000000000000907E04305000000
{05EB3BBA-E10F-4F25-A580-514A93108E4D} REG_BINARY 0C000000000000000C000000000000007F78704C3030313132353137643634381F0000000000000001000000000000007F78704C01000000060000000000000008000000000000007F78704CD03BF72DD03BF72E030000000000000004000000000000007F78704CCFACA8010F000000000000000D000000000000007F78704C6361626C652E72636E2E636F6D000000050000000000000008000000000000007F78704CD03BF72DD03BF72E010000000000000004000000000000007F78704CFFFFFC00330000000000000004000000000000007F78704C00093A80360000000000000004000000000000007F78704CD17A405B350000000000000001000000000000007F78704C05000000
{3A259CC5-DB5E-4B98-BF9A-D50DB73C4EB1} REG_BINARY 06000000000000000400000000000000BC07574EC0A80A0103000000000000000400000000000000BC07574EC0A80A0101000000000000000400000000000000BC07574EFFFFFF0036000000000000000400000000000000BC07574EC0A80A0135000000000000000100000000000000BC07574E05000000FC0000000000000000000000000000002DB7554E33000000000000000400000000000000BC07574E00015180

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Dhcp\Parameters\Options

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Dhcp\Parameters\Options\1
KeyType REG_DWORD 0x7
RegLocation REG_MULTI_SZ SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\?\DhcpSubnetMaskOpt\0SYSTEM\CurrentControlSet\Services\?\Parameters\Tcpip\DhcpSubnetMaskOpt\0\0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Dhcp\Parameters\Options\15
KeyType REG_DWORD 0x1
RegLocation REG_MULTI_SZ SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\?\DhcpDomain\0SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DhcpDomain\0\0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Dhcp\Parameters\Options\220
KeyType REG_DWORD 0x3
VendorType REG_DWORD 0x1
RegSendLocation REG_MULTI_SZ SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\?\SoHRequest\0\0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Dhcp\Parameters\Options\3
KeyType REG_DWORD 0x7
RegLocation REG_MULTI_SZ SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\?\DhcpDefaultGateway\0SYSTEM\CurrentControlSet\Services\?\Parameters\Tcpip\DhcpDefaultGateway\0\0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Dhcp\Parameters\Options\44
KeyType REG_DWORD 0x1
RegLocation REG_MULTI_SZ SYSTEM\CurrentControlSet\Services\NetBT\Parameters\Interfaces\Tcpip_?\DhcpNameServerList\0SYSTEM\CurrentControlSet\Services\NetBT\Adapters\?\DhcpNameServer\0\0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Dhcp\Parameters\Options\46
KeyType REG_DWORD 0x4
RegLocation REG_SZ SYSTEM\CurrentControlSet\Services\NetBT\Parameters\DhcpNodeType

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Dhcp\Parameters\Options\47
KeyType REG_DWORD 0x1
RegLocation REG_SZ SYSTEM\CurrentControlSet\Services\NetBT\Parameters\DhcpScopeID

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Dhcp\Parameters\Options\6
KeyType REG_DWORD 0x1
RegLocation REG_MULTI_SZ SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\?\DhcpNameServer\0SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DhcpNameServer\0\0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Dhcp\Parameters\Options\DhcpNetbiosOptions
KeyType REG_DWORD 0x4
OptionId REG_DWORD 0x1
VendorType REG_DWORD 0x1
RegLocation REG_MULTI_SZ SYSTEM\CurrentControlSet\Services\NetBT\Parameters\Interfaces\Tcpip_?\DhcpNetbiosOptions\0\0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Dhcp\Security
Security REG_BINARY 01001480900000009C000000140000003000000002001C000100000002801400FF010F000101000000000001000000000200600004000000000014008D01020001010000000000050B00000000001800FD0102000102000000000005200000002C02000000001800FF010F000102000000000005200000002002000000001400FD010200010100000000000512000000010100000000000512000000010100000000000512000000

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Dhcp\Enum
0 REG_SZ Root\LEGACY_DHCP\0000
Count REG_DWORD 0x1
NextInstance REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Disk
DependOnGroup REG_MULTI_SZ SCSI miniport\0\0
ErrorControl REG_DWORD 0x1
Group REG_SZ SCSI Class
Start REG_DWORD 0x0
Tag REG_DWORD 0x2
Type REG_DWORD 0x1
DisplayName REG_SZ Disk Driver
ImagePath REG_EXPAND_SZ system32\DRIVERS\disk.sys
AutoRunAlwaysDisable REG_MULTI_SZ Brother RemovableDisk(U)\0\0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Disk\Enum
0 REG_SZ IDE\DiskHTS541080G9AT00_________________________MB4IA60A\5&2c06044&0&0.0.0
Count REG_DWORD 0x2
NextInstance REG_DWORD 0x2
1 REG_SZ USBSTOR\Disk&Ven_&Prod_USB_Flash_Memory&Rev_1.00\0611170920483&0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\dmadmin
DependOnService REG_MULTI_SZ RpcSs\0PlugPlay\0DmServer\0\0
Type REG_DWORD 0x20
Start REG_DWORD 0x3
ErrorControl REG_DWORD 0x1
ImagePath REG_EXPAND_SZ %SystemRoot%\System32\dmadmin.exe /com
DisplayName REG_SZ Logical Disk Manager Administrative Service
ObjectName REG_SZ LocalSystem
Description REG_SZ Configures hard disk drives and volumes. The service only runs for configuration processes and then stops.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\dmadmin\Parameters
EnableDynamicConversionFor1394 REG_DWORD 0x0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\dmadmin\Enum
0 REG_SZ Root\LEGACY_DMADMIN\0000
Count REG_DWORD 0x1
NextInstance REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\dmboot
Type REG_DWORD 0x1
Start REG_DWORD 0x4
ErrorControl REG_DWORD 0x1
Group REG_SZ Filter
Tag REG_DWORD 0xb
ImagePath REG_EXPAND_SZ System32\drivers\dmboot.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\dmboot\Enum
0 REG_SZ Root\LEGACY_DMBOOT\0000
Count REG_DWORD 0x1
NextInstance REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\dmio
Type REG_DWORD 0x1
Start REG_DWORD 0x4
ErrorControl REG_DWORD 0x1
Group REG_SZ System Bus Extender
Tag REG_DWORD 0xd
ImagePath REG_EXPAND_SZ System32\drivers\dmio.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\dmload
Type REG_DWORD 0x1
Start REG_DWORD 0x4
ErrorControl REG_DWORD 0x1
Group REG_SZ System Bus Extender
Tag REG_DWORD 0xc
ImagePath REG_EXPAND_SZ System32\drivers\dmload.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\dmload\Enum
0 REG_SZ Root\LEGACY_DMLOAD\0000
Count REG_DWORD 0x1
NextInstance REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\dmserver
DependOnService REG_MULTI_SZ RpcSs\0PlugPlay\0\0
Type REG_DWORD 0x20
Start REG_DWORD 0x3
ErrorControl REG_DWORD 0x1
ImagePath REG_EXPAND_SZ %SystemRoot%\System32\svchost.exe -k netsvcs
DisplayName REG_SZ Logical Disk Manager
ObjectName REG_SZ LocalSystem
Description REG_SZ Detects and monitors new hard disk drives and sends disk volume information to Logical Disk Manager Administrative Service for configuration. If this service is stopped, dynamic disk status and configuration information may become out of date. If this service is disabled, any services that explicitly depend on it will fail to start.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\dmserver\Parameters
ServiceDll REG_EXPAND_SZ %SystemRoot%\System32\dmserver.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\dmserver\Security
Security REG_BINARY 01001480900000009C000000140000003000000002001C000100000002801400FF010F000101000000000001000000000200600004000000000014008D01020001010000000000050B000000000018009D0102000102000000000005200000002302000000001800FF010F000102000000000005200000002002000000001400FD010200010100000000000512000000010100000000000512000000010100000000000512000000

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\dmserver\Enum
0 REG_SZ Root\LEGACY_DMSERVER\0000
Count REG_DWORD 0x1
NextInstance REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\DMusic
Type REG_DWORD 0x1
Start REG_DWORD 0x3
ErrorControl REG_DWORD 0x1
ImagePath REG_EXPAND_SZ system32\drivers\DMusic.sys
DisplayName REG_SZ Microsoft Kernel DLS Syntheiszer

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\DMusic\Security
Security REG_BINARY 01001480900000009C000000140000003000000002001C000100000002801400FF010F00010100000000000100000000020060000400000000001400FD01020001010000000000051200000000001800FF010F0001020000000000052000000020020000000014008D01020001010000000000050B00000000001800FD01020001020000000000052000000023020000010100000000000512000000010100000000000512000000

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\DMusic\Enum
Count REG_DWORD 0x0
NextInstance REG_DWORD 0x0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Dnscache
Type REG_DWORD 0x20
Start REG_DWORD 0x2
ErrorControl REG_DWORD 0x1
ImagePath REG_EXPAND_SZ %SystemRoot%\system32\svchost.exe -k NetworkService
DisplayName REG_SZ DNS Client
Group REG_SZ TDI
DependOnService REG_MULTI_SZ Tcpip\0\0
DependOnGroup REG_MULTI_SZ \0
ObjectName REG_SZ NT AUTHORITY\NetworkService
Description REG_SZ Resolves and caches Domain Name System (DNS) names for this computer. If this service is stopped, this computer will not be able to resolve DNS names and locate Active Directory domain controllers. If this service is disabled, any services that explicitly depend on it will fail to start.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Dnscache\Parameters
ServiceDll REG_EXPAND_SZ %SystemRoot%\System32\dnsrslvr.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Dnscache\Security
Security REG_BINARY 01001480A8000000B4000000140000003000000002001C000100000002801400FF010F000101000000000001000000000200780005000000000014008D01020001010000000000050B000000000018009D0102000102000000000005200000002302000000001800FD0102000102000000000005200000002C02000000001800FF010F000102000000000005200000002002000000001400FD010200010100000000000512000000010100000000000512000000010100000000000512000000

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Dnscache\Enum
0 REG_SZ Root\LEGACY_DNSCACHE\0000
Count REG_DWORD 0x1
NextInstance REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Dot3svc
DependOnService REG_MULTI_SZ Ndisuio\0eaphost\0\0
Description REG_SZ This service performs IEEE 802.1X authentication on Ethernet interfaces
DisplayName REG_SZ Wired AutoConfig
ErrorControl REG_DWORD 0x1
ImagePath REG_EXPAND_SZ %SystemRoot%\System32\svchost.exe -k dot3svc
ObjectName REG_SZ LocalSystem
Type REG_DWORD 0x20
Group REG_SZ TDI
FailureActions REG_BINARY 5A0000000000000000000000020000006500790001000000C0D4010001000000E0930400
Start REG_DWORD 0x3

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Dot3svc\Parameters
ServiceDll REG_EXPAND_SZ %SystemRoot%\System32\dot3svc.dll
ServiceMain REG_SZ Dot3SvcMain
ServiceDllUnloadOnStop REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\DozeHDD
Type REG_DWORD 0x1
Start REG_DWORD 0x0
ErrorControl REG_DWORD 0x1
ImagePath REG_EXPAND_SZ System32\DRIVERS\DozeHDD.sys
Group REG_SZ Pointer Port
Tag REG_DWORD 0x8

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\DozeHDD\Enum
0 REG_SZ IDE\DiskHTS541080G9AT00_________________________MB4IA60A\5&2c06044&0&0.0.0
Count REG_DWORD 0x2
NextInstance REG_DWORD 0x2
1 REG_SZ USBSTOR\Disk&Ven_&Prod_USB_Flash_Memory&Rev_1.00\0611170920483&0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\DozeSvc
Type REG_DWORD 0x110
Start REG_DWORD 0x2
ErrorControl REG_DWORD 0x1
ImagePath REG_EXPAND_SZ C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE
DisplayName REG_SZ Lenovo Doze Mode Service
ObjectName REG_SZ LocalSystem

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\DozeSvc\Security
Security REG_BINARY 01001480900000009C000000140000003000000002001C000100000002801400FF010F00010100000000000100000000020060000400000000001400FD01020001010000000000051200000000001800FF010F0001020000000000052000000020020000000014008D01020001010000000000050B00000000001800FD01020001020000000000052000000023020000010100000000000512000000010100000000000512000000

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\DozeSvc\Enum
0 REG_SZ Root\LEGACY_DOZESVC\0000
Count REG_DWORD 0x1
NextInstance REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\dpti2o
ErrorControl REG_DWORD 0x1
Group REG_SZ SCSI miniport
Start REG_DWORD 0x4
Tag REG_DWORD 0x3c
Type REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\dpti2o\Parameters

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\dpti2o\Parameters\PnpInterface
5 REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\drmkaud
Type REG_DWORD 0x1
Start REG_DWORD 0x3
ErrorControl REG_DWORD 0x1
ImagePath REG_EXPAND_SZ system32\drivers\drmkaud.sys
DisplayName REG_SZ Microsoft Kernel DRM Audio Descrambler

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\drmkaud\Security
Security REG_BINARY 01001480900000009C000000140000003000000002001C000100000002801400FF010F00010100000000000100000000020060000400000000001400FD01020001010000000000051200000000001800FF010F0001020000000000052000000020020000000014008D01020001010000000000050B00000000001800FD01020001020000000000052000000023020000010100000000000512000000010100000000000512000000

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\drmkaud\Enum
Count REG_DWORD 0x0
NextInstance REG_DWORD 0x0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\drvmcdb

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\drvncdb

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\drvnddm

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\drvnddm\Enum
0 REG_SZ Root\LEGACY_DRVNDDM\0000
Count REG_DWORD 0x1
NextInstance REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\EapHost
DisplayName REG_SZ Extensible Authentication Protocol Service
Description REG_SZ Provides windows clients Extensible Authentication Protocol Service
Type REG_DWORD 0x20
Start REG_DWORD 0x3
ErrorControl REG_DWORD 0x1
ImagePath REG_EXPAND_SZ %SystemRoot%\System32\svchost.exe -k eapsvcs
DependOnService REG_MULTI_SZ RpcSs\0\0
ObjectName REG_SZ localSystem
FailureActions REG_BINARY 5A0000000000000000000000020000006500790001000000C0D4010001000000E0930400

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\EapHost\Methods

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\EapHost\Parameters
ServiceDll REG_EXPAND_SZ %SystemRoot%\System32\eapsvc.dll
ServiceDllUnloadOnStop REG_DWORD 0x1
PeerInstalled REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\EGATHDRV
Type REG_DWORD 0x1
Start REG_DWORD 0x2
ErrorControl REG_DWORD 0x1
ImagePath REG_EXPAND_SZ \??\C:\WINDOWS\SYSTEM32\EGATHDRV.SYS
DisplayName REG_SZ IBM eGatherer

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\EGATHDRV\Security
Security REG_BINARY 01001480A4000000B0000000140000003000000002001C000100000002801400FF010F000101000000000001000000000200740005000000000014003000000001010000000000010000000000001400FD01020001010000000000051200000000001800FF010F0001020000000000052000000020020000000014008D01020001010000000000050B00000000001800FD01020001020000000000052000000023020000010100000000000512000000010100000000000512000000

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\EGATHDRV\Users
Z096Z REG_SZ

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\EGATHDRV\Enum
0 REG_SZ Root\LEGACY_EGATHDRV\0000
Count REG_DWORD 0x1
NextInstance REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\ERSvc
DependOnService REG_MULTI_SZ RpcSs\0\0
Description REG_SZ Allows error reporting for services and applictions running in non-standard environments.
DisplayName REG_SZ Error Reporting Service
ErrorControl REG_DWORD 0x0
ImagePath REG_EXPAND_SZ %SystemRoot%\System32\svchost.exe -k netsvcs
ObjectName REG_SZ LocalSystem
Start REG_DWORD 0x2
Type REG_DWORD 0x20

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\ERSvc\Parameters
ServiceDll REG_EXPAND_SZ %SystemRoot%\System32\ersvc.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\ERSvc\Security
Security REG_BINARY 01001480900000009C000000140000003000000002001C000100000002801400FF010F00010100000000000100000000020060000400000000001400FD01020001010000000000051200000000001800FF010F0001020000000000052000000020020000000014008D01020001010000000000050B00000000001800FD01020001020000000000052000000023020000010100000000000512000000010100000000000512000000

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\ERSvc\Enum
0 REG_SZ Root\LEGACY_ERSVC\0000
Count REG_DWORD 0x1
NextInstance REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Eventlog
Description REG_SZ Enables event log messages issued by Windows-based programs and components to be viewed in Event Viewer. This service cannot be stopped.
DisplayName REG_SZ Event Log
ErrorControl REG_DWORD 0x1
Group REG_SZ Event log
ImagePath REG_EXPAND_SZ %SystemRoot%\system32\services.exe
ObjectName REG_SZ LocalSystem
PlugPlayServiceType REG_DWORD 0x3
Start REG_DWORD 0x2
Type REG_DWORD 0x20
ComputerName REG_SZ IBM-T43V062

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Eventlog\Application
DisplayNameFile REG_EXPAND_SZ %SystemRoot%\system32\els.dll
DisplayNameID REG_DWORD 0x100
File REG_EXPAND_SZ %SystemRoot%\system32\config\AppEvent.Evt
MaxSize REG_DWORD 0x80000
PrimaryModule REG_SZ Application
Retention REG_DWORD 0x0
RestrictGuestAccess REG_DWORD 0x1
Sources REG_MULTI_SZ Microsoft H.323 Telephony Service Provider\0WSH\0Workstation Event Service\0WMIAdapter\0WmdmPmSN\0WinMgmt\0Winlogon\0Windows Workstation Event\0Windows Product Activation\0Windows 3.1 Migration\0WgaSetup\0WebClient\0W3Ctrs\0VSS\0Visual Studio Analyzer RPC bridge\0Visual Studio - VsTemplate\0VBSDIDB\0VBRuntime\0Userinit\0Userenv\0Tlntsvr\0System.ServiceModel.Install 3.0.0.0\0System.ServiceModel 3.0.0.0\0System.Runtime.Serialization 3.0.0.0\0System.IO.Log 3.0.0.0\0System.IdentityModel 3.0.0.0\0SysmonLog\0SVCMONR\0Starter\0Spybot - Search & Destroy 2\0SpoolerCtrs\0Software Restriction Policies\0Software Installation\0SNL HiveManager\0ServiceModel Audit 3.0.0.0\0SecurityCenter\0SclgNtfy\0SceSrv\0SceCli\0safrslv\0SAFrdms\0RPC\0Remote Assistance\0RawViewer\0Picasa3\0PerfProc\0PerfOS\0PerfNet\0Perfmon\0Perflib\0PerfDisk\0Perfctrs\0Outlook\0Offline Files\0Oakley\0ntbackup\0NDP1.1sp1-KB979906-X86\0NDP1.1sp1-KB953297-X86\0NDP1.1sp1-KB2416447-X86\0MSSQLSERVER/MSDE\0MSSOAP\0MSSHA\0MsiInstaller\0MSDTC Client\0MSDTC\0MSDMine\0mnmsrvc\0Microsoft.Transactions.Bridge 3.0.0.0\0Microsoft Office Document Imaging\0Microsoft Office 11\0Microsoft Fax\0Microsoft Development Environment\0Microsoft ® Visual C# 2005 Compiler\0MDM\0LoadPerf\0Java VM\0IISInfoCtrs\0IISADMIN\0HTTPEXT\0HotFixInstaller\0HelpSvc\0FtpCtrs\0FrontPage 4.0\0Folder Redirection\0File Deployment\0EventSystem\0ESENT\0DrWatson\0Dot3Svc\0DiskQuota\0devenv\0DataTransformationServices\0crypt32\0COM+\0COM\0Ci\0Chkdsk\0CardSpace 3.0.0.0\0Bonjour Service\0Avira AntiVir\0Automation Manager\0AutoEnrollment\0Autochk\0ASP.NET 2.0.50727.0\0Application Management\0Application Hang\0Application Error\0apphelp\0AegisP\0Active Server Pages\0.NET Runtime Optimization Service\0.NET Runtime 2.0 Error Reporting\0.NET Runtime\0Application\0\0
AutoBackupLogFiles REG_DWORD 0x0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Eventlog\Application\.NET Runtime
TypesSupported REG_DWORD 0x7
EventMessageFile REG_SZ C:\WINDOWS\system32\mscoree.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Eventlog\Application\.NET Runtime 2.0 Error Reporting
EventMessageFile REG_SZ c:\Program Files\Common Files\Microsoft Shared\DW\DW20.EXE
TypesSupported REG_DWORD 0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Eventlog\Application\.NET Runtime Optimization Service
EventMessageFile REG_SZ C:\WINDOWS\system32\mscoree.dll
TypesSupported REG_DWORD 0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Eventlog\Application\Active Server Pages
EventMessageFile REG_EXPAND_SZ C:\WINDOWS\system32\inetsrv\ASP.DLL
TypesSupported REG_DWORD 0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Eventlog\Application\AegisP
EventMessageFile REG_EXPAND_SZ %SystemRoot%\system32\AegisE5.dll
TypesSupported REG_DWORD 0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Eventlog\Application\apphelp
EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\apphelp.dll
TypesSupported REG_DWORD 0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Eventlog\Application\Application
CategoryCount REG_DWORD 0x7
CategoryMessageFile REG_EXPAND_SZ %SystemRoot%\system32\eventlog.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Eventlog\Application\Application Error
EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\faultrep.dll;%SystemRoot%\System32\xpsp2res.dll
TypesSupported REG_DWORD 0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Eventlog\Application\Application Hang
EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\faultrep.dll
TypesSupported REG_DWORD 0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Eventlog\Application\Application Management
EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\appmgmts.dll
ParameterMessageFile REG_EXPAND_SZ %SystemRoot%\System32\kernel32.dll
TypesSupported REG_DWORD 0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Eventlog\Application\ASP.NET 2.0.50727.0
TypesSupported REG_DWORD 0x7
EventMessageFile REG_EXPAND_SZ C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_rc.dll
CategoryCount REG_DWORD 0x5
CategoryMessageFile REG_EXPAND_SZ C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_rc.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Eventlog\Application\Autochk
EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\winlogon.exe
TypesSupported REG_DWORD 0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Eventlog\Application\AutoEnrollment
EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\pautoenr.dll
TypesSupported REG_DWORD 0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Eventlog\Application\Automation Manager
EventMessageFile REG_SZ C:\WINDOWS\system32\Autmgr32.exe
TypesSupported REG_DWORD 0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Eventlog\Application\Avira AntiVir
CategoryMessageFile REG_SZ C:\Program Files\Avira\AntiVir Desktop\avevtrc.dll
EventMessageFile REG_SZ C:\Program Files\Avira\AntiVir Desktop\avevtrc.dll
TypesSupported REG_DWORD 0x7
CategoryCount REG_DWORD 0x3

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Eventlog\Application\Bonjour Service
EventMessageFile REG_EXPAND_SZ C:\Program Files\Bonjour\mDNSResponder.exe
TypesSupported REG_DWORD 0x1f

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Eventlog\Application\CardSpace 3.0.0.0
EventMessageFile REG_SZ c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelEvents.dll.mui;c:\WINDOWS\system32\icardres.dll.mui
CategoryMessageFile REG_SZ c:\WINDOWS\system32\icardres.dll.mui
CategoryCount REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Eventlog\Application\Chkdsk
EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\ulib.dll
TypesSupported REG_DWORD 0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Eventlog\Application\Ci
EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\query.dll
CategoryMessageFile REG_EXPAND_SZ %SystemRoot%\System32\query.dll
TypesSupported REG_DWORD 0x7
CategoryCount REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Eventlog\Application\COM
EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\netevent.dll;%SystemRoot%\System32\xpsp2res.dll
ParameterMessageFile REG_EXPAND_SZ %SystemRoot%\System32\kernel32.dll
TypesSupported REG_DWORD 0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Eventlog\Application\COM+
EventMessageFile REG_EXPAND_SZ C:\WINDOWS\system32\COMRes.dll
CategoryMessageFile REG_EXPAND_SZ C:\WINDOWS\system32\COMRes.dll
ParameterMessageFile REG_EXPAND_SZ C:\WINDOWS\system32\COMRes.dll
TypeSupported REG_DWORD 0x7
CategoryCount REG_DWORD 0x75

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Eventlog\Application\crypt32
EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\crypt32.dll
TypesSupported REG_DWORD 0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Eventlog\Application\DataTransformationServices
EventMessageFile REG_SZ C:\Program Files\Microsoft SQL Server\80\Tools\Binn\Resources\1033\dtspkg.RLL
TypesSupported REG_DWORD 0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Eventlog\Application\devenv
EventMessageFile REG_SZ C:\Program Files\Microsoft Visual Studio .NET 2003\Common7\IDE\devenv.exe
TypesSupported REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Eventlog\Application\DiskQuota
EventMessageFile REG_SZ %SystemRoot%\System32\dskquota.dll
TypesSupported REG_SZ 0x00000007

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Eventlog\Application\Dot3Svc
EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\dot3svc.dll
TypesSupported REG_DWORD 0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Eventlog\Application\DrWatson
EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\drwtsn32.exe
TypesSupported REG_DWORD 0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Eventlog\Application\ESENT
EventMessageFile REG_EXPAND_SZ c:\windows\system32\ESENT.dll
CategoryMessageFile REG_EXPAND_SZ c:\windows\system32\ESENT.dll
CategoryCount REG_DWORD 0x10
TypesSupported REG_DWORD 0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Eventlog\Application\EventSystem
CategoryCount REG_DWORD 0x6
TypesSupported REG_DWORD 0x7
CategoryMessageFile REG_EXPAND_SZ C:\WINDOWS\system32\COMRes.dll
EventMessageFile REG_EXPAND_SZ C:\WINDOWS\system32\COMRes.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Eventlog\Application\File Deployment
EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\fdeploy.dll
ParameterMessageFile REG_EXPAND_SZ %SystemRoot%\System32\kernel32.dll
TypesSupported REG_DWORD 0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Eventlog\Application\Folder Redirection
EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\fdeploy.dll
ParameterMessageFile REG_EXPAND_SZ %SystemRoot%\System32\kernel32.dll
TypesSupported REG_DWORD 0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Eventlog\Application\FrontPage 4.0
EventMessageFile REG_EXPAND_SZ C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\40\bin\fp4Autl.dll
TypesSupported REG_DWORD 0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Eventlog\Application\FtpCtrs
EventMessageFile REG_EXPAND_SZ C:\WINDOWS\system32\ftpctrs2.dll
TypesSupported REG_DWORD 0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Eventlog\Application\HelpSvc
EventMessageFile REG_SZ C:\WINDOWS\PCHealth\HelpCtr\Binaries\HCAppRes.dll
TypesSupported REG_DWORD 0x1f

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Eventlog\Application\HotFixInstaller
EventMessageFile REG_EXPAND_SZ C:\PROGRA~1\COMMON~1\MICROS~1\DW\DW20.EXE
TypesSupported REG_DWORD 0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Eventlog\Application\HTTPEXT
EventMessageFile REG_EXPAND_SZ C:\WINDOWS\system32\inetsrv\httpext.dll
TypesSupported REG_DWORD 0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Eventlog\Application\IISADMIN
EventMessageFile REG_EXPAND_SZ C:\WINDOWS\system32\inetsrv\svcext.dll
TypesSupported REG_DWORD 0xf

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Eventlog\Application\IISInfoCtrs
EventMessageFile REG_EXPAND_SZ C:\WINDOWS\system32\infoctrs.dll
TypesSupported REG_DWORD 0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Eventlog\Application\Java VM
EventMessageFile REG_SZ C:\WINDOWS\system32\vmhelper.dll
TypesSupported REG_BINARY 07000000

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Eventlog\Application\LoadPerf
EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\loadperf.dll
TypesSupported REG_DWORD 0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Eventlog\Application\MDM
EventMessageFile REG_SZ C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
TypesSupported REG_DWORD 0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Eventlog\Application\Microsoft ® Visual C# 2005 Compiler
EventMessageFile REG_SZ c:\Program Files\Common Files\Microsoft Shared\DW\DW20.EXE
TypesSupported REG_DWORD 0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Eventlog\Application\Microsoft Development Environment
TypesSupported REG_DWORD 0x7
EventMessageFile REG_SZ C:\Program Files\Microsoft Visual Studio .NET 2003\Common7\IDE\DW.EXE

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Eventlog\Application\Microsoft Fax
EventMessageFile REG_EXPAND_SZ %systemroot%\system32\fxsevent.dll
CategoryMessageFile REG_EXPAND_SZ %systemroot%\system32\fxsevent.dll
CategoryCount REG_DWORD 0x4
TypesSupported REG_DWORD 0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Eventlog\Application\Microsoft Office 11
TypesSupported REG_DWORD 0x7
EventMessageFile REG_SZ C:\PROGRA~1\COMMON~1\MICROS~1\DW\DW20.EXE

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Eventlog\Application\Microsoft Office Document Imaging
CategoryCount REG_DWORD 0x1
EventMessageFile REG_SZ C:\PROGRA~1\COMMON~1\MICROS~1\MODI\11.0\MSPFILT.DLL
LoggingLevel REG_DWORD 0x0
TypesSupported REG_DWORD 0x7
CategoryMessageFile REG_SZ C:\PROGRA~1\COMMON~1\MICROS~1\MODI\11.0\MSPFILT.DLL

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Eventlog\Application\Microsoft.Transactions.Bridge 3.0.0.0
CategoryMessageFile REG_SZ c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelEvents.dll.mui
CategoryCount REG_DWORD 0xe
EventMessageFile REG_SZ c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelEvents.dll.mui

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Eventlog\Application\mnmsrvc
EventMessageFile REG_SZ %SystemRoot%\System32\nmevtmsg.dll
TypeSupported REG_BINARY 07000000

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Eventlog\Application\MSDMine
CategoryMessageFile REG_SZ C:\PROGRA~1\COMMON~1\SYSTEM\OLEDB~1\MSDMINE.DLL
CategoryCount REG_DWORD 0x2
TypesSupported REG_BINARY 0012B858
EventMessageFile REG_SZ C:\PROGRA~1\COMMON~1\SYSTEM\OLEDB~1\MSDMINE.DLL

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Eventlog\Application\MSDTC
EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\comres.dll;%SystemRoot%\System32\xpsp2res.dll
TypesSupported REG_DWORD 0x7
CategoryMessageFile REG_EXPAND_SZ C:\WINDOWS\system32\COMRES.DLL;C:\WINDOWS\system32\xpsp2res.dll
CategoryCount REG_DWORD 0xf

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Eventlog\Application\MSDTC Client
EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\comres.dll;%SystemRoot%\System32\xpsp2res.dll
TypesSupported REG_DWORD 0x7
CategoryMessageFile REG_EXPAND_SZ C:\WINDOWS\system32\COMRES.DLL;C:\WINDOWS\system32\xpsp2res.dll
CategoryCount REG_DWORD 0xf

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Eventlog\Application\MsiInstaller
EventMessageFile REG_SZ C:\WINDOWS\system32\msi.dll
TypesSupported REG_DWORD 0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Eventlog\Application\MSSHA
TypesSupported REG_DWORD 0x7
EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\msshavmsg.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Eventlog\Application\MSSOAP
CategoryMessageFile REG_SZ C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSSOAP30.DLL
EventMessageFile REG_SZ C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSSOAP30.DLL
CategoryCount REG_DWORD 0x4
TypesSupported REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Eventlog\Application\MSSQLSERVER/MSDE
EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\xpsp2res.dll
TypesSupported REG_DWORD 0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Eventlog\Application\NDP1.1sp1-KB2416447-X86
EventMessageFile REG_EXPAND_SZ C:\PROGRA~1\COMMON~1\MICROS~1\DW\DW20.EXE
TypesSupported REG_DWORD 0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Eventlog\Application\NDP1.1sp1-KB953297-X86
EventMessageFile REG_EXPAND_SZ C:\PROGRA~1\COMMON~1\MICROS~1\DW\DW20.EXE
TypesSupported REG_DWORD 0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Eventlog\Application\NDP1.1sp1-KB979906-X86
EventMessageFile REG_EXPAND_SZ C:\PROGRA~1\COMMON~1\MICROS~1\DW\DW20.EXE
TypesSupported REG_DWORD 0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Eventlog\Application\ntbackup
EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\ntbackup.exe
TypesSupported REG_DWORD 0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Eventlog\Application\Oakley
EventMessageFile REG_SZ %SystemRoot%\System32\oakley.dll
TypesSupported REG_DWORD 0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Eventlog\Application\Offline Files
EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\cscui.dll
TypesSupported REG_SZ 0x00000007

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Eventlog\Application\Outlook
EventMessageFile REG_SZ C:\PROGRA~1\COMMON~1\SYSTEM\MSMAPI\1033\MAPIR.DLL
Version REG_DWORD 0xd
TypesSupported REG_DWORD 0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Eventlog\Application\Perfctrs
EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\perfctrs.dll
TypesSupported REG_DWORD 0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Eventlog\Application\PerfDisk
EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\perfdisk.dll
TypesSupported REG_DWORD 0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Eventlog\Application\Perflib
EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\prflbmsg.dll
TypesSupported REG_DWORD 0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Eventlog\Application\Perfmon
EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\perfmon.exe
TypesSupported REG_DWORD 0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Eventlog\Application\PerfNet
EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\perfnet.dll
TypesSupported REG_DWORD 0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Eventlog\Application\PerfOS
EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\perfOS.dll
TypesSupported REG_DWORD 0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Eventlog\Application\PerfProc
EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\perfproc.dll
TypesSupported REG_DWORD 0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Eventlog\Application\Picasa3
EventMessageFile REG_SZ C:\Program Files\Google\Picasa3\Picasa3.exe
TypesSupported REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Eventlog\Application\RawViewer
EventMessageFile REG_SZ C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\EventLogMessages.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Eventlog\Application\Remote Assistance
EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\xpsp2res.dll
TypesSupported REG_DWORD 0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Eventlog\Application\RPC
EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\xpsp3res.dll;%SystemRoot%\System32\xpsp4res.dll
TypesSupported REG_DWORD 0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Eventlog\Application\SAFrdms
EventMessageFile REG_SZ C:\WINDOWS\system32\safrdm.dll
TypesSupported REG_DWORD 0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Eventlog\Application\safrslv
EventMessageFile REG_SZ C:\WINDOWS\system32\safrslv.dll
TypesSupported REG_DWORD 0x1f

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Eventlog\Application\SceCli
EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\scecli.dll
TypesSupported REG_DWORD 0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Eventlog\Application\SceSrv
EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\scesrv.dll
TypesSupported REG_DWORD 0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Eventlog\Application\SclgNtfy
EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\sclgntfy.dll
TypesSupported REG_DWORD 0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Eventlog\Application\SecurityCenter
EventMessageFile REG_EXPAND_SZ %SystemRoot%\system32\xpsp2res.dll
TypesSupported REG_DWORD 0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Eventlog\Application\ServiceModel Audit 3.0.0.0
TypesSupported REG_DWORD 0x1f
EventMessageFile REG_SZ c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelEvents.dll.mui
CategoryCount REG_DWORD 0x2
CategoryMessageFile REG_SZ c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelEvents.dll.mui

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Eventlog\Application\SNL HiveManager
EventMessageFile REG_EXPAND_SZ
TypesSupported REG_DWORD 0x7
CategoryMessageFile REG_EXPAND_SZ
CategoryCount REG_DWORD 0x2

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Eventlog\Application\Software Installation
EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\appmgr.dll
TypesSupported REG_DWORD 0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Eventlog\Application\Software Restriction Policies
EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\ntdll.dll
TypesSupported REG_DWORD 0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Eventlog\Application\SpoolerCtrs
EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\winspool.drv
TypesSupported REG_DWORD 0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Eventlog\Application\Spybot - Search & Destroy 2
EventMessageFile REG_EXPAND_SZ SDEvents.dll
TypesSupported REG_DWORD 0x7
CategoryMessageFile REG_EXPAND_SZ SDEvents.dll
CategoryCount REG_DWORD 0x2

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Eventlog\Application\Starter
EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\xpsp2res.dll
TypesSupported REG_DWORD 0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Eventlog\Application\SVCMONR
EventMessageFile REG_SZ C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\EventLogMessages.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Eventlog\Application\SysmonLog
EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\smlogsvc.exe
TypesSupported REG_DWORD 0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Eventlog\Application\System.IdentityModel 3.0.0.0
EventMessageFile REG_SZ c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelEvents.dll.mui
CategoryCount REG_DWORD 0xe
CategoryMessageFile REG_SZ c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelEvents.dll.mui

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Eventlog\Application\System.IO.Log 3.0.0.0
EventMessageFile REG_SZ c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelEvents.dll.mui
CategoryCount REG_DWORD 0xe
CategoryMessageFile REG_SZ c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelEvents.dll.mui

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Eventlog\Application\System.Runtime.Serialization 3.0.0.0
CategoryMessageFile REG_SZ c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelEvents.dll.mui
EventMessageFile REG_SZ c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelEvents.dll.mui
CategoryCount REG_DWORD 0xe

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Eventlog\Application\System.ServiceModel 3.0.0.0
CategoryCount REG_DWORD 0xe
EventMessageFile REG_SZ c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelEvents.dll.mui
CategoryMessageFile REG_SZ c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelEvents.dll.mui

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Eventlog\Application\System.ServiceModel.Install 3.0.0.0
EventMessageFile REG_EXPAND_SZ c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\EventLogMessages.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Eventlog\Application\Tlntsvr
EventMessageFile REG_SZ C:\WINDOWS\system32\tlntsvr.exe;C:\WINDOWS\system32\xpsp1res.dll
TypesSupported REG_DWORD 0x1f

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Eventlog\Application\Userenv
EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\userenv.dll;%SystemRoot%\System32\xpsp1res.dll;%SystemRoot%\System32\xpsp2res.dll
TypesSupported REG_DWORD 0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Eventlog\Application\Userinit
EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\userinit.exe
TypesSupported REG_DWORD 0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Eventlog\Application\VBRuntime
EventMessageFile REG_SZ C:\WINDOWS\system32\msvbvm60.dll
TypesSupported REG_DWORD 0x4

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Eventlog\Application\VBSDIDB
EventMessageFile REG_EXPAND_SZ C:\Program Files\Microsoft Visual Studio\VB98\Tsql\vbsdidb.dll
TypesSupported REG_DWORD 0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Eventlog\Application\Visual Studio - VsTemplate
EventMessageFile REG_EXPAND_SZ C:\Program Files\Common Files\Microsoft Shared\Help 8\msenv.dll
TypesSupported REG_DWORD 0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Eventlog\Application\Visual Studio Analyzer RPC bridge
EventMessageFile REG_EXPAND_SZ C:\Program Files\Microsoft Visual Studio\Common\Tools\VS-Ent98\Vanalyzr\varpc.exe
TypesSupported REG_DWORD 0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Eventlog\Application\VSS
TypesSupported REG_DWORD 0x7
EventMessageFile REG_SZ C:\WINDOWS\system32\vssvc.exe

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Eventlog\Application\W3Ctrs
EventMessageFile REG_EXPAND_SZ C:\WINDOWS\system32\w3ctrs.dll
TypesSupported REG_DWORD 0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Eventlog\Application\WebClient
EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\netevent.dll
TypesSupported REG_DWORD 0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Eventlog\Application\WgaSetup
TypesSupported REG_DWORD 0x7
EventMessageFile REG_SZ C:\WINDOWS\system32\KB905474\wgasetup.exe

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Eventlog\Application\Windows 3.1 Migration
EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\advapi32.dll
TypesSupported REG_DWORD 0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Eventlog\Application\Windows Product Activation
EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\dpcdll.dll
TypesSupported REG_DWORD 0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Eventlog\Application\Windows Workstation Event
EventMessageFile REG_SZ C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\EventLogMessages.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Eventlog\Application\Winlogon
EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\winlogon.exe
TypesSupported REG_DWORD 0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Eventlog\Application\WinMgmt
EventMessageFile REG_EXPAND_SZ %SystemRoot%\system32\WBEM\WinMgmtR.dll;%SystemRoot%\system32\xpsp2res.dll
TypesSupported REG_DWORD 0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Eventlog\Application\WmdmPmSN
EventMessageFile REG_EXPAND_SZ C:\WINDOWS\system32\MsPMSNSv.dll
TypesSupported REG_DWORD 0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Eventlog\Application\WMIAdapter
EventMessageFile REG_EXPAND_SZ %SystemRoot%\system32\WBEM\WMIApRes.dll
TypesSupported REG_DWORD 0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Eventlog\Application\Workstation Event Service
EventMessageFile REG_SZ C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\EventLogMessages.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Eventlog\Application\WSH
EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\wshext.dll
TypesSupported REG_DWORD 0x1f

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Eventlog\Internet Explorer
Sources REG_MULTI_SZ Internet Explorer\0\0
  • 0

#64
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,029 posts
  • MVP
The key must be locked. Let's see if Combofix can unlock and delete it for us

Copy the text between the lines of stars by highlighting and Ctrl + c.

******************************************

RegLock::
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AFD]
Registry::
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AFD]

******************************************

Now open notepad (Start, Run, notepad, OK) and Ctrl + V to paste the text into Notepad. Make sure you got it all then File, SAVE AS, (to your Desktop), CFScript , OK. Close notepad. (Overwrite the old one if it's still there.) You should see a file CFScript.txt on your desktop.

Pause your anti-virus.

Drag CFScript.txt over to Combofix and let go Combofix should start on its own.

Post the new log.

Now try to merge the afd.reg file.

Copy the next line:

reg query HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AFD /s > \junk.txt

Start, Run, cmd, OK then right click and pate or edit paste and then hit Enter

notepad \junk.txt

Copy and paste the result.


Ron
  • 0

#65
happy01

happy01

    Member

  • Topic Starter
  • Member
  • PipPip
  • 54 posts
Here is the combofix log and the .txt log. I tried to merge the file again and it said it worked.

ComboFix 11-09-13.04 - User 09/13/2011 19:30:36.9.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.502 [GMT -4:00]
Running from: d:\documents and settings\Desktop\ComboFix.exe
Command switches used :: d:\documents and settings\Desktop\CFScript.txt
AV: AntiVir Desktop *Disabled/Outdated* {AD166499-45F9-482A-A743-FDD3350758C7}
FW: Trend Micro OfficeScan Enterprise Client Firewall *Enabled* {9EFC479D-082C-471E-BB2E-DB50CFB21926}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\dasetup.log
c:\windows\system32\TPHDLOG0.LOG
d:\documents and settings\Desktop\ComboFix.exe
d:\documents and settings\Desktop\OTL.exe
d:\documents and settings\Desktop\setup_av_free.exe
d:\documents and settings\User\Local Settings\Application Data\ApplicationHistory
d:\documents and settings\User\Local Settings\Application Data\ApplicationHistory\Bookshelf.exe.404166eb.ini
d:\documents and settings\User\Local Settings\Application Data\ApplicationHistory\devenv.exe.3d4648d.ini
d:\documents and settings\User\Local Settings\Application Data\ApplicationHistory\dsidebar.exe.fb480dc6.ini
d:\documents and settings\User\Local Settings\Application Data\ApplicationHistory\DyKnow.exe.88b0d45f.ini
d:\documents and settings\User\Local Settings\Application Data\ApplicationHistory\MsiExec.exe.8cb23528.ini.inuse
.
.
((((((((((((((((((((((((( Files Created from 2011-08-14 to 2011-09-14 )))))))))))))))))))))))))))))))
.
.
2011-09-13 02:50 . 2011-08-30 23:38 2342 ----a-w- d:\documents and settings\Desktop\afd.reg
2011-09-13 02:50 . 2011-02-16 10:22 138496 ----a-w- d:\documents and settings\Desktop\afd.sys
2011-09-02 22:18 . 2011-09-02 22:18 -------- d-----w- d:\documents and settings\Desktop\Shows Paris
2011-09-01 02:28 . 2011-09-14 00:01 -------- d-sh--w- d:\documents and settings\LocalService.NT AUTHORITY.002
2011-09-01 02:27 . 2011-09-02 02:34 -------- d-sh--w- d:\documents and settings\NetworkService.NT AUTHORITY.002
2011-09-01 02:25 . 2011-09-01 02:25 -------- d-----w- c:\windows\system32\wbem\Repository
2011-09-01 00:44 . 2011-09-01 02:25 -------- d-----w- d:\documents and settings\Desktop\Bridezillas.S08E12.DSR.XviD-OMiCRON
2011-08-30 23:57 . 2011-09-13 02:23 -------- d-----w- d:\documents and settings\Desktop\Shows
2011-08-29 19:46 . 2011-08-29 19:46 -------- d-----w- C:\SWTOOLS
2011-08-29 19:38 . 2011-08-29 19:38 -------- d-----w- c:\program files\Broadcom
2011-08-29 19:17 . 2011-09-01 02:27 -------- d-sh--w- d:\documents and settings\LocalService.NT AUTHORITY.001
2011-08-29 19:17 . 2011-09-01 02:27 -------- d-sh--w- d:\documents and settings\NetworkService.NT AUTHORITY.001
2011-08-29 19:14 . 2011-08-29 19:14 -------- d-----w- c:\windows\system32\XPSViewer
2011-08-29 19:04 . 2009-11-07 05:07 297808 ----a-w- c:\windows\system32\mscoree.dll
2011-08-29 17:33 . 2011-08-29 17:33 -------- d-----w- d:\documents and settings\User\Application Data\PwrMgr
2011-08-29 17:32 . 2011-04-08 21:24 4224 ----a-w- c:\windows\system32\drivers\IBMBLDID.sys
2011-08-29 17:32 . 2011-04-08 21:23 11520 ----a-w- c:\windows\system32\drivers\ANC.sys
2011-08-29 17:20 . 2011-07-04 05:39 292200 ------w- c:\windows\system32\PWMCPl.cpl
2011-08-29 17:20 . 2011-07-04 05:39 25968 ------w- c:\windows\system32\drivers\DOZEHDD.SYS
2011-08-29 17:17 . 2011-08-29 17:18 -------- d-----w- d:\documents and settings\Desktop\Install
2011-08-28 21:49 . 2011-09-01 02:26 -------- d-----w- d:\documents and settings\Happy
2011-08-27 06:16 . 2011-09-13 03:10 -------- d-----w- d:\documents and settings\All Users\Application Data\AVAST Software
2011-08-27 06:16 . 2011-08-27 06:16 -------- d-----w- c:\program files\AVAST Software
2011-08-26 17:23 . 2008-04-13 18:40 57600 ----a-w- c:\windows\system32\drivers\redbook.sys
2011-08-26 14:45 . 2011-08-29 19:17 -------- d-sh--w- d:\documents and settings\LocalService.NT AUTHORITY.000
2011-08-26 14:45 . 2011-08-29 19:17 -------- d-sh--w- d:\documents and settings\NetworkService.NT AUTHORITY.000
2011-08-26 14:42 . 2011-08-26 14:42 -------- d-----w- d:\documents and settings\All Users\Application Data\Avira
2011-08-26 14:42 . 2011-08-26 14:42 -------- d-----w- c:\windows\system32\save$$updater
2011-08-26 14:42 . 2011-08-26 14:42 -------- d-----w- c:\windows\system32\(null)
2011-08-26 14:42 . 2011-08-26 14:42 -------- d-----w- c:\program files\Avira
2011-08-25 02:45 . 2011-07-06 23:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-08-25 02:45 . 2011-07-06 23:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-24 00:45 . 2011-08-24 00:45 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll
2011-08-24 00:45 . 2011-08-24 00:45 142296 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2011-08-24 00:45 . 2011-08-24 00:45 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll
2011-08-24 00:45 . 2011-08-24 00:45 89048 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll
2011-08-24 00:45 . 2011-08-24 00:45 465880 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll
2011-08-24 00:45 . 2011-08-24 00:45 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll
2011-08-24 00:45 . 2011-08-24 00:45 1850328 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll
2011-08-24 00:45 . 2011-08-24 00:45 781272 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll
2011-08-15 01:05 . 2011-08-15 01:05 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-29 20:11 . 2005-09-05 12:56 30144 ----a-w- c:\windows\system32\drivers\psadd.sys
2011-08-21 04:00 . 2005-04-27 13:16 5427 ----a-w- c:\windows\system32\EGATHDRV.SYS
2011-08-08 08:00 . 2011-08-11 01:31 74752 ----a-w- c:\windows\system32\ff_vfw.dll
2011-07-15 13:29 . 2005-06-28 01:12 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-08 14:02 . 2005-06-28 01:12 10496 ------w- c:\windows\system32\drivers\ndistapi.sys
2011-07-04 05:39 . 2005-06-27 22:49 12144 ------w- c:\windows\system32\drivers\TPPWRIF.SYS
2011-06-24 14:44 . 2011-08-11 01:31 243200 ----a-w- c:\windows\system32\xvidvfw.dll
2011-06-24 14:28 . 2011-08-11 01:31 650752 ----a-w- c:\windows\system32\xvidcore.dll
2011-06-24 14:10 . 2005-06-27 22:24 139656 ------w- c:\windows\system32\drivers\rdpwd.sys
2011-06-23 18:36 . 2005-06-28 01:12 916480 ----a-w- c:\windows\system32\wininet.dll
2011-06-23 18:36 . 2005-06-28 01:12 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-06-23 18:36 . 2005-06-28 01:11 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-06-23 12:05 . 2005-06-28 01:11 385024 ----a-w- c:\windows\system32\html.iec
2011-06-20 17:44 . 2005-06-28 01:12 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-08-24 00:45 . 2011-08-24 00:45 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( [email protected]_17.39.59 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-12 04:02 . 2009-07-12 04:02 51008 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_f0ccd4aa\vcomp90.dll
+ 2009-07-12 04:02 . 2009-07-12 04:02 59728 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90rus.dll
+ 2009-07-12 04:02 . 2009-07-12 04:02 42832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90kor.dll
+ 2009-07-12 04:02 . 2009-07-12 04:02 43344 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90jpn.dll
+ 2009-07-12 04:02 . 2009-07-12 04:02 61264 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90ita.dll
+ 2009-07-12 04:02 . 2009-07-12 04:02 62800 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90fra.dll
+ 2009-07-12 04:02 . 2009-07-12 04:02 61760 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esp.dll
+ 2009-07-12 04:02 . 2009-07-12 04:02 61776 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esn.dll
+ 2009-07-12 04:02 . 2009-07-12 04:02 53568 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90enu.dll
+ 2009-07-12 04:02 . 2009-07-12 04:02 63296 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90deu.dll
+ 2009-07-12 04:02 . 2009-07-12 04:02 36688 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90cht.dll
+ 2009-07-12 04:02 . 2009-07-12 04:02 35648 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90chs.dll
+ 2009-07-12 04:05 . 2009-07-12 04:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90u.dll
+ 2009-07-12 04:05 . 2009-07-12 04:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90.dll
+ 2011-09-13 23:39 . 2011-09-13 23:39 16384 c:\windows\temp\Perflib_Perfdata_d90.dat
+ 2005-06-28 01:12 . 2011-08-29 19:04 48926 c:\windows\system32\perfc009.dat
+ 2008-01-29 16:01 . 2009-03-19 20:32 23400 c:\windows\system32\drivers\GEARAspiWDM.sys
+ 2011-08-27 06:17 . 2011-08-27 06:17 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2005-06-27 22:30 . 2010-02-14 23:17 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2005-06-27 22:30 . 2011-08-27 06:17 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2011-08-27 06:17 . 2011-08-27 06:17 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2008-07-25 15:17 . 2008-07-25 15:17 77312 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsec.dll
+ 2011-08-29 19:04 . 2008-07-25 15:17 77312 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsec.dll
+ 2011-08-29 19:04 . 2008-07-25 15:16 18936 c:\windows\Microsoft.NET\Framework\v2.0.50727\fusion.dll
- 2008-07-25 15:16 . 2008-07-25 15:16 18936 c:\windows\Microsoft.NET\Framework\v2.0.50727\fusion.dll
- 2008-07-25 15:16 . 2008-07-25 15:16 33800 c:\windows\Microsoft.NET\Framework\v2.0.50727\Aspnet_perf.dll
+ 2011-08-29 19:03 . 2008-07-25 15:16 33800 c:\windows\Microsoft.NET\Framework\v2.0.50727\Aspnet_perf.dll
+ 2011-08-29 19:38 . 2011-08-29 19:38 40960 c:\windows\Installer\{EDE35932-B95B-4420-B739-08C8537AACC0}\NewShortcut1.FCA9991C_BA96_4189_B2BE_13852649CA68.exe
+ 2011-08-29 17:22 . 2011-08-29 17:22 15872 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualC\a96b02abbfcaae424cfb91a198a9e0e9\Microsoft.VisualC.ni.dll
+ 2011-08-29 19:38 . 2011-08-29 19:38 3262 c:\windows\Installer\{EDE35932-B95B-4420-B739-08C8537AACC0}\ARPPRODUCTICON.exe
+ 2009-07-12 04:02 . 2009-07-12 04:02 653120 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll
+ 2009-07-12 04:02 . 2009-07-12 04:02 569664 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll
+ 2009-07-12 04:05 . 2009-07-12 04:05 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcm90.dll
+ 2005-07-05 04:46 . 2011-04-08 21:27 292152 c:\windows\system32\tvt_gina_api.dll
+ 2005-07-05 04:46 . 2011-04-08 21:27 582968 c:\windows\system32\tvt_gina.dll
+ 2011-07-27 01:56 . 2011-09-01 02:26 571368 c:\windows\system32\Restore\rstrlog.dat
+ 2005-06-28 01:12 . 2011-08-29 19:04 347472 c:\windows\system32\perfh009.dat
+ 2011-08-31 00:25 . 2011-09-14 00:03 214476 c:\windows\system32\inetsrv\MetaBase.bin
+ 2011-08-29 19:04 . 2011-03-25 10:15 363856 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
- 2011-03-25 10:15 . 2011-03-25 10:15 363856 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
+ 2011-08-27 06:16 . 2011-08-27 06:16 219648 c:\windows\Installer\5bc67.msi
+ 2011-08-29 19:38 . 2011-08-29 19:38 952320 c:\windows\Installer\125b82.msi
+ 2011-08-29 17:22 . 2011-08-29 17:22 771584 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b7e0214a811f81e09041864081139641\System.Runtime.Remoting.ni.dll
+ 2011-08-29 17:22 . 2011-08-29 17:22 606720 c:\windows\assembly\NativeImages_v2.0.50727_32\PWMUICtl\df8cc91f9ae77fc4ebb0dbdd42de9a66\PWMUICtl.ni.dll
+ 2011-08-29 17:22 . 2011-08-29 17:22 142848 c:\windows\assembly\NativeImages_v2.0.50727_32\PWMUIAux\3a648628a1e8f101fd48a22a68a2d0fa\PWMUIAux.ni.exe
+ 2011-08-29 17:22 . 2011-08-29 17:22 830976 c:\windows\assembly\NativeImages_v2.0.50727_32\PWMUI\7b4cc84979457ef72c02490945cfb4ad\PWMUI.ni.exe
+ 2009-07-12 04:02 . 2009-07-12 04:02 3780424 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90u.dll
+ 2009-07-12 04:02 . 2009-07-12 04:02 3765048 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90.dll
+ 2003-03-19 05:12 . 2008-11-13 22:02 1049600 c:\windows\system32\MFC71u.dll
+ 2003-03-19 05:19 . 2008-11-13 22:02 1056768 c:\windows\system32\MFC71.dll
- 2008-12-05 23:35 . 2008-12-05 23:35 1736528 c:\windows\Microsoft.NET\Framework\v3.0\WPF\wpfgfx_v0300.dll
+ 2011-08-29 19:00 . 2008-12-05 23:35 1736528 c:\windows\Microsoft.NET\Framework\v3.0\WPF\wpfgfx_v0300.dll
- 2011-03-25 10:15 . 2011-03-25 10:15 5912400 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
+ 2011-08-29 19:04 . 2011-03-25 10:15 5912400 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
+ 2011-08-29 17:22 . 2011-08-29 17:22 1115136 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.OracleC#\c729750d54f6e7427230622bcccd4709\System.Data.OracleClient.ni.dll
+ 2011-08-29 20:11 . 2011-08-29 20:11 75660944 c:\windows\Downloaded Installations\{CD211BCD-94D9-4FE4-81FB-BDD8AB6ACEF6}\Rescue and Recovery.msi
+ 2011-08-29 19:50 . 2011-08-29 19:50 87280640 c:\windows\Downloaded Installations\{93D1D522-D1EA-4DBF-99B0-E68949FB99A4}\Rescue and Recovery - Client Security Solution.msi
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-02-14 512000]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2006-02-14 110592]
"PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2011-07-04 800104]
"ACTray"="c:\program files\ThinkPad\ConnectUtilities\ACTray.exe" [2011-04-14 431464]
"ACWLIcon"="c:\program files\ThinkPad\ConnectUtilities\ACWLIcon.exe" [2011-04-14 189800]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\katrack.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\keyboard layouts\e0090404]
IME File REG_SZ MSTCICJA.IME
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\keyboard layouts\e0080404]
IME File REG_SZ MSTCIPHA.IME
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\keyboard layouts\e0200412]
Ime File REG_SZ IMEKR70.IME
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\keyboard layouts\e0100804]
IME File REG_SZ WINWB86.IME
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\keyboard layouts\e0110804]
IME File REG_SZ WINWB98.IME
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\keyboard layouts\e00e0804]
IME File REG_SZ IMSC40A.IME
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\keyboard layouts\e0200411]
Ime File REG_SZ IMJP9.IME
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Visual Studio\\COMMON\\Tools\\VS-Ent98\\Vanalyzr\\VARPC.EXE"=
"c:\\Program Files\\IBM\\Updater\\jre\\bin\\java.exe"=
"c:\\Program Files\\IBM\\Updater\\jre\\bin\\javaw.exe"=
"c:\\Program Files\\IBM\\Updater\\ucsmb.exe"=
"c:\\WINDOWS\\keyacc32.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AirPort\\APAgent.exe"=
"c:\\WINDOWS\\system32\\inetsrv\\inetinfo.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"5353:UDP"= 5353:UDP:Bonjour
.
R0 DozeHDD;DozeHDD;c:\windows\system32\drivers\DOZEHDD.SYS [8/29/2011 1:20 PM 25968]
R0 TPDiskPM;TPDiskPM;c:\windows\system32\drivers\TPDiskPM.sys [6/27/2005 6:49 PM 14848]
R2 DozeSvc;Lenovo Doze Mode Service;c:\program files\ThinkPad\Utilities\DOZESVC.EXE [8/29/2011 1:20 PM 292200]
R2 Power Manager DBC Service;Power Manager DBC Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.exe [8/29/2011 1:20 PM 69632]
R2 PwmEWSvc;Cisco EnergyWise Enabler;c:\program files\ThinkPad\Utilities\PWMEWSVC.exe [8/29/2011 1:20 PM 148840]
R2 smi2;smi2;c:\program files\SMI2\smi2.sys [8/2/2005 5:47 PM 3968]
R3 TPInput;TPInput;c:\windows\system32\drivers\TPInput.sys [6/27/2005 6:49 PM 6784]
R3 TPM11;NSC Integrated Trusted Platform Module 1.1;c:\windows\system32\drivers\nsctpm11.sys [8/2/2005 6:00 PM 14336]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;"c:\program files\Avira\AntiVir Desktop\sched.exe" --> c:\program files\Avira\AntiVir Desktop\sched.exe [?]
.
Contents of the 'Scheduled Tasks' folder
.
2011-08-27 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]
.
2011-09-14 c:\windows\Tasks\PMTask.job
- c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2005-06-27 05:39]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mWindow Title = Sacred Heart University
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.10.1
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - d:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\2x311ay5.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
- - - - ORPHANS REMOVED - - - -
.
Notify-ACNotify - ACNotify.dll
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-09-13 20:03
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\.redbook]
"ImagePath"="\*"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(620)
c:\program files\ThinkPad\ConnectUtilities\ACNotify.dll
c:\program files\ThinkPad\ConnectUtilities\AcSvcStub.dll
c:\program files\ThinkPad\ConnectUtilities\AcLocSettings.dll
c:\program files\ThinkPad\ConnectUtilities\AcCryptHlpr.dll
c:\program files\ThinkPad\ConnectUtilities\ACHelper.dll
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(800)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
c:\program files\IBM ThinkVantage\Client Security Solution\ibmtcsd.exe
c:\program files\ThinkPad\ConnectUtilities\AcSvc.exe
c:\windows\system32\inetsrv\inetinfo.exe
c:\windows\system32\wscntfy.exe
c:\program files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
c:\windows\system32\rundll32.exe
c:\windows\System32\NOTEPAD.EXE
c:\windows\System32\NOTEPAD.EXE
c:\progra~1\ThinkPad\UTILIT~1\SCHTASK.exe
.
**************************************************************************
.
Completion time: 2011-09-13 20:09:28 - machine was rebooted
ComboFix-quarantined-files.txt 2011-09-14 00:09
ComboFix2.txt 2011-08-26 21:56
ComboFix3.txt 2011-08-26 19:15
ComboFix4.txt 2011-08-26 18:00
ComboFix5.txt 2011-09-13 23:12
.
Pre-Run: 15,642,542,080 bytes free
Post-Run: 15,498,571,776 bytes free
.
Current=4 Default=4 Failed=3 LastKnownGood=5 Sets=2,3,4,5
- - End Of File - - 06AA1980F4B72E83A4CB667C6DDEF302

>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>


! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AFD
DisplayName REG_SZ AFD
Description REG_SZ AFD Networking Support Environment
Group REG_SZ TDI
ImagePath REG_SZ \SystemRoot\System32\drivers\afd.sys
Start REG_DWORD 0x1
Type REG_DWORD 0x1
ErrorControl REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AFD\Enum
0 REG_SZ Root\LEGACY_AFD\0000
Count REG_DWORD 0x1
NextInstance REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AFD\Parameters

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AFD\Security
Security REG_BINARY 01001480900000009C000000140000003000000002001C000100000002801400FF010F00010100000000000100000000020060000400000000001400FD01020001010000000000051200000000001800FF010F0001020000000000052000000020020000000014008D01020001010000000000050B00000000001800FD01020001020000000000052000000023020000010100000000000512000000010100000000000512000000
  • 0

#66
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,029 posts
  • MVP
OK that fixed the AFD issue I think. Are you still stuck in Safe Mode? It appears to me that you are having hard drive problems for some reason. These files:

2011-09-01 02:28 . 2011-09-14 00:01 -------- d-sh--w- d:\documents and settings\LocalService.NT AUTHORITY.002
2011-09-01 02:27 . 2011-09-02 02:34 -------- d-sh--w- d:\documents and settings\NetworkService.NT AUTHORITY.002

2011-08-29 19:17 . 2011-09-01 02:27 -------- d-sh--w- d:\documents and settings\LocalService.NT AUTHORITY.001
2011-08-29 19:17 . 2011-09-01 02:27 -------- d-sh--w- d:\documents and settings\NetworkService.NT AUTHORITY.001

"are duplicate user profile folders. They are created for various reasons if the system cannot find the user profile upon logon.

Or if for instance, incorrect permissions are assigned to the Profile folder. The appropriate user account must have full control of their profile folder. If not, a new profile folder will be created with any of the above suffixes."

I guess the easiest thing to do is to run check disk and see if that helps:

1. Double-click My Computer, and then right-click the hard disk that you want to check. C:
2. Click Properties, and then click Tools.
3. Under Error-checking, click Check Now. A dialog box that shows the Check disk options is displayed,
4. Check both boxes and then click Start.
You will receive the following message:
The disk check could not be performed because the disk check utility needs exclusive access to some Windows files on the disk. These files can be accessed by restarting Windows. Do you want to schedule the disk check to occur the next time you restart the computer?
Click Yes to schedule the disk check, then reboot.

Check disk will run for an hour or so. Then it should boot into windows. Let's see if it goes into regular mode.

Ron
  • 0

#67
happy01

happy01

    Member

  • Topic Starter
  • Member
  • PipPip
  • 54 posts
I will have to do this tomorrow, but I am not in Safe Mode. I have not had to run in safe mode for some time now, maybe 10 boots or more ago. Will pick this up again tomorrow night.

Thanks.
  • 0

#68
happy01

happy01

    Member

  • Topic Starter
  • Member
  • PipPip
  • 54 posts
I ran scan disk. Everything seemed to go ok. I ran it on both the C: and D: drives. I have not been in safe mode for some time now, but it still is trying to acquire the network address. still cant get online.

What next?

Thanks
  • 0

#69
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,029 posts
  • MVP
Can you start DHCP Client? Does it still say it can't start because of dependencies?

Do you see AFD in device manager yet?

Ron
  • 0

#70
happy01

happy01

    Member

  • Topic Starter
  • Member
  • PipPip
  • 54 posts
I can start the DHCP client, and I do see AFD in the device manager, but still cannot get online. I think I am going to re-install windows in a couple weeks. That should take care of it.
  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP