#14 Need deterministic machine-readable log
The current log format can't unambiguously report key vs. value for garbage like this:
Reg:
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist{75048700-EF1F-11D0-9888-006097DEACF9}\Count]
"HRZR_EHACNGU:P:\JVAQBJF\flfgrz32\gnfxzte.rkr"=hex:0b,00,00 …
Log (not an exact match for the reg but similar):
HKU\S-1-5-21-1715567821-920026266-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\JVAQBJF\flfgrz32\abgrcnq.rkr: 0E 00 00 …
Programmatically splitting the key from the value name is quite difficult with only a colon delimeter, especially with the variety of data type formats found in some keys.
The reg output format requested in FR #11 and being worked on in patch #1 could be an alternative solution but neither addresses the current log limitation.
Being able to report key changes relative to HKCU instead of HKU would also be helpful as it is difficult to convert from the latter to the former using just the log.