Gen.Variant.Strictor.109609_67147327df

Susp_Dropper (Kaspersky), Gen:Variant.Strictor.109609 (B) (Emsisoft), Gen:Variant.Strictor.109609 (AdAware), Packed.Win32.Themida.FD, Trojan-PSW.Win32.MSNPassword.FD, Trojan.Win32.FlyStudio.FD, GenericEmailWorm.YR, GenericInjector.YR, TrojanFlyStudio.YR (Lavasoft MAS)Behaviour: Trojan-PSW, Trojan, Worm, EmailWorm, Packed

The description has been automatically generated by Lavasoft Malware Analysis System and it may contain incomplete or inaccurate information.

dddddd

dddddd

!"#$%&'()* ,-./0123456789:;

!"#$%&'()* ,-./0123456789:;

5.1.2600.5512 (xpsp.080413-0852)

5.1.2600.5512 (xpsp.080413-0852)

Microsoft(R) Windows(R) Operating System

Microsoft(R) Windows(R) Operating System

5.1.2600.5512

5.1.2600.5512

/024 (;%

/024 (;%

Windows IPSec SPD Client DLL

Windows IPSec SPD Client DLL

winipsec.dll

winipsec.dll

(*.*)

(*.*)

1.0.0.0

1.0.0.0

(hXXp://VVV.eyuyan.com)

(hXXp://VVV.eyuyan.com)

%original file name%.exe_508_rwx_00401000_00175000:

t$(SSh

t$(SSh

~%UVW

~%UVW

u$SShe

u$SShe

advapi32.dll

advapi32.dll

Advapi32.dll

Advapi32.dll

shlwapi.dll

shlwapi.dll

wininet.dll

wininet.dll

rasapi32.dll

rasapi32.dll

ole32.dll

ole32.dll

ShellExecuteA

ShellExecuteA

HttpOpenRequestA

HttpOpenRequestA

HttpSendRequestA

HttpSendRequestA

HttpQueryInfoA

HttpQueryInfoA

\winipsec.dll

\winipsec.dll

\ipseccmd.dll

\ipseccmd.dll

.text

.text

`.data

`.data

.rsrc

.rsrc

msvcrt.dll

msvcrt.dll

msvcirt.dll

msvcirt.dll

ADVAPI32.dll

ADVAPI32.dll

KERNEL32.dll

KERNEL32.dll

NTDLL.DLL

NTDLL.DLL

WS2_32.dll

WS2_32.dll

RPCRT4.dll

RPCRT4.dll

CRYPT32.dll

CRYPT32.dll

WLDAP32.dll

WLDAP32.dll

USERENV.dll

USERENV.dll

WINIPSEC.DLL

WINIPSEC.DLL

POLSTORE.DLL

POLSTORE.DLL

INPASS

INPASS

Fatal error occured processing cmd line at line %d

Fatal error occured processing cmd line at line %d

Unexpected flag: %s. Check usage.

Unexpected flag: %s. Check usage.

You must specify rule name: %s. Check usage.

You must specify rule name: %s. Check usage.

You must specify policy name: %s. Check usage.

You must specify policy name: %s. Check usage.

You must specify storage info: %s. Check usage.

You must specify storage info: %s. Check usage.

Unknown flag: %s

Unknown flag: %s

Polstore operation returned 0x%x!

Polstore operation returned 0x%x!

CERT

CERT

export

export

import

import

%s could not be opened for read! GetLastError = 0x%x

%s could not be opened for read! GetLastError = 0x%x

ipseccmd

ipseccmd

AscAddUint(X,X, X) ERROR - bad parameters

AscAddUint(X,X, X) ERROR - bad parameters

AscMultUint(X,X, X) ERROR - bad parameters

AscMultUint(X,X, X) ERROR - bad parameters

4294967296

4294967296

Encapsulation Type : %s

Encapsulation Type : %s

To %s

To %s

From %s

From %s

Transport Bytes Received %s

Transport Bytes Received %s

Transport Bytes Sent %s

Transport Bytes Sent %s

Bytes Received In Tunnels %s

Bytes Received In Tunnels %s

Bytes Sent In Tunnels %s

Bytes Sent In Tunnels %s

Offloaded Bytes Received %s

Offloaded Bytes Received %s

Offloaded Bytes Sent %s

Offloaded Bytes Sent %s

Authenticated Bytes Received %s

Authenticated Bytes Received %s

Authenticated Bytes Sent %s

Authenticated Bytes Sent %s

Confidential Bytes Received %s

Confidential Bytes Received %s

Confidential Bytes Sent %s

Confidential Bytes Sent %s

ConnListSize %d

ConnListSize %d

IsadbListSize %d

IsadbListSize %d

KeyUpdateFail %d

KeyUpdateFail %d

KeyAddFail %d

KeyAddFail %d

GetSpiFail %d

GetSpiFail %d

TotalKeyUpdate %d

TotalKeyUpdate %d

TotalKeyAdd %d

TotalKeyAdd %d

TotalGetSpi %d

TotalGetSpi %d

Total Acquire %d

Total Acquire %d

Invalid Cookies Rcvd %d

Invalid Cookies Rcvd %d

Negotiation Failures %d

Negotiation Failures %d

Receive Heap size %d

Receive Heap size %d

Acquire Heap size %d

Acquire Heap size %d

Send fail %d

Send fail %d

Receive fail %d

Receive fail %d

Acquire fail %d

Acquire fail %d

Active Receive %d

Active Receive %d

Active Acquire %d

Active Acquire %d

Authentication Failures %d

Authentication Failures %d

Soft SAs %d

Soft SAs %d

Quick Modes %d

Quick Modes %d

Main Modes %d

Main Modes %d

.ipsec

.ipsec

Couldn't get GUID for mirror filter - UuidCreate failed with status: %ul

Couldn't get GUID for mirror filter - UuidCreate failed with status: %ul

Couldn't get GUID for MM filter - UuidCreate failed with status: %ul

Couldn't get GUID for MM filter - UuidCreate failed with status: %ul

ipseccmd.pdb

ipseccmd.pdb

t.IIt

t.IIt

RegCloseKey

RegCloseKey

RegOpenKeyExW

RegOpenKeyExW

CertStrToNameW

CertStrToNameW

CertNameToStrW

CertNameToStrW

IPSecImportPolicies

IPSecImportPolicies

IPSecExportPolicies

IPSecExportPolicies

\polstore.dll

\polstore.dll

@.reloc

@.reloc

NETAPI32.dll

NETAPI32.dll

PSSh,

PSSh,

PSShT

PSShT

RegDeleteKeyW

RegDeleteKeyW

RegSaveKeyW

RegSaveKeyW

RegRestoreKeyW

RegRestoreKeyW

RegOpenKeyW

RegOpenKeyW

RegCreateKeyExW

RegCreateKeyExW

RegEnumKeyExW

RegEnumKeyExW

GetProcessHeap

GetProcessHeap

polstore.pdb

polstore.pdb

winipsec.pdb

winipsec.pdb

AddTransportFilter

AddTransportFilter

CloseTransportFilterHandle

CloseTransportFilterHandle

DeleteTransportFilter

DeleteTransportFilter

EnumTransportFilters

EnumTransportFilters

GetTransportFilter

GetTransportFilter

MatchTransportFilter

MatchTransportFilter

OpenTransportFilterHandle

OpenTransportFilterHandle

SetTransportFilter

SetTransportFilter

https

https

Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1)

Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1)

http=

http=

HTTP/1.1

HTTP/1.1

Content-Type: application/x-www-form-urlencoded

Content-Type: application/x-www-form-urlencoded

hXXps://

hXXps://

hXXp://

hXXp://

Software\Microsoft\Windows\CurrentVersion\Internet Settings\AutoConfigURL

Software\Microsoft\Windows\CurrentVersion\Internet Settings\AutoConfigURL

Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\

Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\

VVV.ip138.com

VVV.ip138.com

VVV.qq.com

VVV.qq.com

WinHttp.WinHttpRequest.5.1

WinHttp.WinHttpRequest.5.1

User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1)

User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1)

Ms.exe

Ms.exe

wWw.941Pojie.coM

wWw.941Pojie.coM

.oNIT

.oNIT

=%xgH|*

=%xgH|*

:%%f&

:%%f&

%ßRY

%ßRY

VVV.meitu.com

VVV.meitu.com

te.Jt

te.Jt

3.mcp

3.mcp

%SnVv

%SnVv

pi,%Upom

pi,%Upom

.ZThS

.ZThS

%X`iG

%X`iG

.Jj5% s7

.Jj5% s7

.JukW

.JukW

q.TjQ

q.TjQ

qN.PjQN

qN.PjQN

%d&&'

%d&&'

123456789

123456789

00003333

00003333

deflate 1.1.3 Copyright 1995-1998 Jean-loup Gailly

deflate 1.1.3 Copyright 1995-1998 Jean-loup Gailly

inflate 1.1.3 Copyright 1995-1998 Mark Adler

inflate 1.1.3 Copyright 1995-1998 Mark Adler

1.2.18

1.2.18

%*.*f

%*.*f

CNotSupportedException

CNotSupportedException

commctrl_DragListMsg

commctrl_DragListMsg

Afx:%x:%x:%x:%x:%x

Afx:%x:%x:%x:%x:%x

Afx:%x:%x

Afx:%x:%x

COMCTL32.DLL

COMCTL32.DLL

CCmdTarget

CCmdTarget

MSWHEEL_ROLLMSG

MSWHEEL_ROLLMSG

__MSVCRT_HEAP_SELECT

__MSVCRT_HEAP_SELECT

Broken pipe

Broken pipe

Inappropriate I/O control operation

Inappropriate I/O control operation

Operation not permitted

Operation not permitted

user32.dll

user32.dll

"103*2-

"103*2-

.PAVCException@@

.PAVCException@@

Shell32.dll

Shell32.dll

Mpr.dll

Mpr.dll

User32.dll

User32.dll

Gdi32.dll

Gdi32.dll

Kernel32.dll

Kernel32.dll

(&07-034/)7 '

(&07-034/)7 '

?? / %d]

?? / %d]

%d / %d]

%d / %d]

.PAVCFileException@@

.PAVCFileException@@

: %d]

: %d]

(*.*)|*.*||

(*.*)|*.*||

(*.WAV;*.MID)|*.WAV;*.MID|WAV

(*.WAV;*.MID)|*.WAV;*.MID|WAV

(*.WAV)|*.WAV|MIDI

(*.WAV)|*.WAV|MIDI

(*.MID)|*.MID|

(*.MID)|*.MID|

(*.txt)|*.txt|

(*.txt)|*.txt|

(*.JPG;*.PNG;*.BMP;*.GIF;*.ICO;*.CUR)|*.JPG;*.PNG;*.BMP;*.GIF;*.ICO;*.CUR|JPG

(*.JPG;*.PNG;*.BMP;*.GIF;*.ICO;*.CUR)|*.JPG;*.PNG;*.BMP;*.GIF;*.ICO;*.CUR|JPG

(*.JPG)|*.JPG|PNG

(*.JPG)|*.JPG|PNG

(*.PNG)|*.PNG|BMP

(*.PNG)|*.PNG|BMP

(*.BMP)|*.BMP|GIF

(*.BMP)|*.BMP|GIF

(*.GIF)|*.GIF|

(*.GIF)|*.GIF|

(*.ICO)|*.ICO|

(*.ICO)|*.ICO|

(*.CUR)|*.CUR|

(*.CUR)|*.CUR|

%s:%d

%s:%d

windows

windows

.PAVCNotSupportedException@@

.PAVCNotSupportedException@@

out.prn

out.prn

(*.prn)|*.prn|

(*.prn)|*.prn|

%d.%d

%d.%d

%d/%d

%d/%d

1.6.9

1.6.9

unsupported zlib version

unsupported zlib version

png_read_image: unsupported transformation

png_read_image: unsupported transformation

%d / %d

%d / %d

Bogus message code %d

Bogus message code %d

libpng error: %s

libpng error: %s

libpng warning: %s

libpng warning: %s

1.1.3

1.1.3

bad keyword

bad keyword

libpng does not support gamma background rgb_to_gray

libpng does not support gamma background rgb_to_gray

Palette is NULL in indexed image

Palette is NULL in indexed image

(%d-%d):

(%d-%d):

%ld%c

%ld%c

Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)

Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)

HTTP/1.0

HTTP/1.0

%s

%s

Reply-To: %s

Reply-To: %s

From: %s

From: %s

To: %s

To: %s

Subject: %s

Subject: %s

Date: %s

Date: %s

Cc: %s

Cc: %s

%a, %d %b %Y %H:%M:%S

%a, %d %b %Y %H:%M:%S

SMTP

SMTP

(*.htm;*.html)|*.htm;*.html

(*.htm;*.html)|*.htm;*.html

;3 #>6.&

;3 #>6.&

'2, / 0&7!4-)1#

'2, / 0&7!4-)1#

(*.avi)|*.avi

(*.avi)|*.avi

WPFT532.CNV

WPFT532.CNV

WPFT632.CNV

WPFT632.CNV

EXCEL32.CNV

EXCEL32.CNV

write32.wpc

write32.wpc

Windows Write

Windows Write

mswrd632.wpc

mswrd632.wpc

Word for Windows 6.0

Word for Windows 6.0

wword5.cnv

wword5.cnv

Word for Windows 5.0

Word for Windows 5.0

mswrd832.cnv

mswrd832.cnv

mswrd632.cnv

mswrd632.cnv

Word 6.0/95 for Windows & Macintosh

Word 6.0/95 for Windows & Macintosh

html32.cnv

html32.cnv

.PAVCOleException@@

.PAVCOleException@@

.PAVCObject@@

.PAVCObject@@

.PAVCSimpleException@@

.PAVCSimpleException@@

.PAVCMemoryException@@

.PAVCMemoryException@@

.?AVCNotSupportedException@@

.?AVCNotSupportedException@@

.PAVCResourceException@@

.PAVCResourceException@@

.PAVCUserException@@

.PAVCUserException@@

.?AVCCmdTarget@@

.?AVCCmdTarget@@

.?AVCCmdUI@@

.?AVCCmdUI@@

.?AVCTestCmdUI@@

.?AVCTestCmdUI@@

.PAVCOleDispatchException@@

.PAVCOleDispatchException@@

.PAVCArchiveException@@

.PAVCArchiveException@@

zcÁ

zcÁ

127.0.0.1 VVV.915youxi.com

127.0.0.1 VVV.915youxi.com

127.0.0.1 915youxi.com

127.0.0.1 915youxi.com

127.0.0.1 VVV.52anzu.com

127.0.0.1 VVV.52anzu.com

127.0.0.1 52anzu.com

127.0.0.1 52anzu.com

c:\%original file name%.exe

c:\%original file name%.exe

#include "l.chs\afxres.rc" // Standard components

#include "l.chs\afxres.rc" // Standard components

%s%sFlags : %lu

%s%sFlags : %lu

%s%sPFS : %s

%s%sPFS : %s

%s%sAlgo #%d :

%s%sAlgo #%d :

%sOffer #%d

%sOffer #%d

%sFlags : %lu %s %s %s

%sFlags : %lu %s %s %s

%sPolicy Id : %s

%sPolicy Id : %s

%sName : %s

%sName : %s

%s%sQuickmode limit : %lu, Lifetime %luKbytes/%luseconds

%s%sQuickmode limit : %lu, Lifetime %luKbytes/%luseconds

%s%s%s

%s%s%s

IP Addr %S

IP Addr %S

interface id %s

interface id %s

mask %S

mask %S

subnet %S

subnet %S

Interface Type : %s

Interface Type : %s

Mirrored : %s

Mirrored : %s

Direction : %s, Weight : %lu

Direction : %s, Weight : %lu

Outbound Passthru

Outbound Passthru

Inbound Passthru

Inbound Passthru

Protocol : %lu Src Port : %u Des Port : %u

Protocol : %lu Src Port : %u Des Port : %u

Policy Id : %s

Policy Id : %s

Filter Id : %s

Filter Id : %s

Name : %s

Name : %s

AM #%d :

AM #%d :

%sAuth Methods Id: %s

%sAuth Methods Id: %s

%sSoft SA expiration time : %lu

%sSoft SA expiration time : %lu

%sFlags : %lu %s %s

%sFlags : %lu %s %s

Auth Methods Id: %s

Auth Methods Id: %s

Filter %d

Filter %d

MM Filter %d

MM Filter %d

%s filter action

%s filter action

%s filter list

%s filter list

Example: ipseccmd export PERS persistent.ipsec

Example: ipseccmd export PERS persistent.ipsec

specify the .ipsec file extension, this extension will be appended.

specify the .ipsec file extension, this extension will be appended.

Name of file to import/export from/to. If an export file name does not

Name of file to import/export from/to. If an export file name does not

Ipseccmd imports or exports a .ipsec file.

Ipseccmd imports or exports a .ipsec file.

Import/Export MODE

Import/Export MODE

Example: ipseccmd set logike

Example: ipseccmd set logike

Ipseccmd sets configuration parameters for IPSec.

Ipseccmd sets configuration parameters for IPSec.

Example: ipseccmd show filters policies

Example: ipseccmd show filters policies

stats - shows Internet Key Exchange(IKE) and IPSec statistics

stats - shows Internet Key Exchange(IKE) and IPSec statistics

Ipseccmd displays requested data from the IPSec Security Policies Database

Ipseccmd displays requested data from the IPSec Security Policies Database

INPASS will set any inbound filters in the FilterList as Pass filters while

INPASS will set any inbound filters in the FilterList as Pass filters while

will make all of the filters in the FilterList Pass filters.

will make all of the filters in the FilterList Pass filters.

PASS will ignore any methods in NegotiationMethodList and

PASS will ignore any methods in NegotiationMethodList and

values you can pass in the NegotiationMethodList that have special meaning:

values you can pass in the NegotiationMethodList that have special meaning:

made to signify filters as Pass (or permit) and Block. In Static mode, these

made to signify filters as Pass (or permit) and Block. In Static mode, these

originally created with ipseccmd. Policies can be set as either Assigned or

originally created with ipseccmd. Policies can be set as either Assigned or

Example: 10Q/3600S will rekey after 10 quick modes or every hour.

Example: 10Q/3600S will rekey after 10 quick modes or every hour.

The number of Quick Modes and/or seconds after which IKE should rekey a

The number of Quick Modes and/or seconds after which IKE should rekey a

-1k MMRekeyTime

-1k MMRekeyTime

The strings provided as the preshared key or CA info are case sensitive

The strings provided as the preshared key or CA info are case sensitive

PRESHARE:""

PRESHARE:""

CERT:"", e.g. CERT:"CN=CA1,OU=O,O=MEME,C=DE,E=ME@here"

CERT:"", e.g. CERT:"CN=CA1,OU=O,O=MEME,C=DE,E=ME@here"

DEFAULT: Omission of tunnel address assumes transport mode.

DEFAULT: Omission of tunnel address assumes transport mode.

ipseccmd twice-- once for the outbound filters and outgoing tunnel

ipseccmd twice-- once for the outbound filters and outgoing tunnel

NOTE: If you need to set up a tunnel policy, you will need to execute

NOTE: If you need to set up a tunnel policy, you will need to execute

Example: ESP[DES,SHA]5120k/3600s will rekey after 5MB or 1 hour

Example: ESP[DES,SHA]5120k/3600s will rekey after 5MB or 1 hour

after which IKE should rekey a Quick Mode security association.

after which IKE should rekey a Quick Mode security association.

Rekey: Optional setting to specify the number of KBytes and/or seconds

Rekey: Optional setting to specify the number of KBytes and/or seconds

NOTE: ESP[NONE,NONE] is not a supported configuration.

NOTE: ESP[NONE,NONE] is not a supported configuration.

AH[HashAlg] ESP[ConfAlg,AuthAlg]RekeyPFS

AH[HashAlg] ESP[ConfAlg,AuthAlg]RekeyPFS

AH[HashAlg]RekeyPFS

AH[HashAlg]RekeyPFS

ESP[ConfAlg,AuthAlg]RekeyPFS

ESP[ConfAlg,AuthAlg]RekeyPFS

Example: (0 128.2.1.1) will create 2 filters that will be exempted

Example: (0 128.2.1.1) will create 2 filters that will be exempted

the filter will be a Pass (or Permit) filter. If you surround the

the filter will be a Pass (or Permit) filter. If you surround the

PASS and BLOCK filters: By surrounding a filter specification with (),

PASS and BLOCK filters: By surrounding a filter specification with (),

all TCP traffic from the first subnet and the second subnet on port 80.

all TCP traffic from the first subnet and the second subnet on port 80.

172.31.0.0/255.255.0.0:80 157.0.0.0/255.0.0.0:80:TCP will filter

172.31.0.0/255.255.0.0:80 157.0.0.0/255.0.0.0:80:TCP will filter

M1 M2::6 will filter TCP traffic between addresses M1 and M2 on any port

M1 M2::6 will filter TCP traffic between addresses M1 and M2 on any port

You can use also use these protocol symbols: ICMP TCP UDP RAW

You can use also use these protocol symbols: ICMP TCP UDP RAW

If you indicate a protocol, a port value or '::' must precede it.

If you indicate a protocol, a port value or '::' must precede it.

Port and Protocol are optional. If omitted, the values are set to ANY

Port and Protocol are optional. If omitted, the values are set to ANY

128.*.* is the same as above

128.*.* is the same as above

128.*.*.* is same as 128.0.0.0/255.0.0.0

128.*.*.* is same as 128.0.0.0/255.0.0.0

144.92.*.* is the same as 144.92.0.0/255.255.0.0

144.92.*.* is the same as 144.92.0.0/255.255.0.0

Mask: Optional subnet mask. If omitted, 255.255.255.255 will be used.

Mask: Optional subnet mask. If omitted, 255.255.255.255 will be used.

Optionally, you can specify the keyword DEFAULT to set the

Optionally, you can specify the keyword DEFAULT to set the

A.B.C.D/mask:port=A.B.C.D/mask:port:protocol

A.B.C.D/mask:port=A.B.C.D/mask:port:protocol

Each execution of ipseccmd sets an IPSec rule, an IKE policy, or both.

Each execution of ipseccmd sets an IPSec rule, an IKE policy, or both.

Import and export mode will import or export a .ipsec policy file to/from the

Import and export mode will import or export a .ipsec policy file to/from the

To delete all dynamic policies, execute "ipseccmd -u"

To delete all dynamic policies, execute "ipseccmd -u"

import, and export. The default mode is dynamic.

import, and export. The default mode is dynamic.

Ipseccmd has multiple mutually exclusive modes: dynamic, static, show, set

Ipseccmd has multiple mutually exclusive modes: dynamic, static, show, set

For extended usage, run: ipseccmd -?

For extended usage, run: ipseccmd -?

Executes a file containing regular static or dynamic ipseccmd commands.

Executes a file containing regular static or dynamic ipseccmd commands.

ipseccmd -file FileName

ipseccmd -file FileName

Imports or exports a static policy file.

Imports or exports a static policy file.

ipseccmd \\machinename [import OR export] Location FileName

ipseccmd \\machinename [import OR export] Location FileName

ipseccmd \\machinename set [logike OR dontlogike]

ipseccmd \\machinename set [logike OR dontlogike]

ipseccmd \\machinename show gpo filters policies auth stats sas all

ipseccmd \\machinename show gpo filters policies auth stats sas all

{-w Location -p PolicyName:PollInterval -r RuleName [-x OR -y] -o}

{-w Location -p PolicyName:PollInterval -r RuleName [-x OR -y] -o}

-a AuthMethodList -1s SecurityMethodList -1k MMRekeyTime

-a AuthMethodList -1s SecurityMethodList -1k MMRekeyTime

ipseccmd \\machinename -f FilterList -n NegotiationMethodList -t TunnelAddr

ipseccmd \\machinename -f FilterList -n NegotiationMethodList -t TunnelAddr

Failed to add policy, error 0x%x

Failed to add policy, error 0x%x

PA RPC not ready. Sleeping for %d seconds...

PA RPC not ready. Sleeping for %d seconds...

Couldn't check status of Policy Agent service, error 0x%x, Exiting.

Couldn't check status of Policy Agent service, error 0x%x, Exiting.

Couldn't start Policy Agent service, error 0x%x, Exiting.

Couldn't start Policy Agent service, error 0x%x, Exiting.

Error converting policy: 0x%x

Error converting policy: 0x%x

Error 0x%x occurred:

Error 0x%x occurred:

text2pol.dll

text2pol.dll

Error: the argument is too long (>%d symbols)

Error: the argument is too long (>%d symbols)

EnumQMSAs failed with error %d

EnumQMSAs failed with error %d

Source UDP Encap port : %u Dest UDP Encap port: %u

Source UDP Encap port : %u Dest UDP Encap port: %u

Direction : %s

Direction : %s

Protocol : %lu Src Port : %u Des Port : %u

Protocol : %lu Src Port : %u Des Port : %u

%s Filter

%s Filter

IPSecEnumMMSAs failed with error %d

IPSecEnumMMSAs failed with error %d

Transport

Transport

Quick Mode SA #%d:

Quick Mode SA #%d:

Source UDP Encap port : %u Dest UDP Encap port: %u

Source UDP Encap port : %u Dest UDP Encap port: %u

Auth Used : %s

Auth Used : %s

Main Mode SA #%d:

Main Mode SA #%d:

ReKeys %lu

ReKeys %lu

Key Deletes %lu

Key Deletes %lu

Key Adds %lu

Key Adds %lu

Pending Key %lu

Pending Key %lu

QueryIPSecStatistics failed with error %d

QueryIPSecStatistics failed with error %d

EnumMMAuthMethods failed with error %d

EnumMMAuthMethods failed with error %d

EnumQMPolicies failed with error %d

EnumQMPolicies failed with error %d

IPSecQueryIKEStatistics failed with error %d

IPSecQueryIKEStatistics failed with error %d

Main Mode Authentication Methods #%d:

Main Mode Authentication Methods #%d:

Quick Mode Policy #%d:

Quick Mode Policy #%d:

EnumMMPolicies failed with error %d

EnumMMPolicies failed with error %d

Main Mode Policy #%d:

Main Mode Policy #%d:

EnumTunnelFilters failed with error %d

EnumTunnelFilters failed with error %d

Specific Tunnel Filter #%d:

Specific Tunnel Filter #%d:

Generic Tunnel Filter #%d:

Generic Tunnel Filter #%d:

EnumTransportFilters failed with error %d

EnumTransportFilters failed with error %d

Specific Transport Filter #%d:

Specific Transport Filter #%d:

Specific Transport Filters

Specific Transport Filters

Generic Transport Filter #%d:

Generic Transport Filter #%d:

Generic Transport Filters

Generic Transport Filters

EnumMMFilters failed with error %d

EnumMMFilters failed with error %d

Specific MM Filter #%d:

Specific MM Filter #%d:

Generic MM Filter #%d:

Generic MM Filter #%d:

Policy Path: %s

Policy Path: %s

Directory Policy Name: %s

Directory Policy Name: %s

Policy Path: HKLM\%s

Policy Path: HKLM\%s

Description: %s

Description: %s

Local Policy Name: %s

Local Policy Name: %s

A failure occured getting policy information: error %d

A failure occured getting policy information: error %d

An error occurred importing data.

An error occurred importing data.

An error occurred exporting data.

An error occurred exporting data.

{e437bc1c-aa7d-11d2-a382-00c04f991e27}

{e437bc1c-aa7d-11d2-a382-00c04f991e27}

Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions

Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions

MainMode Key Exchange

MainMode Key Exchange

MainMode Key Authorizated

MainMode Key Authorizated

Preshared Key

Preshared Key

RSA (Cert) Signature

RSA (Cert) Signature

RSA (Cert) Encryption

RSA (Cert) Encryption

ipseccmd

ipseccmd

SOFTWARE\Policies\Microsoft\Windows\IPSEC\GPTIPSECPolicy

SOFTWARE\Policies\Microsoft\Windows\IPSEC\GPTIPSECPolicy

SOFTWARE\Policies\Microsoft\Windows\IPSEC\Policy\Local

SOFTWARE\Policies\Microsoft\Windows\IPSEC\Policy\Local

SOFTWARE\Policies\Microsoft\Windows\IPSEC\Policy\Cache

SOFTWARE\Policies\Microsoft\Windows\IPSEC\Policy\Cache

The operation was successful.

The operation was successful.

pass-thru filter indicated but not closed properly

pass-thru filter indicated but not closed properly

A string was used to designate protocol and it was not supported.

A string was used to designate protocol and it was not supported.

The unit for phase 2 rekey time is invalid.

The unit for phase 2 rekey time is invalid.

Designated hash algorithm for AH is either invalid or not supported.

Designated hash algorithm for AH is either invalid or not supported.

An undefined parse error occured due to unsupported/invalid syntax.

An undefined parse error occured due to unsupported/invalid syntax.

ESP with NULL encryption and NULL authentication is not currently supported.

ESP with NULL encryption and NULL authentication is not currently supported.

Preshared key indicated, but not supplied.

Preshared key indicated, but not supplied.

The authentication method specified is invalid or unsupported.

The authentication method specified is invalid or unsupported.

Invalid or unsupported DH group specified.

Invalid or unsupported DH group specified.

The unit for phase 1 rekey time is invalid.

The unit for phase 1 rekey time is invalid.

The TYPE of storage is not supported.

The TYPE of storage is not supported.

Storage mode indicated but no storage info passed- internal error.

Storage mode indicated but no storage info passed- internal error.

The minimum rekey for Phase 2 is 20480 KB and 300 seconds.

The minimum rekey for Phase 2 is 20480 KB and 300 seconds.

Windows IPSec Command Utility

Windows IPSec Command Utility

5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ipseccmd.exe

ipseccmd.exe

Windows

Windows

Operating System

Operating System

5.1.2600.2180

5.1.2600.2180

SOFTWARE\Policies\Microsoft\Windows\IPSec\GPTIPSECPolicy

SOFTWARE\Policies\Microsoft\Windows\IPSec\GPTIPSECPolicy

SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Save

SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Save

SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Persistent

SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Persistent

OperationMode

OperationMode

SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Cache

SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Cache

polstore.dll

polstore.dll

TypesSupported

TypesSupported

%SystemRoot%\System32\oakley.dll

%SystemRoot%\System32\oakley.dll

SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local

SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local

SOFTWARE\Policies\Microsoft\Windows\IPSec

SOFTWARE\Policies\Microsoft\Windows\IPSec

dddddd

dddddd

!"#$%&'()* ,-./0123456789:;

!"#$%&'()* ,-./0123456789:;

5.1.2600.5512 (xpsp.080413-0852)

5.1.2600.5512 (xpsp.080413-0852)

Microsoft(R) Windows(R) Operating System

Microsoft(R) Windows(R) Operating System

5.1.2600.5512

5.1.2600.5512

/024 (;%

/024 (;%

Windows IPSec SPD Client DLL

Windows IPSec SPD Client DLL

winipsec.dll

winipsec.dll

(*.*)

(*.*)

%original file name%.exe_508_rwx_0058C000_00001000:

MSVCRT.dll

MSVCRT.dll

IPHLPAPI.DLL

IPHLPAPI.DLL

PSAPI.DLL

PSAPI.DLL

KERNEL32.dll

KERNEL32.dll

USER32.dll

USER32.dll

RegOpenKeyExA

RegOpenKeyExA

RegCloseKey

RegCloseKey

RegCreateKeyExA

RegCreateKeyExA

RegDeleteKeyA

RegDeleteKeyA

ADVAPI32.dll

ADVAPI32.dll

SHELL32.dll

SHELL32.dll

%original file name%.exe_508_rwx_00596000_00003000:

MSVCRT.dll

MSVCRT.dll

IPHLPAPI.DLL

IPHLPAPI.DLL

PSAPI.DLL

PSAPI.DLL

KERNEL32.dll

KERNEL32.dll

USER32.dll

USER32.dll

%original file name%.exe_508_rwx_0062A000_00047000:

KERNEL32.dll

KERNEL32.dll

USER32.dll

USER32.dll

ADVAPI32.dll

ADVAPI32.dll

OLEAUT32.dll

OLEAUT32.dll

ole32.dll

ole32.dll

GDI32.dll

GDI32.dll

SHELL32.dll

SHELL32.dll

WS2_32.dll

WS2_32.dll

WINMM.dll

WINMM.dll

WINSPOOL.DRV

WINSPOOL.DRV

RASAPI32.dll

RASAPI32.dll

WININET.dll

WININET.dll

AVIFIL32.dll

AVIFIL32.dll

MSVFW32.dll

MSVFW32.dll

COMCTL32.dll

COMCTL32.dll

G|.nb

G|.nb

comdlg32.dll

comdlg32.dll

oledlg.dll

oledlg.dll

%original file name%.exe_508_rwx_00673000_00002000:

GetKeyState

GetKeyState

GDI32.dll

GDI32.dll

SetViewportOrgEx

SetViewportOrgEx

SetViewportExtEx

SetViewportExtEx

OffsetViewportOrgEx

OffsetViewportOrgEx

ScaleViewportExtEx

ScaleViewportExtEx

GetViewportExtEx

GetViewportExtEx

GetViewportOrgEx

GetViewportOrgEx

WINMM.dll

WINMM.dll

WINSPOOL.DRV

WINSPOOL.DRV

ole32.dll

ole32.dll

comdlg32.dll

comdlg32.dll

ADVAPI32.dll

ADVAPI32.dll

RegCloseKey

RegCloseKey

RegCreateKeyExA

RegCreateKeyExA

,RegCreateKeyA

,RegCreateKeyA

RegOpenKeyExA

RegOpenKeyExA

oledlg.dll

oledlg.dll

SHELL32.dll

SHELL32.dll

ShellExecuteA

ShellExecuteA

WS2_32.dll

WS2_32.dll

COMCTL32.dll

COMCTL32.dll

WININET.dll

WININET.dll

OLEAUT32.dll

OLEAUT32.dll

PSAPI.DLL

PSAPI.DLL

%original file name%.exe_508_rwx_00B60000_0001D000:

iphlpapi.dll

iphlpapi.dll

AllocateAndGetTcpExTable2FromStack

AllocateAndGetTcpExTable2FromStack

AllocateAndGetTcpExTableFromStack

AllocateAndGetTcpExTableFromStack

AllocateAndGetTcpTableFromStack

AllocateAndGetTcpTableFromStack

AllocateAndGetUdpExTable2FromStack

AllocateAndGetUdpExTable2FromStack

AllocateAndGetUdpExTableFromStack

AllocateAndGetUdpExTableFromStack

AllocateAndGetUdpTableFromStack

AllocateAndGetUdpTableFromStack

GetExtendedTcpTable

GetExtendedTcpTable

GetExtendedUdpTable

GetExtendedUdpTable

GetOwnerModuleFromTcp6Entry

GetOwnerModuleFromTcp6Entry

GetOwnerModuleFromTcpEntry

GetOwnerModuleFromTcpEntry

GetOwnerModuleFromUdp6Entry

GetOwnerModuleFromUdp6Entry

GetOwnerModuleFromUdpEntry

GetOwnerModuleFromUdpEntry

GetTcpExTable2FromStack

GetTcpExTable2FromStack

GetTcpStatistics

GetTcpStatistics

GetTcpStatisticsEx

GetTcpStatisticsEx

GetTcpStatsFromStack

GetTcpStatsFromStack

GetTcpStatsFromStackEx

GetTcpStatsFromStackEx

GetTcpTable

GetTcpTable

GetTcpTableFromStack

GetTcpTableFromStack

GetUdpExTable2FromStack

GetUdpExTable2FromStack

GetUdpStatistics

GetUdpStatistics

GetUdpStatisticsEx

GetUdpStatisticsEx

GetUdpStatsFromStack

GetUdpStatsFromStack

GetUdpStatsFromStackEx

GetUdpStatsFromStackEx

GetUdpTable

GetUdpTable

GetUdpTableFromStack

GetUdpTableFromStack

InternalGetTcpTable

InternalGetTcpTable

InternalGetUdpTable

InternalGetUdpTable

InternalSetTcpEntry

InternalSetTcpEntry

SetTcpEntry

SetTcpEntry

SetTcpEntryToStack

SetTcpEntryToStack

SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\

SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\

\Device\NetBT_Tcpip_

\Device\NetBT_Tcpip_

%d.%d.%d.%d

%d.%d.%d.%d

\\.\Ip

\\.\Ip

TCP/IP not bound to any adapters

TCP/IP not bound to any adapters

Cannot access adapter bindings registry key

Cannot access adapter bindings registry key

TCP/IP is not running on this system

TCP/IP is not running on this system

SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\

SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\

SYSTEM\CurrentControlSet\Services\Tcpip\Linkage

SYSTEM\CurrentControlSet\Services\Tcpip\Linkage

PSSSSh8

PSSSSh8

wsock32.dll

wsock32.dll

\\.\Ip6

\\.\Ip6

SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\

SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\

advapi32.dll

advapi32.dll

PSSSSh

PSSSSh

uùH

uùH

{lX-X-X-XX-XXXXXX}

{lX-X-X-XX-XXXXXX}

DHCPCSVC.DLL

DHCPCSVC.DLL

MPRAPI.dll

MPRAPI.dll

netman.dll

netman.dll

ole32.dll

ole32.dll

PSAPI.DLL

PSAPI.DLL

RASAPI32.dll

RASAPI32.dll

ADVAPI32.dll

ADVAPI32.dll

KERNEL32.dll

KERNEL32.dll

msvcrt.dll

msvcrt.dll

ntdll.dll

ntdll.dll

USER32.dll

USER32.dll

WS2_32.dll

WS2_32.dll

RegOpenKeyExA

RegOpenKeyExA

RegOpenKeyExW

RegOpenKeyExW

RegCloseKey

RegCloseKey

GetProcessHeap

GetProcessHeap

iphlpapi.pdb

iphlpapi.pdb

MS TCP Loopback interface

MS TCP Loopback interface

1!2C2V2

1!2C2V2

\Device\Tcp6

\Device\Tcp6

\Device\Tcp

\Device\Tcp

rundll32.exe

rundll32.exe

wininet.dll

wininet.dll

ipnathlp.dll

ipnathlp.dll

ntoskrnl.exe

ntoskrnl.exe

RPCRT4.dll

RPCRT4.dll

ws2_32.dll

ws2_32.dll

\DEVICE\TCPIP_

\DEVICE\TCPIP_

svchost.exe

svchost.exe

System\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\%s\Connection

System\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\%s\Connection

\ras\router.pbk

\ras\router.pbk

router.pbk

router.pbk

System\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces

System\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces

5.1.2600.5512 (xpsp.080413-0852)

5.1.2600.5512 (xpsp.080413-0852)

Windows

Windows

Operating System

Operating System

5.1.2600.5512

5.1.2600.5512

Destination port unreachable.

Destination port unreachable.

Parallel Port

Parallel Port

ATM Logical Port

ATM Logical Port

ISO 802.5r DTR$Ext Position Locaction Report System Appletalk Remote Access Protocol#Proprietary Connectionless Protocol

ISO 802.5r DTR$Ext Position Locaction Report System Appletalk Remote Access Protocol#Proprietary Connectionless Protocol

IBM multi-proto channel support

IBM multi-proto channel support

Transport HDLP

Transport HDLP

%original file name%.exe_508_rwx_00C50000_000B0000:

ntdll.dll

ntdll.dll

LdrQueryImageFileExecutionOptions

LdrQueryImageFileExecutionOptions

NtAcceptConnectPort

NtAcceptConnectPort

NtCompactKeys

NtCompactKeys

NtCompleteConnectPort

NtCompleteConnectPort

NtCompressKey

NtCompressKey

NtConnectPort

NtConnectPort

NtCreateKey

NtCreateKey

NtCreateKeyedEvent

NtCreateKeyedEvent

NtCreateNamedPipeFile

NtCreateNamedPipeFile

NtCreatePort

NtCreatePort

NtCreateWaitablePort

NtCreateWaitablePort

NtDelayExecution

NtDelayExecution

NtDeleteKey

NtDeleteKey

NtDeleteValueKey

NtDeleteValueKey

NtEnumerateKey

NtEnumerateKey

NtEnumerateValueKey

NtEnumerateValueKey

NtFlushKey

NtFlushKey

NtImpersonateClientOfPort

NtImpersonateClientOfPort

NtListenPort

NtListenPort

NtLoadKey

NtLoadKey

NtLoadKey2

NtLoadKey2

NtLockProductActivationKeys

NtLockProductActivationKeys

NtLockRegistryKey

NtLockRegistryKey

NtNotifyChangeKey

NtNotifyChangeKey

NtNotifyChangeMultipleKeys

NtNotifyChangeMultipleKeys

NtOpenKey

NtOpenKey

NtOpenKeyedEvent

NtOpenKeyedEvent

NtQueryInformationPort

NtQueryInformationPort

NtQueryKey

NtQueryKey

NtQueryMultipleValueKey

NtQueryMultipleValueKey

NtQueryOpenSubKeys

NtQueryOpenSubKeys

NtQueryPortInformationProcess

NtQueryPortInformationProcess

NtQueryValueKey

NtQueryValueKey

NtRegisterThreadTerminatePort

NtRegisterThreadTerminatePort

NtReleaseKeyedEvent

NtReleaseKeyedEvent

NtRenameKey

NtRenameKey

NtReplaceKey

NtReplaceKey

NtReplyPort

NtReplyPort

NtReplyWaitReceivePort

NtReplyWaitReceivePort

NtReplyWaitReceivePortEx

NtReplyWaitReceivePortEx

NtReplyWaitReplyPort

NtReplyWaitReplyPort

NtRequestPort

NtRequestPort

NtRequestWaitReplyPort

NtRequestWaitReplyPort

NtRestoreKey

NtRestoreKey

NtSaveKey

NtSaveKey

NtSaveKeyEx

NtSaveKeyEx

NtSaveMergedKeys

NtSaveMergedKeys

NtSecureConnectPort

NtSecureConnectPort

NtSetDefaultHardErrorPort

NtSetDefaultHardErrorPort

NtSetInformationKey

NtSetInformationKey

NtSetThreadExecutionState

NtSetThreadExecutionState

NtSetValueKey

NtSetValueKey

NtUnloadKey

NtUnloadKey

NtUnloadKeyEx

NtUnloadKeyEx

NtWaitForKeyedEvent

NtWaitForKeyedEvent

NtYieldExecution

NtYieldExecution

RtlCheckRegistryKey

RtlCheckRegistryKey

RtlComputeImportTableHash

RtlComputeImportTableHash

RtlCreateRegistryKey

RtlCreateRegistryKey

RtlEnumProcessHeaps

RtlEnumProcessHeaps

RtlFormatCurrentUserKeyPath

RtlFormatCurrentUserKeyPath

RtlGetProcessHeaps

RtlGetProcessHeaps

RtlQueryProcessHeapInformation

RtlQueryProcessHeapInformation

RtlValidateProcessHeaps

RtlValidateProcessHeaps

RtlpNtCreateKey

RtlpNtCreateKey

RtlpNtEnumerateSubKey

RtlpNtEnumerateSubKey

RtlpNtMakeTemporaryKey

RtlpNtMakeTemporaryKey

RtlpNtOpenKey

RtlpNtOpenKey

RtlpNtQueryValueKey

RtlpNtQueryValueKey

RtlpNtSetValueKey

RtlpNtSetValueKey

ZwAcceptConnectPort

ZwAcceptConnectPort

ZwCompactKeys

ZwCompactKeys

ZwCompleteConnectPort

ZwCompleteConnectPort

ZwCompressKey

ZwCompressKey

ZwConnectPort

ZwConnectPort

ZwCreateKey

ZwCreateKey

ZwCreateKeyedEvent

ZwCreateKeyedEvent

ZwCreateNamedPipeFile

ZwCreateNamedPipeFile

ZwCreatePort

ZwCreatePort

ZwCreateWaitablePort

ZwCreateWaitablePort

ZwDelayExecution

ZwDelayExecution

ZwDeleteKey

ZwDeleteKey

ZwDeleteValueKey

ZwDeleteValueKey

ZwEnumerateKey

ZwEnumerateKey

ZwEnumerateValueKey

ZwEnumerateValueKey

ZwFlushKey

ZwFlushKey

ZwImpersonateClientOfPort

ZwImpersonateClientOfPort

ZwListenPort

ZwListenPort

ZwLoadKey

ZwLoadKey

ZwLoadKey2

ZwLoadKey2

ZwLockProductActivationKeys

ZwLockProductActivationKeys

ZwLockRegistryKey

ZwLockRegistryKey

ZwNotifyChangeKey

ZwNotifyChangeKey

ZwNotifyChangeMultipleKeys

ZwNotifyChangeMultipleKeys

ZwOpenKey

ZwOpenKey

ZwOpenKeyedEvent

ZwOpenKeyedEvent

ZwQueryInformationPort

ZwQueryInformationPort

ZwQueryKey

ZwQueryKey

ZwQueryMultipleValueKey

ZwQueryMultipleValueKey

ZwQueryOpenSubKeys

ZwQueryOpenSubKeys

ZwQueryPortInformationProcess

ZwQueryPortInformationProcess

ZwQueryValueKey

ZwQueryValueKey

ZwRegisterThreadTerminatePort

ZwRegisterThreadTerminatePort

ZwReleaseKeyedEvent

ZwReleaseKeyedEvent

ZwRenameKey

ZwRenameKey

ZwReplaceKey

ZwReplaceKey

ZwReplyPort

ZwReplyPort

ZwReplyWaitReceivePort

ZwReplyWaitReceivePort

ZwReplyWaitReceivePortEx

ZwReplyWaitReceivePortEx

ZwReplyWaitReplyPort

ZwReplyWaitReplyPort

ZwRequestPort

ZwRequestPort

ZwRequestWaitReplyPort

ZwRequestWaitReplyPort

ZwRestoreKey

ZwRestoreKey

ZwSaveKey

ZwSaveKey

ZwSaveKeyEx

ZwSaveKeyEx

ZwSaveMergedKeys

ZwSaveMergedKeys

ZwSecureConnectPort

ZwSecureConnectPort

ZwSetDefaultHardErrorPort

ZwSetDefaultHardErrorPort

ZwSetInformationKey

ZwSetInformationKey

ZwSetThreadExecutionState

ZwSetThreadExecutionState

ZwSetValueKey

ZwSetValueKey

ZwUnloadKey

ZwUnloadKey

ZwUnloadKeyEx

ZwUnloadKeyEx

ZwWaitForKeyedEvent

ZwWaitForKeyedEvent

ZwYieldExecution

ZwYieldExecution

?SsHd

?SsHd

>SsHd

>SsHd

secserv.dll

secserv.dll

.aspack

.aspack

.pcle

.pcle

.sforce

.sforce

|BaseProcessInitPostImport

|BaseProcessInitPostImport

.txt2

.txt2

CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions

CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions

CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database

CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database

CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ

CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ

LDR: %s - failing because LdrpLoadDll(%wZ) returned status %x

LDR: %s - failing because LdrpLoadDll(%wZ) returned status %x

LDR: %s - Exception lx thrown running initialization routines for %wZ

LDR: %s - Exception lx thrown running initialization routines for %wZ

LDR: exception lx thrown within function %s

LDR: exception lx thrown within function %s

|_CorExeMain

|_CorExeMain

Invalid flags (x) specified to RtlCreateHeap

Invalid flags (x) specified to RtlCreateHeap

LDR: LdrpWalkImportDescriptor() failed to probe %wZ for its manifest, ntstatus 0xlx

LDR: LdrpWalkImportDescriptor() failed to probe %wZ for its manifest, ntstatus 0xlx

LDR: %s - failed to allocate dynamic array of %u DLL initializers to run

LDR: %s - failed to allocate dynamic array of %u DLL initializers to run

[%x,%x] LDR: Real INIT LIST for process %wZ pid %u 0x%x

[%x,%x] LDR: Real INIT LIST for process %wZ pid %u 0x%x

[%x,%x] %wZ init routine %p

[%x,%x] %wZ init routine %p

[%x,%x] LDR: %wZ loaded

[%x,%x] LDR: %wZ loaded

[%x,%x] LDR: calling init routine %p for DLL_PROCESS_ATTACH

[%x,%x] LDR: calling init routine %p for DLL_PROCESS_ATTACH

[%x,%x] LDR: DLL_PROCESS_ATTACH for dll "%wZ" (InitRoutine: %p) failed

[%x,%x] LDR: DLL_PROCESS_ATTACH for dll "%wZ" (InitRoutine: %p) failed

LDR: %s - caught exception lx snapping thunks (#1)

LDR: %s - caught exception lx snapping thunks (#1)

LDR: %s - caught exception lx snapping thunks (#2)

LDR: %s - caught exception lx snapping thunks (#2)

LDR: TlsVector %x Index %d = %x copied from %x to %x

LDR: TlsVector %x Index %d = %x copied from %x to %x

LDR: %s - caught exception lx calling TLS callbacks

LDR: %s - caught exception lx calling TLS callbacks

Failed to initialize a new segment (%x)

Failed to initialize a new segment (%x)

Abandoning uncommitted range (%x for %x)

Abandoning uncommitted range (%x for %x)

Failing creating uncommitted range (%x for %x)

Failing creating uncommitted range (%x for %x)

NAME - %s

NAME - %s

LDR: %s - Exception %x thrown by LdrpRunInitializeRoutines

LDR: %s - Exception %x thrown by LdrpRunInitializeRoutines

LDR: %s - caught exception lx while checking image checksums

LDR: %s - caught exception lx while checking image checksums

LDR: %s - Caught exception lx

LDR: %s - Caught exception lx

(%d) [%ws] %ws (%lx) deinit %lx

(%d) [%ws] %ws (%lx) deinit %lx

LDR: %s - exception lx caught while sending DLL_PROCESS_DETACH

LDR: %s - exception lx caught while sending DLL_PROCESS_DETACH

LDR: %s - Dll name missing extension; with extension added the length is too long

LDR: %s - Dll name missing extension; with extension added the length is too long

DllName->Length: %u

DllName->Length: %u

LDR: %s - Exception %x thrown by LdrpWalkImportDescriptor

LDR: %s - Exception %x thrown by LdrpWalkImportDescriptor

LDR: Unloading %wZ due to error %x walking import descriptors

LDR: Unloading %wZ due to error %x walking import descriptors

LDR: Unloading %wZ because either its init routine or one of its static imports failed; status = 0xlx

LDR: Unloading %wZ because either its init routine or one of its static imports failed; status = 0xlx

LDR: failed to load mscoree.dll, status=%x

LDR: failed to load mscoree.dll, status=%x

LDR: PID: 0x%x finished - '%wZ'

LDR: PID: 0x%x finished - '%wZ'

LDR: %s - failing because we were unable to map the image base address (%p) to the PIMAGE_NT_HEADERS

LDR: %s - failing because we were unable to map the image base address (%p) to the PIMAGE_NT_HEADERS

LDR: PID: 0x%x started - '%wZ'

LDR: PID: 0x%x started - '%wZ'

LDR: Stack trace database size is %u Mb

LDR: Stack trace database size is %u Mb

LDR: %s - unable to create process heap

LDR: %s - unable to create process heap

LDR: %s failing process initialization due to inability to create loader private heap.

LDR: %s failing process initialization due to inability to create loader private heap.

LDR: %s - failed call to NtQuerySymbolicLinkObject with status %x

LDR: %s - failed call to NtQuerySymbolicLinkObject with status %x

LDR: %s - unable to allocate current working directory buffer

LDR: %s - unable to allocate current working directory buffer

LDR: %s - failed to allocate PEB_LDR_DATA

LDR: %s - failed to allocate PEB_LDR_DATA

LDR: %s - failing process initialization due to inability allocate "%wZ"'s LDR_DATA_TABLE_ENTRY

LDR: %s - failing process initialization due to inability allocate "%wZ"'s LDR_DATA_TABLE_ENTRY

LDR: %s - failing process initialization due to inability to allocate NTDLL's LDR_DATA_TABLE_ENTRY

LDR: %s - failing process initialization due to inability to allocate NTDLL's LDR_DATA_TABLE_ENTRY

LDR: %s - unable to set current directory to "%wZ"; status = %x

LDR: %s - unable to set current directory to "%wZ"; status = %x

LDR: %s - unable to set current directory to NtSystemRoot; status = %x

LDR: %s - unable to set current directory to NtSystemRoot; status = %x

LDR: %s - unable to allocate heap for the image's .local path

LDR: %s - unable to allocate heap for the image's .local path

LDR: Unable to load kernel32.dll. Status=%x

LDR: Unable to load kernel32.dll. Status=%x

LDR: Failed to find post-import process init function in kernel32; ntstatus 0xlx

LDR: Failed to find post-import process init function in kernel32; ntstatus 0xlx

LDR: %s - call to LdrpWalkImportDescriptor failed with status %x

LDR: %s - call to LdrpWalkImportDescriptor failed with status %x

LDR: %s - call to LdrpSetProtection(%p, FALSE, TRUE) failed with status %x

LDR: %s - call to LdrpSetProtection(%p, FALSE, TRUE) failed with status %x

LDR: %s - call to LdrRelocateImage failed with status %x

LDR: %s - call to LdrRelocateImage failed with status %x

LDR: %s - call to LdrpSetProtection(%p, TRUE, TRUE) failed with status %x

LDR: %s - call to LdrpSetProtection(%p, TRUE, TRUE) failed with status %x

LDR: %s - failed to initialize TLS slots; status %x

LDR: %s - failed to initialize TLS slots; status %x

LDR: %s - Failed running kernel32 post-import function; status 0xlx

LDR: %s - Failed running kernel32 post-import function; status 0xlx

LDR: %s - Failed running initialization routines; status %x

LDR: %s - Failed running initialization routines; status %x

LDR: %s - failed call to NtOpenSymbolicLinkObject with status %x

LDR: %s - failed call to NtOpenSymbolicLinkObject with status %x

LDR: ***NONFATAL*** %s - call to NtDelayExecution waiting on loader lock failed; ntstatus = %x

LDR: ***NONFATAL*** %s - call to NtDelayExecution waiting on loader lock failed; ntstatus = %x

LDR: %s - Call to NtQueryVirtualMemory failed with ntstaus %x

LDR: %s - Call to NtQueryVirtualMemory failed with ntstaus %x

LDR: %s - call to LdrpInitializeProcess() failed with ntstatus %x

LDR: %s - call to LdrpInitializeProcess() failed with ntstatus %x

because path search required %u bytes

because path search required %u bytes

LDR: %s - NtOpenFile failed; status = %x

LDR: %s - NtOpenFile failed; status = %x

LDR: %s %wZ (%lx)

LDR: %s %wZ (%lx)

LDR: %s call to RtlComputePrivatizedDllName_U() failed with status %lx

LDR: %s call to RtlComputePrivatizedDllName_U() failed with status %lx

LDR: %s calling LdrpCopyUnicodeString() failed; exiting with status %lx

LDR: %s calling LdrpCopyUnicodeString() failed; exiting with status %lx

LDR: %s failed calling LdrpResolveDllNameForAppPrivateRediretion with status %lx

LDR: %s failed calling LdrpResolveDllNameForAppPrivateRediretion with status %lx

LDR: %s failed call to LdrpCopyUnicodeString() in redirected case; status = %lx

LDR: %s failed call to LdrpCopyUnicodeString() in redirected case; status = %lx

LDR: %s - call to RtlDosSearchPath_U failed

LDR: %s - call to RtlDosSearchPath_U failed

LDR: LdrResolveDllName - Failing resolution because found path too long (%u bytes; max is %u bytes)

LDR: LdrResolveDllName - Failing resolution because found path too long (%u bytes; max is %u bytes)

LDR: %s - failed to allocate string for full dll name; length requested: %u

LDR: %s - failed to allocate string for full dll name; length requested: %u

LDR: %s - Required path length required for %ws changed from %lu to %lu; try launching the app again.

LDR: %s - Required path length required for %ws changed from %lu to %lu; try launching the app again.

LDR: %s - failing because RtlFindCharInUnicodeString failed with status %x

LDR: %s - failing because RtlFindCharInUnicodeString failed with status %x

LDR: %s - call back to app compat redirection function @ %p (cb data: %p) failed with status %x

LDR: %s - call back to app compat redirection function @ %p (cb data: %p) failed with status %x

LDR: %s - call to LdrpCheckForKnownDll("%ws", ...) failed with status %x

LDR: %s - call to LdrpCheckForKnownDll("%ws", ...) failed with status %x

LDR: %s - call to LdrpResolveDllName on dll "%ws" failed with status %x

LDR: %s - call to LdrpResolveDllName on dll "%ws" failed with status %x

LDR: Loading (%s, %s) %wZ

LDR: Loading (%s, %s) %wZ

LDR: %s - call to RtlDosPathNameToNtPathName_U on path "%wZ" failed; returning status %x

LDR: %s - call to RtlDosPathNameToNtPathName_U on path "%wZ" failed; returning status %x

LDR: %s - LdrpCreateDllSection (%wZ) failed with status %x

LDR: %s - LdrpCreateDllSection (%wZ) failed with status %x

LDR: %s - failed to map view of section; status = %x

LDR: %s - failed to map view of section; status = %x

LDR: %s - unable to map ViewBase (%p) to image headers; failing with status %x

LDR: %s - unable to map ViewBase (%p) to image headers; failing with status %x

LDR: %s - failed to allocate new data table entry for %p

LDR: %s - failed to allocate new data table entry for %p

[%x,%x] LDR: Failed to map view of section; ntstatus = %x

[%x,%x] LDR: Failed to map view of section; ntstatus = %x

[%x,%x] LDR: %s - NtMapViewOfSection on no reloc needed dll failed with status %x

[%x,%x] LDR: %s - NtMapViewOfSection on no reloc needed dll failed with status %x

LdrpLoadImportModule

LdrpLoadImportModule

LDR: %s - RtlDosApplyFileIsolationRedirection_Ustr failed with status %x

LDR: %s - RtlDosApplyFileIsolationRedirection_Ustr failed with status %x

LDR: %s - LdrpMapDll(%p, %ls, NULL, TRUE, %d, %p) failed with status %x

LDR: %s - LdrpMapDll(%p, %ls, NULL, TRUE, %d, %p) failed with status %x

LDR: %s - LdrpWalkImportDescriptor [dll %ls] failed with status %x

LDR: %s - LdrpWalkImportDescriptor [dll %ls] failed with status %x

LDR: %wZ bound to %s

LDR: %wZ bound to %s

LDR: %wZ failed to load import module %s; status = %x

LDR: %wZ failed to load import module %s; status = %x

LDR: %wZ has correct binding to %s

LDR: %wZ has correct binding to %s

LDR: %wZ has stale binding to %s

LDR: %wZ has stale binding to %s

LDR: %wZ bound to %s via forwarder(s) from %wZ

LDR: %wZ bound to %s via forwarder(s) from %wZ

LDR: LdrpWalkImportTable - failing with STATUS_OBJECT_NAME_INVALID due to no import descriptor name

LDR: LdrpWalkImportTable - failing with STATUS_OBJECT_NAME_INVALID due to no import descriptor name

LDR: Stale Bind %s from %wZ

LDR: Stale Bind %s from %wZ

LDR: LdrpWalkImportTable - LdrpSnapIAT failed with status %x

LDR: LdrpWalkImportTable - LdrpSnapIAT failed with status %x

LDR: %s used by %wZ

LDR: %s used by %wZ

LDR: LdrpWalkImportTable - LdrpLoadImportModule failed on import %s with status %x

LDR: LdrpWalkImportTable - LdrpLoadImportModule failed on import %s with status %x

LDR: Snapping imports for %wZ from %s

LDR: Snapping imports for %wZ from %s

LDR: LdrpWalkImportTable - LdrpSnapIAT #2 failed with status %x

LDR: LdrpWalkImportTable - LdrpSnapIAT #2 failed with status %x

Execute '.cxr %p' to dump context

Execute '.cxr %p' to dump context

RTL: Acquire Shared Sem Timeout %d(%I64u secs)

RTL: Acquire Shared Sem Timeout %d(%I64u secs)

RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)

RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)

RTL: Convert Exclusive Sem Timeout %d (%I64u secs)

RTL: Convert Exclusive Sem Timeout %d (%I64u secs)

RTL: Enter Critical Section Timeout (%I64u secs) %d

RTL: Enter Critical Section Timeout (%I64u secs) %d

RTL: Pid.Tid %x.%x, owner tid %x Critical Section %p - ContentionCount == %lu

RTL: Pid.Tid %x.%x, owner tid %x Critical Section %p - ContentionCount == %lu

SXS: %s() passed the empty activation context data

SXS: %s() passed the empty activation context data

SXS: %s() called with invalid flags 0xlx

SXS: %s() called with invalid flags 0xlx

SXS: %s() called with invalid cookie type 0xI64x

SXS: %s() called with invalid cookie type 0xI64x

SXS: %s() called with invalid cookie tid 0xI64x - should be lx

SXS: %s() called with invalid cookie tid 0xI64x - should be lx

SXS: %s() Active frame is not the frame being deactivated %p != %p

SXS: %s() Active frame is not the frame being deactivated %p != %p

SXS/RTL: Extended TOC section TOC %d (offset: %ld, size: %u) is outside activation context data bounds (%lu bytes)

SXS/RTL: Extended TOC section TOC %d (offset: %ld, size: %u) is outside activation context data bounds (%lu bytes)

SXS/RTL: Extended TOC entry array (starting at offset %ld; count = %lu; entry size = %u) is outside bounds of activation context data (%lu bytes)

SXS/RTL: Extended TOC entry array (starting at offset %ld; count = %lu; entry size = %u) is outside bounds of activation context data (%lu bytes)

SXS/RTL: TOC entry array (offset: %ld; count = %lu; entry size = %u) is outside bounds of activation context data (%lu bytes)

SXS/RTL: TOC entry array (offset: %ld; count = %lu; entry size = %u) is outside bounds of activation context data (%lu bytes)

SXS: %s() flags contains return_flags but they don't fit in size, return invalid_parameter 0xlx.

SXS: %s() flags contains return_flags but they don't fit in size, return invalid_parameter 0xlx.

SXS: %s() flags contains return_assembly_metadata but they don't fit in size, return invalid_parameter 0xlx.

SXS: %s() flags contains return_assembly_metadata but they don't fit in size, return invalid_parameter 0xlx.

RtlpFindUnicodeStringInSection: Unsupported hash algorithm %lu found in string section.

RtlpFindUnicodeStringInSection: Unsupported hash algorithm %lu found in string section.

SXS: String hash table entry at %p has invalid key offset (= %ld)

SXS: String hash table entry at %p has invalid key offset (= %ld)

8SsHdu

8SsHdu

SXS: %s() received invalid non-zero sub-instance index %lu

SXS: %s() received invalid non-zero sub-instance index %lu

SXS: %s() found activation context data at %p with assembly roster that has no root

SXS: %s() found activation context data at %p with assembly roster that has no root

SXS: %s() - Caller passed invalid flags (0xlx)

SXS: %s() - Caller passed invalid flags (0xlx)

SXS: %s() - Caller passed meaningless flags/class combination (0xlx/0xlx)

SXS: %s() - Caller passed meaningless flags/class combination (0xlx/0xlx)

SXS: %s() - caller asked for unknown information class %lu

SXS: %s() - caller asked for unknown information class %lu

SXS: %s() - caller passed nonzero buffer length but NULL buffer pointer

SXS: %s() - caller passed nonzero buffer length but NULL buffer pointer

SXS: %s() - caller supplied no buffer to populate and no place to return required byte count

SXS: %s() - caller supplied no buffer to populate and no place to return required byte count

SXS: %s() - Caller asked to use activation context from address in .dll but passed NULL

SXS: %s() - Caller asked to use activation context from address in .dll but passed NULL

SXS: %s() - Caller passed invalid address, not in any .dll (%p)

SXS: %s() - Caller passed invalid address, not in any .dll (%p)

SXS: %s() - Caller asked to use activation context from hmodule but passed NULL

SXS: %s() - Caller asked to use activation context from hmodule but passed NULL

SXS: %s() - Caller passed invalid hmodule (%p)

SXS: %s() - Caller passed invalid hmodule (%p)

SXS: %s() - caller asked to use active activation context but passed %p

SXS: %s() - caller asked to use active activation context but passed %p

SXS: %s() - internal coding error; missing switch statement branch for InfoClass == %lu

SXS: %s() - internal coding error; missing switch statement branch for InfoClass == %lu

SXS: Unable to expand %%SystemRoot%%\WinSxS\ Status = 0x08lx

SXS: Unable to expand %%SystemRoot%%\WinSxS\ Status = 0x08lx

SXS: Unable to enumerate assembly storage subkey #%lu Status = 0xlx

SXS: Unable to enumerate assembly storage subkey #%lu Status = 0xlx

SXS: Attempt to get storage location from subkey %wZ failed; Status = 0xlx

SXS: Attempt to get storage location from subkey %wZ failed; Status = 0xlx

SXS: Unable to open registry key %wZ Status = 0xlx

SXS: Unable to open registry key %wZ Status = 0xlx

SXS: %s() bad parameters:

SXS: %s() bad parameters:

SXS: %s() bad parameters

SXS: %s() bad parameters

SXS: StorageLocation->Length: 0x%x

SXS: StorageLocation->Length: 0x%x

SXS: Assembly storage resolution failing probe because attempt to allocate %u bytes failed.

SXS: Assembly storage resolution failing probe because attempt to allocate %u bytes failed.

SXS: Attempt to translate DOS path name "%S" to NT format failed

SXS: Attempt to translate DOS path name "%S" to NT format failed

SXS: Unable to open assembly directory under storage root "%S"; Status = 0xlx

SXS: Unable to open assembly directory under storage root "%S"; Status = 0xlx

SXS: %s() passed the empty activation context

SXS: %s() passed the empty activation context

SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx

SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx

d:\xpsp\base\ntdll\sxsisol.cpp

d:\xpsp\base\ntdll\sxsisol.cpp

rUS.Length PrivatePreallocatedString->MaximumLength

rUS.Length PrivatePreallocatedString->MaximumLength

[%x.%x] SXS: %s - Relative redirection plus env var expansion.

[%x.%x] SXS: %s - Relative redirection plus env var expansion.

!(askd.Flags & ACTIVATION_CONTEXT_SECTION_KEYED_DATA_FLAG_FOUND_IN_SYSTEM_DEFAULT)

!(askd.Flags & ACTIVATION_CONTEXT_SECTION_KEYED_DATA_FLAG_FOUND_IN_SYSTEM_DEFAULT)

%s: %s() failed 0x%lx

%s: %s() failed 0x%lx

%s: OldBase : %p

%s: OldBase : %p

%s: NewBase : %p

%s: NewBase : %p

%s: Diff : 0x%I64x

%s: Diff : 0x%I64x

%s: NextOffset : %p

%s: NextOffset : %p

%s: *NextOffset : 0x%x

%s: *NextOffset : 0x%x

%s: SizeOfBlock : 0x%lx

%s: SizeOfBlock : 0x%lx

Heap missing last entry in committed range near %x

Heap missing last entry in committed range near %x

RTL: Expand variables for %wZ failed - Status == %lx Size %x > %x

RTL: Expand variables for %wZ failed - Status == %lx Size %x > %x

RtlpCallQueryRegistryRoutine: skipping expansion. Status=%x RequiredLength=%x

RtlpCallQueryRegistryRoutine: skipping expansion. Status=%x RequiredLength=%x

RtlpCallQueryRegistryRoutine: skipping environment expansion. ValueLength=%x

RtlpCallQueryRegistryRoutine: skipping environment expansion. ValueLength=%x

RtlQueryRegistryValues: Miscomputed buffer size at line %d

RtlQueryRegistryValues: Miscomputed buffer size at line %d

Invalid heap signature for heap at %x

Invalid heap signature for heap at %x

, passed to %s

, passed to %s

Unable to release memory at %p for %p bytes - Status == %x

Unable to release memory at %p for %p bytes - Status == %x

ProcessHeapsListIndex

ProcessHeapsListIndex

i9\\.\WMIDataDevice

i9\\.\WMIDataDevice

Set 0x%X protection for %p section for %d bytes, old protection 0x%X

Set 0x%X protection for %p section for %d bytes, old protection 0x%X

CLIENT(ntdll): Tyring to fix protection for %ws section in %wZ module to 0x%X

CLIENT(ntdll): Tyring to fix protection for %ws section in %wZ module to 0x%X

LDR: %s - exception lx caught while copying %u bytes from %p to %p

LDR: %s - exception lx caught while copying %u bytes from %p to %p

Last checkpoint: %s line %d

Last checkpoint: %s line %d

NTDLL: Calling thread (%X) not owner of CritSect: %p Owner ThreadId: %X

NTDLL: Calling thread (%X) not owner of CritSect: %p Owner ThreadId: %X

AVRF: chain: thunk: %s == %s ?

AVRF: chain: thunk: %s == %s ?

AVRF: Found duplicate for (%ws: %s) in %ws

AVRF: Found duplicate for (%ws: %s) in %ws

AVRF: Checking %ws for duplicate (%ws: %s)

AVRF: Checking %ws for duplicate (%ws: %s)

AVRF: Chaining (%ws: %s) to %ws

AVRF: Chaining (%ws: %s) to %ws

AVRF: Unable to unprotect IAT to modify thunks (status X).

AVRF: Unable to unprotect IAT to modify thunks (status X).

AVRF:SilviuC: New thunk for %s is null.

AVRF:SilviuC: New thunk for %s is null.

AVRF: Snapped (%ws: %s) with (%ws: %p).

AVRF: Snapped (%ws: %s) with (%ws: %p).

AVRF: found verified export %s @ %p

AVRF: found verified export %s @ %p

AVRF: failed to enable handle checking (status %X)

AVRF: failed to enable handle checking (status %X)

VERIFIER INTERNAL ERROR %p: pid 0x%X: %s

VERIFIER INTERNAL ERROR %p: pid 0x%X: %s

%p : %s

%p : %s

VERIFIER INTERNAL WARNING %p: pid 0x%X: %s

VERIFIER INTERNAL WARNING %p: pid 0x%X: %s

VERIFIER STOP %p: pid 0x%X: %s

VERIFIER STOP %p: pid 0x%X: %s

Page heap: found %s @ address %p

Page heap: found %s @ address %p

Page heap: detected CRT heap @ %p

Page heap: detected CRT heap @ %p

AVRF: %ws: failed to load provider `%ws' (status X) from %ws

AVRF: %ws: failed to load provider `%ws' (status X) from %ws

AVRF: provider %ws passed an invalid descriptor @ %p

AVRF: provider %ws passed an invalid descriptor @ %p

AVRF: pid 0x%X: found dll descriptor for `%ws' with verified exports

AVRF: pid 0x%X: found dll descriptor for `%ws' with verified exports

Snapped (%ws) operator new ...

Snapped (%ws) operator new ...

Snapped (%ws) operator delete ...

Snapped (%ws) operator delete ...

Snapped (%ws) operator new[] ...

Snapped (%ws) operator new[] ...

Snapped (%ws) operator delete[] ...

Snapped (%ws) operator delete[] ...

AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled

AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled

AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error.

AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error.

SsHd;

SsHd;

SXS: %s() passed string section at %p only %lu bytes long; that's not even enough for the 4-byte magic and 4-byte header length!

SXS: %s() passed string section at %p only %lu bytes long; that's not even enough for the 4-byte magic and 4-byte header length!

SXS: %s() found assembly information section with wrong magic value

SXS: %s() found assembly information section with wrong magic value

SXS: %s() passed string section at %p claims %lu byte header size; that doesn't even include the HeaderSize member!

SXS: %s() passed string section at %p claims %lu byte header size; that doesn't even include the HeaderSize member!

SXS: %s() passed string section at %p with too small of a header

SXS: %s() passed string section at %p with too small of a header

SXS: %s() found assembly information section with element list overlapping section header

SXS: %s() found assembly information section with element list overlapping section header

SXS: %s() found assembly information section with search structure overlapping section header

SXS: %s() found assembly information section with search structure overlapping section header

SXS: %s() found assembly information section with user data overlapping section header

SXS: %s() found assembly information section with user data overlapping section header

SXS: %s() found assembly information section with user data too small

SXS: %s() found assembly information section with user data too small

SXS: %s() found assembly information section with user data extending beyond section data

SXS: %s() found assembly information section with user data extending beyond section data

SXS: %s() received invalid sub-instance index %lu out of %lu Assemblies in the Acitvation Context

SXS: %s() received invalid sub-instance index %lu out of %lu Assemblies in the Acitvation Context

SXS: %s() received invalid file index (%d) in Assembly (%d)

SXS: %s() received invalid file index (%d) in Assembly (%d)

|SXS: Unable to open storage root subkey %wZ; Status = 0xlx

|SXS: Unable to open storage root subkey %wZ; Status = 0xlx

SXS: Unabel to query location from storage root subkey %wZ; Status = 0xlx

SXS: Unabel to query location from storage root subkey %wZ; Status = 0xlx

*** Assertion failed: %s%s

*** Assertion failed: %s%s

*** %s%s%sSource File: %s, line %ld

*** %s%s%sSource File: %s, line %ld

VirtualQuery Failed 0xx %x

VirtualQuery Failed 0xx %x

VirtualProtect Failed 0xx %x

VirtualProtect Failed 0xx %x

::%hs%u.%u.%u.%u

::%hs%u.%u.%u.%u

::ffff:0:%u.%u.%u.%u

::ffff:0:%u.%u.%u.%u

:%u.%u.%u.%u

:%u.%u.%u.%u

%u.%u.%u.%u

%u.%u.%u.%u

>%u}F

>%u}F

Trace database: failing attempt to save biiiiig trace (size %u)

Trace database: failing attempt to save biiiiig trace (size %u)

*** Unhandled exception 0xlx, hit in %ws:%s

*** Unhandled exception 0xlx, hit in %ws:%s

*** A stack buffer overrun occurred in %ws:%s

*** A stack buffer overrun occurred in %ws:%s

The stack trace should show the guilty function (the function directly above __report_gsfailure).

The stack trace should show the guilty function (the function directly above __report_gsfailure).

*** Resource timeout (%p) in %ws:%s

*** Resource timeout (%p) in %ws:%s

The resource is owned exclusively by thread %x

The resource is owned exclusively by thread %x

The resource is owned shared by %d threads

The resource is owned shared by %d threads

*** Critical Section Timeout (%p) in %ws:%s

*** Critical Section Timeout (%p) in %ws:%s

The critical section is owned by thread %x.

The critical section is owned by thread %x.

*** Inpage error in %ws:%s

*** Inpage error in %ws:%s

This failed because of error %x.

This failed because of error %x.

This means that the I/O device reported an I/O error. Check your hardware.

This means that the I/O device reported an I/O error. Check your hardware.

*** An Access Violation occurred in %ws:%s

*** An Access Violation occurred in %ws:%s

The instruction at %p tried to %s

The instruction at %p tried to %s

*** enter .exr %p for the exception record

*** enter .exr %p for the exception record

*** enter .cxr %p for the context

*** enter .cxr %p for the context

*** Restarting wait on critsec or resource at %p (in %ws:%s)

*** Restarting wait on critsec or resource at %p (in %ws:%s)

.hotp1

.hotp1

I64X: VA64 6I64X -> 6I64X %s

I64X: VA64 6I64X -> 6I64X %s

I64X: PC32 X -> X (target X) %s

I64X: PC32 X -> X (target X) %s

I64X: VA32 X -> X %s

I64X: VA32 X -> X %s

None%s

None%s

Validation failed for global range %u of %u

Validation failed for global range %u of %u

I64X: jmp X (PC X) {

I64X: jmp X (PC X) {

Inserting %u hooks into target image

Inserting %u hooks into target image

Header too large (%u>%u) for copy/normalize/validate

Header too large (%u>%u) for copy/normalize/validate

PAGE_EXECUTE

PAGE_EXECUTE

0xX

0xX

PAGE_EXECUTE_WRITECOPY

PAGE_EXECUTE_WRITECOPY

PAGE_EXECUTE_READWRITE

PAGE_EXECUTE_READWRITE

PAGE_EXECUTE_READ

PAGE_EXECUTE_READ

Page heap: Failed changing VM at X size 0x%X

Page heap: Failed changing VM at X size 0x%X

from %s to %s (Status X)

from %s to %s (Status X)

Exception record (.exr on 1st word, .cxr on 2nd word)

Exception record (.exr on 1st word, .cxr on 2nd word)

Page heap: pid 0x%X: vm limit: vspace: disabling full page heap

Page heap: pid 0x%X: vm limit: vspace: disabling full page heap

Page heap: pid 0x%X: vm limit: pfile: disabling full page heap

Page heap: pid 0x%X: vm limit: pfile: disabling full page heap

Page heap: pid 0x%X: vm limit: reenabling full page heap

Page heap: pid 0x%X: vm limit: reenabling full page heap

Page heap: enabling fault injection for process 0x%X

Page heap: enabling fault injection for process 0x%X

Page heap: assert: (SystemInfo.PageSize == PAGE_SIZE)

Page heap: assert: (SystemInfo.PageSize == PAGE_SIZE)

Page heap: assert: (SystemInfo.AllocationGranularity == VM_UNIT_SIZE)

Page heap: assert: (SystemInfo.AllocationGranularity == VM_UNIT_SIZE)

HEAP %p (Seg %p) At %p Error: %s

HEAP %p (Seg %p) At %p Error: %s

Heap %x - headers modified (%x is %x instead of %x)

Heap %x - headers modified (%x is %x instead of %x)

This is located in the %s field of the heap header.

This is located in the %s field of the heap header.

Heap block at %p is not last block in segment (%x)

Heap block at %p is not last block in segment (%x)

Heap Segment at %p contains invalid NumberOfUnCommittedPages (%x != %x)

Heap Segment at %p contains invalid NumberOfUnCommittedPages (%x != %x)

Heap entry %p is beyond uncommited range [%x .. %x)

Heap entry %p is beyond uncommited range [%x .. %x)

Heap entry %p has incorrect PreviousSize field (x instead of x)

Heap entry %p has incorrect PreviousSize field (x instead of x)

Heap block at %p has incorrect segment index (%x)

Heap block at %p has incorrect segment index (%x)

Heap block at %p does not match address of next uncommitted address (%x)

Heap block at %p does not match address of next uncommitted address (%x)

Heap Segment at %p contains invalid NumberOfUnCommittedRanges (%x != %x)

Heap Segment at %p contains invalid NumberOfUnCommittedRanges (%x != %x)

Invalid Address specified to %s( %p, %p )

Invalid Address specified to %s( %p, %p )

dedicated (x) free list empty but marked as non-empty

dedicated (x) free list empty but marked as non-empty

dedicated (x) free list non-empty but marked as empty

dedicated (x) free list non-empty but marked as empty

dedicated (x) free list element %p is marked busy

dedicated (x) free list element %p is marked busy

Dedicated (x) free list element %p is wrong size (x)

Dedicated (x) free list element %p is wrong size (x)

Non-Dedicated free list element %p with too small size (x)

Non-Dedicated free list element %p with too small size (x)

Pseudo Tag x size incorrect (%x != %x) %x

Pseudo Tag x size incorrect (%x != %x) %x

Tag x (%ws) size incorrect (%x != %x) %x

Tag x (%ws) size incorrect (%x != %x) %x

May not destroy the process heap at %x

May not destroy the process heap at %x

Just allocated block at %p for 0x%x bytes

Just allocated block at %p for 0x%x bytes

Just allocated block at %p for 0x%x bytes with tag %ws

Just allocated block at %p for 0x%x bytes with tag %ws

Invalid allocation size - %p (exceeded %x)

Invalid allocation size - %p (exceeded %x)

About to reallocate block at %p to 0x%x bytes

About to reallocate block at %p to 0x%x bytes

About to rellocate block at %p to 0x%x bytes with tag %ws

About to rellocate block at %p to 0x%x bytes with tag %ws

Just reallocated block at %p to 0x%x bytes

Just reallocated block at %p to 0x%x bytes

Just reallocated block at %p to 0x%x bytes with tag %ws

Just reallocated block at %p to 0x%x bytes with tag %ws

ntdll.pdb

ntdll.pdb

: :$:(:,:

: :$:(:,:

2-3}6

2-3}6

:&: :6:?:

:&: :6:?:

3 3(3.343]3

3 3(3.343]3

5_5P5

5_5P5

2#3 3;3^3|3

2#3 3;3^3|3

1(1/161@1

1(1/161@1

5 5$505?6

5 5$505?6

&0\00181

&0\00181

\\.\CON

\\.\CON

{lx-x-x-xx-xxxxxx}

{lx-x-x-xx-xxxxxx}

\Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\

\Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\

kernel32.dll

kernel32.dll

user32.dll

user32.dll

.Local\

.Local\

%SystemRoot%\WinSxS\

%SystemRoot%\WinSxS\

\Registry\Machine\Software\Microsoft\Windows\CurrentVersion\SideBySide\AssemblyStorageRoots

\Registry\Machine\Software\Microsoft\Windows\CurrentVersion\SideBySide\AssemblyStorageRoots

.Local

.Local

ApiPort

ApiPort

!CSRPORT

!CSRPORT

CSRPORT!

CSRPORT!

\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

\Registry\Machine\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

\Registry\Machine\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

\Registry\User\.Default

\Registry\User\.Default

\Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion

\Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion

\bootstat.dat

\bootstat.dat

\system32\mscoree.dll

\system32\mscoree.dll

mscoree.dll

mscoree.dll

DebugProcessHeapOnly

DebugProcessHeapOnly

\WindowsSS

\WindowsSS

%%%u!%s!

%%%u!%s!

\\?\UNC\

\\?\UNC\

\\?\UNC

\\?\UNC

ADVAPI32.DLL

ADVAPI32.DLL

"/\[]:| =;,?*

"/\[]:| =;,?*

Objects>%4u

Objects>%4u

Objects=%4u

Objects=%4u

verifier.dll

verifier.dll

msvcrt.dll

msvcrt.dll

ole32.dll

ole32.dll

Software\Microsoft\Windows\CurrentVersion

Software\Microsoft\Windows\CurrentVersion

\system32\kernel32.dll

\system32\kernel32.dll

%s_%d

%s_%d

lX-X-X-XX-XXXXXX

lX-X-X-XX-XXXXXX

\Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion\NetworkCards

\Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion\NetworkCards

%ws\%u

%ws\%u

\Registry\Machine\Hardware\DeviceMap\Scsi\Scsi Port %d\Scsi Bus %d\Target ID %d\Logical Unit Id %d

\Registry\Machine\Hardware\DeviceMap\Scsi\Scsi Port %d\Scsi Bus %d\Target ID %d\Logical Unit Id %d

\Device\Harddisk%d\Partition0

\Device\Harddisk%d\Partition0

5.1.2600.5512 (xpsp.080413-2111)

5.1.2600.5512 (xpsp.080413-2111)

Windows

Windows

Operating System

Operating System

5.1.2600.5512

5.1.2600.5512

The operation that was requested is pending completion.

The operation that was requested is pending completion.

An open/create operation completed while an oplock break is underway.

An open/create operation completed while an oplock break is underway.

{Connect Failure on Primary Transport}

{Connect Failure on Primary Transport}

An attempt was made to connect to the remote server %hs on the primary transport, but the connection failed.

An attempt was made to connect to the remote server %hs on the primary transport, but the connection failed.

The computer WAS able to connect on a secondary transport.

The computer WAS able to connect on a secondary transport.

Cached page was locked during operation.

Cached page was locked during operation.

An operation is blocked waiting for an oplock.

An operation is blocked waiting for an oplock.

{Local Session Key}

{Local Session Key}

A user session key was requested for a local RPC connection. The session key returned is a constant value and not unique to this connection.

A user session key was requested for a local RPC connection. The session key returned is a constant value and not unique to this connection.

A serial I/O operation was completed by another write to a serial port.

A serial I/O operation was completed by another write to a serial port.

A serial I/O operation completed because the time-out period expired.

A serial I/O operation completed because the time-out period expired.

{Password Too Complex}

{Password Too Complex}

The Windows password is too complex to be converted to a LAN Manager password.

The Windows password is too complex to be converted to a LAN Manager password.

The LAN Manager password returned is a NULL string.

The LAN Manager password returned is a NULL string.

The network transport returned partial data to its client. The remaining data will be sent later.

The network transport returned partial data to its client. The remaining data will be sent later.

The network transport returned data to its client that was marked as expedited by the remote system.

The network transport returned data to its client that was marked as expedited by the remote system.

The network transport returned partial data to its client and this data was marked as expedited by the remote system. The remaining data will be sent later.

The network transport returned partial data to its client and this data was marked as expedited by the remote system. The remaining data will be sent later.

The specified registry key is referenced by a predefined handle.

The specified registry key is referenced by a predefined handle.

A yield execution was performed and no thread was available to run.

A yield execution was performed and no thread was available to run.

The operating system will currently accept only 16-bit (R2) pc-cards on this controller.

The operating system will currently accept only 16-bit (R2) pc-cards on this controller.

The CPUs in this multiprocessor system are not all the same revision level. To use all processors the operating system restricts itself to the features of the least capable processor in the system. Should problems occur with this system, contact

The CPUs in this multiprocessor system are not all the same revision level. To use all processors the operating system restricts itself to the features of the least capable processor in the system. Should problems occur with this system, contact

the CPU manufacturer to see if this mix of processors is supported.

the CPU manufacturer to see if this mix of processors is supported.

A single step or trace operation has just been completed.

A single step or trace operation has just been completed.

Handles to objects have been automatically closed as a result of the requested operation.

Handles to objects have been automatically closed as a result of the requested operation.

During the translation of a global identifier (GUID) to a Windows security ID (SID), no administratively-defined GUID prefix was found.

During the translation of a global identifier (GUID) to a Windows security ID (SID), no administratively-defined GUID prefix was found.

The media has changed and a verify operation is in progress so no reads or writes may be performed to the device, except those used in the verify operation.

The media has changed and a verify operation is in progress so no reads or writes may be performed to the device, except those used in the verify operation.

No more entries are available from an enumeration operation.

No more entries are available from an enumeration operation.

A long jump has been executed.

A long jump has been executed.

The Plug and Play query operation was not successful.

The Plug and Play query operation was not successful.

A frame consolidation has been executed.

A frame consolidation has been executed.

The device has indicated that it's door is open. Further operations require it closed and secured.

The device has indicated that it's door is open. Further operations require it closed and secured.

{Operation Failed}

{Operation Failed}

The requested operation was unsuccessful.

The requested operation was unsuccessful.

The requested operation is not implemented.

The requested operation is not implemented.

The instruction at "0xlx" referenced memory at "0xlx". The memory could not be "%s".

The instruction at "0xlx" referenced memory at "0xlx". The memory could not be "%s".

An invalid parameter was passed to a service or function.

An invalid parameter was passed to a service or function.

The specified request is not a valid operation for the target device.

The specified request is not a valid operation for the target device.

The specified I/O request packet (IRP) cannot be disposed of because the I/O operation is not complete.

The specified I/O request packet (IRP) cannot be disposed of because the I/O operation is not complete.

Not enough virtual memory or paging file quota is available to complete the specified operation.

Not enough virtual memory or paging file quota is available to complete the specified operation.

An attempt was made to execute an illegal instruction.

An attempt was made to execute an illegal instruction.

An attempt was made to execute an invalid lock sequence.

An attempt was made to execute an invalid lock sequence.

There is a mismatch between the type of object required by the requested operation and the type of object that is specified in the request.

There is a mismatch between the type of object required by the requested operation and the type of object that is specified in the request.

Windows cannot continue from this exception.

Windows cannot continue from this exception.

An invalid or unaligned stack was encountered during an unwind operation.

An invalid or unaligned stack was encountered during an unwind operation.

An invalid unwind target was encountered during an unwind operation.

An invalid unwind target was encountered during an unwind operation.

Device parity error on I/O operation.

Device parity error on I/O operation.

Invalid Object Attributes specified to NtCreatePort or invalid Port Attributes specified to NtConnectPort

Invalid Object Attributes specified to NtCreatePort or invalid Port Attributes specified to NtConnectPort

Length of message passed to NtRequestPort or NtRequestWaitReplyPort was longer than the maximum message allowed by the port.

Length of message passed to NtRequestPort or NtRequestWaitReplyPort was longer than the maximum message allowed by the port.

Attempt to send a message to a disconnected communication port.

Attempt to send a message to a disconnected communication port.

The NtConnectPort request is refused.

The NtConnectPort request is refused.

The type of port handle is invalid for the operation requested.

The type of port handle is invalid for the operation requested.

Insufficient quota exists to complete the operation

Insufficient quota exists to complete the operation

An attempt to set a processes DebugPort or ExceptionPort was made, but a port already exists in the process.

An attempt to set a processes DebugPort or ExceptionPort was made, but a port already exists in the process.

An operation involving EAs failed because the file system does not support EAs.

An operation involving EAs failed because the file system does not support EAs.

An EA operation failed because EA set is too large.

An EA operation failed because EA set is too large.

An EA operation failed because the name or EA index is invalid.

An EA operation failed because the name or EA index is invalid.

A non close operation has been requested of a file object with a delete pending.

A non close operation has been requested of a file object with a delete pending.

An attempt was made to set the control attribute on a file. This attribute is not supported in the target file system.

An attempt was made to set the control attribute on a file. This attribute is not supported in the target file system.

An attempt has been made to operate on an impersonation token by a thread that is not currently impersonating a client.

An attempt has been made to operate on an impersonation token by a thread that is not currently impersonating a client.

Indicates the requested operation would disable or delete the last remaining administration account.

Indicates the requested operation would disable or delete the last remaining administration account.

When trying to update a password, this return status indicates that the value provided as the current password is not correct.

When trying to update a password, this return status indicates that the value provided as the current password is not correct.

When trying to update a password, this return status indicates that the value provided for the new password contains values that are not allowed in passwords.

When trying to update a password, this return status indicates that the value provided for the new password contains values that are not allowed in passwords.

When trying to update a password, this status indicates that some password update rule has been violated. For example, the password may not meet length criteria.

When trying to update a password, this status indicates that some password update rule has been violated. For example, the password may not meet length criteria.

The user account's password has expired.

The user account's password has expired.

The application or DLL %hs is not a valid Windows image. Please check this against your installation diskette.

The application or DLL %hs is not a valid Windows image. Please check this against your installation diskette.

An operation failed because the disk was full.

An operation failed because the disk was full.

Floating-point denormal operand.

Floating-point denormal operand.

Floating-point invalid operation.

Floating-point invalid operation.

An attempt was made to install more paging files than the system supports.

An attempt was made to install more paging files than the system supports.

An attempt was made to execute an instruction at an unaligned address and the host system does not support unaligned instruction references.

An attempt was made to execute an instruction at an unaligned address and the host system does not support unaligned instruction references.

The maximum named pipe instance count has been reached.

The maximum named pipe instance count has been reached.

An instance of a named pipe cannot be found in the listening state.

An instance of a named pipe cannot be found in the listening state.

The named pipe is not in the connected or closing state.

The named pipe is not in the connected or closing state.

The specified pipe is set to complete operations and there are current I/O operations queued so it cannot be changed to queue operations.

The specified pipe is set to complete operations and there are current I/O operations queued so it cannot be changed to queue operations.

The specified handle is not open to the server end of the named pipe.

The specified handle is not open to the server end of the named pipe.

The specified named pipe is in the disconnected state.

The specified named pipe is in the disconnected state.

The specified named pipe is in the closing state.

The specified named pipe is in the closing state.

The specified named pipe is in the connected state.

The specified named pipe is in the connected state.

The specified named pipe is in the listening state.

The specified named pipe is in the listening state.

The specified named pipe is not in message mode.

The specified named pipe is not in message mode.

The specified I/O operation on %hs was not completed before the time-out period expired.

The specified I/O operation on %hs was not completed before the time-out period expired.

The passed ACL did not contain the minimum required information.

The passed ACL did not contain the minimum required information.

The request is not supported.

The request is not supported.

Indicates an attempt was made to operate on the security of an object that does not have security associated with it.

Indicates an attempt was made to operate on the security of an object that does not have security associated with it.

Used to indicate that an operation cannot continue without blocking for I/O.

Used to indicate that an operation cannot continue without blocking for I/O.

Used to indicate that a read operation was done on an empty pipe.

Used to indicate that a read operation was done on an empty pipe.

Indicates the Sam Server was in the wrong state to perform the desired operation.

Indicates the Sam Server was in the wrong state to perform the desired operation.

Indicates the Domain was in the wrong state to perform the desired operation.

Indicates the Domain was in the wrong state to perform the desired operation.

This operation is only allowed for the Primary Domain Controller of the domain.

This operation is only allowed for the Primary Domain Controller of the domain.

This error indicates that the requested operation cannot be completed due to a catastrophic media failure or on-disk data structure corruption.

This error indicates that the requested operation cannot be completed due to a catastrophic media failure or on-disk data structure corruption.

An invalid parameter was passed to a service or function as the first argument.

An invalid parameter was passed to a service or function as the first argument.

An invalid parameter was passed to a service or function as the second argument.

An invalid parameter was passed to a service or function as the second argument.

An invalid parameter was passed to a service or function as the third argument.

An invalid parameter was passed to a service or function as the third argument.

An invalid parameter was passed to a service or function as the fourth argument.

An invalid parameter was passed to a service or function as the fourth argument.

An invalid parameter was passed to a service or function as the fifth argument.

An invalid parameter was passed to a service or function as the fifth argument.

An invalid parameter was passed to a service or function as the sixth argument.

An invalid parameter was passed to a service or function as the sixth argument.

An invalid parameter was passed to a service or function as the seventh argument.

An invalid parameter was passed to a service or function as the seventh argument.

An invalid parameter was passed to a service or function as the eighth argument.

An invalid parameter was passed to a service or function as the eighth argument.

An invalid parameter was passed to a service or function as the ninth argument.

An invalid parameter was passed to a service or function as the ninth argument.

An invalid parameter was passed to a service or function as the tenth argument.

An invalid parameter was passed to a service or function as the tenth argument.

An invalid parameter was passed to a service or function as the eleventh argument.

An invalid parameter was passed to a service or function as the eleventh argument.

An invalid parameter was passed to a service or function as the twelfth argument.

An invalid parameter was passed to a service or function as the twelfth argument.

A malformed function table was encountered during an unwind operation.

A malformed function table was encountered during an unwind operation.

The logon session is not in a state that is consistent with the requested operation.

The logon session is not in a state that is consistent with the requested operation.

Indicates that an attempt has been made to impersonate via a named pipe that has not yet been read from.

Indicates that an attempt has been made to impersonate via a named pipe that has not yet been read from.

Indicates that the transaction state of a registry sub-tree is incompatible with the requested operation.

Indicates that the transaction state of a registry sub-tree is incompatible with the requested operation.

This error should only be returned by the Windows redirector on a remote drive.

This error should only be returned by the Windows redirector on a remote drive.

Indicates an operation has been attempted on a built-in (special) SAM account which is incompatible with built-in accounts.

Indicates an operation has been attempted on a built-in (special) SAM account which is incompatible with built-in accounts.

The operation requested may not be performed on the specified group because it is a built-in special group.

The operation requested may not be performed on the specified group because it is a built-in special group.

The operation requested may not be performed on the specified user because it is a built-in special user.

The operation requested may not be performed on the specified user because it is a built-in special user.

An I/O request other than close and several other special case operations was attempted using a file object that had already been closed.

An I/O request other than close and several other special case operations was attempted using a file object that had already been closed.

An attempt was made to operate on a thread within a specific process, but the thread specified is not in the process specified.

An attempt was made to operate on a thread within a specific process, but the thread specified is not in the process specified.

Your system is low on virtual memory. To ensure that Windows runs properly, increase the size of your virtual memory paging file. For more information, see Help.

Your system is low on virtual memory. To ensure that Windows runs properly, increase the size of your virtual memory paging file. For more information, see Help.

The specified image file did not have the correct format, it appears to be a 16-bit Windows image.

The specified image file did not have the correct format, it appears to be a 16-bit Windows image.

The SAM database on a Windows Server is significantly out of synchronization with the copy on the Domain Controller. A complete synchronization is required.

The SAM database on a Windows Server is significantly out of synchronization with the copy on the Domain Controller. A complete synchronization is required.

The NtCreateFile API failed. This error should never be returned to an application, it is a place holder for the Windows Lan Manager Redirector to use in its internal error mapping routines.

The NtCreateFile API failed. This error should never be returned to an application, it is a place holder for the Windows Lan Manager Redirector to use in its internal error mapping routines.

The network transport on your computer has closed a network connection. There may or may not be I/O requests outstanding.

The network transport on your computer has closed a network connection. There may or may not be I/O requests outstanding.

The network transport on a remote computer has closed a network connection. There may or may not be I/O requests outstanding.

The network transport on a remote computer has closed a network connection. There may or may not be I/O requests outstanding.

The network transport on your computer has closed a network connection because it had to wait too long for a response from the remote computer.

The network transport on your computer has closed a network connection because it had to wait too long for a response from the remote computer.

The connection handle given to the transport was invalid.

The connection handle given to the transport was invalid.

The address handle given to the transport was invalid.

The address handle given to the transport was invalid.

The exception %s (0xlx) occurred in the application at location 0xlx.

The exception %s (0xlx) occurred in the application at location 0xlx.

An invalid level was passed into the specified system call.

An invalid level was passed into the specified system call.

{Incorrect Password to LAN Manager Server}

{Incorrect Password to LAN Manager Server}

You specified an incorrect password to a LAN Manager 2.x or MS-NET server.

You specified an incorrect password to a LAN Manager 2.x or MS-NET server.

The pipe operation has failed because the other end of the pipe has been closed.

The pipe operation has failed because the other end of the pipe has been closed.

An I/O operation initiated by the Registry failed unrecoverably.

An I/O operation initiated by the Registry failed unrecoverably.

An event pair synchronization operation was performed using the thread specific client/server event pair object, but no event pair object was associated with the thread.

An event pair synchronization operation was performed using the thread specific client/server event pair object, but no event pair object was associated with the thread.

The maximum number of secrets that may be stored in a single system has been exceeded. The length and number of secrets is limited to satisfy United States State Department export restrictions.

The maximum number of secrets that may be stored in a single system has been exceeded. The length and number of secrets is limited to satisfy United States State Department export restrictions.

The length of a secret exceeds the maximum length allowed. The length and number of secrets is limited to satisfy United States State Department export restrictions.

The length of a secret exceeds the maximum length allowed. The length and number of secrets is limited to satisfy United States State Department export restrictions.

The requested operation cannot be performed in fullscreen mode.

The requested operation cannot be performed in fullscreen mode.

An attempt was made to change a user password in the security account manager without providing the necessary Windows cross-encrypted password.

An attempt was made to change a user password in the security account manager without providing the necessary Windows cross-encrypted password.

A Windows Server has an incorrect configuration.

A Windows Server has an incorrect configuration.

The floppy disk controller reported an error that is not recognized by the floppy disk driver.

The floppy disk controller reported an error that is not recognized by the floppy disk driver.

While accessing the hard disk, a recalibrate operation failed, even after retries.

While accessing the hard disk, a recalibrate operation failed, even after retries.

While accessing the hard disk, a disk operation failed even after retries.

While accessing the hard disk, a disk operation failed even after retries.

Two concurrent opens of devices that share an IRQ and only work via interrupts is not supported for the particular bus type that the devices use.

Two concurrent opens of devices that share an IRQ and only work via interrupts is not supported for the particular bus type that the devices use.

Illegal operation attempted on a registry key which has been marked for deletion.

Illegal operation attempted on a registry key which has been marked for deletion.

An attempt was made to change a user password in the security account manager without providing the necessary LM cross-encrypted password.

An attempt was made to change a user password in the security account manager without providing the necessary LM cross-encrypted password.

An attempt was made to create a symbolic link in a registry key that already has subkeys or values.

An attempt was made to create a symbolic link in a registry key that already has subkeys or values.

An attempt was made to create a Stable subkey under a Volatile parent key.

An attempt was made to create a Stable subkey under a Volatile parent key.

The I/O device reported an I/O error.

The I/O device reported an I/O error.

Log file space is insufficient to support this operation.

Log file space is insufficient to support this operation.

A write operation was attempted to a volume after it was dismounted.

A write operation was attempted to a volume after it was dismounted.

The SAM database on the Windows Server does not have a computer account for this workstation trust relationship.

The SAM database on the Windows Server does not have a computer account for this workstation trust relationship.

There is no user session key for the specified logon session.

There is no user session key for the specified logon session.

The size of the buffer is invalid for the specified operation.

The size of the buffer is invalid for the specified operation.

The transport rejected the network address specified as invalid.

The transport rejected the network address specified as invalid.

The transport rejected the network address specified due to an invalid use of a wildcard.

The transport rejected the network address specified due to an invalid use of a wildcard.

The transport address could not be opened because all the available addresses are in use.

The transport address could not be opened because all the available addresses are in use.

The transport address could not be opened because it already exists.

The transport address could not be opened because it already exists.

The transport address is now closed.

The transport address is now closed.

The transport connection is now disconnected.

The transport connection is now disconnected.

The transport connection has been reset.

The transport connection has been reset.

The transport cannot dynamically acquire any more nodes.

The transport cannot dynamically acquire any more nodes.

The transport aborted a pending transaction.

The transport aborted a pending transaction.

The transport timed out a request waiting for a response.

The transport timed out a request waiting for a response.

The transport did not receive a release for a pending response.

The transport did not receive a release for a pending response.

The transport did not find a transaction matching the specific

The transport did not find a transaction matching the specific

The transport had previously responded to a transaction request.

The transport had previously responded to a transaction request.

The transport does not recognized the transaction request identifier specified.

The transport does not recognized the transaction request identifier specified.

The transport does not recognize the transaction request type specified.

The transport does not recognize the transaction request type specified.

The transport can only process the specified request on the server side of a session.

The transport can only process the specified request on the server side of a session.

The transport can only process the specified request on the client side of a session.

The transport can only process the specified request on the client side of a session.

The %hs system process terminated unexpectedly with a status of 0xx (0xx 0xx).

The %hs system process terminated unexpectedly with a status of 0xx (0xx 0xx).

Windows was unable to save all the data for the file %hs. The data has been lost.

Windows was unable to save all the data for the file %hs. The data has been lost.

The parameter(s) passed to the server in the client/server shared memory window were invalid. Too much data may have been put in the shared memory window.

The parameter(s) passed to the server in the client/server shared memory window were invalid. Too much data may have been put in the shared memory window.

The user's password must be changed before logging on the first time.

The user's password must be changed before logging on the first time.

Internal OFS status codes indicating how an allocation operation is handled. Either it is retried after the containing onode is moved or the extent stream is converted to a large stream.

Internal OFS status codes indicating how an allocation operation is handled. Either it is retried after the containing onode is moved or the extent stream is converted to a large stream.

The attempt to find the object found an object matching by ID on the volume but it is out of the scope of the handle used for the operation.

The attempt to find the object found an object matching by ID on the volume but it is out of the scope of the handle used for the operation.

The user account has been automatically locked because too many invalid logon attempts or password change attempts have been requested.

The user account has been automatically locked because too many invalid logon attempts or password change attempts have been requested.

The transport connection attempt was refused by the remote system.

The transport connection attempt was refused by the remote system.

The transport connection was gracefully closed.

The transport connection was gracefully closed.

The transport endpoint already has an address associated with it.

The transport endpoint already has an address associated with it.

An address has not yet been associated with the transport endpoint.

An address has not yet been associated with the transport endpoint.

An operation was attempted on a nonexistent transport connection.

An operation was attempted on a nonexistent transport connection.

An invalid operation was attempted on an active transport connection.

An invalid operation was attempted on an active transport connection.

The remote network is not reachable by the transport.

The remote network is not reachable by the transport.

The remote system is not reachable by the transport.

The remote system is not reachable by the transport.

The remote system does not support the transport protocol.

The remote system does not support the transport protocol.

No service is operating at the destination port of the transport on the remote system.

No service is operating at the destination port of the transport on the remote system.

The transport connection was aborted by the local system.

The transport connection was aborted by the local system.

The requested operation cannot be performed on a file with a user mapped section open.

The requested operation cannot be performed on a file with a user mapped section open.

Attempting to login during an unauthorized time of day for this account.

Attempting to login during an unauthorized time of day for this account.

The account is not authorized to login from this station.

The account is not authorized to login from this station.

The entrypoint should be declared as WINAPI or STDCALL. Select YES to fail the DLL load. Select NO to continue execution. Selecting NO may cause the application to operate incorrectly.

The entrypoint should be declared as WINAPI or STDCALL. Select YES to fail the DLL load. Select NO to continue execution. Selecting NO may cause the application to operate incorrectly.

The callback entrypoint should be declared as WINAPI or STDCALL. Selecting OK will cause the service to continue operation. However, the service process may operate incorrectly.

The callback entrypoint should be declared as WINAPI or STDCALL. Selecting OK will cause the service to continue operation. However, the service process may operate incorrectly.

The contacted server does not support the indicated part of the DFS namespace.

The contacted server does not support the indicated part of the DFS namespace.

A callback return system service cannot be executed when no callback is active.

A callback return system service cannot be executed when no callback is active.

The password provided is too short to meet the policy of your user account.

The password provided is too short to meet the policy of your user account.

Please choose a longer password.

Please choose a longer password.

The policy of your user account does not allow you to change passwords too frequently.

The policy of your user account does not allow you to change passwords too frequently.

This is done to prevent users from changing back to a familiar, but potentially discovered, password.

This is done to prevent users from changing back to a familiar, but potentially discovered, password.

If you feel your password has been compromised then please contact your administrator immediately to have a new one assigned.

If you feel your password has been compromised then please contact your administrator immediately to have a new one assigned.

You have attempted to change your password to one that you have used in the past.

You have attempted to change your password to one that you have used in the past.

The policy of your user account does not allow this. Please select a password that you have not previously used.

The policy of your user account does not allow this. Please select a password that you have not previously used.

The specified compression format is unsupported.

The specified compression format is unsupported.

An attempt was made to create more links on a file than the file system supports.

An attempt was made to create more links on a file than the file system supports.

{Windows Evaluation Notification}

{Windows Evaluation Notification}

The evaluation period for this installation of Windows has expired. This system will shutdown in 1 hour. To restore access to this installation of Windows, please upgrade this installation using a licensed distribution of this product.

The evaluation period for this installation of Windows has expired. This system will shutdown in 1 hour. To restore access to this installation of Windows, please upgrade this installation using a licensed distribution of this product.

The relocation occurred because the DLL %hs occupied an address range reserved for Windows system DLLs. The vendor supplying the DLL should be contacted for a new DLL.

The relocation occurred because the DLL %hs occupied an address range reserved for Windows system DLLs. The vendor supplying the DLL should be contacted for a new DLL.

Error Status was 0x%x

Error Status was 0x%x

An operation was attempted to a volume after it was dismounted.

An operation was attempted to a volume after it was dismounted.

There was no match for the specified key in the index.

There was no match for the specified key in the index.

The Windows I/O reparse tag passed for the NTFS reparse point is invalid.

The Windows I/O reparse tag passed for the NTFS reparse point is invalid.

The Windows I/O reparse tag does not match the one present in the NTFS reparse point.

The Windows I/O reparse tag does not match the one present in the NTFS reparse point.

The user data passed for the NTFS reparse point is invalid.

The user data passed for the NTFS reparse point is invalid.

There are no EFS keys defined for the user.

There are no EFS keys defined for the user.

The specified file is not in the defined EFS export format.

The specified file is not in the defined EFS export format.

The guid passed was not recognized as valid by a WMI data provider.

The guid passed was not recognized as valid by a WMI data provider.

The instance name passed was not recognized as valid by a WMI data provider.

The instance name passed was not recognized as valid by a WMI data provider.

The data item id passed was not recognized as valid by a WMI data provider.

The data item id passed was not recognized as valid by a WMI data provider.

The remote storage service is not operational at this time.

The remote storage service is not operational at this time.

The requested operation could not be performed because the directory service is not the master for that type of operation.

The requested operation could not be performed because the directory service is not the master for that type of operation.

The requested operation did not satisfy one or more constraints associated with the class of the object.

The requested operation did not satisfy one or more constraints associated with the class of the object.

The directory service can perform the requested operation only on a leaf object.

The directory service can perform the requested operation only on a leaf object.

The directory service cannot perform the requested operation on the Relatively Defined Name (RDN) attribute of an object.

The directory service cannot perform the requested operation on the Relatively Defined Name (RDN) attribute of an object.

An error occurred while performing a cross domain move operation.

An error occurred while performing a cross domain move operation.

The requested operation requires a directory service, and none was available.

The requested operation requires a directory service, and none was available.

The requested interface is not supported.

The requested interface is not supported.

The driver %hs does not support standby mode. Updating this driver may allow the system to go to standby mode.

The driver %hs does not support standby mode. Updating this driver may allow the system to go to standby mode.

Mutual Authentication failed. The server's password is out of date at the domain controller.

Mutual Authentication failed. The server's password is out of date at the domain controller.

Your system is low on virtual memory. Windows is increasing the size of your virtual memory paging file.

Your system is low on virtual memory. Windows is increasing the size of your virtual memory paging file.

The medium changer's transport element contains media, which is causing the operation to fail.

The medium changer's transport element contains media, which is causing the operation to fail.

Error Status: 0x%x.

Error Status: 0x%x.

This operation is supported only when you are connected to the server.

This operation is supported only when you are connected to the server.

The system image %s is not properly signed.

The system image %s is not properly signed.

Current device power state cannot support this request.

Current device power state cannot support this request.

The WMI operation is not supported by the data block or method.

The WMI operation is not supported by the data block or method.

There is not enough power to complete the requested operation.

There is not enough power to complete the requested operation.

Security Account Manager needs to get the boot password.

Security Account Manager needs to get the boot password.

Security Account Manager needs to get the boot key from floppy disk.

Security Account Manager needs to get the boot key from floppy disk.

The requested operation can be performed only on a global catalog server.

The requested operation can be performed only on a global catalog server.

Your computer could not be joined to the domain. You have exceeded the maximum number of computer accounts you are allowed to create in this domain. Contact your system administrator to have this limit reset or increased.

Your computer could not be joined to the domain. You have exceeded the maximum number of computer accounts you are allowed to create in this domain. Contact your system administrator to have this limit reset or increased.

This operation can not be performed on the current domain.

This operation can not be performed on the current domain.

The other end of the security negotiation is requires strong crypto but it is not supported on the local machine.

The other end of the security negotiation is requires strong crypto but it is not supported on the local machine.

The client cert name does not matches the user name or the KDC name is incorrect.

The client cert name does not matches the user name or the KDC name is incorrect.

The encryption type requested is not supported by the KDC.

The encryption type requested is not supported by the KDC.

This operation is not supported on a Microsoft Small Business Server

This operation is not supported on a Microsoft Small Business Server

The Master File Table on the volume is too fragmented to complete this operation.

The Master File Table on the volume is too fragmented to complete this operation.

Copy protection error - The given sector does not contain a valid key.

Copy protection error - The given sector does not contain a valid key.

Copy protection error - DVD session key not established.

Copy protection error - DVD session key not established.

The kerberos protocol encountered an error while validating the KDC certificate during smartcard Logon

The kerberos protocol encountered an error while validating the KDC certificate during smartcard Logon

The transport determined that the remote system is down.

The transport determined that the remote system is down.

An unsupported preauthentication mechanism was presented to the kerberos package.

An unsupported preauthentication mechanism was presented to the kerberos package.

The encryption algorithm used on the source file needs a bigger key buffer than the one used on the destination file.

The encryption algorithm used on the source file needs a bigger key buffer than the one used on the destination file.

An attempt to remove a processes DebugPort was made, but a port was not already associated with the process.

An attempt to remove a processes DebugPort was made, but a port was not already associated with the process.

An attempt to do an operation on a debug port failed because the port is in the process of being deleted.

An attempt to do an operation on a debug port failed because the port is in the process of being deleted.

This version of Windows is not compatible with the behavior version of directory forest, domain or domain controller.

This version of Windows is not compatible with the behavior version of directory forest, domain or domain controller.

The specified image file did not have the correct format, it appears to be a 32-bit Windows image.

The specified image file did not have the correct format, it appears to be a 32-bit Windows image.

The specified image file did not have the correct format, it appears to be a 64-bit Windows image.

The specified image file did not have the correct format, it appears to be a 64-bit Windows image.

The SID filtering operation removed all SIDs.

The SID filtering operation removed all SIDs.

The create operation failed because the name contained at least one mount point which resolves to a volume to which the specified device object is not attached.

The create operation failed because the name contained at least one mount point which resolves to a volume to which the specified device object is not attached.

A dynamic link library (DLL) referenced a module that was neither a DLL nor the process's executable image.

A dynamic link library (DLL) referenced a module that was neither a DLL nor the process's executable image.

The requested key container does not exist on the smart card

The requested key container does not exist on the smart card

The requested certificate does not exist on the smart card

The requested certificate does not exist on the smart card

The requested keyset does not exist

The requested keyset does not exist

The smartcard certificate used for authentication has been revoked.

The smartcard certificate used for authentication has been revoked.

An untrusted certificate authority was detected While processing the

An untrusted certificate authority was detected While processing the

smartcard certificate used for authentication. Please contact your system

smartcard certificate used for authentication. Please contact your system

The revocation status of the smartcard certificate used for

The revocation status of the smartcard certificate used for

The smartcard certificate used for authentication was not trusted. Please

The smartcard certificate used for authentication was not trusted. Please

The smartcard certificate used for authentication has expired. Please

The smartcard certificate used for authentication has expired. Please

The RPC protocol sequence is not supported.

The RPC protocol sequence is not supported.

Not enough resources are available to complete this operation.

Not enough resources are available to complete this operation.

The RPC server is too busy to complete this operation.

The RPC server is too busy to complete this operation.

The remote procedure call failed and did not execute.

The remote procedure call failed and did not execute.

The transfer syntax is not supported by the RPC server.

The transfer syntax is not supported by the RPC server.

The type UUID is not supported.

The type UUID is not supported.

The name syntax is not supported.

The name syntax is not supported.

The operation cannot be performed.

The operation cannot be performed.

No interfaces have been exported.

No interfaces have been exported.

There is nothing to unexport.

There is nothing to unexport.

The requested operation is not supported.

The requested operation is not supported.

A floating point operation at the RPC server caused a divide by zero.

A floating point operation at the RPC server caused a divide by zero.

The requested authentication level is not supported.

The requested authentication level is not supported.

The error specified is not a valid Windows RPC error code.

The error specified is not a valid Windows RPC error code.

Invalid asynchronous RPC call handle for this operation.

Invalid asynchronous RPC call handle for this operation.

A null context handle is passed as an [in] parameter.

A null context handle is passed as an [in] parameter.

The binding handles passed to a remote procedure call do not match.

The binding handles passed to a remote procedure call do not match.

A null reference pointer was passed to the stub.

A null reference pointer was passed to the stub.

Invalid operation on the encoding/decoding handle.

Invalid operation on the encoding/decoding handle.

The RPC pipe object is invalid or corrupted.

The RPC pipe object is invalid or corrupted.

An invalid operation was attempted on an RPC pipe object.

An invalid operation was attempted on an RPC pipe object.

Unsupported RPC pipe version.

Unsupported RPC pipe version.

The RPC pipe object has already been closed.

The RPC pipe object has already been closed.

The RPC call completed before all pipes were processed.

The RPC call completed before all pipes were processed.

No more data is available from the RPC pipe.

No more data is available from the RPC pipe.

A close operation is pending on the Terminal Connection.

A close operation is pending on the Terminal Connection.

The MODEM.INF file was not found.

The MODEM.INF file was not found.

The modem (%1) was not found in MODEM.INF.

The modem (%1) was not found in MODEM.INF.

Transport driver error

Transport driver error

The requested operation cannot be completed because the Terminal Connection is currently busy processing a connect, disconnect, reset, or delete operation.

The requested operation cannot be completed because the Terminal Connection is currently busy processing a connect, disconnect, reset, or delete operation.

An attempt has been made to connect to a session whose video mode is not supported by the current client.

An attempt has been made to connect to a session whose video mode is not supported by the current client.

DOS graphics mode is not supported.

DOS graphics mode is not supported.

The requested operation can be performed only on the system console.

The requested operation can be performed only on the system console.

Disconnecting the console session is not supported.

Disconnecting the console session is not supported.

Reconnecting a disconnected session to the console is not supported.

Reconnecting a disconnected session to the console is not supported.

The remote control of the console was terminated because the display mode was changed. Changing the display mode in a remote control session is not supported.

The remote control of the console was terminated because the display mode was changed. Changing the display mode in a remote control session is not supported.

A node is in the process of joining the cluster.

A node is in the process of joining the cluster.

A cluster join operation is not in progress.

A cluster join operation is not in progress.

Windows was not able to process the application binding information.

Windows was not able to process the application binding information.

The requested lookup key was not found in any active activation context.

The requested lookup key was not found in any active activation context.

Lack of system resources has required isolated activation to be disabled for the current thread of execution.

Lack of system resources has required isolated activation to be disabled for the current thread of execution.

The activation context being deactivated is not active for the current thread of execution.

The activation context being deactivated is not active for the current thread of execution.

%original file name%.exe_508_rwx_00D00000_00092000:

ImmProcessKey

ImmProcessKey

USER32.dll

USER32.dll

ActivateKeyboardLayout

ActivateKeyboardLayout

ArrangeIconicWindows

ArrangeIconicWindows

CallMsgFilter

CallMsgFilter

CallMsgFilterA

CallMsgFilterA

CallMsgFilterW

CallMsgFilterW

CascadeChildWindows

CascadeChildWindows

CascadeWindows

CascadeWindows

CliImmSetHotKey

CliImmSetHotKey

CloseWindowStation

CloseWindowStation

CreateDialogIndirectParamA

CreateDialogIndirectParamA

CreateDialogIndirectParamAorW

CreateDialogIndirectParamAorW

CreateDialogIndirectParamW

CreateDialogIndirectParamW

CreateWindowStationA

CreateWindowStationA

CreateWindowStationW

CreateWindowStationW

DisableProcessWindowsGhosting

DisableProcessWindowsGhosting

DisplayExitWindowsWarnings

DisplayExitWindowsWarnings

EnumChildWindows

EnumChildWindows

EnumDesktopWindows

EnumDesktopWindows

EnumThreadWindows

EnumThreadWindows

EnumWindowStationsA

EnumWindowStationsA

EnumWindowStationsW

EnumWindowStationsW

EnumWindows

EnumWindows

ExitWindowsEx

ExitWindowsEx

GetAsyncKeyState

GetAsyncKeyState

GetKeyNameTextA

GetKeyNameTextA

GetKeyNameTextW

GetKeyNameTextW

GetKeyState

GetKeyState

GetKeyboardLayout

GetKeyboardLayout

GetKeyboardLayoutList

GetKeyboardLayoutList

GetKeyboardLayoutNameA

GetKeyboardLayoutNameA

GetKeyboardLayoutNameW

GetKeyboardLayoutNameW

GetKeyboardState

GetKeyboardState

GetKeyboardType

GetKeyboardType

GetProcessWindowStation

GetProcessWindowStation

LoadKeyboardLayoutA

LoadKeyboardLayoutA

LoadKeyboardLayoutEx

LoadKeyboardLayoutEx

LoadKeyboardLayoutW

LoadKeyboardLayoutW

LockWindowStation

LockWindowStation

MapVirtualKeyA

MapVirtualKeyA

MapVirtualKeyExA

MapVirtualKeyExA

MapVirtualKeyExW

MapVirtualKeyExW

MapVirtualKeyW

MapVirtualKeyW

MsgWaitForMultipleObjects

MsgWaitForMultipleObjects

MsgWaitForMultipleObjectsEx

MsgWaitForMultipleObjectsEx

OemKeyScan

OemKeyScan

OpenWindowStationA

OpenWindowStationA

OpenWindowStationW

OpenWindowStationW

RegisterHotKey

RegisterHotKey

SetConsoleReserveKeys

SetConsoleReserveKeys

SetKeyboardState

SetKeyboardState

SetProcessWindowStation

SetProcessWindowStation

SetWindowStationUser

SetWindowStationUser

SetWindowsHookA

SetWindowsHookA

SetWindowsHookExA

SetWindowsHookExA

SetWindowsHookExW

SetWindowsHookExW

SetWindowsHookW

SetWindowsHookW

TileChildWindows

TileChildWindows

TileWindows

TileWindows

UnhookWindowsHook

UnhookWindowsHook

UnhookWindowsHookEx

UnhookWindowsHookEx

UnloadKeyboardLayout

UnloadKeyboardLayout

UnlockWindowStation

UnlockWindowStation

UnregisterHotKey

UnregisterHotKey

VkKeyScanA

VkKeyScanA

VkKeyScanExA

VkKeyScanExA

VkKeyScanExW

VkKeyScanExW

VkKeyScanW

VkKeyScanW

WINNLSGetIMEHotkey

WINNLSGetIMEHotkey

keybd_event

keybd_event

=.cmd

=.cmd

=.pif

=.pif

=.lnk

=.lnk

=.com

=.com

=.bat

=.bat

F\ FTP

F\ FTP

s.RPRP

s.RPRP

tcPV

tcPV

*9]0t#SSh

*9]0t#SSh

u.KKt*

u.KKt*

~,SSSh

~,SSSh

SSSSh

SSSSh

SSSh$6A~P

SSSh$6A~P

6SSSSh

6SSSSh

t>SSh`

t>SSh`

u"SSh`

u"SSh`

ADVAPI32.dll

ADVAPI32.dll

MSIMG32.dll

MSIMG32.dll

POWRPROF.dll

POWRPROF.dll

WINSTA.dll

WINSTA.dll

RegCreateKeyExW

RegCreateKeyExW

RegCloseKey

RegCloseKey

RegDeleteKeyW

RegDeleteKeyW

ReportEventW

ReportEventW

RegQueryInfoKeyW

RegQueryInfoKeyW

GDI32.dll

GDI32.dll

KERNEL32.dll

KERNEL32.dll

ntdll.dll

ntdll.dll

GetViewportOrgEx

GetViewportOrgEx

SetViewportOrgEx

SetViewportOrgEx

GetViewportExtEx

GetViewportExtEx

GetCPInfo

GetCPInfo

GetSystemWindowsDirectoryW

GetSystemWindowsDirectoryW

NtQueryKey

NtQueryKey

NtEnumerateValueKey

NtEnumerateValueKey

NtYieldExecution

NtYieldExecution

NtCreateKey

NtCreateKey

NtSetValueKey

NtSetValueKey

NtDeleteValueKey

NtDeleteValueKey

NtEnumerateKey

NtEnumerateKey

NtOpenKey

NtOpenKey

NtQueryValueKey

NtQueryValueKey

user32.pdb

user32.pdb

windows.hlp

windows.hlp

cOXY/P.Z0.0.QR00/ZPP0000000/0PPZR.BI@/DE0,

cOXY/P.Z0.0.QR00/ZPP0000000/0PPZR.BI@/DE0,

$$$006666

$$$006666

&$%Uooqkezs

&$%Uooqkezs

['$$#%&(4

['$$#%&(4

2

2

0 00@0[0

0 00@0[0

0V0

0V0

9Å“9S9|9

9Å“9S9|9

;";&;*;.;2;6;:;

;";&;*;.;2;6;:;

8$8-858E8L8S8Z8a8h8o8v8}8

8$8-858E8L8S8Z8a8h8o8v8}8

;(;7;>;};

;(;7;>;};

2$3 363@3

2$3 363@3

;#

;#

7 8$8(8,8|8

7 8$8(8,8|8

IMM32.DLL

IMM32.DLL

SETUPAPI.DLL

SETUPAPI.DLL

&%d %ws

&%d %ws

Control Panel\Input Method\Hot Keys

Control Panel\Input Method\Hot Keys

Virtual Key

Virtual Key

Key Modifiers

Key Modifiers

kbdus.dll

kbdus.dll

\Registry\Machine\System\CurrentControlSet\Control\Keyboard Layouts\

\Registry\Machine\System\CurrentControlSet\Control\Keyboard Layouts\

$winnt$.inf

$winnt$.inf

\Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion\Font Drivers

\Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion\Font Drivers

\Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion\Fonts

\Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion\Fonts

Keyboard Layout\Preload

Keyboard Layout\Preload

\Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion\LastFontSweep

\Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion\LastFontSweep

\Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion\Type 1 Installer\Type 1 Fonts

\Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion\Type 1 Installer\Type 1 Fonts

\Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion\Type 1 Installer\Upgraded Type1

\Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion\Type 1 Installer\Upgraded Type1

keyboardlayout.ini

keyboardlayout.ini

\Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion\Type 1 Installer\LastType1Sweep

\Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion\Type 1 Installer\LastType1Sweep

\Windows\WindowStations

\Windows\WindowStations

\Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion\Windows

\Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion\Windows

\Windows

\Windows

Keyboard Layout

Keyboard Layout

kbdkor.dll

kbdkor.dll

kbdjpn.dll

kbdjpn.dll

\Registry\Machine\System\CurrentControlSet\Control\Keyboard Layout

\Registry\Machine\System\CurrentControlSet\Control\Keyboard Layout

imm32.dll

imm32.dll

Hot Keys

Hot Keys

00000409

00000409

x:\...\

x:\...\

OLE32.DLL

OLE32.DLL

%SystemRoot%\System32\user32.dll

%SystemRoot%\System32\user32.dll

Software\Microsoft\Windows\CurrentVersion\Reliability

Software\Microsoft\Windows\CurrentVersion\Reliability

hh.exe

hh.exe

indicdll.dll

indicdll.dll

\Registry\Machine\System\CurrentControlSet\Control\Keyboard Layout\

\Registry\Machine\System\CurrentControlSet\Control\Keyboard Layout\

IgnoreRemoteKeyboardLayout

IgnoreRemoteKeyboardLayout

\Registry\Machine\Software\Microsoft\Windows\CurrentVersion\Reliability

\Registry\Machine\Software\Microsoft\Windows\CurrentVersion\Reliability

\snapshot.dll

\snapshot.dll

Windows XP USER API Client DLL

Windows XP USER API Client DLL

5.1.2600.5512 (xpsp.080413-2105)

5.1.2600.5512 (xpsp.080413-2105)

Windows

Windows

Operating System

Operating System

5.1.2600.5512

5.1.2600.5512

Error Instrument: ProcessName: %1 WindowTitle: %2 MsgCaption: %3 MsgText: %4 CallerModuleName: %5 BaseAddr: %6 ImageSize: %7 ReturnAddr: %8

Error Instrument: ProcessName: %1 WindowTitle: %2 MsgCaption: %3 MsgText: %4 CallerModuleName: %5 BaseAddr: %6 ImageSize: %7 ReturnAddr: %8

Zero width &joiner

Zero width &joiner

Zero width &non-joiner

Zero width &non-joiner

&More Windows...gInsufficient memory to create the bitmap. Close one or more applications to increase available memory.

&More Windows...gInsufficient memory to create the bitmap. Close one or more applications to increase available memory.

Op&en Soft Keyboard

Op&en Soft Keyboard

Close So&ft Keyboard

Close So&ft Keyboard

Windows

Windows

Other people are logged on to this remote computer. Shutting down Windows might cause them to lose data. Also, someone at the remote location will have to restart the computer manually.

Other people are logged on to this remote computer. Shutting down Windows might cause them to lose data. Also, someone at the remote location will have to restart the computer manually.

Other people are logged on to this computer. Shutting down Windows might cause them to lose data.

Other people are logged on to this computer. Shutting down Windows might cause them to lose data.

Other people are logged on to this computer. Restarting Windows might cause them to lose data.

Other people are logged on to this computer. Restarting Windows might cause them to lose data.

Hardware: Maintenance (Planned)"Hardware: Installation (Unplanned) Hardware: Installation (Planned)%Operating System: Upgrade (Unplanned)#Operating System: Upgrade (Planned)

Hardware: Maintenance (Planned)"Hardware: Installation (Unplanned) Hardware: Installation (Planned)%Operating System: Upgrade (Unplanned)#Operating System: Upgrade (Planned)

-Operating System: Reconfiguration (Unplanned) Operating System: Reconfiguration (Planned)

-Operating System: Reconfiguration (Unplanned) Operating System: Reconfiguration (Planned)

8A restart or shutdown to service hardware on the system.AA restart or shutdown to begin or complete hardware installation.6A restart or shutdown to upgrade the operating system.CA restart or shutdown to change the operating system configuration.BA restart or shutdown to troubleshoot an unresponsive application.>A restart or shutdown to troubleshoot an unstable application.0A restart or shutdown to service an application. A shutdown or restart for an unknown reason1The computer displayed a blue screen crash event.

8A restart or shutdown to service hardware on the system.AA restart or shutdown to begin or complete hardware installation.6A restart or shutdown to upgrade the operating system.CA restart or shutdown to change the operating system configuration.BA restart or shutdown to troubleshoot an unresponsive application.>A restart or shutdown to troubleshoot an unstable application.0A restart or shutdown to service an application. A shutdown or restart for an unknown reason1The computer displayed a blue screen crash event.

The system became unresponsive.GA restart or shutdown to perform planned maintenance on an application.

The system became unresponsive.GA restart or shutdown to perform planned maintenance on an application.

%original file name%.exe_508_rwx_00E00000_000F7000:

KERNEL32.dll

KERNEL32.dll

BaseCleanupAppcompatCacheSupport

BaseCleanupAppcompatCacheSupport

BaseInitAppcompatCacheSupport

BaseInitAppcompatCacheSupport

BaseProcessInitPostImport

BaseProcessInitPostImport

CallNamedPipeA

CallNamedPipeA

CallNamedPipeW

CallNamedPipeW

CmdBatNotification

CmdBatNotification

ConnectNamedPipe

ConnectNamedPipe

CreateIoCompletionPort

CreateIoCompletionPort

CreateNamedPipeA

CreateNamedPipeA

CreateNamedPipeW

CreateNamedPipeW

CreatePipe

CreatePipe

DisconnectNamedPipe

DisconnectNamedPipe

GetCPFileNameFromRegistry

GetCPFileNameFromRegistry

GetCPInfo

GetCPInfo

GetCPInfoExA

GetCPInfoExA

GetCPInfoExW

GetCPInfoExW

GetConsoleAliasExesA

GetConsoleAliasExesA

GetConsoleAliasExesLengthA

GetConsoleAliasExesLengthA

GetConsoleAliasExesLengthW

GetConsoleAliasExesLengthW

GetConsoleAliasExesW

GetConsoleAliasExesW

GetConsoleInputExeNameA

GetConsoleInputExeNameA

GetConsoleInputExeNameW

GetConsoleInputExeNameW

GetConsoleKeyboardLayoutNameA

GetConsoleKeyboardLayoutNameA

GetConsoleKeyboardLayoutNameW

GetConsoleKeyboardLayoutNameW

GetConsoleOutputCP

GetConsoleOutputCP

GetDefaultSortkeySize

GetDefaultSortkeySize

GetLargestConsoleWindowSize

GetLargestConsoleWindowSize

GetNamedPipeHandleStateA

GetNamedPipeHandleStateA

GetNamedPipeHandleStateW

GetNamedPipeHandleStateW

GetNamedPipeInfo

GetNamedPipeInfo

GetProcessHandleCount

GetProcessHandleCount

GetProcessHeap

GetProcessHeap

GetProcessHeaps

GetProcessHeaps

GetProcessShutdownParameters

GetProcessShutdownParameters

GetSystemWindowsDirectoryA

GetSystemWindowsDirectoryA

GetSystemWindowsDirectoryW

GetSystemWindowsDirectoryW

GetWindowsDirectoryA

GetWindowsDirectoryA

GetWindowsDirectoryW

GetWindowsDirectoryW

PeekNamedPipe

PeekNamedPipe

RegisterWowExec

RegisterWowExec

SetCPGlobal

SetCPGlobal

SetConsoleInputExeNameA

SetConsoleInputExeNameA

SetConsoleInputExeNameW

SetConsoleInputExeNameW

SetConsoleKeyShortcuts

SetConsoleKeyShortcuts

SetConsoleMaximumWindowSize

SetConsoleMaximumWindowSize

SetConsoleOutputCP

SetConsoleOutputCP

SetNamedPipeHandleState

SetNamedPipeHandleState

SetProcessShutdownParameters

SetProcessShutdownParameters

SetThreadExecutionState

SetThreadExecutionState

TransactNamedPipe

TransactNamedPipe

VDMConsoleOperation

VDMConsoleOperation

VDMOperationStarted

VDMOperationStarted

WaitNamedPipeA

WaitNamedPipeA

WaitNamedPipeW

WaitNamedPipeW

WinExec

WinExec

NTDLL.RtlAddVectoredExceptionHandler

NTDLL.RtlAddVectoredExceptionHandler

NTDLL.RtlDecodePointer

NTDLL.RtlDecodePointer

NTDLL.RtlDecodeSystemPointer

NTDLL.RtlDecodeSystemPointer

NTDLL.RtlDeleteCriticalSection

NTDLL.RtlDeleteCriticalSection

NTDLL.RtlEncodePointer

NTDLL.RtlEncodePointer

NTDLL.RtlEncodeSystemPointer

NTDLL.RtlEncodeSystemPointer

NTDLL.RtlEnterCriticalSection

NTDLL.RtlEnterCriticalSection

NTDLL.RtlGetLastWin32Error

NTDLL.RtlGetLastWin32Error

NTDLL.RtlAllocateHeap

NTDLL.RtlAllocateHeap

NTDLL.RtlFreeHeap

NTDLL.RtlFreeHeap

NTDLL.RtlReAllocateHeap

NTDLL.RtlReAllocateHeap

NTDLL.RtlSizeHeap

NTDLL.RtlSizeHeap

NTDLL.RtlInitializeSListHead

NTDLL.RtlInitializeSListHead

NTDLL.RtlInterlockedFlushSList

NTDLL.RtlInterlockedFlushSList

NTDLL.RtlInterlockedPopEntrySList

NTDLL.RtlInterlockedPopEntrySList

NTDLL.RtlInterlockedPushEntrySList

NTDLL.RtlInterlockedPushEntrySList

NTDLL.RtlLeaveCriticalSection

NTDLL.RtlLeaveCriticalSection

NTDLL.RtlQueryDepthSList

NTDLL.RtlQueryDepthSList

NTDLL.RtlRemoveVectoredExceptionHandler

NTDLL.RtlRemoveVectoredExceptionHandler

NTDLL.RtlRestoreLastWin32Error

NTDLL.RtlRestoreLastWin32Error

NTDLL.RtlCaptureContext

NTDLL.RtlCaptureContext

NTDLL.RtlCaptureStackBackTrace

NTDLL.RtlCaptureStackBackTrace

NTDLL.RtlFillMemory

NTDLL.RtlFillMemory

NTDLL.RtlMoveMemory

NTDLL.RtlMoveMemory

NTDLL.RtlUnwind

NTDLL.RtlUnwind

NTDLL.RtlZeroMemory

NTDLL.RtlZeroMemory

NTDLL.RtlSetCriticalSectionSpinCount

NTDLL.RtlSetCriticalSectionSpinCount

NTDLL.RtlSetLastWin32Error

NTDLL.RtlSetLastWin32Error

NTDLL.RtlTryEnterCriticalSection

NTDLL.RtlTryEnterCriticalSection

NTDLL.VerSetConditionMask

NTDLL.VerSetConditionMask

DirOperationControl

DirOperationControl

UrlCanonicalizeW

UrlCanonicalizeW

SHDeleteKeyW

SHDeleteKeyW

PathCreateFromUrlW

PathCreateFromUrlW

SetProcessWindowStation

SetProcessWindowStation

OpenWindowStationA

OpenWindowStationA

GetProcessWindowStation

GetProcessWindowStation

EnumDesktopWindows

EnumDesktopWindows

CloseWindowStation

CloseWindowStation

twain_32.dll

twain_32.dll

Jt.HH;

Jt.HH;

midiOutShortMsg

midiOutShortMsg

SXS: %s() LdrFindOutOfProcessResource failed; nt status = lx

SXS: %s() LdrFindOutOfProcessResource failed; nt status = lx

advapi32.dll

advapi32.dll

ReportEventW

ReportEventW

RegSaveKeyW

RegSaveKeyW

RegSaveKeyExW

RegSaveKeyExW

RegSaveKeyA

RegSaveKeyA

RegRestoreKeyW

RegRestoreKeyW

RegQueryInfoKeyW

RegQueryInfoKeyW

RegOpenKeyW

RegOpenKeyW

RegOpenKeyExW

RegOpenKeyExW

RegOpenKeyExA

RegOpenKeyExA

RegOpenKeyA

RegOpenKeyA

RegNotifyChangeKeyValue

RegNotifyChangeKeyValue

RegEnumKeyW

RegEnumKeyW

RegEnumKeyExW

RegEnumKeyExW

RegDeleteKeyW

RegDeleteKeyW

RegCreateKeyW

RegCreateKeyW

RegCreateKeyExW

RegCreateKeyExW

RegCloseKey

RegCloseKey

ElfReportEventW

ElfReportEventW

CryptExportKey

CryptExportKey

CryptDestroyKey

CryptDestroyKey

\Device\NamedPipe\Win32Pipes.x.x

\Device\NamedPipe\Win32Pipes.x.x

CM_Open_DevNode_Key

CM_Open_DevNode_Key

CryptCATCatalogInfoFromContext

CryptCATCatalogInfoFromContext

SetPortW

SetPortW

EnumPrinterKeyW

EnumPrinterKeyW

EnumPortsW

EnumPortsW

DeletePrinterKeyW

DeletePrinterKeyW

DeletePortW

DeletePortW

ConfigurePortW

ConfigurePortW

AddPortW

AddPortW

ShellExecuteW

ShellExecuteW

ShellExecuteExW

ShellExecuteExW

ShellExecuteExA

ShellExecuteExA

ShellExecuteA

ShellExecuteA

SHFileOperationW

SHFileOperationW

SHFileOperationA

SHFileOperationA

FindExecutableW

FindExecutableW

FindExecutableA

FindExecutableA

ImportPrivacySettings

ImportPrivacySettings

MprConfigTransportGetInfo

MprConfigTransportGetInfo

MprConfigTransportGetHandle

MprConfigTransportGetHandle

MprConfigTransportDelete

MprConfigTransportDelete

MprConfigTransportCreate

MprConfigTransportCreate

MprConfigInterfaceTransportRemove

MprConfigInterfaceTransportRemove

MprConfigInterfaceTransportGetInfo

MprConfigInterfaceTransportGetInfo

MprConfigInterfaceTransportGetHandle

MprConfigInterfaceTransportGetHandle

MprConfigInterfaceTransportEnum

MprConfigInterfaceTransportEnum

MprConfigInterfaceTransportAdd

MprConfigInterfaceTransportAdd

MprAdminTransportCreate

MprAdminTransportCreate

MprAdminPortGetInfo

MprAdminPortGetInfo

MprAdminPortEnum

MprAdminPortEnum

MprAdminInterfaceTransportAdd

MprAdminInterfaceTransportAdd

MimeOleParseMhtmlUrl

MimeOleParseMhtmlUrl

ImmGetVirtualKey

ImmGetVirtualKey

ImageGetCertificateHeader

ImageGetCertificateHeader

ImageGetCertificateData

ImageGetCertificateData

ImageEnumerateCertificates

ImageEnumerateCertificates

GdiplusShutdown

GdiplusShutdown

|CAGetCertTypePropertyEx

|CAGetCertTypePropertyEx

CAGetCertTypeProperty

CAGetCertTypeProperty

CAGetCertTypeKeySpec

CAGetCertTypeKeySpec

CAGetCertTypeFlagsEx

CAGetCertTypeFlagsEx

CAGetCertTypeFlags

CAGetCertTypeFlags

CAGetCertTypeExtensionsEx

CAGetCertTypeExtensionsEx

CAGetCertTypeExtensions

CAGetCertTypeExtensions

CAGetCertTypeExpiration

CAGetCertTypeExpiration

CAGetCACertificate

CAGetCACertificate

CAFreeCertTypeProperty

CAFreeCertTypeProperty

CAFreeCertTypeExtensions

CAFreeCertTypeExtensions

CAFindCertTypeByName

CAFindCertTypeByName

CAEnumNextCertType

CAEnumNextCertType

CAEnumCertTypesForCAEx

CAEnumCertTypesForCAEx

CAEnumCertTypesForCA

CAEnumCertTypesForCA

CACountCertTypes

CACountCertTypes

CACloseCertType

CACloseCertType

CACertTypeAccessCheck

CACertTypeAccessCheck

ApphelpCheckExe

ApphelpCheckExe

WZCPassword2Key

WZCPassword2Key

EapcfgNodeFromKey

EapcfgNodeFromKey

SetupDiOpenDevRegKey

SetupDiOpenDevRegKey

SetupDiCreateDevRegKeyW

SetupDiCreateDevRegKeyW

SXS: %s() BasepSxsCreateStreams() failed

SXS: %s() BasepSxsCreateStreams() failed

winlogon.EXE

winlogon.EXE

PWVSSh

PWVSSh

SXS: %s - Failing thread create because RtlActivateActivationContextEx() failed with status lx

SXS: %s - Failing thread create because RtlActivateActivationContextEx() failed with status lx

SXS: %s - Failing thread create because RtlQueryInformationActivationContext() failed with status lx

SXS: %s - Failing thread create because RtlQueryInformationActivationContext() failed with status lx

SXS: %s - Failing thread create becuase NtQueryInformationThread() failed with status lx

SXS: %s - Failing thread create becuase NtQueryInformationThread() failed with status lx

u\SSh

u\SSh

kernel32: No mapping for ImageInformation.Machine == x

kernel32: No mapping for ImageInformation.Machine == x

TermsrvLogInstallIniFile

TermsrvLogInstallIniFile

TermsrvGetWindowsDirectoryW

TermsrvGetWindowsDirectoryW

TermsrvGetWindowsDirectoryA

TermsrvGetWindowsDirectoryA

SXS: %s failing because RtlQueryInformationActivationContext() returned status lx

SXS: %s failing because RtlQueryInformationActivationContext() returned status lx

SXS: %s - Failure getting active activation context; ntstatus lx

SXS: %s - Failure getting active activation context; ntstatus lx

SXS: %s() LdrAccessOutOfProcessResource failed; nt status = lx

SXS: %s() LdrAccessOutOfProcessResource failed; nt status = lx

SXS: %s() LdrCreateOutOfProcessImage failed

SXS: %s() LdrCreateOutOfProcessImage failed

SXS: %s() NtQueryInformationFile failed

SXS: %s() NtQueryInformationFile failed

SXS: %s() empty lpSource %ls

SXS: %s() empty lpSource %ls

SXS: %s() Calling csrss server failed

SXS: %s() Calling csrss server failed

SXS: %s() RtlMultiAppendUnicodeStringBuffer failed

SXS: %s() RtlMultiAppendUnicodeStringBuffer failed

SXS: %s() NtMapViewOfSection failed

SXS: %s() NtMapViewOfSection failed

SXS: %s() AssemblyDirectory is not null terminated

SXS: %s() AssemblyDirectory is not null terminated

SXS: %s() BaseDllMapResourceIdW failed

SXS: %s() BaseDllMapResourceIdW failed

SXS: %s() ACTCTX_FLAG_RESOURCE_NAME_VALID set but lpResourceName == 0

SXS: %s() ACTCTX_FLAG_RESOURCE_NAME_VALID set but lpResourceName == 0

SXS: %s() Bad lpAssemblyDirectory %ls

SXS: %s() Bad lpAssemblyDirectory %ls

SXS: %s() Bad lpSource PathType %ls, 0x%lx

SXS: %s() Bad lpSource PathType %ls, 0x%lx

SXS: %s() Bad lpAssemblyDirectory PathType %ls, 0x%lx

SXS: %s() Bad lpAssemblyDirectory PathType %ls, 0x%lx

SXS: %s() bad wProcessorArchitecture 0x%x

SXS: %s() bad wProcessorArchitecture 0x%x

SXS: Invalid parameter(s) passed to FindActCtxSection*()

SXS: Invalid parameter(s) passed to FindActCtxSection*()

->cbSize = %u

->cbSize = %u

SXS: %s() CsrCaptureMessageMultiUnicodeStringsInPlace failed

SXS: %s() CsrCaptureMessageMultiUnicodeStringsInPlace failed

QSSSSh

QSSSSh

\twain_32.dll

\twain_32.dll

ReportFault

ReportFault

SXS: %s() NtCreateSection() failed

SXS: %s() NtCreateSection() failed

SXS: %s() NtOpenFile(%wZ) failed

SXS: %s() NtOpenFile(%wZ) failed

SXS: %s() Null %p or size 0x%lx too small

SXS: %s() Null %p or size 0x%lx too small

SXS: %s() Bad flags/size 0x%lx/0x%lx

SXS: %s() Bad flags/size 0x%lx/0x%lx

.debug

.debug

.reloc

.reloc

.rsrc1

.rsrc1

.rsrc

.rsrc

|wzcsapi.dll

|wzcsapi.dll

wzcdlg.dll

wzcdlg.dll

wtsapi32.dll

wtsapi32.dll

ws2_32.dll

ws2_32.dll

wmvcore.dll

wmvcore.dll

wmi.dll

wmi.dll

wldap32.dll

wldap32.dll

wintrust.dll

wintrust.dll

winsta.dll

winsta.dll

winspool.drv

winspool.drv

winscard.dll

winscard.dll

winmm.dll

winmm.dll

wininet.dll

wininet.dll

winhttp.dll

winhttp.dll

version.dll

version.dll

uxtheme.dll

uxtheme.dll

utildll.dll

utildll.dll

usp10.dll

usp10.dll

userenv.dll

userenv.dll

user32.dll

user32.dll

urlmon.dll

urlmon.dll

tapi32.dll

tapi32.dll

syssetup.dll

syssetup.dll

sti.dll

sti.dll

shsvcs.dll

shsvcs.dll

shlwapi.dll

shlwapi.dll

shell32.dll

shell32.dll

shdocvw.dll

shdocvw.dll

sfc.dll

sfc.dll

setupapi.dll

setupapi.dll

secur32.dll

secur32.dll

scecli.dll

scecli.dll

samlib.dll

samlib.dll

rtutils.dll

rtutils.dll

rpcrt4.dll

rpcrt4.dll

regapi.dll

regapi.dll

rasman.dll

rasman.dll

rasdlg.dll

rasdlg.dll

rasapi32.dll

rasapi32.dll

query.dll

query.dll

pstorec.dll

pstorec.dll

psapi.dll

psapi.dll

printui.dll

printui.dll

powrprof.dll

powrprof.dll

pidgen.dll

pidgen.dll

pautoenr.dll

pautoenr.dll

oleaut32.dll

oleaut32.dll

oleacc.dll

oleacc.dll

ole32.dll

ole32.dll

odbc32.dll

odbc32.dll

ocmanage.dll

ocmanage.dll

ntmarta.dll

ntmarta.dll

ntlsapi.dll

ntlsapi.dll

ntlanman.dll

ntlanman.dll

ntdsapi.dll

ntdsapi.dll

ntdsa.dll

ntdsa.dll

netshell.dll

netshell.dll

netrap.dll

netrap.dll

netplwiz.dll

netplwiz.dll

netman.dll

netman.dll

netcfgx.dll

netcfgx.dll

netapi32.dll

netapi32.dll

mswsock.dll

mswsock.dll

mssign32.dll

mssign32.dll

msrating.dll

msrating.dll

msimg32.dll

msimg32.dll

msi.dll

msi.dll

mshtml.dll

mshtml.dll

msgina.dll

msgina.dll

mscat32.dll

mscat32.dll

msacm32.dll

msacm32.dll

mprui.dll

mprui.dll

mprapi.dll

mprapi.dll

mpr.dll

mpr.dll

mobsync.dll

mobsync.dll

mlang.dll

mlang.dll

lz32.dll

lz32.dll

linkinfo.dll

linkinfo.dll

keymgr.dll

keymgr.dll

kdcsvc.dll

kdcsvc.dll

iphlpapi.dll

iphlpapi.dll

inetcomm.dll

inetcomm.dll

imm32.dll

imm32.dll

imgutil.dll

imgutil.dll

imagehlp.dll

imagehlp.dll

hnetcfg.dll

hnetcfg.dll

gdiplus.dll

gdiplus.dll

gdi32.dll

gdi32.dll

esent.dll

esent.dll

efsadu.dll

efsadu.dll

duser.dll

duser.dll

dnsapi.dll

dnsapi.dll

dhcpcsvc.dll

dhcpcsvc.dll

devmgr.dll

devmgr.dll

ddraw.dll

ddraw.dll

d3dxof.dll

d3dxof.dll

cscdll.dll

cscdll.dll

cryptui.dll

cryptui.dll

crypt32.dll

crypt32.dll

credui.dll

credui.dll

comdlg32.dll

comdlg32.dll

comctl32.dll

comctl32.dll

certcli.dll

certcli.dll

cdfview.dll

cdfview.dll

cabinet.dll

cabinet.dll

browseui.dll

browseui.dll

authz.dll

authz.dll

apphelp.dll

apphelp.dll

advpack.dll

advpack.dll

activeds.dll

activeds.dll

WinStationIsHelpAssistantSession

WinStationIsHelpAssistantSession

WinStationEnumerate_IndexedW

WinStationEnumerate_IndexedW

|UnlockUrlCacheEntryStream

|UnlockUrlCacheEntryStream

UnlockUrlCacheEntryFileW

UnlockUrlCacheEntryFileW

UnlockUrlCacheEntryFileA

UnlockUrlCacheEntryFileA

SetUrlCacheEntryInfoW

SetUrlCacheEntryInfoW

SetUrlCacheEntryGroupW

SetUrlCacheEntryGroupW

SetUrlCacheConfigInfoA

SetUrlCacheConfigInfoA

RetrieveUrlCacheEntryStreamW

RetrieveUrlCacheEntryStreamW

RetrieveUrlCacheEntryFileW

RetrieveUrlCacheEntryFileW

RetrieveUrlCacheEntryFileA

RetrieveUrlCacheEntryFileA

RegisterUrlCacheNotification

RegisterUrlCacheNotification

ReadUrlCacheEntryStream

ReadUrlCacheEntryStream

LoadUrlCacheContent

LoadUrlCacheContent

IsHostInProxyBypassList

IsHostInProxyBypassList

InternetShowSecurityInfoByURLW

InternetShowSecurityInfoByURLW

InternetOpenUrlW

InternetOpenUrlW

InternetOpenUrlA

InternetOpenUrlA

InternetCreateUrlW

InternetCreateUrlW

InternetCreateUrlA

InternetCreateUrlA

InternetCrackUrlW

InternetCrackUrlW

InternetCrackUrlA

InternetCrackUrlA

InternetCombineUrlW

InternetCombineUrlW

InternetCanonicalizeUrlW

InternetCanonicalizeUrlW

InternetCanonicalizeUrlA

InternetCanonicalizeUrlA

HttpSendRequestW

HttpSendRequestW

HttpSendRequestExW

HttpSendRequestExW

HttpSendRequestExA

HttpSendRequestExA

HttpSendRequestA

HttpSendRequestA

HttpQueryInfoW

HttpQueryInfoW

HttpQueryInfoA

HttpQueryInfoA

HttpOpenRequestW

HttpOpenRequestW

HttpOpenRequestA

HttpOpenRequestA

HttpEndRequestW

HttpEndRequestW

HttpEndRequestA

HttpEndRequestA

HttpAddRequestHeadersW

HttpAddRequestHeadersW

HttpAddRequestHeadersA

HttpAddRequestHeadersA

GetUrlCacheEntryInfoW

GetUrlCacheEntryInfoW

GetUrlCacheEntryInfoExW

GetUrlCacheEntryInfoExW

GetUrlCacheEntryInfoExA

GetUrlCacheEntryInfoExA

GetUrlCacheEntryInfoA

GetUrlCacheEntryInfoA

GetUrlCacheConfigInfoW

GetUrlCacheConfigInfoW

GetUrlCacheConfigInfoA

GetUrlCacheConfigInfoA

FtpSetCurrentDirectoryW

FtpSetCurrentDirectoryW

FtpSetCurrentDirectoryA

FtpSetCurrentDirectoryA

FtpRenameFileA

FtpRenameFileA

FtpRemoveDirectoryA

FtpRemoveDirectoryA

FtpPutFileEx

FtpPutFileEx

FtpOpenFileW

FtpOpenFileW

FtpOpenFileA

FtpOpenFileA

FtpGetFileSize

FtpGetFileSize

FtpGetFileEx

FtpGetFileEx

FtpGetCurrentDirectoryW

FtpGetCurrentDirectoryW

FtpGetCurrentDirectoryA

FtpGetCurrentDirectoryA

FtpFindFirstFileW

FtpFindFirstFileW

FtpFindFirstFileA

FtpFindFirstFileA

FtpDeleteFileW

FtpDeleteFileW

FtpDeleteFileA

FtpDeleteFileA

FtpCreateDirectoryW

FtpCreateDirectoryW

FtpCreateDirectoryA

FtpCreateDirectoryA

FtpCommandA

FtpCommandA

FreeUrlCacheSpaceW

FreeUrlCacheSpaceW

FindNextUrlCacheEntryW

FindNextUrlCacheEntryW

FindNextUrlCacheEntryExW

FindNextUrlCacheEntryExW

FindNextUrlCacheEntryExA

FindNextUrlCacheEntryExA

FindNextUrlCacheEntryA

FindNextUrlCacheEntryA

FindNextUrlCacheContainerW

FindNextUrlCacheContainerW

FindNextUrlCacheContainerA

FindNextUrlCacheContainerA

FindFirstUrlCacheEntryW

FindFirstUrlCacheEntryW

FindFirstUrlCacheEntryExW

FindFirstUrlCacheEntryExW

FindFirstUrlCacheEntryExA

FindFirstUrlCacheEntryExA

FindFirstUrlCacheEntryA

FindFirstUrlCacheEntryA

FindFirstUrlCacheContainerW

FindFirstUrlCacheContainerW

FindFirstUrlCacheContainerA

FindFirstUrlCacheContainerA

FindCloseUrlCache

FindCloseUrlCache

DeleteUrlCacheGroup

DeleteUrlCacheGroup

DeleteUrlCacheEntryW

DeleteUrlCacheEntryW

DeleteUrlCacheEntryA

DeleteUrlCacheEntryA

DeleteUrlCacheContainerA

DeleteUrlCacheContainerA

CreateUrlCacheGroup

CreateUrlCacheGroup

CreateUrlCacheEntryW

CreateUrlCacheEntryW

CreateUrlCacheEntryA

CreateUrlCacheEntryA

CreateUrlCacheContainerW

CreateUrlCacheContainerW

CreateUrlCacheContainerA

CreateUrlCacheContainerA

CommitUrlCacheEntryW

CommitUrlCacheEntryW

CommitUrlCacheEntryA

CommitUrlCacheEntryA

|WinHttpSetTimeouts

|WinHttpSetTimeouts

WinHttpSetStatusCallback

WinHttpSetStatusCallback

WinHttpSendRequest

WinHttpSendRequest

WinHttpReceiveResponse

WinHttpReceiveResponse

WinHttpQueryHeaders

WinHttpQueryHeaders

WinHttpOpenRequest

WinHttpOpenRequest

WinHttpOpen

WinHttpOpen

WinHttpCrackUrl

WinHttpCrackUrl

WinHttpConnect

WinHttpConnect

WinHttpCloseHandle

WinHttpCloseHandle

|UrlMkSetSessionOption

|UrlMkSetSessionOption

UrlMkGetSessionOption

UrlMkGetSessionOption

URLOpenBlockingStreamW

URLOpenBlockingStreamW

URLDownloadToFileW

URLDownloadToFileW

URLDownloadToCacheFileW

URLDownloadToCacheFileW

IsValidURL

IsValidURL

GetMarkOfTheWeb

GetMarkOfTheWeb

CreateURLMoniker

CreateURLMoniker

CoInternetParseUrl

CoInternetParseUrl

CoInternetIsFeatureEnabledForUrl

CoInternetIsFeatureEnabledForUrl

CoInternetGetSecurityUrl

CoInternetGetSecurityUrl

CoInternetCombineUrl

CoInternetCombineUrl

SceSetupUpdateSecurityKey

SceSetupUpdateSecurityKey

RasShareConnection

RasShareConnection

RasIsSharedConnection

RasIsSharedConnection

DsMakePasswordCredentialsW

DsMakePasswordCredentialsW

DsFreePasswordCredentials

DsFreePasswordCredentials

|NetpUpgradePreNT5JoinInfo

|NetpUpgradePreNT5JoinInfo

NetUserChangePassword

NetUserChangePassword

NetUnjoinDomain

NetUnjoinDomain

NetJoinDomain

NetJoinDomain

NetGetJoinInformation

NetGetJoinInformation

|SpcGetCertFromKey

|SpcGetCertFromKey

GetCryptProvFromCert

GetCryptProvFromCert

FreeCryptProvFromCert

FreeCryptProvFromCert

|ShowModelessHTMLDialog

|ShowModelessHTMLDialog

MPRUI_DoPasswordDialog

MPRUI_DoPasswordDialog

PRShowSaveFromMsginaW

PRShowSaveFromMsginaW

PRShowRestoreFromMsginaW

PRShowRestoreFromMsginaW

KRShowKeyMgr

KRShowKeyMgr

GetUdpStatistics

GetUdpStatistics

GetTcpStatistics

GetTcpStatistics

|IcfGetOperationalMode

|IcfGetOperationalMode

SetViewportOrgEx

SetViewportOrgEx

SetViewportExtEx

SetViewportExtEx

JetMakeKey

JetMakeKey

CryptUIDlgViewCertificateW

CryptUIDlgViewCertificateW

CryptVerifyCertificateSignature

CryptVerifyCertificateSignature

CryptSignAndEncodeCertificate

CryptSignAndEncodeCertificate

CryptMsgGetParam

CryptMsgGetParam

CryptMsgGetAndVerifySigner

CryptMsgGetAndVerifySigner

CryptMsgClose

CryptMsgClose

CryptImportPublicKeyInfoEx

CryptImportPublicKeyInfoEx

CryptImportPublicKeyInfo

CryptImportPublicKeyInfo

CryptHashPublicKeyInfo

CryptHashPublicKeyInfo

CryptExportPublicKeyInfo

CryptExportPublicKeyInfo

CertVerifySubjectCertificateContext

CertVerifySubjectCertificateContext

CertVerifyCertificateChainPolicy

CertVerifyCertificateChainPolicy

CertStrToNameW

CertStrToNameW

CertSetCertificateContextProperty

CertSetCertificateContextProperty

CertRegisterPhysicalStore

CertRegisterPhysicalStore

CertRDNValueToStrW

CertRDNValueToStrW

CertOpenSystemStoreW

CertOpenSystemStoreW

CertOpenStore

CertOpenStore

CertNameToStrW

CertNameToStrW

CertGetPublicKeyLength

CertGetPublicKeyLength

CertGetNameStringW

CertGetNameStringW

CertGetIssuerCertificateFromStore

CertGetIssuerCertificateFromStore

CertGetEnhancedKeyUsage

CertGetEnhancedKeyUsage

CertGetCertificateContextProperty

CertGetCertificateContextProperty

CertGetCertificateChain

CertGetCertificateChain

CertFreeCertificateContext

CertFreeCertificateContext

CertFreeCertificateChain

CertFreeCertificateChain

CertFreeCTLContext

CertFreeCTLContext

CertFindSubjectInCTL

CertFindSubjectInCTL

CertFindExtension

CertFindExtension

CertFindCertificateInStore

CertFindCertificateInStore

CertFindCTLInStore

CertFindCTLInStore

CertEnumCertificatesInStore

CertEnumCertificatesInStore

CertDuplicateCertificateContext

CertDuplicateCertificateContext

CertDuplicateCTLContext

CertDuplicateCTLContext

CertDeleteCertificateFromStore

CertDeleteCertificateFromStore

CertCreateCertificateContext

CertCreateCertificateContext

CertCreateCTLContext

CertCreateCTLContext

CertControlStore

CertControlStore

CertCompareCertificateName

CertCompareCertificateName

CertCloseStore

CertCloseStore

CertAddCertificateContextToStore

CertAddCertificateContextToStore

CredUICmdLinePromptForCredentialsW

CredUICmdLinePromptForCredentialsW

SSSSh

SSSSh

PSSSSSSh

PSSSSSSh

t.PSW

t.PSW

mem16.dll

mem16.dll

ImpersonateNamedPipeClient

ImpersonateNamedPipeClient

VWSSh

VWSSh

t.hlt

t.hlt

hypertrm.exe"

hypertrm.exe"

hypertrm.exe

hypertrm.exe

.exr (exception record)

.exr (exception record)

.cxr (context record)

.cxr (context record)

serialui.dll

serialui.dll

mekr386.exe

mekr386.exe

PVWSSh

PVWSSh

SXS: %s() BaseDllMapResourceIdA failed

SXS: %s() BaseDllMapResourceIdA failed

-. "%ls" %ld

-. "%ls" %ld

(LRU) (Exe Name) (FileSize)

(LRU) (Exe Name) (FileSize)

Total Entries = 0x%x

Total Entries = 0x%x

xpsp2res.dll

xpsp2res.dll

xpsp3res.dll

xpsp3res.dll

?456789:;

?456789:;

!"#$%&'()* ,-./0123

!"#$%&'()* ,-./0123

|CertAutoEnrollment

|CertAutoEnrollment

VSSHP

VSSHP

ntdll.dll

ntdll.dll

NtQueryValueKey

NtQueryValueKey

NtOpenKey

NtOpenKey

NtFlushKey

NtFlushKey

NtSetValueKey

NtSetValueKey

NtCreateKey

NtCreateKey

NtEnumerateKey

NtEnumerateKey

NtEnumerateValueKey

NtEnumerateValueKey

RtlFormatCurrentUserKeyPath

RtlFormatCurrentUserKeyPath

NtQueryKey

NtQueryKey

NtDeleteValueKey

NtDeleteValueKey

RtlGetProcessHeaps

RtlGetProcessHeaps

NtCreateNamedPipeFile

NtCreateNamedPipeFile

NtSetThreadExecutionState

NtSetThreadExecutionState

LdrQueryImageFileExecutionOptions

LdrQueryImageFileExecutionOptions

NtDelayExecution

NtDelayExecution

NtYieldExecution

NtYieldExecution

kernel32.pdb

kernel32.pdb

0!1'1;1|1

0!1'1;1|1

;,

;,

67

67

2,242

2,242

: :$:(:,:0:4:8:<:>

: :$:(:,:0:4:8:<:>

8 8$8(8,8084888

8 8$8(8,8084888

$0(040:0

$0(040:0

1!202

1!202

4 4$4(4,4044484

4 4$4(4,4044484

sShortDate

sShortDate

win.ini

win.ini

.Config

.Config

.Manifest

.Manifest

\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers

\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers

\Windows

\Windows

\NLS\NlsSectionSortkey

\NLS\NlsSectionSortkey

\system32\Apphelp.dll

\system32\Apphelp.dll

\Registry\MACHINE\System\CurrentControlSet\Control\Session Manager\AppCertDlls

\Registry\MACHINE\System\CurrentControlSet\Control\Session Manager\AppCertDlls

\Registry\Machine\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

\Registry\Machine\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

ADVAPI32.DLL

ADVAPI32.DLL

\\.\MountPointManager

\\.\MountPointManager

\Registry\Machine\System\CurrentControlSet\Services\Tcpip\Parameters

\Registry\Machine\System\CurrentControlSet\Services\Tcpip\Parameters

hotkey.%u %s

hotkey.%u %s

wowexec.pif

wowexec.pif

cmd /c

cmd /c

hotkey.

hotkey.

setup.exe

setup.exe

\DosDevices\pipe\

\DosDevices\pipe\

\\.\pipe\

\\.\pipe\

\REGISTRY\USER\.DEFAULT

\REGISTRY\USER\.DEFAULT

WUSER32.DLL

WUSER32.DLL

~RF%4x.TMP

~RF%4x.TMP

netmsg.dll

netmsg.dll

pipe\

pipe\

c:\temp\

c:\temp\

EmbdTrst.DLL

EmbdTrst.DLL

\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

%ws%u\DosDevices\%ws

%ws%u\DosDevices\%ws

WINDOWS

WINDOWS

\\?\GLOBALROOT

\\?\GLOBALROOT

Application.Manifest

Application.Manifest

"/\[]:| =;,?

"/\[]:| =;,?

\REGISTRY\Machine\Software\Microsoft\Windows NT\currentVersion\Time Zones

\REGISTRY\Machine\Software\Microsoft\Windows NT\currentVersion\Time Zones

\Registry\Machine\Software\Policies\Microsoft\Windows\System

\Registry\Machine\Software\Policies\Microsoft\Windows\System

AppCertDlls

AppCertDlls

tsappcmp.dll

tsappcmp.dll

\inifile.upd

\inifile.upd

t\Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion\AeDebug

t\Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion\AeDebug

DRMHeader.SubscriptionContentID

DRMHeader.SubscriptionContentID

DRMHeader.ContentDistributor

DRMHeader.ContentDistributor

DRMHeader.SECURITYVERSION

DRMHeader.SECURITYVERSION

DRMHeader.CID

DRMHeader.CID

DRMHeader.LAINFO

DRMHeader.LAINFO

DRMHeader.KID

DRMHeader.KID

LicenseStateData.Transfer.NONSDMI

LicenseStateData.Transfer.NONSDMI

LicenseStateData.Transfer.SDMI

LicenseStateData.Transfer.SDMI

LicenseStateData.Print.redbook

LicenseStateData.Print.redbook

LicenseStateData.Play

LicenseStateData.Play

ActionAllowed.Backup

ActionAllowed.Backup

ActionAllowed.Transfer.NONSDMI

ActionAllowed.Transfer.NONSDMI

ActionAllowed.Transfer.SDMI

ActionAllowed.Transfer.SDMI

ActionAllowed.Print.redbook

ActionAllowed.Print.redbook

ActionAllowed.Play

ActionAllowed.Play

BaseLAURL

BaseLAURL

Transfer.NONSDMI

Transfer.NONSDMI

Transfer.SDMI

Transfer.SDMI

Print.redbook

Print.redbook

Software\Microsoft\Windows NT\CurrentVersion\Time Zones

Software\Microsoft\Windows NT\CurrentVersion\Time Zones

TimeZoneKeyName

TimeZoneKeyName

PendingFileRenameOperations%d

PendingFileRenameOperations%d

PendingFileRenameOperations

PendingFileRenameOperations

%s\system32\

%s\system32\

\system32\faultrep.dll

\system32\faultrep.dll

mwowcmdline

mwowcmdline

cmdline

cmdline

CONSOLE.DLL

CONSOLE.DLL

conime.exe

conime.exe

\Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion\Console

\Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion\Console

\INF\INTL.INF

\INF\INTL.INF

DNSAPI.DLL

DNSAPI.DLL

cfgmgr32.dll

cfgmgr32.dll

The operation completed successfully.

The operation completed successfully.

Not enough storage is available to complete this operation.

Not enough storage is available to complete this operation.

The process cannot access the file because another process has locked a portion of the file.

The process cannot access the file because another process has locked a portion of the file.

The request is not supported.

The request is not supported.

Windows cannot find the network path. Verify that the network path is correct and the destination computer is not busy or turned off. If Windows still cannot find the network path, contact your network administrator.

Windows cannot find the network path. Verify that the network path is correct and the destination computer is not busy or turned off. If Windows still cannot find the network path, contact your network administrator.

The specified server cannot perform the requested operation.

The specified server cannot perform the requested operation.

The specified network password is not correct.

The specified network password is not correct.

The pipe has been ended.

The pipe has been ended.

The system does not support the command requested.

The system does not support the command requested.

This function is not supported on this system.

This function is not supported on this system.

The data area passed to a system call is too small.

The data area passed to a system call is too small.

Attempt to use a file handle to an open disk partition for an operation other than raw disk I/O.

Attempt to use a file handle to an open disk partition for an operation other than raw disk I/O.

A JOIN or SUBST command cannot be used for a drive that contains previously joined drives.

A JOIN or SUBST command cannot be used for a drive that contains previously joined drives.

An attempt was made to use a JOIN or SUBST command on a drive that has already been joined.

An attempt was made to use a JOIN or SUBST command on a drive that has already been joined.

An attempt was made to use a JOIN or SUBST command on a drive that has already been substituted.

An attempt was made to use a JOIN or SUBST command on a drive that has already been substituted.

The system tried to delete the JOIN of a drive that is not joined.

The system tried to delete the JOIN of a drive that is not joined.

The system tried to join a drive to a directory on a joined drive.

The system tried to join a drive to a directory on a joined drive.

The system tried to join a drive to a directory on a substituted drive.

The system tried to join a drive to a directory on a substituted drive.

The system tried to SUBST a drive to a directory on a joined drive.

The system tried to SUBST a drive to a directory on a joined drive.

The system cannot perform a JOIN or SUBST at this time.

The system cannot perform a JOIN or SUBST at this time.

The system cannot join or substitute a drive to or for a directory on the same drive.

The system cannot join or substitute a drive to or for a directory on the same drive.

An attempt was made to join or substitute a drive for which a directory on the drive is the target of a previous substitute.

An attempt was made to join or substitute a drive for which a directory on the drive is the target of a previous substitute.

System trace information was not specified in your CONFIG.SYS file, or tracing is disallowed.

System trace information was not specified in your CONFIG.SYS file, or tracing is disallowed.

DosMuxSemWait did not execute; too many semaphores are already set.

DosMuxSemWait did not execute; too many semaphores are already set.

The file system does not support atomic changes to the lock type.

The file system does not support atomic changes to the lock type.

The operating system cannot run %1.

The operating system cannot run %1.

The flag passed is not correct.

The flag passed is not correct.

The operating system cannot run this application program.

The operating system cannot run this application program.

The operating system is not presently configured to run this application.

The operating system is not presently configured to run this application.

The pipe state is invalid.

The pipe state is invalid.

All pipe instances are busy.

All pipe instances are busy.

The pipe is being closed.

The pipe is being closed.

No process is on the other end of the pipe.

No process is on the other end of the pipe.

The wait operation timed out.

The wait operation timed out.

The mounted file system does not support extended attributes.

The mounted file system does not support extended attributes.

The volume is too fragmented to complete this operation.

The volume is too fragmented to complete this operation.

There is a process on other end of the pipe.

There is a process on other end of the pipe.

Waiting for a process to open the other end of the pipe.

Waiting for a process to open the other end of the pipe.

The I/O operation has been aborted because of either a thread exit or an application request.

The I/O operation has been aborted because of either a thread exit or an application request.

Overlapped I/O operation is in progress.

Overlapped I/O operation is in progress.

Error performing inpage operation.

Error performing inpage operation.

The requested operation cannot be performed in full-screen mode.

The requested operation cannot be performed in full-screen mode.

The configuration registry key is invalid.

The configuration registry key is invalid.

The configuration registry key could not be opened.

The configuration registry key could not be opened.

The configuration registry key could not be read.

The configuration registry key could not be read.

The configuration registry key could not be written.

The configuration registry key could not be written.

An I/O operation initiated by the registry failed unrecoverably. The registry could not read in, or write out, or flush, one of the files that contain the system's image of the registry.

An I/O operation initiated by the registry failed unrecoverably. The registry could not read in, or write out, or flush, one of the files that contain the system's image of the registry.

Illegal operation attempted on a registry key that has been marked for deletion.

Illegal operation attempted on a registry key that has been marked for deletion.

Cannot create a symbolic link in a registry key that already has subkeys or values.

Cannot create a symbolic link in a registry key that already has subkeys or values.

Cannot create a stable subkey under a volatile parent key.

Cannot create a stable subkey under a volatile parent key.

The account name is invalid or does not exist, or the password is invalid for the account name specified.

The account name is invalid or does not exist, or the password is invalid for the account name specified.

The executable program that this service is configured to run in does not implement the service.

The executable program that this service is configured to run in does not implement the service.

A serial I/O operation was completed by another write to the serial port.

A serial I/O operation was completed by another write to the serial port.

A serial I/O operation completed because the timeout period expired.

A serial I/O operation completed because the timeout period expired.

The floppy disk controller reported an error that is not recognized by the floppy disk driver.

The floppy disk controller reported an error that is not recognized by the floppy disk driver.

While accessing the hard disk, a recalibrate operation failed, even after retries.

While accessing the hard disk, a recalibrate operation failed, even after retries.

While accessing the hard disk, a disk operation failed even after retries.

While accessing the hard disk, a disk operation failed even after retries.

An attempt was made to create more links on a file than the file system supports.

An attempt was made to create more links on a file than the file system supports.

The specified program requires a newer version of Windows.

The specified program requires a newer version of Windows.

The specified program is not a Windows or MS-DOS program.

The specified program is not a Windows or MS-DOS program.

The specified program was written for an earlier version of Windows.

The specified program was written for an earlier version of Windows.

No application is associated with the specified file for this operation.

No application is associated with the specified file for this operation.

The message can be used only with synchronous operations.

The message can be used only with synchronous operations.

The device has indicated that cleaning is required before further operations are attempted.

The device has indicated that cleaning is required before further operations are attempted.

There was no match for the specified key in the index.

There was no match for the specified key in the index.

The point passed to GetMouseMovePoints is not in the buffer.

The point passed to GetMouseMovePoints is not in the buffer.

The format of the specified password is invalid.

The format of the specified password is invalid.

The operation was canceled by the user.

The operation was canceled by the user.

The requested operation cannot be performed on a file with a user-mapped section open.

The requested operation cannot be performed on a file with a user-mapped section open.

The network transport endpoint already has an address associated with it.

The network transport endpoint already has an address associated with it.

An operation was attempted on a nonexistent network connection.

An operation was attempted on a nonexistent network connection.

An invalid operation was attempted on an active network connection.

An invalid operation was attempted on an active network connection.

The network location cannot be reached. For information about network troubleshooting, see Windows Help.

The network location cannot be reached. For information about network troubleshooting, see Windows Help.

No service is operating at the destination network endpoint on the remote system.

No service is operating at the destination network endpoint on the remote system.

The operation could not be completed. A retry should be performed.

The operation could not be completed. A retry should be performed.

The network address could not be used for the operation requested.

The network address could not be used for the operation requested.

The operation being requested was not performed because the user has not been authenticated.

The operation being requested was not performed because the user has not been authenticated.

The operation being requested was not performed because the user has not logged on to the network.

The operation being requested was not performed because the user has not logged on to the network.

An attempt was made to perform an initialization operation when initialization has already been completed.

An attempt was made to perform an initialization operation when initialization has already been completed.

This operation is supported only when you are connected to the server.

This operation is supported only when you are connected to the server.

This operation is not supported on a Microsoft Small Business Server

This operation is not supported on a Microsoft Small Business Server

The remote system is not available. For information about network troubleshooting, see Windows Help.

The remote system is not available. For information about network troubleshooting, see Windows Help.

Windows cannot open this program because it has been prevented by a software restriction policy. For more information, open Event Viewer or contact your system administrator.

Windows cannot open this program because it has been prevented by a software restriction policy. For more information, open Event Viewer or contact your system administrator.

KDC certificate during smartcard logon.

KDC certificate during smartcard logon.

The smartcard certificate used for authentication has been revoked.

The smartcard certificate used for authentication has been revoked.

An untrusted certificate authority was detected While processing the

An untrusted certificate authority was detected While processing the

smartcard certificate used for authentication. Please contact your system

smartcard certificate used for authentication. Please contact your system

The revocation status of the smartcard certificate used for

The revocation status of the smartcard certificate used for

The smartcard certificate used for authentication was not trusted. Please

The smartcard certificate used for authentication was not trusted. Please

The smartcard certificate used for authentication has expired. Please

The smartcard certificate used for authentication has expired. Please

A dynamic link library (DLL) referenced a module that was neither a DLL nor the process's executable image.

A dynamic link library (DLL) referenced a module that was neither a DLL nor the process's executable image.

No encryption key is available. A well-known encryption key was returned.

No encryption key is available. A well-known encryption key was returned.

The password is too complex to be converted to a LAN Manager password. The LAN Manager password returned is a NULL string.

The password is too complex to be converted to a LAN Manager password. The LAN Manager password returned is a NULL string.

An attempt has been made to operate on an impersonation token by a thread that is not currently impersonating a client.

An attempt has been made to operate on an impersonation token by a thread that is not currently impersonating a client.

Unable to update the password. The value provided as the current password is incorrect.

Unable to update the password. The value provided as the current password is incorrect.

Unable to update the password. The value provided for the new password contains values that are not allowed in passwords.

Unable to update the password. The value provided for the new password contains values that are not allowed in passwords.

Unable to update the password. The value provided for the new password does not meet the length, complexity, or history requirement of the domain.

Unable to update the password. The value provided for the new password does not meet the length, complexity, or history requirement of the domain.

Logon failure: unknown user name or bad password.

Logon failure: unknown user name or bad password.

Logon failure: user account restriction. Possible reasons are blank passwords not allowed, logon hour restrictions, or a policy restriction has been enforced.

Logon failure: user account restriction. Possible reasons are blank passwords not allowed, logon hour restrictions, or a policy restriction has been enforced.

Logon failure: the specified account password has expired.

Logon failure: the specified account password has expired.

Unable to perform a security operation on an object that has no associated security.

Unable to perform a security operation on an object that has no associated security.

The security account manager (SAM) or local security authority (LSA) server was in the wrong state to perform the security operation.

The security account manager (SAM) or local security authority (LSA) server was in the wrong state to perform the security operation.

The domain was in the wrong state to perform the security operation.

The domain was in the wrong state to perform the security operation.

This operation is only allowed for the Primary Domain Controller of the domain.

This operation is only allowed for the Primary Domain Controller of the domain.

Unable to complete the requested operation because of either a catastrophic media failure or a data structure corruption on the disk.

Unable to complete the requested operation because of either a catastrophic media failure or a data structure corruption on the disk.

The logon session is not in a state that is consistent with the requested operation.

The logon session is not in a state that is consistent with the requested operation.

Unable to impersonate using a named pipe until data has been read from that pipe.

Unable to impersonate using a named pipe until data has been read from that pipe.

The transaction state of a registry subtree is incompatible with the requested operation.

The transaction state of a registry subtree is incompatible with the requested operation.

Cannot perform this operation on built-in accounts.

Cannot perform this operation on built-in accounts.

Cannot perform this operation on this built-in special group.

Cannot perform this operation on this built-in special group.

Cannot perform this operation on this built-in special user.

Cannot perform this operation on this built-in special user.

A cross-encrypted password is necessary to change a user password.

A cross-encrypted password is necessary to change a user password.

A cross-encrypted password is necessary to change this user password.

A cross-encrypted password is necessary to change this user password.

There is no user session key for the specified logon session.

There is no user session key for the specified logon session.

Mutual Authentication failed. The server's password is out of date at the domain controller.

Mutual Authentication failed. The server's password is out of date at the domain controller.

This operation can not be performed on the current domain.

This operation can not be performed on the current domain.

Hot key is already registered.

Hot key is already registered.

Class still has open windows.

Class still has open windows.

Hot key is not registered.

Hot key is not registered.

This list box does not support tab stops.

This list box does not support tab stops.

Child windows cannot have menus.

Child windows cannot have menus.

All handles to windows in a multiple-window position structure must have the same parent.

All handles to windows in a multiple-window position structure must have the same parent.

The paging file is too small for this operation to complete.

The paging file is too small for this operation to complete.

Invalid keyboard layout handle.

Invalid keyboard layout handle.

This operation requires an interactive window station.

This operation requires an interactive window station.

This operation returned because the timeout period expired.

This operation returned because the timeout period expired.

The event log file has changed between read operations.

The event log file has changed between read operations.

The Windows Installer Service could not be accessed. This can occur if you are running Windows in safe mode, or if the Windows Installer is not correctly installed. Contact your support personnel for assistance.

The Windows Installer Service could not be accessed. This can occur if you are running Windows in safe mode, or if the Windows Installer is not correctly installed. Contact your support personnel for assistance.

The configuration data for this product is corrupt. Contact your support personnel.

The configuration data for this product is corrupt. Contact your support personnel.

This installation package cannot be installed by the Windows Installer service. You must install a Windows service pack that contains a newer version of the Windows Installer service.

This installation package cannot be installed by the Windows Installer service. You must install a Windows service pack that contains a newer version of the Windows Installer service.

SQL query syntax invalid or unsupported.

SQL query syntax invalid or unsupported.

This installation package could not be opened. Verify that the package exists and that you can access it, or contact the application vendor to verify that this is a valid Windows Installer package.

This installation package could not be opened. Verify that the package exists and that you can access it, or contact the application vendor to verify that this is a valid Windows Installer package.

This installation package could not be opened. Contact the application vendor to verify that this is a valid Windows Installer package.

This installation package could not be opened. Contact the application vendor to verify that this is a valid Windows Installer package.

There was an error starting the Windows Installer service user interface. Contact your support personnel.

There was an error starting the Windows Installer service user interface. Contact your support personnel.

The language of this installation package is not supported by your system.

The language of this installation package is not supported by your system.

Function could not be executed.

Function could not be executed.

Function failed during execution.

Function failed during execution.

Data of this type is not supported.

Data of this type is not supported.

The Windows Installer service failed to start. Contact your support personnel.

The Windows Installer service failed to start. Contact your support personnel.

This installation package is not supported by this processor type. Contact your product vendor.

This installation package is not supported by this processor type. Contact your product vendor.

This patch package could not be opened. Verify that the patch package exists and that you can access it, or contact the application vendor to verify that this is a valid Windows Installer patch package.

This patch package could not be opened. Verify that the patch package exists and that you can access it, or contact the application vendor to verify that this is a valid Windows Installer patch package.

This patch package could not be opened. Contact the application vendor to verify that this is a valid Windows Installer patch package.

This patch package could not be opened. Contact the application vendor to verify that this is a valid Windows Installer patch package.

This patch package cannot be processed by the Windows Installer service. You must install a Windows service pack that contains a newer version of the Windows Installer service.

This patch package cannot be processed by the Windows Installer service. You must install a Windows service pack that contains a newer version of the Windows Installer service.

Invalid command line argument. Consult the Windows Installer SDK for detailed command line help.

Invalid command line argument. Consult the Windows Installer SDK for detailed command line help.

The requested operation completed successfully. The system will be restarted so the changes can take effect.

The requested operation completed successfully. The system will be restarted so the changes can take effect.

The upgrade patch cannot be installed by the Windows Installer service because the program to be upgraded may be missing, or the upgrade patch may update a different version of the program. Verify that the program to be upgraded exists on your computer an

The upgrade patch cannot be installed by the Windows Installer service because the program to be upgraded may be missing, or the upgrade patch may update a different version of the program. Verify that the program to be upgraded exists on your computer an

The RPC protocol sequence is not supported.

The RPC protocol sequence is not supported.

Not enough resources are available to complete this operation.

Not enough resources are available to complete this operation.

The RPC server is too busy to complete this operation.

The RPC server is too busy to complete this operation.

The remote procedure call failed and did not execute.

The remote procedure call failed and did not execute.

The transfer syntax is not supported by the RPC server.

The transfer syntax is not supported by the RPC server.

The universal unique identifier (UUID) type is not supported.

The universal unique identifier (UUID) type is not supported.

The name syntax is not supported.

The name syntax is not supported.

The server endpoint cannot perform the operation.

The server endpoint cannot perform the operation.

No interfaces have been exported.

No interfaces have been exported.

There is nothing to unexport.

There is nothing to unexport.

The requested operation is not supported.

The requested operation is not supported.

A floating-point operation at the RPC server caused a division by zero.

A floating-point operation at the RPC server caused a division by zero.

A null context handle was passed from the client to the host during a remote procedure call.

A null context handle was passed from the client to the host during a remote procedure call.

The binding handles passed to a remote procedure call do not match.

The binding handles passed to a remote procedure call do not match.

A null reference pointer was passed to the stub.

A null reference pointer was passed to the stub.

The supplied user buffer is not valid for the requested operation.

The supplied user buffer is not valid for the requested operation.

The specified port is unknown.

The specified port is unknown.

The requested authentication level is not supported.

The requested authentication level is not supported.

The error specified is not a valid Windows RPC error code.

The error specified is not a valid Windows RPC error code.

Invalid operation on the encoding/decoding handle.

Invalid operation on the encoding/decoding handle.

The RPC pipe object is invalid or corrupted.

The RPC pipe object is invalid or corrupted.

An invalid operation was attempted on an RPC pipe object.

An invalid operation was attempted on an RPC pipe object.

Unsupported RPC pipe version.

Unsupported RPC pipe version.

The user's password must be changed before logging on the first time.

The user's password must be changed before logging on the first time.

The object exporter specified was not found.

The object exporter specified was not found.

Invalid asynchronous RPC call handle for this operation.

Invalid asynchronous RPC call handle for this operation.

The RPC pipe object has already been closed.

The RPC pipe object has already been closed.

The RPC call completed before all pipes were processed.

The RPC call completed before all pipes were processed.

No more data is available from the RPC pipe.

No more data is available from the RPC pipe.

Not all object UUIDs could be exported to the specified entry.

Not all object UUIDs could be exported to the specified entry.

Interface could not be exported to the specified entry.

Interface could not be exported to the specified entry.

The window style or class attribute is invalid for this operation.

The window style or class attribute is invalid for this operation.

The requested metafile operation is not supported.

The requested metafile operation is not supported.

The requested transformation operation is not supported.

The requested transformation operation is not supported.

The requested clipping operation is not supported.

The requested clipping operation is not supported.

The network connection was made successfully, but the user had to be prompted for a password other than the one originally specified.

The network connection was made successfully, but the user had to be prompted for a password other than the one originally specified.

The requested operation is not allowed when there are jobs queued to the printer.

The requested operation is not allowed when there are jobs queued to the printer.

The requested operation is successful. Changes will not be effective until the system is rebooted.

The requested operation is successful. Changes will not be effective until the system is rebooted.

The requested operation is successful. Changes will not be effective until the service is restarted.

The requested operation is successful. Changes will not be effective until the service is restarted.

The importation from the file failed.

The importation from the file failed.

The GUID passed was not recognized as valid by a WMI data provider.

The GUID passed was not recognized as valid by a WMI data provider.

The instance name passed was not recognized as valid by a WMI data provider.

The instance name passed was not recognized as valid by a WMI data provider.

The data item ID passed was not recognized as valid by a WMI data provider.

The data item ID passed was not recognized as valid by a WMI data provider.

The medium currently exists in an offline library and must be online to perform this operation.

The medium currently exists in an offline library and must be online to perform this operation.

The operation cannot be performed on an offline library.

The operation cannot be performed on an offline library.

The library, drive, or media pool must be empty to perform this operation.

The library, drive, or media pool must be empty to perform this operation.

A resource required for this operation is disabled.

A resource required for this operation is disabled.

The drive cannot be cleaned or does not support cleaning.

The drive cannot be cleaned or does not support cleaning.

The resource required for this operation does not exist.

The resource required for this operation does not exist.

The operation identifier is not valid.

The operation identifier is not valid.

The operator or administrator has refused the request.

The operator or administrator has refused the request.

The transport cannot access the medium.

The transport cannot access the medium.

Unable to retrieve status about the transport.

Unable to retrieve status about the transport.

Cannot use the transport because it is already in use.

Cannot use the transport because it is already in use.

Unable to open or close the inject/eject port.

Unable to open or close the inject/eject port.

The media type cannot be removed from this library since at least one drive in the library reports it can support this media type.

The media type cannot be removed from this library since at least one drive in the library reports it can support this media type.

The remote storage service is not operational at this time.

The remote storage service is not operational at this time.

A cluster node is not available for this operation.

A cluster node is not available for this operation.

The operation could not be completed because the cluster group is not online.

The operation could not be completed because the cluster group is not online.

The operation could not be completed because the cluster resource is online.

The operation could not be completed because the cluster resource is online.

The group or resource is not in the correct state to perform the requested operation.

The group or resource is not in the correct state to perform the requested operation.

A cluster network is not available for this operation.

A cluster network is not available for this operation.

All cluster nodes must be running to perform this operation.

All cluster nodes must be running to perform this operation.

A node is in the process of joining the cluster.

A node is in the process of joining the cluster.

A cluster join operation is not in progress.

A cluster join operation is not in progress.

This operation cannot be performed on the cluster resource as it the quorum resource. You may not bring the quorum resource offline or modify its possible owners list.

This operation cannot be performed on the cluster resource as it the quorum resource. You may not bring the quorum resource offline or modify its possible owners list.

The cluster node is not ready to perform the requested operation.

The cluster node is not ready to perform the requested operation.

The cluster join operation was aborted.

The cluster join operation was aborted.

The cluster join operation failed due to incompatible software versions between the joining node and its sponsor.

The cluster join operation failed due to incompatible software versions between the joining node and its sponsor.

The system configuration changed during the cluster join or form operation. The join or form operation was aborted.

The system configuration changed during the cluster join or form operation. The join or form operation was aborted.

The specified node does not support a resource of this type. This may be due to version inconsistencies or due to the absence of the resource DLL on this node.

The specified node does not support a resource of this type. This may be due to version inconsistencies or due to the absence of the resource DLL on this node.

The specified resource name is not supported by this resource DLL. This may be due to a bad (or changed) name supplied to the resource DLL.

The specified resource name is not supported by this resource DLL. This may be due to a bad (or changed) name supplied to the resource DLL.

The join operation failed because the cluster database sequence number has changed or is incompatible with the locker node. This may happen during a join operation if the cluster database was changing during the join.

The join operation failed because the cluster database sequence number has changed or is incompatible with the locker node. This may happen during a join operation if the cluster database was changing during the join.

The resource monitor will not allow the fail operation to be performed while the resource is in its current state. This may happen if the resource is in a pending state.

The resource monitor will not allow the fail operation to be performed while the resource is in its current state. This may happen if the resource is in a pending state.

An operation was attempted that is incompatible with the current membership state of the node.

An operation was attempted that is incompatible with the current membership state of the node.

The join operation failed because the cluster instance ID of the joining node does not match the cluster instance ID of the sponsor node.

The join operation failed because the cluster instance ID of the joining node does not match the cluster instance ID of the sponsor node.

This computer cannot be made a member of a cluster because it does not have the correct version of Windows installed.

This computer cannot be made a member of a cluster because it does not have the correct version of Windows installed.

There are no EFS keys defined for the user.

There are no EFS keys defined for the user.

The specified file is not in the defined EFS export format.

The specified file is not in the defined EFS export format.

The server is not trusted for remote encryption operation.

The server is not trusted for remote encryption operation.

Recovery policy configured for this system contains invalid recovery certificate.

Recovery policy configured for this system contains invalid recovery certificate.

The encryption algorithm used on the source file needs a bigger key buffer than the one on the destination file.

The encryption algorithm used on the source file needs a bigger key buffer than the one on the destination file.

The disk partition does not support file encryption.

The disk partition does not support file encryption.

A registry key for event logging could not be created for this session.

A registry key for event logging could not be created for this session.

A close operation is pending on the session.

A close operation is pending on the session.

The MODEM.INF file was not found.

The MODEM.INF file was not found.

The modem name was not found in MODEM.INF.

The modem name was not found in MODEM.INF.

Transport driver error

Transport driver error

The requested operation cannot be completed because the terminal connection is currently busy processing a connect, disconnect, reset, or delete operation.

The requested operation cannot be completed because the terminal connection is currently busy processing a connect, disconnect, reset, or delete operation.

An attempt has been made to connect to a session whose video mode is not supported by the current client.

An attempt has been made to connect to a session whose video mode is not supported by the current client.

DOS graphics mode is not supported.

DOS graphics mode is not supported.

The requested operation can be performed only on the system console.

The requested operation can be performed only on the system console.

Disconnecting the console session is not supported.

Disconnecting the console session is not supported.

Reconnecting a disconnected session to the console is not supported.

Reconnecting a disconnected session to the console is not supported.

The remote control of the console was terminated because the display mode was changed. Changing the display mode in a remote control session is not supported.

The remote control of the console was terminated because the display mode was changed. Changing the display mode in a remote control session is not supported.

The requested operation could not be performed because the directory service is not the master for that type of operation.

The requested operation could not be performed because the directory service is not the master for that type of operation.

The requested operation did not satisfy one or more constraints associated with the class of the object.

The requested operation did not satisfy one or more constraints associated with the class of the object.

The directory service can perform the requested operation only on a leaf object.

The directory service can perform the requested operation only on a leaf object.

The directory service cannot perform the requested operation on the RDN attribute of an object.

The directory service cannot perform the requested operation on the RDN attribute of an object.

The requested cross-domain move operation could not be performed.

The requested cross-domain move operation could not be performed.

An operations error occurred.

An operations error occurred.

The requested authentication method is not supported by the server.

The requested authentication method is not supported by the server.

The server does not support the requested critical extension.

The server does not support the requested critical extension.

The operation affects multiple DSAs

The operation affects multiple DSAs

The server is not operational.

The server is not operational.

The specified method is not supported.

The specified method is not supported.

The specified control is not supported by the server.

The specified control is not supported by the server.

The add replica operation cannot be performed. The naming context must be writable in order to create the replica.

The add replica operation cannot be performed. The naming context must be writable in order to create the replica.

The attribute specified in the operation is not present on the object.

The attribute specified in the operation is not present on the object.

Illegal modify operation. Some aspect of the modification is not permitted.

Illegal modify operation. Some aspect of the modification is not permitted.

The operation must be performed at a master DSA.

The operation must be performed at a master DSA.

The operation could not be performed because the object's parent is either uninstantiated or deleted.

The operation could not be performed because the object's parent is either uninstantiated or deleted.

The operation cannot be performed because child objects exist. This operation can only be performed on a leaf object.

The operation cannot be performed because child objects exist. This operation can only be performed on a leaf object.

The operation is out of scope.

The operation is out of scope.

The operation cannot continue because the object is in the process of being removed.

The operation cannot continue because the object is in the process of being removed.

The operation can only be performed on an internal master DSA object.

The operation can only be performed on an internal master DSA object.

Insufficient access rights to perform the operation.

Insufficient access rights to perform the operation.

The operation cannot be performed on a back link.

The operation cannot be performed on a back link.

The operation could not be performed because the directory service is shutting down.

The operation could not be performed because the directory service is shutting down.

The requested FSMO operation failed. The current FSMO holder could not be contacted.

The requested FSMO operation failed. The current FSMO holder could not be contacted.

Subtree notifications are only supported on NC heads.

Subtree notifications are only supported on NC heads.

The requested delete operation could not be performed.

The requested delete operation could not be performed.

The global catalog verification failed. The global catalog is not available or does not support the operation. Some part of the directory is currently not available.

The global catalog verification failed. The global catalog is not available or does not support the operation. Some part of the directory is currently not available.

The replication operation failed because of a schema mismatch between the servers involved.

The replication operation failed because of a schema mismatch between the servers involved.

The operation cannot replace the hidden record.

The operation cannot replace the hidden record.

This directory server is shutting down, and cannot take ownership of new floating single-master operation roles.

This directory server is shutting down, and cannot take ownership of new floating single-master operation roles.

The directory service is missing mandatory configuration information, and is unable to determine the ownership of floating single-master operation roles.

The directory service is missing mandatory configuration information, and is unable to determine the ownership of floating single-master operation roles.

The directory service was unable to transfer ownership of one or more floating single-master operation roles to other servers.

The directory service was unable to transfer ownership of one or more floating single-master operation roles to other servers.

The replication operation failed.

The replication operation failed.

An invalid parameter was specified for this replication operation.

An invalid parameter was specified for this replication operation.

The directory service is too busy to complete the replication operation at this time.

The directory service is too busy to complete the replication operation at this time.

The distinguished name specified for this replication operation is invalid.

The distinguished name specified for this replication operation is invalid.

The naming context specified for this replication operation is invalid.

The naming context specified for this replication operation is invalid.

The distinguished name specified for this replication operation already exists.

The distinguished name specified for this replication operation already exists.

The replication operation encountered a database inconsistency.

The replication operation encountered a database inconsistency.

The server specified for this replication operation could not be contacted.

The server specified for this replication operation could not be contacted.

The replication operation encountered an object with an invalid instance type.

The replication operation encountered an object with an invalid instance type.

The replication operation failed to allocate memory.

The replication operation failed to allocate memory.

The replication operation encountered an error with the mail system.

The replication operation encountered an error with the mail system.

The replication operation encountered a database error.

The replication operation encountered a database error.

The requested operation is not supported by this version of the directory service.

The requested operation is not supported by this version of the directory service.

The replication operation failed due to a collision of object names.

The replication operation failed due to a collision of object names.

The replication operation failed because a required parent object is missing.

The replication operation failed because a required parent object is missing.

The replication operation was preempted.

The replication operation was preempted.

The replication operation was terminated because the system is shutting down.

The replication operation was terminated because the system is shutting down.

The server specified for this replication operation was contacted, but that server was unable to contact an additional server needed to complete the operation.

The server specified for this replication operation was contacted, but that server was unable to contact an additional server needed to complete the operation.

The version of the Active Directory schema of the source forest is not compatible with the version of Active Directory on this computer. You must upgrade the operating system on a domain controller in the source forest before this computer can be added as a domain controller to that forest.

The version of the Active Directory schema of the source forest is not compatible with the version of Active Directory on this computer. You must upgrade the operating system on a domain controller in the source forest before this computer can be added as a domain controller to that forest.

The requested operation requires a directory service, and none was available.

The requested operation requires a directory service, and none was available.

The requested search operation is only supported for base searches.

The requested search operation is only supported for base searches.

The schema update operation tried to add a backward link attribute that has no corresponding forward link.

The schema update operation tried to add a backward link attribute that has no corresponding forward link.

Source and destination for the cross-domain move operation are identical. Caller should use local move operation instead of cross-domain move operation.

Source and destination for the cross-domain move operation are identical. Caller should use local move operation instead of cross-domain move operation.

Another operation which requires exclusive access to the PDC FSMO is already in progress.

Another operation which requires exclusive access to the PDC FSMO is already in progress.

A cross-domain move operation failed such that two versions of the moved object exist - one each in the source and destination domains. The destination object needs to be removed to restore the system to a consistent state.

A cross-domain move operation failed such that two versions of the moved object exist - one each in the source and destination domains. The destination object needs to be removed to restore the system to a consistent state.

The directory cannot validate the proposed naming context name because it does not hold a replica of the naming context above the proposed naming context. Please ensure that the domain naming master role is held by a server that is configured as a global catalog server, and that the server is up to date with its replication partners. (Applies only to Windows 2000 Domain Naming masters)

The directory cannot validate the proposed naming context name because it does not hold a replica of the naming context above the proposed naming context. Please ensure that the domain naming master role is held by a server that is configured as a global catalog server, and that the server is up to date with its replication partners. (Applies only to Windows 2000 Domain Naming masters)

The operation can not be performed because the server does not have an infrastructure container in the domain of interest.

The operation can not be performed because the server does not have an infrastructure container in the domain of interest.

The replica/child install failed to read the objectVersion attribute in the SCHEMA section of the file schema.ini in the system32 directory.

The replica/child install failed to read the objectVersion attribute in the SCHEMA section of the file schema.ini in the system32 directory.

Only DSAs configured to be Global Catalog servers should be allowed to hold the Domain Naming Master FSMO role. (Applies only to Windows 2000 servers)

Only DSAs configured to be Global Catalog servers should be allowed to hold the Domain Naming Master FSMO role. (Applies only to Windows 2000 servers)

The DSA operation is unable to proceed because of a DNS lookup failure.

The DSA operation is unable to proceed because of a DNS lookup failure.

The object requested was not found, but an object with that key was found.

The object requested was not found, but an object with that key was found.

The syntax of the linked attribute being added is incorrect. Forward links can only have syntax 2.5.5.1, 2.5.5.7, and 2.5.5.14, and backlinks can only have syntax 2.5.5.1

The syntax of the linked attribute being added is incorrect. Forward links can only have syntax 2.5.5.1, 2.5.5.7, and 2.5.5.14, and backlinks can only have syntax 2.5.5.1

Security Account Manager needs to get the boot password.

Security Account Manager needs to get the boot password.

Security Account Manager needs to get the boot key from floppy disk.

Security Account Manager needs to get the boot key from floppy disk.

The operation requires that destination domain auditing be enabled.

The operation requires that destination domain auditing be enabled.

The operation couldn't locate a DC for the source domain.

The operation couldn't locate a DC for the source domain.

The replication operation could not be completed due to a schema incompatibility.

The replication operation could not be completed due to a schema incompatibility.

The replication operation could not be completed due to a previous schema incompatibility.

The replication operation could not be completed due to a previous schema incompatibility.

The replication update could not be applied because either the source or the destination has not yet received information regarding a recent cross-domain move operation.

The replication update could not be applied because either the source or the destination has not yet received information regarding a recent cross-domain move operation.

The requested operation can be performed only on a global catalog server.

The requested operation can be performed only on a global catalog server.

The operation requires that source domain auditing be enabled.

The operation requires that source domain auditing be enabled.

A Filter was passed that uses constructed attributes.

A Filter was passed that uses constructed attributes.

Your computer could not be joined to the domain. You have exceeded the maximum number of computer accounts you are allowed to create in this domain. Contact your system administrator to have this limit reset or increased.

Your computer could not be joined to the domain. You have exceeded the maximum number of computer accounts you are allowed to create in this domain. Contact your system administrator to have this limit reset or increased.

For security reasons, the operation must be run on the destination DC.

For security reasons, the operation must be run on the destination DC.

Critical Directory Service System objects cannot be deleted during tree delete operations. The tree delete may have been partially performed.

Critical Directory Service System objects cannot be deleted during tree delete operations. The tree delete may have been partially performed.

This version of Windows is too old to support the current directory forest behavior. You must upgrade the operating system on this server before it can become a domain controller in this forest.

This version of Windows is too old to support the current directory forest behavior. You must upgrade the operating system on this server before it can become a domain controller in this forest.

This version of Windows is too old to support the current domain behavior. You must upgrade the operating system on this server before it can become a domain controller in this domain.

This version of Windows is too old to support the current domain behavior. You must upgrade the operating system on this server before it can become a domain controller in this domain.

This version of Windows no longer supports the behavior version in use in this directory forest. You must advance the forest behavior version before this server can become a domain controller in the forest.

This version of Windows no longer supports the behavior version in use in this directory forest. You must advance the forest behavior version before this server can become a domain controller in the forest.

This version of Windows no longer supports the behavior version in use in this domain. You must advance the domain behavior version before this server can become a domain controller in the domain.

This version of Windows no longer supports the behavior version in use in this domain. You must advance the domain behavior version before this server can become a domain controller in the domain.

The version of Windows is incompatible with the behavior version of the domain or forest.

The version of Windows is incompatible with the behavior version of the domain or forest.

The sort order requested is not supported.

The sort order requested is not supported.

Unable to continue operation because multiple conflicting controls were used.

Unable to continue operation because multiple conflicting controls were used.

Rename or move operations on naming context heads or read-only objects are not allowed.

Rename or move operations on naming context heads or read-only objects are not allowed.

Move operations on objects in the schema naming context are not allowed.

Move operations on objects in the schema naming context are not allowed.

The requested action is not supported on standard server.

The requested action is not supported on standard server.

The directory service cannot perform the requested operation because the servers

The directory service cannot perform the requested operation because the servers

Operation not allowed on a disabled cross ref.

Operation not allowed on a disabled cross ref.

Schema update failed: Duplicate msDS-INtId. Retry the operation.

Schema update failed: Duplicate msDS-INtId. Retry the operation.

The remote create cross reference operation failed on the Domain Naming Master FSMO. The operation's error is in the extended data.

The remote create cross reference operation failed on the Domain Naming Master FSMO. The operation's error is in the extended data.

DNS request not supported by name server.

DNS request not supported by name server.

DNS operation refused.

DNS operation refused.

DNS bad key.

DNS bad key.

Try DNS operation again later.

Try DNS operation again later.

The operation requested is not permitted on a DNS root server.

The operation requested is not permitted on a DNS root server.

Invalid operation for DNS zone.

Invalid operation for DNS zone.

The operation cannot be performed because this zone is shutdown.

The operation cannot be performed because this zone is shutdown.

TCP/IP network protocol not installed.

TCP/IP network protocol not installed.

A blocking operation was interrupted by a call to WSACancelBlockingCall.

A blocking operation was interrupted by a call to WSACancelBlockingCall.

A non-blocking socket operation could not be completed immediately.

A non-blocking socket operation could not be completed immediately.

A blocking operation is currently executing.

A blocking operation is currently executing.

An operation was attempted on a non-blocking socket that already had an operation in progress.

An operation was attempted on a non-blocking socket that already had an operation in progress.

An operation was attempted on something that is not a socket.

An operation was attempted on something that is not a socket.

A required address was omitted from an operation on a socket.

A required address was omitted from an operation on a socket.

A protocol was specified in the socket function call that does not support the semantics of the socket type requested.

A protocol was specified in the socket function call that does not support the semantics of the socket type requested.

An unknown, invalid, or unsupported option or level was specified in a getsockopt or setsockopt call.

An unknown, invalid, or unsupported option or level was specified in a getsockopt or setsockopt call.

The support for the specified socket type does not exist in this address family.

The support for the specified socket type does not exist in this address family.

The attempted operation is not supported for the type of object referenced.

The attempted operation is not supported for the type of object referenced.

Only one usage of each socket address (protocol/network address/port) is normally permitted.

Only one usage of each socket address (protocol/network address/port) is normally permitted.

A socket operation encountered a dead network.

A socket operation encountered a dead network.

A socket operation was attempted to an unreachable network.

A socket operation was attempted to an unreachable network.

The connection has been broken due to keep-alive activity detecting a failure while the operation was in progress.

The connection has been broken due to keep-alive activity detecting a failure while the operation was in progress.

An operation on a socket could not be performed because the system lacked sufficient buffer space or because a queue was full.

An operation on a socket could not be performed because the system lacked sufficient buffer space or because a queue was full.

A socket operation failed because the destination host was down.

A socket operation failed because the destination host was down.

A socket operation was attempted to an unreachable host.

A socket operation was attempted to an unreachable host.

A Windows Sockets implementation may have a limit on the number of applications that may use it simultaneously.

A Windows Sockets implementation may have a limit on the number of applications that may use it simultaneously.

The Windows Sockets version requested is not supported.

The Windows Sockets version requested is not supported.

The specified transport mode filter already exists.

The specified transport mode filter already exists.

The specified transport mode filter does not exist.

The specified transport mode filter does not exist.

The requested lookup key was not found in any active activation context.

The requested lookup key was not found in any active activation context.

The transport filter is pending deletion.

The transport filter is pending deletion.

IKE failed to find valid machine certificate

IKE failed to find valid machine certificate

Certificate Revocation Check failed

Certificate Revocation Check failed

Invalid certificate key usage

Invalid certificate key usage

Invalid certificate type

Invalid certificate type

No private key associated with machine certificate

No private key associated with machine certificate

Peer's certificate did not have a public key

Peer's certificate did not have a public key

Error processing Cert payload

Error processing Cert payload

Error processing Certificate Request payload

Error processing Certificate Request payload

Peer failed to send valid machine certificate

Peer failed to send valid machine certificate

Certification Revocation check of peer's certificate failed

Certification Revocation check of peer's certificate failed

Failed to load SECURITY.DLL.

Failed to load SECURITY.DLL.

Unsupported ID

Unsupported ID

Invalid certificate signature

Invalid certificate signature

The lifetime value received in the Responder Lifetime Notify is below the Windows 2000 configured minimum value. Please fix the policy on the peer machine.

The lifetime value received in the Responder Lifetime Notify is below the Windows 2000 configured minimum value. Please fix the policy on the peer machine.

Key length in certificate is too small for configured security requirements.

Key length in certificate is too small for configured security requirements.

Lack of system resources has required isolated activation to be disabled for the current thread of execution.

Lack of system resources has required isolated activation to be disabled for the current thread of execution.

Manifest Parse Error : System does not support the specified encoding.

Manifest Parse Error : System does not support the specified encoding.

Manifest Parse Error : Switch from current encoding to specified encoding not supported.

Manifest Parse Error : Switch from current encoding to specified encoding not supported.

Assembly Protection Error : The public key for an assembly was too short to be allowed.

Assembly Protection Error : The public key for an assembly was too short to be allowed.

The storage operation should block until more data is available.

The storage operation should block until more data is available.

The storage operation should retry immediately.

The storage operation should retry immediately.

The notified event sink will not influence the storage operation.

The notified event sink will not influence the storage operation.

Drag-drop operation canceled

Drag-drop operation canceled

FORMATETC not supported

FORMATETC not supported

Invalid window handle passed

Invalid window handle passed

An asynchronous operation was specified. The operation has begun, but its outcome is not known yet.

An asynchronous operation was specified. The operation has begun, but its outcome is not known yet.

The transaction was successfully aborted. However, this is a coordinated transaction, and some number of enlisted resources were aborted outright because they could not support abort-retaining semantics

The transaction was successfully aborted. However, this is a coordinated transaction, and some number of enlisted resources were aborted outright because they could not support abort-retaining semantics

An abort operation was already in progress.

An abort operation was already in progress.

No such interface supported

No such interface supported

Operation aborted

Operation aborted

The data necessary to complete this operation is not yet available.

The data necessary to complete this operation is not yet available.

Use of Ole1 services requiring DDE windows is disabled

Use of Ole1 services requiring DDE windows is disabled

The server process could not be started because the configured identity is incorrect. Check the username and password.

The server process could not be started because the configured identity is incorrect. Check the username and password.

The operation attempted is not supported.

The operation attempted is not supported.

Unable to complete the call since there is no COM security context inside IObjectControl.Activate.

Unable to complete the call since there is no COM security context inside IObjectControl.Activate.

The callee (server [not server application]) is not available and disappeared; all connections are invalid. The call may have executed.

The callee (server [not server application]) is not available and disappeared; all connections are invalid. The call may have executed.

The callee (server [not server application]) is not available and disappeared; all connections are invalid. The call did not execute.

The callee (server [not server application]) is not available and disappeared; all connections are invalid. The call did not execute.

Impersonate on unsecure calls is not supported.

Impersonate on unsecure calls is not supported.

Unable to obtain the Windows directory

Unable to obtain the Windows directory

The version of ACL format in the stream is not supported by this implementation of IAccessControl

The version of ACL format in the stream is not supported by this implementation of IAccessControl

Does not support a collection.

Does not support a collection.

Wrong module kind for the operation.

Wrong module kind for the operation.

Unable to perform requested operation.

Unable to perform requested operation.

Attempted an operation on an invalid object.

Attempted an operation on an invalid object.

There is insufficient memory available to complete operation.

There is insufficient memory available to complete operation.

An error occurred during a seek operation.

An error occurred during a seek operation.

A disk error occurred during a write operation.

A disk error occurred during a write operation.

A disk error occurred during a read operation.

A disk error occurred during a read operation.

There is insufficient disk space to complete operation.

There is insufficient disk space to complete operation.

Share.exe or equivalent is required for operation.

Share.exe or equivalent is required for operation.

Illegal operation called on non-file based storage.

Illegal operation called on non-file based storage.

Illegal operation called on object with extant marshallings.

Illegal operation called on object with extant marshallings.

OLE32.DLL has been loaded at the wrong address.

OLE32.DLL has been loaded at the wrong address.

Copy Protection Error - The given sector does not have a valid CSS key.

Copy Protection Error - The given sector does not have a valid CSS key.

Copy Protection Error - DVD session key not established.

Copy Protection Error - DVD session key not established.

Need to run the object to perform this operation

Need to run the object to perform this operation

There is no cache to operate on

There is no cache to operate on

Object is static; operation not allowed

Object is static; operation not allowed

compobj.dll is too old for the ole2.dll initialized

compobj.dll is too old for the ole2.dll initialized

Not able to perform the operation because object is not given storage yet

Not able to perform the operation because object is not given storage yet

Object doesn't support IViewObject interface

Object doesn't support IViewObject interface

Class does not support aggregation (or class object is remote)

Class does not support aggregation (or class object is remote)

Could not read key from registry

Could not read key from registry

Could not write key to registry

Could not write key to registry

Could not find the key in the registry

Could not find the key in the registry

A network error interrupted the operation.

A network error interrupted the operation.

There was an error in a Windows GDI call while converting the bitmap to a DIB

There was an error in a Windows GDI call while converting the bitmap to a DIB

There was an error in a Windows GDI call while converting the DIB to a bitmap.

There was an error in a Windows GDI call while converting the DIB to a bitmap.

Operation exceeded deadline

Operation exceeded deadline

Operation unavailable

Operation unavailable

Intermediate operation failed

Intermediate operation failed

User input required for operation to succeed

User input required for operation to succeed

COM is required for this operation, but is not installed

COM is required for this operation, but is not installed

Task Scheduler security services are available only on Windows NT.

Task Scheduler security services are available only on Windows NT.

The task object version is either unsupported or invalid.

The task object version is either unsupported or invalid.

The task has been configured with an unsupported combination of account settings and run time options.

The task has been configured with an unsupported combination of account settings and run time options.

A retaining commit or abort is not supported

A retaining commit or abort is not supported

The requested isolation level is not valid or supported.

The requested isolation level is not valid or supported.

The transaction manager doesn't support an asynchronous operation for this method.

The transaction manager doesn't support an asynchronous operation for this method.

The requested semantics of retention of isolation across retaining commit and abort boundaries cannot be supported by this transaction implementation, or isoFlags was not equal to zero.

The requested semantics of retention of isolation across retaining commit and abort boundaries cannot be supported by this transaction implementation, or isoFlags was not equal to zero.

An import object for the transaction could not be found.

An import object for the transaction could not be found.

A time-out was specified, but time-outs are not supported.

A time-out was specified, but time-outs are not supported.

The requested operation is already in progress for the transaction.

The requested operation is already in progress for the transaction.

The Transaction Manager has disabled its support for TIP.

The Transaction Manager has disabled its support for TIP.

The transaction manager has disabled its support for remote/network transactions.

The transaction manager has disabled its support for remote/network transactions.

The partner transaction manager has disabled its support for remote/network transactions.

The partner transaction manager has disabled its support for remote/network transactions.

The transaction manager has disabled its support for XA transactions.

The transaction manager has disabled its support for XA transactions.

The requested operation requires that JIT be in the current context and it is not

The requested operation requires that JIT be in the current context and it is not

The requested operation requires that the current context have a Transaction, and it does not

The requested operation requires that the current context have a Transaction, and it does not

Server execution failed

Server execution failed

Bad Key.

Bad Key.

Key not valid for use in specified state.

Key not valid for use in specified state.

Key does not exist.

Key does not exist.

Insufficient memory available for the operation.

Insufficient memory available for the operation.

Provider's public key is invalid.

Provider's public key is invalid.

Keyset does not exist

Keyset does not exist

The keyset is not defined.

The keyset is not defined.

Keyset as registered is invalid.

Keyset as registered is invalid.

The Keyset parameter is invalid.

The Keyset parameter is invalid.

The key parameters could not be set because the CSP uses fixed parameters.

The key parameters could not be set because the CSP uses fixed parameters.

The function requested is not supported

The function requested is not supported

The per-message Quality of Protection is not supported by the security package

The per-message Quality of Protection is not supported by the security package

The certificate chain was issued by an authority that is not trusted.

The certificate chain was issued by an authority that is not trusted.

An unknown error occurred while processing the certificate.

An unknown error occurred while processing the certificate.

The received certificate has expired.

The received certificate has expired.

The other end of the security negotiation is requires strong crypto but it is not supported on the local machine.

The other end of the security negotiation is requires strong crypto but it is not supported on the local machine.

The client cert name does not matches the user name or the KDC name is incorrect.

The client cert name does not matches the user name or the KDC name is incorrect.

The encryption type requested is not supported by the KDC.

The encryption type requested is not supported by the KDC.

An unsupported preauthentication mechanism was presented to the kerberos package.

An unsupported preauthentication mechanism was presented to the kerberos package.

The requested operation requires delegation to be enabled on the machine.

The requested operation requires delegation to be enabled on the machine.

The received certificate was mapped to multiple accounts.

The received certificate was mapped to multiple accounts.

SEC_E_NO_KERB_KEY

SEC_E_NO_KERB_KEY

An error occurred while performing an operation on a cryptographic message.

An error occurred while performing an operation on a cryptographic message.

The streamed cryptographic message requires more data to complete the decode operation.

The streamed cryptographic message requires more data to complete the decode operation.

An error occurred during encode or decode operation.

An error occurred during encode or decode operation.

The specified certificate is self signed.

The specified certificate is self signed.

The previous certificate or CRL context was deleted.

The previous certificate or CRL context was deleted.

The certificate does not have a property that references a private key.

The certificate does not have a property that references a private key.

Cannot find the certificate and private key for decryption.

Cannot find the certificate and private key for decryption.

Cannot find the certificate and private key to use for decryption.

Cannot find the certificate and private key to use for decryption.

The certificate is revoked.

The certificate is revoked.

No Dll or exported function was found to verify revocation.

No Dll or exported function was found to verify revocation.

The revocation function was unable to check revocation for the certificate.

The revocation function was unable to check revocation for the certificate.

The certificate is not in the revocation server's database.

The certificate is not in the revocation server's database.

The string contains an invalid X500 name attribute key, oid, value or delimiter.

The string contains an invalid X500 name attribute key, oid, value or delimiter.

The dwValueType for the CERT_NAME_VALUE is not one of the character strings. Most likely it is either a CERT_RDN_ENCODED_BLOB or CERT_TDN_OCTED_STRING.

The dwValueType for the CERT_NAME_VALUE is not one of the character strings. Most likely it is either a CERT_RDN_ENCODED_BLOB or CERT_TDN_OCTED_STRING.

The Put operation can not continue. The file needs to be resized. However, there is already a signature present. A complete signing operation must be done.

The Put operation can not continue. The file needs to be resized. However, there is already a signature present. A complete signing operation must be done.

The cryptographic operation failed due to a local security option setting.

The cryptographic operation failed due to a local security option setting.

No DLL or exported function was found to verify subject usage.

No DLL or exported function was found to verify subject usage.

The subject was not found in a Certificate Trust List (CTL).

The subject was not found in a Certificate Trust List (CTL).

None of the signers of the cryptographic message or certificate trust list is trusted.

None of the signers of the cryptographic message or certificate trust list is trusted.

The public key's algorithm parameters are missing.

The public key's algorithm parameters are missing.

OSS Certificate encode/decode error code base

OSS Certificate encode/decode error code base

OSS ASN.1 Error: Unsupported BER indefinite-length encoding.

OSS ASN.1 Error: Unsupported BER indefinite-length encoding.

ASN1 Certificate encode/decode error code base.

ASN1 Certificate encode/decode error code base.

ASN1 function not supported for this PDU.

ASN1 function not supported for this PDU.

The request's current status does not allow this operation.

The request's current status does not allow this operation.

The certification authority's certificate contains invalid data.

The certification authority's certificate contains invalid data.

Certificate service has been suspended for a database restore operation.

Certificate service has been suspended for a database restore operation.

The certificate contains an encoded length that is potentially incompatible with older enrollment software.

The certificate contains an encoded length that is potentially incompatible with older enrollment software.

The operation is denied. The user has multiple roles assigned and the certification authority is configured to enforce role separation.

The operation is denied. The user has multiple roles assigned and the certification authority is configured to enforce role separation.

The operation is denied. It can only be performed by a certificate manager that is allowed to manage certificates for the current requester.

The operation is denied. It can only be performed by a certificate manager that is allowed to manage certificates for the current requester.

Cannot archive private key. The certification authority is not configured for key archival.

Cannot archive private key. The certification authority is not configured for key archival.

Cannot archive private key. The certification authority could not verify one or more key recovery certificates.

Cannot archive private key. The certification authority could not verify one or more key recovery certificates.

The request is incorrectly formatted. The encrypted private key must be in an unauthenticated attribute in an outermost signature.

The request is incorrectly formatted. The encrypted private key must be in an unauthenticated attribute in an outermost signature.

The request contains an invalid renewal certificate attribute.

The request contains an invalid renewal certificate attribute.

An attempt was made to open a Certification Authority database session, but there are already too many active sessions. The server may need to be configured to allow additional sessions.

An attempt was made to open a Certification Authority database session, but there are already too many active sessions. The server may need to be configured to allow additional sessions.

The permissions on this certification authority do not allow the current user to enroll for certificates.

The permissions on this certification authority do not allow the current user to enroll for certificates.

The permissions on the certificate template do not allow the current user to enroll for this type of certificate.

The permissions on the certificate template do not allow the current user to enroll for this type of certificate.

The requested certificate template is not supported by this CA.

The requested certificate template is not supported by this CA.

The request contains no certificate template information.

The request contains no certificate template information.

The request is missing a required private key for archival by the server.

The request is missing a required private key for archival by the server.

The request was made on behalf of a subject other than the caller. The certificate template must be configured to require at least one signature to authorize the request.

The request was made on behalf of a subject other than the caller. The certificate template must be configured to require at least one signature to authorize the request.

The request template version is newer than the supported template version.

The request template version is newer than the supported template version.

The request includes a private key for archival by the server, but key archival is not enabled for the specified certificate template.

The request includes a private key for archival by the server, but key archival is not enabled for the specified certificate template.

The public key does not meet the minimum size required by the specified certificate template.

The public key does not meet the minimum size required by the specified certificate template.

The key is not exportable.

The key is not exportable.

You cannot add the root CA certificate into your local store.

You cannot add the root CA certificate into your local store.

The key archival hash attribute was not found in the response.

The key archival hash attribute was not found in the response.

An unexpetced key archival hash attribute was found in the response.

An unexpetced key archival hash attribute was found in the response.

There is a key archival hash mismatch between the request and the response.

There is a key archival hash mismatch between the request and the response.

Signing certificate cannot include SMIME extension.

Signing certificate cannot include SMIME extension.

The certificate for the signer of the message is invalid or not found.

The certificate for the signer of the message is invalid or not found.

The signature of the certificate can not be verified.

The signature of the certificate can not be verified.

The timestamp signature and/or certificate could not be verified or is malformed.

The timestamp signature and/or certificate could not be verified or is malformed.

A certificate's basic constraint extension has not been observed.

A certificate's basic constraint extension has not been observed.

The certificate does not meet or contain the Authenticode financial extensions.

The certificate does not meet or contain the Authenticode financial extensions.

The file did not pass the hints check.

The file did not pass the hints check.

Failed on a file operation (open, map, read, write).

Failed on a file operation (open, map, read, write).

The trust verification action specified is not supported by the specified trust provider.

The trust verification action specified is not supported by the specified trust provider.

The form specified for the subject is not one supported or known by the specified trust provider.

The form specified for the subject is not one supported or known by the specified trust provider.

A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

The validity periods of the certification chain do not nest correctly.

The validity periods of the certification chain do not nest correctly.

A certificate that can only be used as an end-entity is being used as a CA or visa versa.

A certificate that can only be used as an end-entity is being used as a CA or visa versa.

A path length constraint in the certification chain has been violated.

A path length constraint in the certification chain has been violated.

A certificate contains an unknown extension that is marked 'critical'.

A certificate contains an unknown extension that is marked 'critical'.

A certificate being used for a purpose other than the ones specified by its CA.

A certificate being used for a purpose other than the ones specified by its CA.

A parent of a given certificate in fact did not issue that child certificate.

A parent of a given certificate in fact did not issue that child certificate.

A certificate is missing or has an empty value for an important field, such as a subject or issuer name.

A certificate is missing or has an empty value for an important field, such as a subject or issuer name.

A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.

A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.

An internal certificate chaining error has occurred.

An internal certificate chaining error has occurred.

A certificate was explicitly revoked by its issuer.

A certificate was explicitly revoked by its issuer.

The certification path terminates with the test root which is not trusted with the current policy settings.

The certification path terminates with the test root which is not trusted with the current policy settings.

The revocation process could not continue - the certificate(s) could not be checked.

The revocation process could not continue - the certificate(s) could not be checked.

The certificate's CN name does not match the passed value.

The certificate's CN name does not match the passed value.

The certificate is not valid for the requested usage.

The certificate is not valid for the requested usage.

The certificate was explicitly marked as untrusted by the user.

The certificate was explicitly marked as untrusted by the user.

A certification chain processed correctly, but one of the CA certificates is not trusted by the policy provider.

A certification chain processed correctly, but one of the CA certificates is not trusted by the policy provider.

The certificate has invalid policy.

The certificate has invalid policy.

The certificate has an invalid name. The name is not included in the permitted list or is explicitly excluded.

The certificate has an invalid name. The name is not included in the permitted list or is explicitly excluded.

The requested device registry key does not exist.

The requested device registry key does not exist.

The operation cannot be performed on a device information element that has not been registered.

The operation cannot be performed on a device information element that has not been registered.

The operation does not require any files to be copied.

The operation does not require any files to be copied.

The operation cannot be performed because the device information set is locked.

The operation cannot be performed because the device information set is locked.

The operation cannot be performed because the device information element is locked.

The operation cannot be performed because the device information element is locked.

The operation cannot be performed because the file queue is locked.

The operation cannot be performed because the file queue is locked.

The operation cannot be performed because the device interface is currently active.

The operation cannot be performed because the device interface is currently active.

The operation cannot be performed because the device interface has been removed from the system.

The operation cannot be performed because the device interface has been removed from the system.

The driver selected for this device does not support Windows XP.

The driver selected for this device does not support Windows XP.

The driver selected for this device does not support Windows.

The driver selected for this device does not support Windows.

Operation not allowed in WOW64.

Operation not allowed in WOW64.

The operation involving unsigned file copying was rolled back, so that a system restore point could be set.

The operation involving unsigned file copying was rolled back, so that a system restore point could be set.

An INF was copied into the Windows INF directory in an improper manner.

An INF was copied into the Windows INF directory in an improper manner.

The operation requires a Smart Card, but no Smart Card is currently in the device.

The operation requires a Smart Card, but no Smart Card is currently in the device.

The operation has been aborted to allow the server application to exit.

The operation has been aborted to allow the server application to exit.

The reader driver does not meet minimal requirements for support.

The reader driver does not meet minimal requirements for support.

The smart card does not meet minimal requirements for support.

The smart card does not meet minimal requirements for support.

The requested order of object creation is not supported.

The requested order of object creation is not supported.

This smart card does not support the requested feature.

This smart card does not support the requested feature.

The requested certificate does not exist.

The requested certificate does not exist.

The requested certificate could not be obtained.

The requested certificate could not be obtained.

A communications error with the smart card has been detected. Retry the operation.

A communications error with the smart card has been detected. Retry the operation.

The requested key container does not exist on the smart card.

The requested key container does not exist on the smart card.

The identity or password set on the application is not valid

The identity or password set on the application is not valid

The DLL does not support the components listed in the TypeLib

The DLL does not support the components listed in the TypeLib

The server catalog version is not supported

The server catalog version is not supported

This operation can not be performed on the system application

This operation can not be performed on the system application

This operation is not enabled on this platform

This operation is not enabled on this platform

Application Proxy is not exportable

Application Proxy is not exportable

System application is not exportable

System application is not exportable

Can not subscribe to this component (the component may have been imported)

Can not subscribe to this component (the component may have been imported)

The partition cannot be exported, because one or more components in the partition have the same file name

The partition cannot be exported, because one or more components in the partition have the same file name

Applications that contain one or more imported components cannot be installed into a non-base partition

Applications that contain one or more imported components cannot be installed into a non-base partition

The COM Catalog Server threw an exception during execution

The COM Catalog Server threw an exception during execution

MSMQ is required for the requested operation and is not installed

MSMQ is required for the requested operation and is not installed

Unable to marshal an interface that does not support IPersistStream

Unable to marshal an interface that does not support IPersistStream

The ProgID provided to the copy operation is invalid. The ProgID is in use by another registered CLSID.

The ProgID provided to the copy operation is invalid. The ProgID is in use by another registered CLSID.

Only Application Files (*.MSI files) can be installed into partitions.

Only Application Files (*.MSI files) can be installed into partitions.

Applications containing one or more legacy components may not be exported to 1.0 format.

Applications containing one or more legacy components may not be exported to 1.0 format.

The SID filtering operation removed all SIDs.

The SID filtering operation removed all SIDs.

Windows NT BASE API Client DLL

Windows NT BASE API Client DLL

5.1.2600.5512 (xpsp.080413-2111)

5.1.2600.5512 (xpsp.080413-2111)

Windows

Windows

Operating System

Operating System

5.1.2600.5512

5.1.2600.5512

$$$$Guinea$Republic of Guinea)$$$$Guyana$Cooperative Republic of Guyana

$$$$Guinea$Republic of Guinea)$$$$Guyana$Cooperative Republic of Guyana

$$$$Panama$Republic of Panama $$$$Portugal$Portuguese Republic:$$$$Papua New Guinea$Independent State of Papua New Guinea

$$$$Panama$Republic of Panama $$$$Portugal$Portuguese Republic:$$$$Papua New Guinea$Independent State of Papua New Guinea

$$$$Turkey$Republic of Turkey

$$$$Turkey$Republic of Turkey

$$$860 (OEM - Portuguese)

$$$860 (OEM - Portuguese)

Portuguese (Brazil)$Brazil $$$1047 (IBM EBCDIC - Latin-1/Open System)

Portuguese (Brazil)$Brazil $$$1047 (IBM EBCDIC - Latin-1/Open System)

Turkish$Turkey

Turkish$Turkey

Portuguese (Portugal)$Portugal

Portuguese (Portugal)$Portugal

%original file name%.exe_508_rwx_00F00000_0009C000:

ADVAPI32.dll

ADVAPI32.dll

CryptDeriveKey

CryptDeriveKey

CryptDestroyKey

CryptDestroyKey

CryptDuplicateKey

CryptDuplicateKey

CryptExportKey

CryptExportKey

CryptGenKey

CryptGenKey

CryptGetKeyParam

CryptGetKeyParam

CryptGetUserKey

CryptGetUserKey

CryptHashSessionKey

CryptHashSessionKey

CryptImportKey

CryptImportKey

CryptSetKeyParam

CryptSetKeyParam

ElfReportEventA

ElfReportEventA

ElfReportEventW

ElfReportEventW

EncryptedFileKeyInfo

EncryptedFileKeyInfo

FreeEncryptedFileKeyInfo

FreeEncryptedFileKeyInfo

FreeEncryptionCertificateHashList

FreeEncryptionCertificateHashList

GetEventLogInformation

GetEventLogInformation

GetMultipleTrusteeOperationA

GetMultipleTrusteeOperationA

GetMultipleTrusteeOperationW

GetMultipleTrusteeOperationW

GetServiceKeyNameA

GetServiceKeyNameA

GetServiceKeyNameW

GetServiceKeyNameW

GetWindowsAccountDomainSid

GetWindowsAccountDomainSid

ImpersonateNamedPipeClient

ImpersonateNamedPipeClient

MSChapSrvChangePassword

MSChapSrvChangePassword

MSChapSrvChangePassword2

MSChapSrvChangePassword2

QueryWindows31FilesMigration

QueryWindows31FilesMigration

RegCloseKey

RegCloseKey

RegCreateKeyA

RegCreateKeyA

RegCreateKeyExA

RegCreateKeyExA

RegCreateKeyExW

RegCreateKeyExW

RegCreateKeyW

RegCreateKeyW

RegDeleteKeyA

RegDeleteKeyA

RegDeleteKeyW

RegDeleteKeyW

RegEnumKeyA

RegEnumKeyA

RegEnumKeyExA

RegEnumKeyExA

RegEnumKeyExW

RegEnumKeyExW

RegEnumKeyW

RegEnumKeyW

RegFlushKey

RegFlushKey

RegGetKeySecurity

RegGetKeySecurity

RegLoadKeyA

RegLoadKeyA

RegLoadKeyW

RegLoadKeyW

RegNotifyChangeKeyValue

RegNotifyChangeKeyValue

RegOpenKeyA

RegOpenKeyA

RegOpenKeyExA

RegOpenKeyExA

RegOpenKeyExW

RegOpenKeyExW

RegOpenKeyW

RegOpenKeyW

RegOverridePredefKey

RegOverridePredefKey

RegQueryInfoKeyA

RegQueryInfoKeyA

RegQueryInfoKeyW

RegQueryInfoKeyW

RegReplaceKeyA

RegReplaceKeyA

RegReplaceKeyW

RegReplaceKeyW

RegRestoreKeyA

RegRestoreKeyA

RegRestoreKeyW

RegRestoreKeyW

RegSaveKeyA

RegSaveKeyA

RegSaveKeyExA

RegSaveKeyExA

RegSaveKeyExW

RegSaveKeyExW

RegSaveKeyW

RegSaveKeyW

RegSetKeySecurity

RegSetKeySecurity

RegUnLoadKeyA

RegUnLoadKeyA

RegUnLoadKeyW

RegUnLoadKeyW

ReportEventA

ReportEventA

ReportEventW

ReportEventW

SaferiIsExecutableFileType

SaferiIsExecutableFileType

SetUserFileEncryptionKey

SetUserFileEncryptionKey

SynchronizeWindows31FilesAndWindowsNTRegistry

SynchronizeWindows31FilesAndWindowsNTRegistry

WmiExecuteMethodA

WmiExecuteMethodA

WmiExecuteMethodW

WmiExecuteMethodW

PSSSSSSh

PSSSSSSh

PSSSSSSh#

PSSSSSSh#

PSSSSSSh

PSSSSSSh

PSSSSSSh

PSSSSSSh

(PSSSSSSh

(PSSSSSSh

0PSSSSSSh

0PSSSSSSh

8PSSSSSSh

8PSSSSSSh

SSSSSSh

SSSSSSh

PSSSSSSh!

PSSSSSSh!

CPDuplicateKey

CPDuplicateKey

CPGetUserKey

CPGetUserKey

CPHashSessionKey

CPHashSessionKey

CPImportKey

CPImportKey

CPExportKey

CPExportKey

CPGetKeyParam

CPGetKeyParam

CPSetKeyParam

CPSetKeyParam

CPDestroyKey

CPDestroyKey

CPDeriveKey

CPDeriveKey

CPGenKey

CPGenKey

kernel32.dll

kernel32.dll

PSSSh

PSSSh

PSShZ

PSShZ

CloseWindowStation

CloseWindowStation

GetProcessWindowStation

GetProcessWindowStation

MsgWaitForMultipleObjects

MsgWaitForMultipleObjects

8.YYu

8.YYu

TermsrvSetKeySecurity

TermsrvSetKeySecurity

TermsrvRestoreKey

TermsrvRestoreKey

TermsrvDeleteKey

TermsrvDeleteKey

TermsrvSetValueKey

TermsrvSetValueKey

tsappcmp.dll

tsappcmp.dll

Windows Setup

Windows Setup

user32.dll

user32.dll

sndrec32.exe

sndrec32.exe

soundrec.exe

soundrec.exe

packgr32.exe

packgr32.exe

packager.exe

packager.exe

mplay32.exe

mplay32.exe

mplayer.exe

mplayer.exe

mciole16.dll

mciole16.dll

mciole.dll

mciole.dll

$Microsoft Root Certificate Authority

$Microsoft Root Certificate Authority

Windows 3.1 Migration

Windows 3.1 Migration

t%SVW)E

t%SVW)E

mpr.dll

mpr.dll

Unable to locate init routine, error = %d

Unable to locate init routine, error = %d

Unable to load client dll, error = %d

Unable to load client dll, error = %d

ldap_msgfree

ldap_msgfree

1.2.840.113556.1.4.529

1.2.840.113556.1.4.529

wldap32.dll

wldap32.dll

SamiChangePasswordUser2

SamiChangePasswordUser2

SamiChangePasswordUser

SamiChangePasswordUser

SetProcessWindowStation

SetProcessWindowStation

OpenWindowStationW

OpenWindowStationW

It.Iu

It.Iu

PSShL

PSShL

t.Ht#Ht Ht

t.Ht#Ht Ht

ShellExecuteExW

ShellExecuteExW

AccProvGetOperationResults

AccProvGetOperationResults

AccProvCancelOperation

AccProvCancelOperation

WINREG: Frame %d = 0x%x

WINREG: Frame %d = 0x%x

Frames %d

Frames %d

WINREG: Name: %S

WINREG: Name: %S

WINREG: Unable to retrieve object name error 0x%x

WINREG: Unable to retrieve object name error 0x%x

WINREG: Tracked key data for object 0x%x

WINREG: Tracked key data for object 0x%x

imagehlp.dll

imagehlp.dll

SSSSSh

SSSSSh

WINTRUST.dll

WINTRUST.dll

Secur32.dll

Secur32.dll

KERNEL32.dll

KERNEL32.dll

ntdll.dll

ntdll.dll

RPCRT4.dll

RPCRT4.dll

GetWindowsDirectoryW

GetWindowsDirectoryW

GetSystemWindowsDirectoryW

GetSystemWindowsDirectoryW

SetNamedPipeHandleState

SetNamedPipeHandleState

GetProcessHeap

GetProcessHeap

WaitNamedPipeW

WaitNamedPipeW

NtQueryKey

NtQueryKey

NtEnumerateKey

NtEnumerateKey

RtlFormatCurrentUserKeyPath

RtlFormatCurrentUserKeyPath

NtNotifyChangeKey

NtNotifyChangeKey

NtDeleteValueKey

NtDeleteValueKey

NtEnumerateValueKey

NtEnumerateValueKey

NtDeleteKey

NtDeleteKey

NtQueryValueKey

NtQueryValueKey

NtSetValueKey

NtSetValueKey

NtOpenKey

NtOpenKey

NtCreateKey

NtCreateKey

NtFlushKey

NtFlushKey

NtLoadKey

NtLoadKey

NtUnloadKey

NtUnloadKey

NtReplaceKey

NtReplaceKey

NtNotifyChangeMultipleKeys

NtNotifyChangeMultipleKeys

NtQueryMultipleValueKey

NtQueryMultipleValueKey

NtRestoreKey

NtRestoreKey

NtSaveKey

NtSaveKey

NtSaveMergedKeys

NtSaveMergedKeys

NtSaveKeyEx

NtSaveKeyEx

advapi32.pdb

advapi32.pdb

0p.yx

0p.yx

%x~O>

%x~O>

%D$#>

%D$#>

7,7

7,7

9#:*:@:{:

9#:*:@:{:

3 3%3.3=3

3 3%3.3=3

8$9(90949@9

8$9(90949@9

1&2,263@3

1&2,263@3

:,:0:<:_:>

:,:0:<:_:>

3 3$303;3

3 3$303;3

3M4H4Z4`4e4

3M4H4Z4`4e4

3"3'333

3"3'333

\Registry\Machine\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

\Registry\Machine\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Software\Microsoft\Windows NT\CurrentVersion\Diagnostics

Software\Microsoft\Windows NT\CurrentVersion\Diagnostics

\Registry\Machine\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon

\Registry\Machine\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon

Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

\Registry\Machine\Software\Policies\Microsoft\Windows\Safer

\Registry\Machine\Software\Policies\Microsoft\Windows\Safer

\Software\Policies\Microsoft\Windows\Safer

\Software\Policies\Microsoft\Windows\Safer

\UrlZones

\UrlZones

%HKEY_CURRENT_USER

%HKEY_CURRENT_USER

\PIPE\

\PIPE\

NTMARTA.DLL

NTMARTA.DLL

%SystemRoot%\

%SystemRoot%\

%HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir%

%HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir%

%HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%System32\*.exe

%HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%System32\*.exe

%HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%*.exe

%HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%*.exe

%HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%

%HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%

%s\u

%s\u

REG.DAT

REG.DAT

Windows 3.1 Migration Status

Windows 3.1 Migration Status

SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib

SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib

t\\.\pipe\net\NtControlPipe

t\\.\pipe\net\NtControlPipe

lX-X-X-XX-XXXXXX

lX-X-X-XX-XXXXXX

\\.\WMIDataDevice

\\.\WMIDataDevice

Software\Microsoft\Windows\CurrentVersion\Group Policy\Appmgmt

Software\Microsoft\Windows\CurrentVersion\Group Policy\Appmgmt

nuser32.dll

nuser32.dll

msi.dll

msi.dll

\PIPE\InitShutdown

\PIPE\InitShutdown

.u

.u

system.ini

system.ini

reg.dat

reg.dat

%SystemRoot%\Debug\UserMode\appmgmt.log

%SystemRoot%\Debug\UserMode\appmgmt.log

%SystemRoot%\Debug\UserMode\appmgmt.bak

%SystemRoot%\Debug\UserMode\appmgmt.bak

%HKEY_LOCAL_MACHINE

%HKEY_LOCAL_MACHINE

%s%s%d%s%s%s%s%s%s%s{lx-x-x-xx-xxxxxx}

%s%s%d%s%s%s%s%s%s%s{lx-x-x-xx-xxxxxx}

certificate

certificate

%SystemRoot%\System32\Drivers\

%SystemRoot%\System32\Drivers\

\pipe\svcctl

\pipe\svcctl

Group%d

Group%d

ncacn_ip_tcp

ncacn_ip_tcp

UrlZones

UrlZones

DisallowExecution

DisallowExecution

iphlpapi.dll

iphlpapi.dll

\Registry\Machine\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib

\Registry\Machine\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib

perfh004.dat

perfh004.dat

perfc004.dat

perfc004.dat

progman.ini

progman.ini

SoftWare\Microsoft\Windows NT\CurrentVersion\Program Manager\Settings

SoftWare\Microsoft\Windows NT\CurrentVersion\Program Manager\Settings

SoftWare\Microsoft\Windows NT\CurrentVersion\Program Manager\UNICODE Groups

SoftWare\Microsoft\Windows NT\CurrentVersion\Program Manager\UNICODE Groups

Windows NT Network Provider

Windows NT Network Provider

\\.\Pipe\TerminalServer\SystemExecSrvr\%d

\\.\Pipe\TerminalServer\SystemExecSrvr\%d

W\winsta.dll

W\winsta.dll

feclient.dll

feclient.dll

\Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion\Terminal Server\Compatibility\Applications\

\Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion\Terminal Server\Compatibility\Applications\

\Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion\Terminal Server

\Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion\Terminal Server

samlib.dll

samlib.dll

SupportUrl

SupportUrl

Wshell32.dll

Wshell32.dll

CEvents::Report called with more params then expected!

CEvents::Report called with more params then expected!

APPMGMT (%x.%x) d:d:d:d

APPMGMT (%x.%x) d:d:d:d

appmgmts.dll

appmgmts.dll

%s_%d

%s_%d

{x-x-x-xx-xxxxxx}

{x-x-x-xx-xxxxxx}

setupapi.dll

setupapi.dll

%ws\%u

%ws\%u

\\.\%s

\\.\%s

\Registry\Machine\Hardware\DeviceMap\Scsi\Scsi Port %d\Scsi Bus %d\Target ID %d\Logical Unit Id %d

\Registry\Machine\Hardware\DeviceMap\Scsi\Scsi Port %d\Scsi Bus %d\Target ID %d\Logical Unit Id %d

\Device\Harddisk%d\Partition0

\Device\Harddisk%d\Partition0

\\.\PhysicalDrive%d

\\.\PhysicalDrive%d

W%s\%s

W%s\%s

\Device\Video%d

\Device\Video%d

DefaultSettings.YResolution

DefaultSettings.YResolution

DefaultSettings.XResolution

DefaultSettings.XResolution

DefaultSettings.VRefresh

DefaultSettings.VRefresh

DefaultSettings.BitsPerPel

DefaultSettings.BitsPerPel

HardwareInformation.BiosString

HardwareInformation.BiosString

HardwareInformation.AdapterString

HardwareInformation.AdapterString

HardwareInformation.DacType

HardwareInformation.DacType

HardwareInformation.ChipType

HardwareInformation.ChipType

HardwareInformation.MemorySize

HardwareInformation.MemorySize

SOFTWARE\Microsoft\SystemCertificates\Root\Certificates\2BD63D28D7BCD0E251195AEB519243C13142EBC3

SOFTWARE\Microsoft\SystemCertificates\Root\Certificates\2BD63D28D7BCD0E251195AEB519243C13142EBC3

PerfDbg.Etl

PerfDbg.Etl

C:\perfdbg.etl

C:\perfdbg.etl

$winnt$.inf

$winnt$.inf

Export

Export

ncacn_nb_tcp

ncacn_nb_tcp

\PIPE\winreg

\PIPE\winreg

\SystemRoot\system32\perf0000.dat

\SystemRoot\system32\perf0000.dat

\SystemRoot\system32\prf00000.dat

\SystemRoot\system32\prf00000.dat

Advanced Windows 32 Base API

Advanced Windows 32 Base API

5.1.2600.5512 (xpsp.080413-2113)

5.1.2600.5512 (xpsp.080413-2113)

advapi32.dll

advapi32.dll

Windows

Windows

Operating System

Operating System

5.1.2600.5512

5.1.2600.5512

An exception occurred while performing Windows 3.1 migration. Some data

An exception occurred while performing Windows 3.1 migration. Some data

The entire contents of %1 was migrated into the Windows NT registry.

The entire contents of %1 was migrated into the Windows NT registry.

Windows NT registry.

Windows NT registry.

the Windows NT registry.

the Windows NT registry.

The contents of the Windows 3.X Program Manager group file %1 was not

The contents of the Windows 3.X Program Manager group file %1 was not

migrated into the Windows NT registry, as a group of that name, %2,

migrated into the Windows NT registry, as a group of that name, %2,

Contents of %1 migrated to the Windows NT registry.

Contents of %1 migrated to the Windows NT registry.

Unable to migrate all or part of the %1 file into the Windows NT registry.

Unable to migrate all or part of the %1 file into the Windows NT registry.

Unable to migrate all or part of the %1 section of %2 into the Windows

Unable to migrate all or part of the %1 section of %2 into the Windows

into the Windows NT registry.

into the Windows NT registry.

Unable to load the contents of the Windows 3.1 Program Manager group file %1.

Unable to load the contents of the Windows 3.1 Program Manager group file %1.

Error Code was %2. Group not migrated to the Windows NT registry.

Error Code was %2. Group not migrated to the Windows NT registry.

Unable to convert the contents of the Windows 3.1 Program Manager group

Unable to convert the contents of the Windows 3.1 Program Manager group

file %1. into the Windows NT format. Error Code was %2. Group not

file %1. into the Windows NT format. Error Code was %2. Group not

migrated to the Windows NT registry.

migrated to the Windows NT registry.

Unable to migrate all or part of %1 to the Windows NT registry.

Unable to migrate all or part of %1 to the Windows NT registry.

the Windows NT registry. It is incompatible with Windows NT.

the Windows NT registry. It is incompatible with Windows NT.

Allows programs to execute with only access to resources granted to open well-known groups, blocking access Administrator and Power User privileges, and personally granted rights.

Allows programs to execute with only access to resources granted to open well-known groups, blocking access Administrator and Power User privileges, and personally granted rights.

Software cannot access certain resources, such as cryptographic keys and credentials, regardless of the access rights of the user.

Software cannot access certain resources, such as cryptographic keys and credentials, regardless of the access rights of the user.

Allows programs to execute as a user that does not have Administrator or Power User access rights, but can still access resouces accessible by normal users.

Allows programs to execute as a user that does not have Administrator or Power User access rights, but can still access resouces accessible by normal users.