Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

WrOS.exe error / VPN connectivity problem


  • Please log in to reply

#16
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,675 posts
In the same list with services can you find:
Remote Access Connection Manager service and see if it is running and set to manual or Automatic?

Regards,
  • 0

Advertisements


#17
Amrita

Amrita

    Member

  • Topic Starter
  • Member
  • PipPip
  • 45 posts
Hi..it is set to Manual but the Service Status says Stopped.Thanks,Amrita
  • 0

#18
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,675 posts
Can you start it and try the Task Scheduler again?

Regards,
  • 0

#19
Amrita

Amrita

    Member

  • Topic Starter
  • Member
  • PipPip
  • 45 posts
When I tried to start it I got a msg saying

Windows could not start Remote Access Connection manager on Local computer. For more information review System Event Log. If this is a non Microsoft service contact service vendor and refer to service specific error code 1717.

thanks, Amrita
  • 0

#20
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,675 posts
The System Event log can be found click Start, Programs, Administrative Tools, Event Viewer.

See if you can find the entry that corresponds with these errors.

I did find some info but only unsolved mysteries sofar.
I'll keep looking.

Regards,
  • 0

#21
Amrita

Amrita

    Member

  • Topic Starter
  • Member
  • PipPip
  • 45 posts
Hi Pieter,

When I try to do that I get a msg saying Unable to complete the operation on System Log. The interface is unknown.

I really appreciate all your efforts since I am at a total loss here.

Thanks, Amrita
  • 0

#22
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,675 posts
I am now too. I'll have a look tomorrow.

Maybe some sleep will give me some good ideas.

I'll give you a short recap of what my assessment of the situation is.

Norton needs the connection to work.
When we try to add the connection the Task Scheduler can't run because the Remote Access Connection manager isn't working properly.

When we tried to find out why that is we ran into another unknown interface error.

Maybe if you can tell me how and when this all started that would help.

Regards,
  • 0

#23
Amrita

Amrita

    Member

  • Topic Starter
  • Member
  • PipPip
  • 45 posts
Hi Pieter,

That's a good summary. It all started when my VPN connection to my office location stopped working. I only recently noted that Norton wasnt working either. I still cannot connect to the mainframe using VPN. I do have a work around using another tool that is available but it is very slow and since I work from home several days a week it has been very frustrating. However it has been wonderful having your support - I feel there is still hope!

Please do get some rest and I hope the solution will come to you!

Thanks so much, Amrita
  • 0

#24
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,675 posts
We could have been so close I could bang my head against a wall.

http://dotnet.org.za...11/24/7832.aspx

Can you check if the Event Log Service is started?

Regards,
  • 0

#25
Amrita

Amrita

    Member

  • Topic Starter
  • Member
  • PipPip
  • 45 posts
Hi Pieter,

Hope this is it!! I do not have any entry for Event Log when I run services.msc. Is that the right place to check?

Thanks, Amrita
  • 0

Advertisements


#26
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,675 posts
Yes it is the right place, but are you sure it's not there?

I have never seen that before on a SP4 computer :tazz:

Your computer is not even supposed to run without it. It will automatically reboot.

Regards,
  • 0

#27
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,675 posts
Can you try this for me?

Click Start > Run copy&paste regedit.exe /e C:\eventlog.txt "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog" > OK

This will create the file C:\eventlog.txt
Post the content of that file please.

Regards,
  • 0

#28
Amrita

Amrita

    Member

  • Topic Starter
  • Member
  • PipPip
  • 45 posts
I rechecked and I dont see it. Just to be sure i exported the services list..its kind of messy to look at but you can check out the first column. Thanks, Amrita

Name Description Status Startup Type Log On As
Alerter Notifies selected users and computers of administrative alerts. Started Automatic LocalSystem
AOL Connectivity Service Started Automatic LocalSystem
AOL Spyware Protection Service Removes spyware found by ASP that cannot be removed without a reboot. Automatic LocalSystem
AOL TopSpeed Monitor Started Automatic LocalSystem
Application Management Provides software installation services such as Assign, Publish, and Remove. Manual LocalSystem
Automatic Updates Enables the download and installation of critical Windows updates. If the service is disabled, the operating system can be manually updated at the Windows Update Web site. Started Automatic LocalSystem
Background Intelligent Transfer Service Transfers files in the background using idle network bandwidth. If the service is stopped, features such as Windows Update, and MSN Explorer will be unable to automatically download programs and other information. If this service is disabled, any services Started Manual LocalSystem
ClipBook Supports ClipBook Viewer, which allows pages to be seen by remote ClipBooks. Manual LocalSystem
COM+ Event System Provides automatic distribution of events to subscribing COM components. Started Manual LocalSystem
Computer Browser Maintains an up-to-date list of computers on your network and supplies the list to programs that request it. Started Automatic LocalSystem
DHCP Client Manages network configuration by registering and updating IP addresses and DNS names. Started Automatic LocalSystem
Distributed Link Tracking Client Sends notifications of files moving between NTFS volumes in a network domain. Started Automatic LocalSystem
Distributed Transaction Coordinator Coordinates transactions that are distributed across two or more databases, message queues, file systems, or other transaction protected resource managers. Manual LocalSystem
DNS Client Resolves and caches Domain Name System (DNS) names. Started Automatic LocalSystem
Fax Service Helps you send and receive faxes Manual LocalSystem
Indexing Service Manual LocalSystem
Internet Connection Sharing Provides network address translation, addressing, and name resolution services for all computers on your home network through a dial-up connection. Manual LocalSystem
iPod Service iPod hardware management services Started Manual LocalSystem
IPSEC Policy Agent Manages IP security policy and starts the ISAKMP/Oakley (IKE) and the IP security driver. Started Automatic LocalSystem
Logical Disk Manager Logical Disk Manager Watchdog Service Started Automatic LocalSystem
Logical Disk Manager Administrative Service Administrative service for disk management requests Manual LocalSystem
Messenger Sends and receives messages transmitted by administrators or by the Alerter service. Disabled LocalSystem
Net Logon Supports pass-through authentication of account logon events for computers in a domain. Manual LocalSystem
NetMeeting Remote Desktop Sharing Allows authorized people to remotely access your Windows desktop using NetMeeting. Manual LocalSystem
Network Connections Manages objects in the Network and Dial-Up Connections folder, in which you can view both local area network and remote connections. Started Manual LocalSystem
Network DDE Provides network transport and security for dynamic data exchange (DDE). Manual LocalSystem
Network DDE DSDM Manages shared dynamic data exchange and is used by Network DDE Manual LocalSystem
Norton AntiVirus Auto-Protect Service Handles Norton AntiVirus Auto-Protect events. Started Automatic LocalSystem
Norton AntiVirus Firewall Monitor Service Detects installation of Symantec Firewall clients Started Automatic LocalSystem
NT LM Security Support Provider Provides security to remote procedure call (RPC) programs that use transports other than named pipes. Manual LocalSystem
Performance Logs and Alerts Configures performance logs and alerts. Manual LocalSystem
Plug and Play Manages device installation and configuration and notifies programs of device changes. Started Automatic LocalSystem
Portable Media Serial Number Service Retrieves the serial number of any portable media player connected to this computer. If this service is stopped, protected content might not be down loaded to the device. Manual LocalSystem
Print Spooler Loads files to memory for later printing. Started Automatic LocalSystem
Protected Storage Provides protected storage for sensitive data, such as private keys, to prevent access by unauthorized services, processes, or users. Started Automatic LocalSystem
ptssvc Started Automatic LocalSystem
QoS RSVP Provides network signaling and local traffic control setup functionality for QoS-aware programs and control applets. Manual LocalSystem
Remote Access Auto Connection Manager Creates a connection to a remote network whenever a program references a remote DNS or NetBIOS name or address. Manual LocalSystem
Remote Access Connection Manager Creates a network connection. Manual LocalSystem
Remote Procedure Call (RPC) Provides the endpoint mapper and other miscellaneous RPC services. Started Automatic LocalSystem
Remote Procedure Call (RPC) Locator Manages the RPC name service database. Manual LocalSystem
Remote Registry Service Allows remote registry manipulation. Started Automatic LocalSystem
Removable Storage Manages removable media, drives, and libraries. Started Automatic LocalSystem
Routing and Remote Access Offers routing services to businesses in local area and wide area network environments. Disabled LocalSystem
RunAs Service Enables starting processes under alternate credentials Started Automatic LocalSystem
SAVScan Handles Norton AntiVirus Auto-Protect Archive Scanning Manual LocalSystem
ScriptBlocking Service Automatic LocalSystem
Security Accounts Manager Stores security information for local user accounts. Started Automatic LocalSystem
Server Provides RPC support and file, print, and named pipe sharing. Started Automatic LocalSystem
Smart Card Manages and controls access to a smart card inserted into a smart card reader attached to the computer. Started Manual LocalSystem
Smart Card Helper Provides support for legacy smart card readers attached to the computer. Manual LocalSystem
Symantec Core LC Symantec Core LC Started Automatic LocalSystem
Symantec Event Manager Symantec Event Manager Started Automatic LocalSystem
Symantec Network Drivers Service Symantec Network Drivers Service Automatic LocalSystem
Symantec Password Validation Symantec Password Validation Service Manual LocalSystem
Symantec Settings Manager Symantec Settings Manager Started Automatic LocalSystem
Symantec SPBBCSvc Symantec SPBBC Started Automatic LocalSystem
SymWMI Service Symantec WMI Service Automatic LocalSystem
System Event Notification Tracks system events such as Windows logon, network, and power events. Notifies COM+ Event System subscribers of these events. Started Automatic LocalSystem
Task Scheduler Enables a program to run at a designated time. Automatic LocalSystem
TCP/IP NetBIOS Helper Service Enables support for NetBIOS over TCP/IP (NetBT) service and NetBIOS name resolution. Started Automatic LocalSystem
Telephony Provides Telephony API (TAPI) support for programs that control telephony devices and IP based voice connections on the local computer and, through the LAN, on servers that are also running the service. Started Manual LocalSystem
Telnet Allows a remote user to log on to the system and run console programs using the command line. Manual LocalSystem
TrueVector Internet Monitor Monitors internet traffic and generates alerts for disallowed access. Started Automatic LocalSystem
Uninterruptible Power Supply Manages an uninterruptible power supply (UPS) connected to the computer. Manual LocalSystem
Utility Manager Starts and configures accessibility tools from one window Manual LocalSystem
Windows Installer Installs, repairs and removes software according to instructions contained in .MSI files. Manual LocalSystem
Windows Management Instrumentation Provides system management information. Started Automatic LocalSystem
Windows Management Instrumentation Driver Extensions Provides systems management information to and from drivers. Started Manual LocalSystem
Windows Time Sets the computer clock. Manual LocalSystem
WinPPPoverEthernet Manual LocalSystem
Wireless Configuration Provides authenticated network access control using IEEE 802.1x for wired and wireless Ethernet networks. Manual LocalSystem
WMDM PMSP Service Started Automatic LocalSystem
Workstation Provides network connections and communications. Started Automatic LocalSystem
  • 0

#29
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,675 posts

Can you try this for me?

Click Start > Run copy&paste regedit.exe /e C:\eventlog.txt "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog" > OK

This will create the file C:\eventlog.txt
Post the content of that file please.

Regards,

View Post


Not sure if you saw that. We posted almost at the same time. :tazz:
  • 0

#30
Amrita

Amrita

    Member

  • Topic Starter
  • Member
  • PipPip
  • 45 posts
Hi Pieter..I did as you suggested and here are the contents of the text file.Thanks, Amrita

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application]
"DisplayNameFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,\
6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,\
00,65,00,6c,00,73,00,2e,00,64,00,6c,00,6c,00,00,00
"DisplayNameID"=dword:00000100
"File"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,\
00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,63,00,\
6f,00,6e,00,66,00,69,00,67,00,5c,00,41,00,70,00,70,00,45,00,76,00,65,00,6e,\
00,74,00,2e,00,45,00,76,00,74,00,00,00
"MaxSize"=dword:00080000
"PrimaryModule"="Application"
"Retention"=dword:00093a80
@="mnmsrvc"
"Sources"=hex(7):57,00,53,00,48,00,00,00,57,00,72,00,53,00,6f,00,63,00,6b,00,\
65,00,74,00,00,00,57,00,72,00,52,00,54,00,00,00,57,00,72,00,4f,00,53,00,20,\
00,43,00,6f,00,6e,00,73,00,6f,00,6c,00,65,00,00,00,57,00,72,00,4f,00,53,00,\
00,00,57,00,72,00,4e,00,65,00,74,00,77,00,6f,00,72,00,6b,00,44,00,72,00,69,\
00,76,00,65,00,72,00,00,00,57,00,72,00,46,00,43,00,00,00,57,00,6d,00,64,00,\
6d,00,50,00,6d,00,53,00,4e,00,00,00,57,00,4d,00,44,00,4d,00,20,00,50,00,4d,\
00,53,00,50,00,20,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,00,00,57,00,\
69,00,6e,00,4d,00,67,00,6d,00,74,00,00,00,57,00,69,00,6e,00,6c,00,6f,00,67,\
00,6f,00,6e,00,00,00,57,00,69,00,6e,00,64,00,6f,00,77,00,73,00,20,00,33,00,\
2e,00,31,00,20,00,4d,00,69,00,67,00,72,00,61,00,74,00,69,00,6f,00,6e,00,00,\
00,56,00,42,00,52,00,75,00,6e,00,74,00,69,00,6d,00,65,00,00,00,55,00,73,00,\
65,00,72,00,69,00,6e,00,69,00,74,00,00,00,55,00,73,00,65,00,72,00,65,00,6e,\
00,76,00,00,00,54,00,72,00,75,00,65,00,56,00,65,00,63,00,74,00,6f,00,72,00,\
20,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,00,00,54,00,6c,00,6e,00,74,\
00,73,00,76,00,72,00,00,00,53,00,79,00,73,00,6d,00,6f,00,6e,00,4c,00,6f,00,\
67,00,00,00,53,00,70,00,6f,00,6f,00,6c,00,65,00,72,00,43,00,74,00,72,00,73,\
00,00,00,53,00,6f,00,66,00,74,00,77,00,61,00,72,00,65,00,20,00,49,00,6e,00,\
73,00,74,00,61,00,6c,00,6c,00,61,00,74,00,69,00,6f,00,6e,00,00,00,53,00,63,\
00,6c,00,67,00,4e,00,74,00,66,00,79,00,00,00,53,00,63,00,65,00,53,00,72,00,\
76,00,00,00,53,00,63,00,65,00,43,00,6c,00,69,00,00,00,70,00,74,00,73,00,73,\
00,76,00,63,00,00,00,50,00,50,00,50,00,4f,00,45,00,00,00,50,00,6c,00,75,00,\
67,00,50,00,6c,00,61,00,79,00,4d,00,61,00,6e,00,61,00,67,00,65,00,72,00,00,\
00,50,00,65,00,72,00,66,00,50,00,72,00,6f,00,63,00,00,00,50,00,65,00,72,00,\
66,00,4f,00,53,00,00,00,50,00,65,00,72,00,66,00,4e,00,65,00,74,00,00,00,50,\
00,65,00,72,00,66,00,6d,00,6f,00,6e,00,00,00,50,00,65,00,72,00,66,00,6c,00,\
69,00,62,00,00,00,50,00,65,00,72,00,66,00,44,00,69,00,73,00,6b,00,00,00,50,\
00,65,00,72,00,66,00,63,00,74,00,72,00,73,00,00,00,4f,00,66,00,66,00,6c,00,\
69,00,6e,00,65,00,20,00,46,00,69,00,6c,00,65,00,73,00,00,00,4f,00,61,00,6b,\
00,6c,00,65,00,79,00,00,00,6e,00,74,00,62,00,61,00,63,00,6b,00,75,00,70,00,\
00,00,6e,00,61,00,76,00,61,00,70,00,73,00,76,00,63,00,00,00,4d,00,53,00,53,\
00,4f,00,41,00,50,00,00,00,4d,00,73,00,69,00,49,00,6e,00,73,00,74,00,61,00,\
6c,00,6c,00,65,00,72,00,00,00,4d,00,53,00,44,00,54,00,43,00,20,00,43,00,6c,\
00,69,00,65,00,6e,00,74,00,00,00,4d,00,53,00,44,00,54,00,43,00,00,00,6d,00,\
6e,00,6d,00,73,00,72,00,76,00,63,00,00,00,4d,00,41,00,43,00,20,00,46,00,52,\
00,41,00,4d,00,45,00,00,00,4c,00,6f,00,61,00,64,00,50,00,65,00,72,00,66,00,\
00,00,4c,00,69,00,76,00,65,00,55,00,70,00,64,00,61,00,74,00,65,00,00,00,4a,\
00,61,00,76,00,61,00,20,00,56,00,4d,00,00,00,49,00,50,00,53,00,45,00,43,00,\
50,00,6f,00,6c,00,69,00,63,00,79,00,53,00,74,00,6f,00,72,00,61,00,67,00,65,\
00,00,00,69,00,50,00,6f,00,64,00,53,00,72,00,76,00,00,00,49,00,49,00,53,00,\
41,00,44,00,4d,00,49,00,4e,00,00,00,49,00,45,00,78,00,70,00,6c,00,6f,00,72,\
00,65,00,00,00,68,00,70,00,6d,00,6f,00,6e,00,00,00,46,00,6f,00,6c,00,64,00,\
65,00,72,00,20,00,52,00,65,00,64,00,69,00,72,00,65,00,63,00,74,00,69,00,6f,\
00,6e,00,00,00,46,00,69,00,6c,00,65,00,20,00,44,00,65,00,70,00,6c,00,6f,00,\
79,00,6d,00,65,00,6e,00,74,00,00,00,46,00,61,00,78,00,20,00,53,00,65,00,72,\
00,76,00,69,00,63,00,65,00,00,00,45,00,58,00,54,00,52,00,41,00,21,00,00,00,\
45,00,76,00,65,00,6e,00,74,00,53,00,79,00,73,00,74,00,65,00,6d,00,00,00,45,\
00,53,00,45,00,4e,00,54,00,00,00,44,00,72,00,57,00,61,00,74,00,73,00,6f,00,\
6e,00,00,00,44,00,69,00,73,00,6b,00,51,00,75,00,6f,00,74,00,61,00,00,00,43,\
00,4f,00,4d,00,2b,00,00,00,43,00,69,00,00,00,43,00,68,00,6b,00,64,00,73,00,\
6b,00,00,00,63,00,63,00,50,00,77,00,64,00,53,00,76,00,63,00,00,00,63,00,63,\
00,45,00,76,00,74,00,4d,00,67,00,72,00,00,00,41,00,75,00,74,00,6f,00,63,00,\
68,00,6b,00,00,00,41,00,70,00,70,00,6c,00,69,00,63,00,61,00,74,00,69,00,6f,\
00,6e,00,20,00,4d,00,61,00,6e,00,61,00,67,00,65,00,6d,00,65,00,6e,00,74,00,\
00,00,41,00,50,00,47,00,54,00,53,00,00,00,41,00,64,00,77,00,61,00,74,00,63,\
00,68,00,00,00,41,00,70,00,70,00,6c,00,69,00,63,00,61,00,74,00,69,00,6f,00,\
6e,00,00,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Adwatch]
"EventMessageFile"="C:\\PROGRA~1\\Lavasoft\\AD-AWA~2\\Ad-Watch.exe"
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\APGTS]
"EventMessageFile"=hex(2):43,00,3a,00,5c,00,57,00,49,00,4e,00,4e,00,54,00,5c,\
00,68,00,65,00,6c,00,70,00,5c,00,54,00,53,00,68,00,6f,00,6f,00,74,00,2e,00,\
6f,00,63,00,78,00,00,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Application Management]
"EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\
00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\
5c,00,61,00,70,00,70,00,6d,00,67,00,6d,00,74,00,73,00,2e,00,64,00,6c,00,6c,\
00,00,00
"ParameterMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,\
6f,00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,\
00,5c,00,6b,00,65,00,72,00,6e,00,65,00,6c,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Autochk]
"EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\
00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\
5c,00,77,00,69,00,6e,00,6c,00,6f,00,67,00,6f,00,6e,00,2e,00,65,00,78,00,65,\
00,00,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\ccEvtMgr]
"EventMessageFile"=hex(2):43,00,3a,00,5c,00,50,00,72,00,6f,00,67,00,72,00,61,\
00,6d,00,20,00,46,00,69,00,6c,00,65,00,73,00,5c,00,43,00,6f,00,6d,00,6d,00,\
6f,00,6e,00,20,00,46,00,69,00,6c,00,65,00,73,00,5c,00,53,00,79,00,6d,00,61,\
00,6e,00,74,00,65,00,63,00,20,00,53,00,68,00,61,00,72,00,65,00,64,00,5c,00,\
63,00,63,00,45,00,76,00,74,00,4d,00,67,00,72,00,2e,00,65,00,78,00,65,00,00,\
00
"TypesSupported"=dword:0000001f

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\ccPwdSvc]
"EventMessageFile"=hex(2):43,00,3a,00,5c,00,50,00,72,00,6f,00,67,00,72,00,61,\
00,6d,00,20,00,46,00,69,00,6c,00,65,00,73,00,5c,00,43,00,6f,00,6d,00,6d,00,\
6f,00,6e,00,20,00,46,00,69,00,6c,00,65,00,73,00,5c,00,53,00,79,00,6d,00,61,\
00,6e,00,74,00,65,00,63,00,20,00,53,00,68,00,61,00,72,00,65,00,64,00,5c,00,\
63,00,63,00,50,00,77,00,64,00,53,00,76,00,63,00,2e,00,65,00,78,00,65,00,00,\
00
"TypesSupported"=dword:0000001f

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\ccSetMgr]
"EventMessageFile"=hex(2):43,00,3a,00,5c,00,50,00,72,00,6f,00,67,00,72,00,61,\
00,6d,00,20,00,46,00,69,00,6c,00,65,00,73,00,5c,00,43,00,6f,00,6d,00,6d,00,\
6f,00,6e,00,20,00,46,00,69,00,6c,00,65,00,73,00,5c,00,53,00,79,00,6d,00,61,\
00,6e,00,74,00,65,00,63,00,20,00,53,00,68,00,61,00,72,00,65,00,64,00,5c,00,\
63,00,63,00,53,00,65,00,74,00,4d,00,67,00,72,00,2e,00,65,00,78,00,65,00,00,\
00
"TypesSupported"=dword:0000001f

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Chkdsk]
"EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\
00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\
5c,00,75,00,6c,00,69,00,62,00,2e,00,64,00,6c,00,6c,00,00,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Ci]
"EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\
00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\
5c,00,71,00,75,00,65,00,72,00,79,00,2e,00,64,00,6c,00,6c,00,00,00
"CategoryMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,\
6f,00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,\
00,5c,00,71,00,75,00,65,00,72,00,79,00,2e,00,64,00,6c,00,6c,00,00,00
"TypesSupported"=dword:00000007
"CategoryCount"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\COM+]
"EventMessageFile"=hex(2):43,00,3a,00,5c,00,57,00,49,00,4e,00,4e,00,54,00,5c,\
00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,63,00,6f,00,6d,00,\
73,00,76,00,63,00,73,00,2e,00,64,00,6c,00,6c,00,00,00
"CategoryMessageFile"=hex(2):43,00,3a,00,5c,00,57,00,49,00,4e,00,4e,00,54,00,\
5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,63,00,6f,00,6d,\
00,73,00,76,00,63,00,73,00,2e,00,64,00,6c,00,6c,00,00,00
"ParameterMessageFile"=hex(2):43,00,3a,00,5c,00,57,00,49,00,4e,00,4e,00,54,00,\
5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,63,00,6f,00,6d,\
00,73,00,76,00,63,00,73,00,2e,00,64,00,6c,00,6c,00,00,00
"TypeSupported"=dword:00000007
"CategoryCount"=dword:00000014

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\DiskQuota]
"EventMessageFile"="%SystemRoot%\\System32\\dskquota.dll"
"TypesSupported"="0x00000007"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\DrWatson]
"EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\
00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\
5c,00,64,00,72,00,77,00,74,00,73,00,6e,00,33,00,32,00,2e,00,65,00,78,00,65,\
00,00,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\ESENT]
"EventMessageFile"=hex(2):43,00,3a,00,5c,00,57,00,49,00,4e,00,4e,00,54,00,5c,\
00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,45,00,53,00,45,00,\
4e,00,54,00,2e,00,64,00,6c,00,6c,00,00,00
"CategoryMessageFile"=hex(2):43,00,3a,00,5c,00,57,00,49,00,4e,00,4e,00,54,00,\
5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,45,00,53,00,45,\
00,4e,00,54,00,2e,00,64,00,6c,00,6c,00,00,00
"CategoryCount"=dword:0000000f
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\EventSystem]
"CategoryCount"=dword:00000006
"TypesSupported"=dword:00000007
"CategoryMessageFile"=hex(2):43,00,3a,00,5c,00,57,00,49,00,4e,00,4e,00,54,00,\
5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,65,00,73,00,2e,\
00,64,00,6c,00,6c,00,00,00
"EventMessageFile"=hex(2):43,00,3a,00,5c,00,57,00,49,00,4e,00,4e,00,54,00,5c,\
00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,65,00,73,00,2e,00,\
64,00,6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\EXTRA!]
"EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\
00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\
5c,00,61,00,6f,00,6d,00,62,00,6d,00,65,00,73,00,2e,00,64,00,6c,00,6c,00,00,\
00
"TypesSupported"=dword:0000001f

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Fax Service]
"EventMessageFile"=hex(2):25,00,73,00,79,00,73,00,74,00,65,00,6d,00,72,00,6f,\
00,6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\
5c,00,66,00,61,00,78,00,65,00,76,00,65,00,6e,00,74,00,2e,00,64,00,6c,00,6c,\
00,00,00
"CategoryMessageFile"=hex(2):25,00,73,00,79,00,73,00,74,00,65,00,6d,00,72,00,\
6f,00,6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,\
00,5c,00,66,00,61,00,78,00,65,00,76,00,65,00,6e,00,74,00,2e,00,64,00,6c,00,\
6c,00,00,00
"CategoryCount"=dword:00000004
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\File Deployment]
"EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\
00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\
5c,00,66,00,64,00,65,00,70,00,6c,00,6f,00,79,00,2e,00,64,00,6c,00,6c,00,00,\
00
"ParameterMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,\
6f,00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,\
00,5c,00,6b,00,65,00,72,00,6e,00,65,00,6c,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Folder Redirection]
"EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\
00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\
5c,00,66,00,64,00,65,00,70,00,6c,00,6f,00,79,00,2e,00,64,00,6c,00,6c,00,00,\
00
"ParameterMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,\
6f,00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,\
00,5c,00,6b,00,65,00,72,00,6e,00,65,00,6c,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\hpmon]
"EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\
00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\
5c,00,68,00,70,00,6d,00,6f,00,6e,00,2e,00,64,00,6c,00,6c,00,00,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\IExplore]
"EventMessageFile"="C:\\Program Files\\Internet Explorer\\DW15.EXE"
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\IISADMIN]
"EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\
00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\
5c,00,69,00,6e,00,65,00,74,00,73,00,72,00,76,00,5c,00,73,00,76,00,63,00,65,\
00,78,00,74,00,2e,00,64,00,6c,00,6c,00,3b,00,25,00,53,00,79,00,73,00,74,00,\
65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,\
00,6d,00,33,00,32,00,5c,00,73,00,70,00,34,00,69,00,69,00,73,00,2e,00,65,00,\
78,00,65,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\iPodSrv]
"EventMessageFile"=hex(2):43,00,3a,00,5c,00,57,00,49,00,4e,00,4e,00,54,00,5c,\
00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,69,00,50,00,6f,00,\
64,00,53,00,72,00,76,00,5f,00,65,00,73,00,2e,00,64,00,6c,00,6c,00,00,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\IPSECPolicyStorage]
"EventMessageFile"="%SystemRoot%\\System32\\polstore.dll"
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Java VM]
"EventMessageFile"=hex(2):25,00,73,00,79,00,73,00,74,00,65,00,6d,00,72,00,6f,\
00,6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\
5c,00,76,00,6d,00,68,00,65,00,6c,00,70,00,65,00,72,00,2e,00,64,00,6c,00,6c,\
00,00,00
"TypesSupported"=hex:07,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\LiveUpdate]
"EventMessageFile"="C:\\Program Files\\Symantec\\LiveUpdate\\LuComServer.exe"
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\LoadPerf]
"EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\
00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\
5c,00,6c,00,6f,00,61,00,64,00,70,00,65,00,72,00,66,00,2e,00,64,00,6c,00,6c,\
00,3b,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,\
25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,70,\
00,32,00,72,00,65,00,73,00,2e,00,64,00,6c,00,6c,00,00,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\MAC FRAME]
"EventMessageFile"=hex(2):43,00,3a,00,5c,00,50,00,72,00,6f,00,67,00,72,00,61,\
00,6d,00,20,00,46,00,69,00,6c,00,65,00,73,00,5c,00,56,00,65,00,72,00,69,00,\
7a,00,6f,00,6e,00,20,00,4f,00,6e,00,6c,00,69,00,6e,00,65,00,5c,00,57,00,69,\
00,6e,00,50,00,6f,00,45,00,54,00,5c,00,57,00,72,00,45,00,76,00,65,00,6e,00,\
74,00,4c,00,6f,00,67,00,2e,00,64,00,6c,00,6c,00,00,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\mnmsrvc]
"EventMessageFile"="%SystemRoot%\\System32\\nmevtmsg.dll"
"TypeSupported"=hex:07,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\MSDTC]
"EventMessageFile"=hex(2):43,00,3a,00,5c,00,57,00,49,00,4e,00,4e,00,54,00,5c,\
00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,4d,00,53,00,44,00,\
54,00,43,00,50,00,52,00,58,00,2e,00,44,00,4c,00,4c,00,00,00
"TypesSupported"=dword:00000007
"CategoryMessageFile"=hex(2):43,00,3a,00,5c,00,57,00,49,00,4e,00,4e,00,54,00,\
5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,4d,00,53,00,44,\
00,54,00,43,00,50,00,52,00,58,00,2e,00,44,00,4c,00,4c,00,00,00
"CategoryCount"=dword:00000012

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\MSDTC Client]
"EventMessageFile"=hex(2):43,00,3a,00,5c,00,57,00,49,00,4e,00,4e,00,54,00,5c,\
00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,4d,00,53,00,44,00,\
54,00,43,00,50,00,52,00,58,00,2e,00,44,00,4c,00,4c,00,00,00
"TypesSupported"=dword:00000007
"CategoryMessageFile"=hex(2):43,00,3a,00,5c,00,57,00,49,00,4e,00,4e,00,54,00,\
5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,4d,00,53,00,44,\
00,54,00,43,00,50,00,52,00,58,00,2e,00,44,00,4c,00,4c,00,00,00
"CategoryCount"=dword:00000012

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\MsiInstaller]
"EventMessageFile"="C:\\WINNT\\system32\\msi.dll"
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\MSSOAP]
"TypesSupported"=dword:00000001
"CategoryCount"=dword:00000004
"EventMessageFile"="C:\\Program Files\\Common Files\\MSSoap\\Binaries\\MSSOAP30.dll"
"CategoryMessageFile"="C:\\Program Files\\Common Files\\MSSoap\\Binaries\\MSSOAP30.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\navapsvc]
"EventMessageFile"="\"C:\\Program Files\\Norton AntiVirus\\navapsvc.exe\""
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\NPFMntor]
"EventMessageFile"=hex(2):43,00,3a,00,5c,00,50,00,72,00,6f,00,67,00,72,00,61,\
00,6d,00,20,00,46,00,69,00,6c,00,65,00,73,00,5c,00,4e,00,6f,00,72,00,74,00,\
6f,00,6e,00,20,00,41,00,6e,00,74,00,69,00,56,00,69,00,72,00,75,00,73,00,5c,\
00,49,00,57,00,50,00,5c,00,4e,00,50,00,46,00,4d,00,6e,00,74,00,6f,00,72,00,\
2e,00,65,00,78,00,65,00,00,00
"TypesSupported"=dword:0000001f

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\ntbackup]
"EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\
00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\
5c,00,6e,00,74,00,62,00,61,00,63,00,6b,00,75,00,70,00,2e,00,65,00,78,00,65,\
00,00,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Oakley]
"EventMessageFile"="%SystemRoot%\\System32\\oakley.dll"
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Offline Files]
"EventMessageFile"="%SystemRoot%\\System32\\cscui.dll"
"TypesSupported"="0x00000007"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Perfctrs]
"EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\
00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\
5c,00,70,00,65,00,72,00,66,00,63,00,74,00,72,00,73,00,2e,00,64,00,6c,00,6c,\
00,00,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\PerfDisk]
"EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\
00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\
5c,00,70,00,65,00,72,00,66,00,64,00,69,00,73,00,6b,00,2e,00,64,00,6c,00,6c,\
00,00,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Perflib]
"EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\
00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\
5c,00,70,00,72,00,66,00,6c,00,62,00,6d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\
00,00,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Perfmon]
"EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\
00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\
5c,00,70,00,65,00,72,00,66,00,6d,00,6f,00,6e,00,2e,00,65,00,78,00,65,00,00,\
00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\PerfNet]
"EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\
00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\
5c,00,70,00,65,00,72,00,66,00,6e,00,65,00,74,00,2e,00,64,00,6c,00,6c,00,00,\
00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\PerfOS]
"EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\
00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\
5c,00,70,00,65,00,72,00,66,00,4f,00,53,00,2e,00,64,00,6c,00,6c,00,00,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\PerfProc]
"EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\
00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\
5c,00,70,00,65,00,72,00,66,00,70,00,72,00,6f,00,63,00,2e,00,64,00,6c,00,6c,\
00,00,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\PlugPlayManager]
"EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\
00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\
5c,00,75,00,6d,00,70,00,6e,00,70,00,6d,00,67,00,72,00,2e,00,64,00,6c,00,6c,\
00,00,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\PPPOE]
"EventMessageFile"=hex(2):43,00,3a,00,5c,00,50,00,72,00,6f,00,67,00,72,00,61,\
00,6d,00,20,00,46,00,69,00,6c,00,65,00,73,00,5c,00,56,00,65,00,72,00,69,00,\
7a,00,6f,00,6e,00,20,00,4f,00,6e,00,6c,00,69,00,6e,00,65,00,5c,00,57,00,69,\
00,6e,00,50,00,6f,00,45,00,54,00,5c,00,57,00,72,00,45,00,76,00,65,00,6e,00,\
74,00,4c,00,6f,00,67,00,2e,00,64,00,6c,00,6c,00,00,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\ptssvc]
"EventMessageFile"=hex(2):43,00,3a,00,5c,00,50,00,72,00,6f,00,67,00,72,00,61,\
00,6d,00,20,00,46,00,69,00,6c,00,65,00,73,00,5c,00,4b,00,6f,00,64,00,61,00,\
6b,00,5c,00,4b,00,6f,00,64,00,61,00,6b,00,20,00,45,00,61,00,73,00,79,00,53,\
00,68,00,61,00,72,00,65,00,20,00,73,00,6f,00,66,00,74,00,77,00,61,00,72,00,\
65,00,5c,00,62,00,69,00,6e,00,5c,00,70,00,74,00,73,00,73,00,76,00,63,00,2e,\
00,65,00,78,00,65,00,00,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\SAVSCAN]
"TypesSupported"=dword:00000007
"EventMessageFile"="C:\\Program Files\\Norton AntiVirus\\SAVScan.exe"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\SceCli]
"EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\
00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\
5c,00,73,00,63,00,65,00,63,00,6c,00,69,00,2e,00,64,00,6c,00,6c,00,00,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\SceSrv]
"EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\
00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\
5c,00,73,00,63,00,65,00,73,00,72,00,76,00,2e,00,64,00,6c,00,6c,00,00,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\SclgNtfy]
"EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\
00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\
5c,00,73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,6c,00,6c,\
00,00,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\SNDSrvc]
"EventMessageFile"=hex(2):43,00,3a,00,5c,00,50,00,72,00,6f,00,67,00,72,00,61,\
00,6d,00,20,00,46,00,69,00,6c,00,65,00,73,00,5c,00,43,00,6f,00,6d,00,6d,00,\
6f,00,6e,00,20,00,46,00,69,00,6c,00,65,00,73,00,5c,00,53,00,79,00,6d,00,61,\
00,6e,00,74,00,65,00,63,00,20,00,53,00,68,00,61,00,72,00,65,00,64,00,5c,00,\
53,00,4e,00,44,00,53,00,72,00,76,00,63,00,2e,00,65,00,78,00,65,00,00,00
"TypesSupported"=dword:0000001f

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Software Installation]
"EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\
00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\
5c,00,61,00,70,00,70,00,6d,00,67,00,72,00,2e,00,64,00,6c,00,6c,00,00,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\SPBBCSvc]
"TypesSupported"=dword:0000001f
"EventMessageFile"=hex(2):43,00,3a,00,5c,00,50,00,72,00,6f,00,67,00,72,00,61,\
00,6d,00,20,00,46,00,69,00,6c,00,65,00,73,00,5c,00,43,00,6f,00,6d,00,6d,00,\
6f,00,6e,00,20,00,46,00,69,00,6c,00,65,00,73,00,5c,00,53,00,79,00,6d,00,61,\
00,6e,00,74,00,65,00,63,00,20,00,53,00,68,00,61,00,72,00,65,00,64,00,5c,00,\
53,00,50,00,42,00,42,00,43,00,5c,00,53,00,50,00,42,00,42,00,43,00,53,00,76,\
00,63,00,2e,00,65,00,78,00,65,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\SpoolerCtrs]
"EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\
00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\
5c,00,77,00,69,00,6e,00,73,00,70,00,6f,00,6f,00,6c,00,2e,00,64,00,72,00,76,\
00,00,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\SymWSC]
"EventMessageFile"=hex(2):43,00,3a,00,5c,00,50,00,72,00,6f,00,67,00,72,00,61,\
00,6d,00,20,00,46,00,69,00,6c,00,65,00,73,00,5c,00,43,00,6f,00,6d,00,6d,00,\
6f,00,6e,00,20,00,46,00,69,00,6c,00,65,00,73,00,5c,00,53,00,79,00,6d,00,61,\
00,6e,00,74,00,65,00,63,00,20,00,53,00,68,00,61,00,72,00,65,00,64,00,5c,00,\
53,00,65,00,63,00,75,00,72,00,69,00,74,00,79,00,20,00,43,00,65,00,6e,00,74,\
00,65,00,72,00,5c,00,53,00,79,00,6d,00,57,00,53,00,43,00,2e,00,65,00,78,00,\
65,00,00,00
"TypesSupported"=dword:0000001f

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\SysmonLog]
"EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\
00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\
5c,00,73,00,6d,00,6c,00,6f,00,67,00,73,00,76,00,63,00,2e,00,65,00,78,00,65,\
00,00,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Tlntsvr]
"EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\
00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\
5c,00,74,00,6c,00,6e,00,74,00,73,00,76,00,72,00,2e,00,65,00,78,00,65,00,00,\
00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\TrueVector Service]
"EventMessageFile"="C:\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\VSINIT.dll"
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Userenv]
"EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\
00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\
5c,00,75,00,73,00,65,00,72,00,65,00,6e,00,76,00,2e,00,64,00,6c,00,6c,00,00,\
00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Userinit]
"EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\
00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\
5c,00,75,00,73,00,65,00,72,00,69,00,6e,00,69,00,74,00,2e,00,65,00,78,00,65,\
00,00,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\VBRuntime]
"EventMessageFile"="C:\\WINNT\\system32\\msvbvm60.dll"
"TypesSupported"=dword:00000004

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Windows 3.1 Migration]
"EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\
00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\
5c,00,61,00,64,00,76,00,61,00,70,00,69,00,33,00,32,00,2e,00,64,00,6c,00,6c,\
00,00,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Winlogon]
"EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\
00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\
5c,00,77,00,69,00,6e,00,6c,00,6f,00,67,00,6f,00,6e,00,2e,00,65,00,78,00,65,\
00,3b,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,\
25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,70,\
00,33,00,72,00,65,00,73,00,2e,00,64,00,6c,00,6c,00,00,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WinMgmt]
"EventMessageFile"="C:\\WINNT\\System32\\WBEM\\WinMgmtR.dll"
"TypesSupported"=hex:07

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WMDM PMSP Service]
"EventMessageFile"=hex(2):43,00,3a,00,5c,00,57,00,49,00,4e,00,4e,00,54,00,5c,\
00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,6d,00,73,00,70,00,\
6d,00,73,00,70,00,73,00,76,00,2e,00,65,00,78,00,65,00,00,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WmdmPmSN]
"EventMessageFile"=hex(2):43,00,3a,00,5c,00,57,00,49,00,4e,00,4e,00,54,00,5c,\
00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,6d,00,73,00,70,00,\
6d,00,73,00,6e,00,73,00,76,00,2e,00,64,00,6c,00,6c,00,00,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WrFC]
"EventMessageFile"=hex(2):43,00,3a,00,5c,00,50,00,72,00,6f,00,67,00,72,00,61,\
00,6d,00,20,00,46,00,69,00,6c,00,65,00,73,00,5c,00,56,00,65,00,72,00,69,00,\
7a,00,6f,00,6e,00,20,00,4f,00,6e,00,6c,00,69,00,6e,00,65,00,5c,00,57,00,69,\
00,6e,00,50,00,6f,00,45,00,54,00,5c,00,57,00,72,00,45,00,76,00,65,00,6e,00,\
74,00,4c,00,6f,00,67,00,2e,00,64,00,6c,00,6c,00,00,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WrNetworkDriver]
"EventMessageFile"=hex(2):43,00,3a,00,5c,00,50,00,72,00,6f,00,67,00,72,00,61,\
00,6d,00,20,00,46,00,69,00,6c,00,65,00,73,00,5c,00,56,00,65,00,72,00,69,00,\
7a,00,6f,00,6e,00,20,00,4f,00,6e,00,6c,00,69,00,6e,00,65,00,5c,00,57,00,69,\
00,6e,00,50,00,6f,00,45,00,54,00,5c,00,57,00,72,00,45,00,76,00,65,00,6e,00,\
74,00,4c,00,6f,00,67,00,2e,00,64,00,6c,00,6c,00,00,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WrOS]
"EventMessageFile"=hex(2):43,00,3a,00,5c,00,50,00,72,00,6f,00,67,00,72,00,61,\
00,6d,00,20,00,46,00,69,00,6c,00,65,00,73,00,5c,00,56,00,65,00,72,00,69,00,\
7a,00,6f,00,6e,00,20,00,4f,00,6e,00,6c,00,69,00,6e,00,65,00,5c,00,57,00,69,\
00,6e,00,50,00,6f,00,45,00,54,00,5c,00,57,00,72,00,45,00,76,00,65,00,6e,00,\
74,00,4c,00,6f,00,67,00,2e,00,64,00,6c,00,6c,00,00,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WrOS Console]
"EventMessageFile"=hex(2):43,00,3a,00,5c,00,50,00,72,00,6f,00,67,00,72,00,61,\
00,6d,00,20,00,46,00,69,00,6c,00,65,00,73,00,5c,00,56,00,65,00,72,00,69,00,\
7a,00,6f,00,6e,00,20,00,4f,00,6e,00,6c,00,69,00,6e,00,65,00,5c,00,57,00,69,\
00,6e,00,50,00,6f,00,45,00,54,00,5c,00,57,00,72,00,45,00,76,00,65,00,6e,00,\
74,00,4c,00,6f,00,67,00,2e,00,64,00,6c,00,6c,00,00,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WrRT]
"EventMessageFile"=hex(2):43,00,3a,00,5c,00,50,00,72,00,6f,00,67,00,72,00,61,\
00,6d,00,20,00,46,00,69,00,6c,00,65,00,73,00,5c,00,56,00,65,00,72,00,69,00,\
7a,00,6f,00,6e,00,20,00,4f,00,6e,00,6c,00,69,00,6e,00,65,00,5c,00,57,00,69,\
00,6e,00,50,00,6f,00,45,00,54,00,5c,00,57,00,72,00,45,00,76,00,65,00,6e,00,\
74,00,4c,00,6f,00,67,00,2e,00,64,00,6c,00,6c,00,00,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WrSocket]
"EventMessageFile"=hex(2):43,00,3a,00,5c,00,50,00,72,00,6f,00,67,00,72,00,61,\
00,6d,00,20,00,46,00,69,00,6c,00,65,00,73,00,5c,00,56,00,65,00,72,00,69,00,\
7a,00,6f,00,6e,00,20,00,4f,00,6e,00,6c,00,69,00,6e,00,65,00,5c,00,57,00,69,\
00,6e,00,50,00,6f,00,45,00,54,00,5c,00,57,00,72,00,45,00,76,00,65,00,6e,00,\
74,00,4c,00,6f,00,67,00,2e,00,64,00,6c,00,6c,00,00,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WSH]
"EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\
00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\
5c,00,77,00,73,00,68,00,65,00,78,00,74,00,2e,00,64,00,6c,00,6c,00,00,00
"TypesSupported"=dword:0000001f

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security]
"DisplayNameFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,\
6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,\
00,65,00,6c,00,73,00,2e,00,64,00,6c,00,6c,00,00,00
"DisplayNameID"=dword:00000101
"File"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,\
00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,63,00,\
6f,00,6e,00,66,00,69,00,67,00,5c,00,53,00,65,00,63,00,45,00,76,00,65,00,6e,\
00,74,00,2e,00,45,00,76,00,74,00,00,00
"MaxSize"=dword:00080000
"PrimaryModule"="Security"
"Retention"=dword:00093a80
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,60,00,04,00,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,\
05,0b,00,00,00,00,00,18,00,9d,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,\
23,02,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,20,\
02,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,05,12,00,00,00,01,01,\
00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00
"Sources"=hex(7):53,00,70,00,6f,00,6f,00,6c,00,65,00,72,00,00,00,53,00,65,00,\
63,00,75,00,72,00,69,00,74,00,79,00,20,00,41,00,63,00,63,00,6f,00,75,00,6e,\
00,74,00,20,00,4d,00,61,00,6e,00,61,00,67,00,65,00,72,00,00,00,53,00,43,00,\
20,00,4d,00,61,00,6e,00,61,00,67,00,65,00,72,00,00,00,4e,00,65,00,74,00,44,\
00,44,00,45,00,20,00,4f,00,62,00,6a,00,65,00,63,00,74,00,00,00,4c,00,53,00,\
41,00,00,00,44,00,53,00,00,00,53,00,65,00,63,00,75,00,72,00,69,00,74,00,79,\
00,00,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security\DS]
"ParameterMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,\
6f,00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,\
00,5c,00,4d,00,73,00,4f,00,62,00,6a,00,73,00,2e,00,64,00,6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security\DS\ObjectNames]
"Directory Service Object"=dword:00001e00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security\LSA]
"ParameterMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,\
6f,00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,\
00,5c,00,4d,00,73,00,4f,00,62,00,6a,00,73,00,2e,00,64,00,6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security\LSA\ObjectNames]
"PolicyObject"=dword:00001600
"SecretObject"=dword:00001610
"TrustedDomainObject"=dword:00001620
"UserAccountObject"=dword:00001630

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security\NetDDE Object]
"ParameterMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,\
6f,00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,\
00,5c,00,4d,00,73,00,4f,00,62,00,6a,00,73,00,2e,00,64,00,6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security\NetDDE Object\ObjectNames]
"DDE Share"=dword:00001d00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security\SC Manager]
"ParameterMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,\
6f,00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,\
00,5c,00,4d,00,73,00,4f,00,62,00,6a,00,73,00,2e,00,64,00,6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security\SC Manager\ObjectNames]
"SC_MANAGER Object"=dword:00001c00
"SERVICE Object"=dword:00001c10

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security]
"CategoryCount"=dword:00000009
"CategoryMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,\
6f,00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,\
00,5c,00,4d,00,73,00,41,00,75,00,64,00,69,00,74,00,45,00,2e,00,64,00,6c,00,\
6c,00,00,00
"GuidMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,\
6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,\
00,4e,00,74,00,4d,00,61,00,72,00,74,00,61,00,2e,00,64,00,6c,00,6c,00,00,00
"EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\
00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\
5c,00,4d,00,73,00,41,00,75,00,64,00,69,00,74,00,45,00,2e,00,64,00,6c,00,6c,\
00,3b,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,\
25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,70,\
00,32,00,72,00,65,00,73,00,2e,00,64,00,6c,00,6c,00,3b,00,25,00,53,00,79,00,\
73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,\
00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,70,00,33,00,72,00,65,00,73,00,\
2e,00,64,00,6c,00,6c,00,00,00
"ParameterMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,\
6f,00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,\
00,5c,00,4d,00,73,00,4f,00,62,00,6a,00,73,00,2e,00,64,00,6c,00,6c,00,00,00
"TypesSupported"=dword:0000001c

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security\ObjectNames]
"Channel"=dword:00001400
"Desktop"=dword:00001a10
"Device"=dword:00001100
"Directory"=dword:00001110
"Event"=dword:00001120
"EventPair"=dword:00001130
"File"=dword:00001140
"IoCompletion"=dword:00001300
"Job"=dword:00001410
"Key"=dword:00001150
"MailSlot"=dword:00001140
"Mutant"=dword:00001160
"NamedPipe"=dword:00001140
"Port"=dword:00001170
"Process"=dword:00001180
"Profile"=dword:00001190
"Section"=dword:000011a0
"Semaphore"=dword:000011b0
"SymbolicLink"=dword:000011c0
"Thread"=dword:000011d0
"Timer"=dword:000011e0
"Token"=dword:000011f0
"Type"=dword:00001200
"WaitablePort"=dword:00001170
"WindowStation"=dword:00001a00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security Account Manager]
"ParameterMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,\
6f,00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,\
00,5c,00,4d,00,73,00,4f,00,62,00,6a,00,73,00,2e,00,64,00,6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security Account Manager\ObjectNames]
"SAM_ALIAS"=dword:00001530
"SAM_DOMAIN"=dword:00001510
"SAM_GROUP"=dword:00001520
"SAM_SERVER"=dword:00001500
"SAM_USER"=dword:00001540

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Spooler]
"ParameterMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,\
6f,00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,\
00,5c,00,4d,00,73,00,4f,00,62,00,6a,00,73,00,2e,00,64,00,6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Spooler\ObjectNames]
"Document"=dword:00001b20
"Printer"=dword:00001b10
"Server"=dword:00001b00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System]
"DisplayNameFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,\
6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,\
00,65,00,6c,00,73,00,2e,00,64,00,6c,00,6c,00,00,00
"DisplayNameID"=dword:00000102
"File"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,\
00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,63,00,\
6f,00,6e,00,66,00,69,00,67,00,5c,00,53,00,79,00,73,00,45,00,76,00,65,00,6e,\
00,74,00,2e,00,45,00,76,00,74,00,00,00
"MaxSize"=dword:00080000
"PrimaryModule"="System"
"Retention"=dword:00093a80
"Sources"=hex(7):57,00,5a,00,43,00,53,00,56,00,43,00,00,00,57,00,6f,00,72,00,\
6b,00,73,00,74,00,61,00,74,00,69,00,6f,00,6e,00,00,00,57,00,6d,00,69,00,00,\
00,57,00,69,00,6e,00,64,00,6f,00,77,00,73,00,4d,00,65,00,64,00,69,00,61,00,\
00,00,57,00,69,00,6e,00,64,00,6f,00,77,00,73,00,20,00,53,00,63,00,72,00,69,\
00,70,00,74,00,20,00,48,00,6f,00,73,00,74,00,00,00,57,00,69,00,6e,00,64,00,\
6f,00,77,00,73,00,20,00,49,00,6e,00,73,00,74,00,61,00,6c,00,6c,00,65,00,72,\
00,20,00,33,00,2e,00,31,00,00,00,57,00,69,00,6e,00,64,00,6f,00,77,00,73,00,\
20,00,46,00,69,00,6c,00,65,00,20,00,50,00,72,00,6f,00,74,00,65,00,63,00,74,\
00,69,00,6f,00,6e,00,00,00,57,00,69,00,6e,00,61,00,63,00,70,00,63,00,69,00,\
00,00,57,00,69,00,6e,00,33,00,32,00,6b,00,00,00,77,00,65,00,69,00,74,00,65,\
00,6b,00,70,00,39,00,5f,00,64,00,65,00,74,00,65,00,63,00,74,00,00,00,77,00,\
64,00,76,00,67,00,61,00,5f,00,64,00,65,00,74,00,65,00,63,00,74,00,00,00,77,\
00,61,00,6e,00,61,00,74,00,77,00,00,00,57,00,33,00,32,00,54,00,69,00,6d,00,\
65,00,00,00,76,00,73,00,64,00,61,00,74,00,61,00,6e,00,74,00,00,00,56,00,67,\
00,61,00,53,00,61,00,76,00,65,00,00,00,75,00,72,00,76,00,70,00,6e,00,64,00,\
72,00,76,00,00,00,55,00,50,00,53,00,00,00,75,00,6c,00,74,00,72,00,61,00,36,\
00,36,00,00,00,75,00,64,00,66,00,73,00,00,00,74,00,72,00,69,00,64,00,33,00,\
64,00,00,00,54,00,65,00,72,00,6d,00,53,00,65,00,72,00,76,00,69,00,63,00,65,\
00,00,00,74,00,64,00,69,00,00,00,54,00,43,00,50,00,4d,00,6f,00,6e,00,00,00,\
54,00,63,00,70,00,69,00,70,00,00,00,73,00,79,00,6d,00,5f,00,68,00,69,00,00,\
00,73,00,79,00,6d,00,63,00,38,00,78,00,78,00,00,00,73,00,79,00,6d,00,63,00,\
38,00,31,00,30,00,00,00,53,00,74,00,69,00,6c,00,6c,00,49,00,6d,00,61,00,67,\
00,65,00,00,00,53,00,72,00,76,00,00,00,73,00,70,00,61,00,72,00,72,00,6f,00,\
77,00,00,00,73,00,6e,00,64,00,62,00,6c,00,73,00,74,00,00,00,53,00,69,00,6d,\
00,62,00,61,00,64,00,00,00,73,00,67,00,6c,00,66,00,62,00,00,00,73,00,66,00,\
6c,00,6f,00,70,00,70,00,79,00,00,00,53,00,65,00,72,00,76,00,69,00,63,00,65,\
00,20,00,43,00,6f,00,6e,00,74,00,72,00,6f,00,6c,00,20,00,4d,00,61,00,6e,00,\
61,00,67,00,65,00,72,00,00,00,53,00,65,00,72,00,76,00,65,00,72,00,00,00,73,\
00,65,00,72,00,69,00,61,00,6c,00,00,00,73,00,63,00,73,00,69,00,70,00,6f,00,\
72,00,74,00,00,00,53,00,63,00,68,00,65,00,64,00,75,00,6c,00,65,00,00,00,53,\
00,63,00,68,00,61,00,6e,00,6e,00,65,00,6c,00,00,00,53,00,43,00,61,00,72,00,\
64,00,53,00,76,00,72,00,00,00,73,00,61,00,76,00,72,00,74,00,00,00,53,00,61,\
00,76,00,65,00,20,00,44,00,75,00,6d,00,70,00,00,00,53,00,41,00,4d,00,00,00,\
73,00,33,00,6c,00,65,00,67,00,61,00,63,00,79,00,5f,00,64,00,65,00,74,00,65,\
00,63,00,74,00,00,00,52,00,53,00,56,00,50,00,00,00,52,00,65,00,6d,00,6f,00,\
76,00,61,00,62,00,6c,00,65,00,20,00,53,00,74,00,6f,00,72,00,61,00,67,00,65,\
00,20,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,00,00,52,00,65,00,6d,00,\
6f,00,74,00,65,00,41,00,63,00,63,00,65,00,73,00,73,00,00,00,72,00,65,00,64,\
00,62,00,6f,00,6f,00,6b,00,00,00,52,00,64,00,62,00,73,00,73,00,00,00,52,00,\
61,00,73,00,4d,00,61,00,6e,00,00,00,52,00,61,00,73,00,41,00,75,00,74,00,6f,\
00,00,00,71,00,76,00,5f,00,64,00,65,00,74,00,65,00,63,00,74,00,00,00,71,00,\
6c,00,32,00,31,00,30,00,30,00,00,00,71,00,6c,00,31,00,32,00,34,00,30,00,00,\
00,71,00,6c,00,31,00,30,00,77,00,6e,00,74,00,00,00,71,00,6c,00,31,00,30,00,\
38,00,30,00,00,00,50,00,78,00,48,00,65,00,6c,00,70,00,32,00,30,00,00,00,50,\
00,72,00,69,00,6e,00,74,00,00,00,50,00,70,00,74,00,70,00,4d,00,69,00,6e,00,\
69,00,70,00,6f,00,72,00,74,00,00,00,50,00,6f,00,6c,00,69,00,63,00,79,00,41,\
00,67,00,65,00,6e,00,74,00,00,00,70,00,63,00,6d,00,63,00,69,00,61,00,00,00,\
70,00,63,00,69,00,69,00,64,00,65,00,00,00,70,00,63,00,69,00,00,00,70,00,61,\
00,72,00,76,00,64,00,6d,00,00,00,70,00,61,00,72,00,70,00,6f,00,72,00,74,00,\
00,00,70,00,61,00,72,00,61,00,6c,00,6c,00,65,00,6c,00,00,00,4f,00,53,00,50,\
00,46,00,4d,00,69,00,62,00,00,00,4f,00,53,00,50,00,46,00,00,00,6e,00,75,00,\
6c,00,6c,00,00,00,4e,00,74,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,50,\
00,61,00,63,00,6b,00,00,00,4e,00,54,00,4d,00,53,00,00,00,6e,00,74,00,66,00,\
73,00,00,00,6e,00,70,00,66,00,73,00,00,00,4e,00,65,00,74,00,6c,00,6f,00,67,\
00,6f,00,6e,00,00,00,4e,00,65,00,74,00,44,00,44,00,45,00,00,00,4e,00,65,00,\
74,00,42,00,54,00,00,00,4e,00,65,00,74,00,42,00,49,00,4f,00,53,00,00,00,4e,\
00,64,00,69,00,73,00,57,00,61,00,6e,00,00,00,6e,00,64,00,69,00,73,00,00,00,\
6e,00,63,00,72,00,63,00,37,00,31,00,30,00,00,00,4d,00,75,00,70,00,00,00,6d,\
00,73,00,66,00,73,00,00,00,6d,00,73,00,61,00,64,00,6c,00,69,00,62,00,00,00,\
4d,00,72,00,78,00,53,00,6d,00,62,00,00,00,6d,00,72,00,61,00,69,00,64,00,33,\
00,35,00,78,00,00,00,6d,00,6f,00,75,00,63,00,6c,00,61,00,73,00,73,00,00,00,\
4d,00,6f,00,64,00,65,00,6d,00,00,00,6d,00,67,00,61,00,5f,00,64,00,65,00,74,\
00,65,00,63,00,74,00,00,00,4c,00,73,00,61,00,53,00,72,00,76,00,00,00,6c,00,\
70,00,36,00,6e,00,64,00,73,00,33,00,35,00,00,00,4c,00,6d,00,48,00,6f,00,73,\
00,74,00,73,00,00,00,4c,00,44,00,4d,00,53,00,00,00,4c,00,44,00,4d,00,00,00,\
6c,00,62,00,72,00,74,00,66,00,64,00,63,00,00,00,4b,00,65,00,72,00,62,00,65,\
00,72,00,6f,00,73,00,00,00,6b,00,62,00,64,00,63,00,6c,00,61,00,73,00,73,00,\
00,00,69,00,73,00,61,00,70,00,6e,00,70,00,00,00,49,00,50,00,58,00,53,00,41,\
00,50,00,00,00,49,00,50,00,58,00,52,00,6f,00,75,00,74,00,65,00,72,00,4d,00,\
61,00,6e,00,61,00,67,00,65,00,72,00,00,00,49,00,50,00,58,00,52,00,49,00,50,\
00,00,00,49,00,50,00,58,00,43,00,50,00,00,00,69,00,70,00,73,00,72,00,61,00,\
69,00,64,00,6e,00,00,00,49,00,50,00,53,00,45,00,43,00,00,00,49,00,50,00,52,\
00,6f,00,75,00,74,00,65,00,72,00,4d,00,61,00,6e,00,61,00,67,00,65,00,72,00,\
00,00,49,00,50,00,52,00,49,00,50,00,32,00,00,00,49,00,50,00,4e,00,41,00,54,\
00,48,00,4c,00,50,00,00,00,49,00,50,00,42,00,4f,00,4f,00,54,00,50,00,00,00,\
49,00,6e,00,74,00,65,00,72,00,6e,00,65,00,74,00,20,00,45,00,78,00,70,00,6c,\
00,6f,00,72,00,65,00,72,00,20,00,36,00,00,00,69,00,6e,00,74,00,65,00,6c,00,\
69,00,64,00,65,00,00,00,69,00,6e,00,69,00,39,00,31,00,30,00,75,00,00,00,69,\
00,38,00,30,00,34,00,32,00,70,00,72,00,74,00,00,00,66,00,74,00,64,00,69,00,\
73,00,6b,00,00,00,66,00,73,00,5f,00,72,00,65,00,63,00,00,00,66,00,6c,00,70,\
00,79,00,64,00,69,00,73,00,6b,00,00,00,66,00,6c,00,61,00,73,00,68,00,70,00,\
6e,00,74,00,00,00,66,00,69,00,72,00,65,00,70,00,6f,00,72,00,74,00,00,00,46,\
00,69,00,70,00,73,00,00,00,66,00,64,00,63,00,00,00,66,00,64,00,31,00,36,00,\
5f,00,37,00,30,00,30,00,00,00,66,00,61,00,73,00,74,00,66,00,61,00,74,00,00,\
00,65,00,76,00,65,00,6e,00,74,00,6c,00,6f,00,67,00,00,00,65,00,74,00,34,00,\
30,00,30,00,30,00,5f,00,64,00,65,00,74,00,65,00,63,00,74,00,00,00,65,00,66,\
00,73,00,00,00,44,00,6e,00,73,00,63,00,61,00,63,00,68,00,65,00,00,00,44,00,\
6e,00,73,00,61,00,70,00,69,00,00,00,64,00,6d,00,69,00,6f,00,00,00,64,00,6d,\
00,62,00,6f,00,6f,00,74,00,00,00,44,00,69,00,73,00,74,00,72,00,69,00,62,00,\
75,00,74,00,65,00,64,00,20,00,4c,00,69,00,6e,00,6b,00,20,00,54,00,72,00,61,\
00,63,00,6b,00,69,00,6e,00,67,00,20,00,43,00,6c,00,69,00,65,00,6e,00,74,00,\
00,00,64,00,69,00,73,00,6b,00,70,00,65,00,72,00,66,00,00,00,64,00,69,00,73,\
00,6b,00,00,00,44,00,69,00,72,00,65,00,63,00,74,00,58,00,00,00,44,00,68,00,\
63,00,70,00,00,00,44,00,66,00,73,00,53,00,76,00,63,00,00,00,44,00,66,00,73,\
00,44,00,72,00,69,00,76,00,65,00,72,00,00,00,64,00,65,00,63,00,6b,00,7a,00,\
70,00,73,00,78,00,00,00,44,00,43,00,4f,00,4d,00,00,00,64,00,61,00,63,00,39,\
00,36,00,30,00,6e,00,74,00,00,00,63,00,70,00,71,00,66,00,77,00,73,00,32,00,\
65,00,00,00,63,00,70,00,71,00,66,00,63,00,61,00,6c,00,6d,00,00,00,63,00,70,\
00,71,00,61,00,72,00,72,00,79,00,32,00,00,00,63,00,70,00,71,00,61,00,72,00,\
72,00,61,00,79,00,00,00,63,00,69,00,72,00,72,00,75,00,73,00,5f,00,64,00,65,\
00,74,00,65,00,63,00,74,00,00,00,63,00,68,00,61,00,6e,00,67,00,65,00,72,00,\
00,00,63,00,64,00,72,00,6f,00,6d,00,00,00,63,00,64,00,66,00,73,00,00,00,63,\
00,64,00,61,00,75,00,64,00,69,00,6f,00,00,00,63,00,64,00,32,00,30,00,78,00,\
72,00,6e,00,74,00,00,00,62,00,75,00,73,00,6c,00,6f,00,67,00,69,00,63,00,00,\
00,42,00,72,00,6f,00,77,00,73,00,65,00,72,00,00,00,42,00,49,00,54,00,53,00,\
00,00,62,00,65,00,65,00,70,00,00,00,41,00,75,00,74,00,6f,00,6d,00,61,00,74,\
00,69,00,63,00,20,00,55,00,70,00,64,00,61,00,74,00,65,00,73,00,00,00,41,00,\
74,00,6d,00,61,00,72,00,70,00,63,00,00,00,61,00,74,00,69,00,5f,00,64,00,65,\
00,74,00,65,00,63,00,74,00,00,00,61,00,74,00,64,00,69,00,73,00,6b,00,00,00,\
61,00,74,00,61,00,70,00,69,00,00,00,41,00,73,00,79,00,6e,00,63,00,4d,00,61,\
00,63,00,00,00,61,00,73,00,63,00,33,00,35,00,35,00,30,00,00,00,61,00,73,00,\
63,00,33,00,33,00,35,00,30,00,70,00,00,00,61,00,73,00,63,00,00,00,41,00,70,\
00,70,00,6c,00,69,00,63,00,61,00,74,00,69,00,6f,00,6e,00,20,00,50,00,6f,00,\
70,00,75,00,70,00,00,00,61,00,6d,00,73,00,69,00,6e,00,74,00,00,00,61,00,6d,\
00,69,00,30,00,6e,00,74,00,00,00,41,00,6c,00,65,00,72,00,74,00,65,00,72,00,\
00,00,61,00,69,00,63,00,37,00,38,00,78,00,78,00,00,00,61,00,69,00,63,00,37,\
00,38,00,75,00,32,00,00,00,61,00,69,00,63,00,31,00,31,00,36,00,78,00,00,00,\
61,00,68,00,61,00,31,00,35,00,34,00,78,00,00,00,61,00,64,00,70,00,75,00,31,\
00,36,00,30,00,6d,00,00,00,41,00,44,00,4d,00,39,00,58,00,00,00,61,00,63,00,\
70,00,69,00,65,00,63,00,00,00,61,00,63,00,70,00,69,00,00,00,61,00,62,00,70,\
00,34,00,38,00,30,00,6e,00,35,00,00,00,61,00,62,00,69,00,6f,00,73,00,64,00,\
73,00,6b,00,00,00,53,00,79,00,73,00,74,00,65,00,6d,00,00,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\abiosdsk]
"EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\
00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\
5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\
00,00,00
"TypesSupported"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\abp480n5]
"EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\
00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\
5c,00,49,00,6f,00,4c,00,6f,00,67,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,\
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP