OTL logfile created on: 2012-05-12 02:07:25 - Run 3 OTL by OldTimer - Version 3.2.42.3 Folder = C:\Documents and Settings\Private\Pulpit\na forum fixpic Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 511,48 Mb Total Physical Memory | 113,68 Mb Available Physical Memory | 22,22% Memory free 2,47 Gb Paging File | 1,81 Gb Available in Paging File | 73,31% Paging File free Paging file location(s): [Binary data over 100 bytes] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 37,25 Gb Total Space | 8,18 Gb Free Space | 21,96% Space Free | Partition Type: NTFS Drive D: | 37,27 Gb Total Space | 34,11 Gb Free Space | 91,52% Space Free | Partition Type: NTFS Drive G: | 29,28 Gb Total Space | 22,27 Gb Free Space | 76,06% Space Free | Partition Type: FAT32 Drive H: | 203,58 Gb Total Space | 89,01 Gb Free Space | 43,72% Space Free | Partition Type: NTFS Computer Name: NN-04FCDEF7E0AE | User Name: Private | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Custom Scans ==========[/color] [color=#A23BEC]< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog /s >[/color] "Description" = Umożliwia wyświetlanie w Podglądzie zdarzeń komunikatów dziennika zdarzeń pochodzących od programów dla systemu Windows i składników. Tej usługi nie można zatrzymać. "DisplayName" = Dziennik zdarzeń "ErrorControl" = 1 "Group" = Event log "ObjectName" = LocalSystem "PlugPlayServiceType" = 3 "Start" = 2 "Type" = 32 "ComputerName" = NN-04FCDEF7E0AE "ImagePath" = %SystemRoot%\system32\services.exe -- [2009-02-09 13:25:57 | 000,111,104 | ---- | M] (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\ACEEventLog] "Sources" = ACEEventLogACEEventLogSource [binary data] "MaxSize" = 524288 "AutoBackupLogFiles" = 0 "Retention" = 604800 "File" = %SystemRoot%\System32\config\ACEEvent.evt [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\ACEEventLog\ACEEventLog] "EventMessageFile" = C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\EventLogMessages.dll -- [2008-07-25 12:17:00 | 000,798,224 | ---- | M] (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\ACEEventLog\ACEEventLogSource] "EventMessageFile" = C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\EventLogMessages.dll -- [2008-07-25 12:17:00 | 000,798,224 | ---- | M] (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application] "DisplayNameFile" = %SystemRoot%\system32\els.dll -- [2008-04-14 22:50:32 | 000,185,344 | ---- | M] (Microsoft Corporation) "DisplayNameID" = 256 "File" = %SystemRoot%\system32\config\AppEvent.Evt -- [2010-08-20 10:51:58 | 000,524,288 | ---- | M] () "MaxSize" = 524288 "PrimaryModule" = Application "Retention" = 604800 "Sources" = [Binary data over 100 bytes] "RestrictGuestAccess" = 1 "" = mnmsrvc -- [2008-04-14 22:51:26 | 000,032,768 | ---- | M] (Microsoft Corporation) "AutoBackupLogFiles" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\.NET Runtime] "EventMessageFile" = C:\WINDOWS\system32\mscoree.dll -- [2009-11-07 02:07:04 | 000,297,808 | ---- | M] (Microsoft Corporation) "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\.NET Runtime 2.0 Error Reporting] "EventMessageFile" = C:\Program Files\Common Files\Microsoft Shared\DW\DW20.EXE -- [2007-03-13 17:39:26 | 000,637,272 | ---- | M] (Microsoft Corporation) "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\.NET Runtime 4.0 Error Reporting] "EventMessageFile" = C:\Program Files\Common Files\Microsoft Shared\DW\dw20.exe -- [2007-03-13 17:39:26 | 000,637,272 | ---- | M] (Microsoft Corporation) "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\.NET Runtime Optimization Service] "EventMessageFile" = C:\WINDOWS\system32\mscoree.dll -- [2009-11-07 02:07:04 | 000,297,808 | ---- | M] (Microsoft Corporation) "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\apphelp] "EventMessageFile" = %SystemRoot%\System32\apphelp.dll -- [2008-04-14 22:50:00 | 000,125,952 | ---- | M] (Microsoft Corporation) "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Application] "CategoryCount" = 7 "CategoryMessageFile" = %SystemRoot%\system32\eventlog.dll -- [2008-04-14 22:50:32 | 000,056,320 | ---- | M] (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Application Error] "EventMessageFile" = %SystemRoot%\System32\faultrep.dll;%SystemRoot%\System32\xpsp2res.dll "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Application Hang] "EventMessageFile" = %SystemRoot%\System32\faultrep.dll -- [2008-04-14 22:50:32 | 000,080,896 | ---- | M] (Microsoft Corporation) "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Application Management] "EventMessageFile" = %SystemRoot%\System32\appmgmts.dll -- [2008-04-14 22:50:00 | 000,172,032 | ---- | M] (Microsoft Corporation) "ParameterMessageFile" = %SystemRoot%\System32\kernel32.dll -- [2009-03-21 16:08:59 | 001,018,368 | ---- | M] (Microsoft Corporation) "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\ASP.NET 2.0.50727.0] "TypesSupported" = 7 "EventMessageFile" = C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\pl\aspnet_rc.dll -- [2008-09-10 18:47:22 | 000,094,208 | ---- | M] (Microsoft Corporation) "CategoryCount" = 5 "CategoryMessageFile" = C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\pl\aspnet_rc.dll -- [2008-09-10 18:47:22 | 000,094,208 | ---- | M] (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\ASP.NET 4.0.30319.0] "TypesSupported" = 7 "EventMessageFile" = C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_rc.dll -- [2010-03-18 16:47:22 | 000,078,160 | ---- | M] (Microsoft Corporation) "CategoryCount" = 5 "CategoryMessageFile" = C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_rc.dll -- [2010-03-18 16:47:22 | 000,078,160 | ---- | M] (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\ATI Smart] "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Autochk] "EventMessageFile" = %SystemRoot%\System32\winlogon.exe -- [2008-04-14 22:51:50 | 000,510,464 | ---- | M] (Microsoft Corporation) "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\AutoEnrollment] "EventMessageFile" = %SystemRoot%\System32\pautoenr.dll -- [2008-04-14 22:50:46 | 000,069,120 | ---- | M] (Microsoft Corporation) "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\CardSpace 3.0.0.0] "CategoryMessageFile" = C:\WINDOWS\system32\icardres.dll.mui "CategoryCount" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\CardSpace 4.0.0.0] "CategoryCount" = 1 "CategoryMessageFile" = icardres.dll.mui "EventMessageFile" = C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\MUI\0409\ServiceModelEvents.dll.mui;icardres.dll.mui [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Chkdsk] "EventMessageFile" = %SystemRoot%\System32\ulib.dll -- [2008-04-14 22:50:58 | 000,296,960 | ---- | M] (Microsoft Corporation) "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Ci] "EventMessageFile" = %SystemRoot%\System32\query.dll -- [2009-07-17 18:17:57 | 001,439,744 | ---- | M] (Microsoft Corporation) "CategoryMessageFile" = %SystemRoot%\System32\query.dll -- [2009-07-17 18:17:57 | 001,439,744 | ---- | M] (Microsoft Corporation) "TypesSupported" = 7 "CategoryCount" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\COM] "EventMessageFile" = %SystemRoot%\System32\netevent.dll;%SystemRoot%\System32\xpsp2res.dll "ParameterMessageFile" = %SystemRoot%\System32\kernel32.dll -- [2009-03-21 16:08:59 | 001,018,368 | ---- | M] (Microsoft Corporation) "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\COM+] "EventMessageFile" = C:\WINDOWS\system32\COMRes.dll -- [2008-04-14 22:50:16 | 000,822,272 | ---- | M] (Microsoft Corporation) "CategoryMessageFile" = C:\WINDOWS\system32\COMRes.dll -- [2008-04-14 22:50:16 | 000,822,272 | ---- | M] (Microsoft Corporation) "ParameterMessageFile" = C:\WINDOWS\system32\COMRes.dll -- [2008-04-14 22:50:16 | 000,822,272 | ---- | M] (Microsoft Corporation) "TypeSupported" = 7 "CategoryCount" = 117 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\crypt32] "EventMessageFile" = %SystemRoot%\System32\crypt32.dll -- [2011-09-28 09:06:42 | 000,602,624 | ---- | M] (Microsoft Corporation) "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\DfSdkS] "EventMessageFile" = C:\Program Files\Ashampoo\Ashampoo WinOptimizer 8\DfsdkS.exe "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\DiskQuota] "EventMessageFile" = %SystemRoot%\System32\dskquota.dll -- [2008-04-14 22:50:30 | 000,093,184 | ---- | M] (Microsoft Corporation) "TypesSupported" = 0x00000007 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Dot3Svc] "EventMessageFile" = %SystemRoot%\System32\dot3svc.dll -- [2008-04-14 22:50:28 | 000,133,632 | ---- | M] (Microsoft Corporation) "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Driver Inspector] "EventMessageFile" = C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\EventLogMessages.dll -- [2008-07-25 12:17:00 | 000,798,224 | ---- | M] (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\DrWatson] "EventMessageFile" = %SystemRoot%\System32\drwtsn32.exe -- [2001-10-26 19:29:52 | 000,047,104 | ---- | M] (Microsoft Corporation) "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\ESENT] "EventMessageFile" = C:\WINDOWS\system32\ESENT.dll -- [2008-04-14 22:50:32 | 001,092,608 | ---- | M] (Microsoft Corporation) "CategoryMessageFile" = C:\WINDOWS\system32\ESENT.dll -- [2008-04-14 22:50:32 | 001,092,608 | ---- | M] (Microsoft Corporation) "CategoryCount" = 16 "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\EventSystem] "CategoryCount" = 6 "TypesSupported" = 7 "CategoryMessageFile" = C:\WINDOWS\system32\COMRes.dll -- [2008-04-14 22:50:16 | 000,822,272 | ---- | M] (Microsoft Corporation) "EventMessageFile" = C:\WINDOWS\system32\COMRes.dll -- [2008-04-14 22:50:16 | 000,822,272 | ---- | M] (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\File Deployment] "EventMessageFile" = %SystemRoot%\System32\fdeploy.dll -- [2008-04-14 22:50:32 | 000,074,752 | ---- | M] (Microsoft Corporation) "ParameterMessageFile" = %SystemRoot%\System32\kernel32.dll -- [2009-03-21 16:08:59 | 001,018,368 | ---- | M] (Microsoft Corporation) "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Folder Redirection] "EventMessageFile" = %SystemRoot%\System32\fdeploy.dll -- [2008-04-14 22:50:32 | 000,074,752 | ---- | M] (Microsoft Corporation) "ParameterMessageFile" = %SystemRoot%\System32\kernel32.dll -- [2009-03-21 16:08:59 | 001,018,368 | ---- | M] (Microsoft Corporation) "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\HelpSvc] "EventMessageFile" = C:\WINDOWS\PCHealth\HelpCtr\Binaries\HCAppRes.dll -- [2001-10-26 19:28:00 | 000,007,680 | ---- | M] (Microsoft Corporation) "TypesSupported" = 31 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\HotFixInstaller] "EventMessageFile" = C:\PROGRA~1\COMMON~1\MICROS~1\DW\DW20.EXE -- [2007-03-13 17:39:26 | 000,637,272 | ---- | M] (Microsoft Corporation) "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\idsvc] "EventMessageFile" = C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\EventLogMessages.dll -- [2008-07-25 12:17:00 | 000,798,224 | ---- | M] (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\JavaQuickStarterService] "EventMessageFile" = C:\Program Files\Java\jre7\bin\jqs.exe -- [2012-05-08 19:21:57 | 000,161,736 | ---- | M] (Oracle Corporation) "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\LoadPerf] "EventMessageFile" = %SystemRoot%\System32\loadperf.dll -- [2008-04-14 22:50:36 | 000,098,816 | ---- | M] (Microsoft Corporation) "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Microsoft (R) Visual C# 2005 Compiler] "TypesSupported" = 7 "EventMessageFile" = C:\Program Files\Common Files\Microsoft Shared\DW\DW20.EXE -- [2007-03-13 17:39:26 | 000,637,272 | ---- | M] (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Microsoft H.323 Telephony Service Provider] "EventMessageFile" = C:\WINDOWS\System32\h323.tsp -- [2008-04-14 22:51:58 | 000,266,240 | ---- | M] (Microsoft Corporation) "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Microsoft Office 11] "EventMessageFile" = C:\PROGRA~1\COMMON~1\MICROS~1\DW\DW20.EXE -- [2007-03-13 17:39:26 | 000,637,272 | ---- | M] (Microsoft Corporation) "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Microsoft.Transactions.Bridge 3.0.0.0] "CategoryCount" = 14 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Microsoft.Transactions.Bridge 4.0.0.0] "CategoryCount" = 14 "CategoryMessageFile" = C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\MUI\0409\ServiceModelEvents.dll.mui -- [2010-03-18 13:16:28 | 000,033,128 | ---- | M] (Microsoft Corporation) "EventMessageFile" = C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\MUI\0409\ServiceModelEvents.dll.mui -- [2010-03-18 13:16:28 | 000,033,128 | ---- | M] (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\mnmsrvc] "EventMessageFile" = %SystemRoot%\System32\nmevtmsg.dll -- [2001-10-26 19:28:36 | 000,012,288 | ---- | M] (Microsoft Corporation) "TypeSupported" = 07 00 00 00 [binary data] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\MSDMine] "EventMessageFile" = C:\PROGRA~1\COMMON~1\SYSTEM\OLEDB~1\MSDMINE.DLL -- [2002-12-17 19:08:54 | 001,383,592 | ---- | M] (Microsoft Corporation) "TypesSupported" = 00 12 B8 58 [binary data] "CategoryCount" = 2 "CategoryMessageFile" = C:\PROGRA~1\COMMON~1\SYSTEM\OLEDB~1\MSDMINE.DLL -- [2002-12-17 19:08:54 | 001,383,592 | ---- | M] (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\MSDTC] "EventMessageFile" = %SystemRoot%\System32\comres.dll;%SystemRoot%\System32\xpsp2res.dll "TypesSupported" = 7 "CategoryMessageFile" = C:\WINDOWS\system32\COMRES.DLL;C:\WINDOWS\system32\xpsp2res.dll -- [2008-04-14 22:50:16 | 000,822,272 | ---- | M] (Microsoft Corporation) "CategoryCount" = 15 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\MSDTC Client] "EventMessageFile" = %SystemRoot%\System32\comres.dll;%SystemRoot%\System32\xpsp2res.dll "TypesSupported" = 7 "CategoryMessageFile" = C:\WINDOWS\system32\COMRES.DLL;C:\WINDOWS\system32\xpsp2res.dll -- [2008-04-14 22:50:16 | 000,822,272 | ---- | M] (Microsoft Corporation) "CategoryCount" = 15 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\MsiInstaller] "EventMessageFile" = C:\WINDOWS\system32\msi.dll -- [2008-04-14 22:50:40 | 002,843,136 | ---- | M] (Microsoft Corporation) "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\MSSHA] "TypesSupported" = 7 "EventMessageFile" = %SystemRoot%\System32\msshavmsg.dll -- [2008-04-14 21:50:24 | 000,080,896 | ---- | M] (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\MSSOAP] "TypesSupported" = 1 "CategoryCount" = 4 "EventMessageFile" = C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSSOAP30.DLL -- [2002-12-06 12:25:10 | 000,497,664 | ---- | M] (Microsoft Corporation) "CategoryMessageFile" = C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSSOAP30.DLL -- [2002-12-06 12:25:10 | 000,497,664 | ---- | M] (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\MSSQLSERVER/MSDE] "EventMessageFile" = %SystemRoot%\System32\xpsp2res.dll -- [2008-04-14 00:08:00 | 002,953,216 | ---- | M] (Microsoft Corporation) "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\NeroCheck] "EventMessageFile" = C:\WINDOWS\system32\NeroCheck.exe -- [2001-07-09 11:50:42 | 000,155,648 | ---- | M] (Ahead Software Gmbh) "CategoryMessageFile" = C:\WINDOWS\system32\NeroCheck.exe -- [2001-07-09 11:50:42 | 000,155,648 | ---- | M] (Ahead Software Gmbh) "TypesSupported" = 7 "CategoryCount" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\ntbackup] "EventMessageFile" = %SystemRoot%\System32\ntbackup.exe -- [2008-04-14 22:51:34 | 001,222,144 | ---- | M] (Microsoft Corporation) "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Ntbackup.ini] "EventMessageFile" = C:\WINDOWS\system32\ntbackup.exe -- [2008-04-14 22:51:34 | 001,222,144 | ---- | M] (Microsoft Corporation) "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Oakley] "EventMessageFile" = %SystemRoot%\System32\oakley.dll -- [2009-10-13 12:34:25 | 000,271,360 | ---- | M] (Microsoft Corporation) "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Offline Files] "EventMessageFile" = %SystemRoot%\System32\cscui.dll -- [2008-04-14 22:50:18 | 000,333,312 | ---- | M] (Microsoft Corporation) "TypesSupported" = 0x00000007 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Perfctrs] "EventMessageFile" = %SystemRoot%\System32\perfctrs.dll -- [2008-04-14 22:50:46 | 000,041,472 | ---- | M] (Microsoft Corporation) "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\PerfDisk] "EventMessageFile" = %SystemRoot%\System32\perfdisk.dll -- [2008-04-14 22:50:46 | 000,026,624 | ---- | M] (Microsoft Corporation) "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Perflib] "EventMessageFile" = %SystemRoot%\System32\prflbmsg.dll -- [2001-10-26 19:28:42 | 000,016,896 | ---- | M] (Microsoft Corporation) "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Perfmon] "EventMessageFile" = %SystemRoot%\System32\perfmon.exe -- [2008-04-14 22:51:36 | 000,015,872 | ---- | M] (Microsoft Corporation) "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\PerfNet] "EventMessageFile" = %SystemRoot%\System32\perfnet.dll -- [2008-04-14 22:50:46 | 000,017,920 | ---- | M] (Microsoft Corporation) "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\PerfOS] "EventMessageFile" = %SystemRoot%\System32\perfOS.dll -- [2008-04-14 22:50:46 | 000,025,088 | ---- | M] (Microsoft Corporation) "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\PerfProc] "EventMessageFile" = %SystemRoot%\System32\perfproc.dll -- [2008-04-14 22:50:46 | 000,035,328 | ---- | M] (Microsoft Corporation) "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Picasa3] "TypesSupported" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Remote Assistance] "EventMessageFile" = %SystemRoot%\System32\xpsp2res.dll -- [2008-04-14 00:08:00 | 002,953,216 | ---- | M] (Microsoft Corporation) "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\RPC] "EventMessageFile" = %SystemRoot%\System32\xpsp3res.dll -- [2008-04-14 00:09:52 | 000,757,248 | ---- | M] (Microsoft Corporation) "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\SAFrdms] "EventMessageFile" = C:\WINDOWS\system32\safrdm.dll -- [2008-04-14 22:50:46 | 000,029,696 | ---- | M] (Microsoft Corporation) "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\safrslv] "EventMessageFile" = C:\WINDOWS\system32\safrslv.dll -- [2008-04-14 22:50:46 | 000,045,568 | ---- | M] (Microsoft Corporation) "TypesSupported" = 31 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\SceCli] "EventMessageFile" = %SystemRoot%\System32\scecli.dll -- [2008-04-14 22:50:46 | 000,186,368 | ---- | M] (Microsoft Corporation) "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\SceSrv] "EventMessageFile" = %SystemRoot%\System32\scesrv.dll -- [2008-04-14 22:50:46 | 000,325,632 | ---- | M] (Microsoft Corporation) "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\SclgNtfy] "EventMessageFile" = %SystemRoot%\System32\sclgntfy.dll -- [2008-04-14 22:50:46 | 000,022,016 | ---- | M] (Microsoft Corporation) "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\SecurityCenter] "EventMessageFile" = %SystemRoot%\system32\xpsp2res.dll -- [2008-04-14 00:08:00 | 002,953,216 | ---- | M] (Microsoft Corporation) "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\ServiceModel Audit 3.0.0.0] "TypesSupported" = 31 "CategoryCount" = 2 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\ServiceModel Audit 4.0.0.0] "TypesSupported" = 31 "CategoryCount" = 2 "CategoryMessageFile" = C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\MUI\0409\ServiceModelEvents.dll.mui -- [2010-03-18 13:16:28 | 000,033,128 | ---- | M] (Microsoft Corporation) "EventMessageFile" = C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\MUI\0409\ServiceModelEvents.dll.mui -- [2010-03-18 13:16:28 | 000,033,128 | ---- | M] (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\SkypeUpdate] "EventMessageFile" = C:\Program Files\Skype\Updater\Updater.exe -- [2012-05-03 08:31:10 | 000,158,856 | R--- | M] (Skype Technologies) "CategoryMessageFile" = C:\Program Files\Skype\Updater\Updater.exe -- [2012-05-03 08:31:10 | 000,158,856 | R--- | M] (Skype Technologies) "CategoryCount" = 2 "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\SNL HiveManager] "EventMessageFile" = "TypesSupported" = 7 "CategoryMessageFile" = "CategoryCount" = 2 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Software Installation] "EventMessageFile" = %SystemRoot%\System32\appmgr.dll -- [2008-04-14 22:50:02 | 000,299,008 | ---- | M] (Microsoft Corporation) "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Software Restriction Policies] "EventMessageFile" = %SystemRoot%\System32\ntdll.dll -- [2010-12-09 17:15:25 | 000,726,528 | ---- | M] (Microsoft Corporation) "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\SpoolerCtrs] "EventMessageFile" = %SystemRoot%\System32\winspool.drv -- [2008-04-14 22:51:58 | 000,146,432 | ---- | M] (Microsoft Corporation) "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Spybot - Search & Destroy 2] "EventMessageFile" = SDEvents.dll "TypesSupported" = 7 "CategoryMessageFile" = SDEvents.dll "CategoryCount" = 2 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Starter] "EventMessageFile" = %SystemRoot%\System32\xpsp2res.dll -- [2008-04-14 00:08:00 | 002,953,216 | ---- | M] (Microsoft Corporation) "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\SysmonLog] "EventMessageFile" = %SystemRoot%\System32\smlogsvc.exe -- [2008-04-14 22:51:44 | 000,091,136 | ---- | M] (Microsoft Corporation) "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\System.IdentityModel 3.0.0.0] "CategoryCount" = 14 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\System.IdentityModel 4.0.0.0] "CategoryCount" = 14 "CategoryMessageFile" = C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\MUI\0409\ServiceModelEvents.dll.mui -- [2010-03-18 13:16:28 | 000,033,128 | ---- | M] (Microsoft Corporation) "EventMessageFile" = C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\MUI\0409\ServiceModelEvents.dll.mui -- [2010-03-18 13:16:28 | 000,033,128 | ---- | M] (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\System.IO.Log 3.0.0.0] "CategoryCount" = 14 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\System.IO.Log 4.0.0.0] "CategoryCount" = 14 "CategoryMessageFile" = C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\MUI\0409\ServiceModelEvents.dll.mui -- [2010-03-18 13:16:28 | 000,033,128 | ---- | M] (Microsoft Corporation) "EventMessageFile" = C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\MUI\0409\ServiceModelEvents.dll.mui -- [2010-03-18 13:16:28 | 000,033,128 | ---- | M] (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\System.Runtime.Serialization 3.0.0.0] "CategoryCount" = 14 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\System.Runtime.Serialization 4.0.0.0] "CategoryCount" = 14 "CategoryMessageFile" = C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\MUI\0409\ServiceModelEvents.dll.mui -- [2010-03-18 13:16:28 | 000,033,128 | ---- | M] (Microsoft Corporation) "EventMessageFile" = C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\MUI\0409\ServiceModelEvents.dll.mui -- [2010-03-18 13:16:28 | 000,033,128 | ---- | M] (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\System.ServiceModel 3.0.0.0] "CategoryCount" = 14 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\System.ServiceModel 4.0.0.0] "CategoryCount" = 14 "CategoryMessageFile" = C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\MUI\0409\ServiceModelEvents.dll.mui -- [2010-03-18 13:16:28 | 000,033,128 | ---- | M] (Microsoft Corporation) "EventMessageFile" = C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\MUI\0409\ServiceModelEvents.dll.mui -- [2010-03-18 13:16:28 | 000,033,128 | ---- | M] (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\System.ServiceModel.Install 3.0.0.0] "EventMessageFile" = C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\EventLogMessages.dll -- [2008-07-25 12:17:00 | 000,798,224 | ---- | M] (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Tlntsvr] "EventMessageFile" = C:\WINDOWS\system32\tlntsvr.exe;C:\WINDOWS\system32\xpsp1res.dll -- [2008-04-14 22:51:46 | 000,075,264 | ---- | M] (Microsoft Corporation) "TypesSupported" = 31 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Userenv] "EventMessageFile" = %SystemRoot%\System32\userenv.dll;%SystemRoot%\System32\xpsp1res.dll;%SystemRoot%\System32\xpsp2res.dll "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Userinit] "EventMessageFile" = %SystemRoot%\System32\userinit.exe -- [2008-04-14 22:51:46 | 000,026,624 | ---- | M] (Microsoft Corporation) "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\VBRuntime] "EventMessageFile" = C:\WINDOWS\system32\msvbvm60.dll -- [2008-04-14 22:50:40 | 001,384,479 | ---- | M] (Microsoft Corporation) "TypesSupported" = 4 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\VSS] "TypesSupported" = 7 "EventMessageFile" = C:\WINDOWS\system32\vssvc.exe -- [2008-04-14 22:51:48 | 000,291,840 | ---- | M] (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\VSSetup] "EventMessageFile" = C:\PROGRA~1\COMMON~1\MICROS~1\DW\DW20.EXE -- [2007-03-13 17:39:26 | 000,637,272 | ---- | M] (Microsoft Corporation) "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WebClient] "EventMessageFile" = %SystemRoot%\System32\netevent.dll -- [2001-10-26 19:27:12 | 000,227,328 | ---- | M] (Microsoft Corporation) "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WgaSetup] "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Windows 3.1 Migration] "EventMessageFile" = %SystemRoot%\System32\advapi32.dll -- [2009-02-09 12:53:44 | 000,686,592 | ---- | M] (Microsoft Corporation) "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Windows Product Activation] "EventMessageFile" = %SystemRoot%\System32\dpcdll.dll -- [2008-04-14 22:47:44 | 000,103,424 | ---- | M] (Microsoft Corporation) "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Winlogon] "EventMessageFile" = %SystemRoot%\System32\winlogon.exe -- [2008-04-14 22:51:50 | 000,510,464 | ---- | M] (Microsoft Corporation) "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WinMgmt] "EventMessageFile" = %SystemRoot%\system32\WBEM\WinMgmtR.dll;%SystemRoot%\system32\xpsp2res.dll "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WmdmPmSN] "EventMessageFile" = C:\WINDOWS\system32\mspmsnsv.dll -- [2006-10-18 22:47:16 | 000,027,136 | ---- | M] (Microsoft Corporation) "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WMI.NET Provider Extension] "EventMessageFile" = C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\EventLogMessages.dll -- [2010-03-18 13:16:28 | 000,794,464 | ---- | M] (Microsoft Corporation) "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WMIAdapter] "EventMessageFile" = %SystemRoot%\system32\WBEM\WMIApRes.dll -- [2008-04-14 21:39:14 | 000,007,168 | ---- | M] (Microsoft Corporation) "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WSH] "EventMessageFile" = %SystemRoot%\System32\wshext.dll -- [2008-05-09 12:56:45 | 000,090,112 | ---- | M] (Microsoft Corporation) "TypesSupported" = 31 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\DriverScanner] "AutoBackupLogFiles" = 0 "MaxSize" = 524288 "Retention" = 604800 "Sources" = UniblueCommonDriverScanner [binary data] "File" = %SystemRoot%\System32\config\DriverScanner.evt -- [2009-05-04 15:03:22 | 000,065,536 | ---- | M] () [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\DriverScanner\UniblueCommon] "EventMessageFile" = C:\DOCUME~1\ALLUSE~1\DANEAP~1\{66E2F~1\DRIVER~1\83AD0D7\8F9F9DCD\UNIBLU~1.DLL -- [2008-11-14 15:32:18 | 000,204,800 | ---- | M] () "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Internet Explorer] "Sources" = Internet Explorer [binary data] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security] "DisplayNameFile" = %SystemRoot%\System32\els.dll -- [2008-04-14 22:50:32 | 000,185,344 | ---- | M] (Microsoft Corporation) "DisplayNameID" = 257 "File" = %SystemRoot%\System32\config\SecEvent.Evt -- [2007-06-06 16:50:36 | 000,065,536 | ---- | M] () "MaxSize" = 524288 "PrimaryModule" = Security -- [2008-04-14 22:50:46 | 000,005,632 | ---- | M] (Microsoft Corporation) "Retention" = 604800 "Sources" = [Binary data over 100 bytes] "RestrictGuestAccess" = 1 "Security" = [Binary data over 100 bytes] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security\DS] "ParameterMessageFile" = %SystemRoot%\System32\MsObjs.dll -- [2001-10-26 19:28:34 | 000,040,960 | ---- | M] (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security\DS\ObjectNames] "Directory Service Object" = 7680 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security\LSA] "ParameterMessageFile" = %SystemRoot%\System32\MsObjs.dll -- [2001-10-26 19:28:34 | 000,040,960 | ---- | M] (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security\LSA\ObjectNames] "PolicyObject" = 5632 "SecretObject" = 5648 "TrustedDomainObject" = 5664 "UserAccountObject" = 5680 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security\NetDDE Object] "ParameterMessageFile" = %SystemRoot%\System32\MsObjs.dll -- [2001-10-26 19:28:34 | 000,040,960 | ---- | M] (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security\NetDDE Object\ObjectNames] "DDE Share" = 7424 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security\SC Manager] "ParameterMessageFile" = %SystemRoot%\System32\MsObjs.dll -- [2001-10-26 19:28:34 | 000,040,960 | ---- | M] (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security\SC Manager\ObjectNames] "SC_MANAGER Object" = 7168 "SERVICE Object" = 7184 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security] "CategoryCount" = 9 "CategoryMessageFile" = %SystemRoot%\System32\MsAuditE.dll -- [2001-10-26 19:28:32 | 000,078,848 | ---- | M] (Microsoft Corporation) "GuidMessageFile" = %SystemRoot%\System32\NtMarta.dll -- [2008-04-14 22:50:42 | 000,119,808 | ---- | M] (Microsoft Corporation) "EventMessageFile" = %SystemRoot%\System32\MsAuditE.dll;%SystemRoot%\System32\xpsp2res.dll;%SystemRoot%\System32\xpsp3res.dll "ParameterMessageFile" = %SystemRoot%\System32\MsObjs.dll -- [2001-10-26 19:28:34 | 000,040,960 | ---- | M] (Microsoft Corporation) "TypesSupported" = 28 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security\ObjectNames] "Channel" = 5120 "Desktop" = 6672 "Device" = 4352 "Directory" = 4368 "Event" = 4384 "EventPair" = 4400 "File" = 4416 "IoCompletion" = 4864 "Job" = 5136 "Key" = 4432 "MailSlot" = 4416 "Mutant" = 4448 "NamedPipe" = 4416 "Port" = 4464 "Process" = 4480 "Profile" = 4496 "Section" = 4512 "Semaphore" = 4528 "SymbolicLink" = 4544 "Thread" = 4560 "Timer" = 4576 "Token" = 4592 "Type" = 4608 "WaitablePort" = 4464 "WindowStation" = 6656 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security Account Manager] "ParameterMessageFile" = %SystemRoot%\System32\MsObjs.dll -- [2001-10-26 19:28:34 | 000,040,960 | ---- | M] (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security Account Manager\ObjectNames] "SAM_ALIAS" = 5424 "SAM_DOMAIN" = 5392 "SAM_GROUP" = 5408 "SAM_SERVER" = 5376 "SAM_USER" = 5440 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security\ServiceModel 3.0.0.0] "EventMessageFile" = C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelEvents.dll.mui "TypesSupported" = 31 "ParameterMessageFile" = C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelEvents.dll.mui "CategoryCount" = 3 "EventSourceFlags" = 1 "CategoryMessageFile" = %SystemRoot%\System32\MsAuditE.dll -- [2001-10-26 19:28:32 | 000,078,848 | ---- | M] (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security\ServiceModel 4.0.0.0] "TypesSupported" = 31 "CategoryMessageFile" = %SystemRoot%\System32\MsAuditE.dll -- [2001-10-26 19:28:32 | 000,078,848 | ---- | M] (Microsoft Corporation) "CategoryCount" = 3 "ParameterMessageFile" = C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\MUI\0409\ServiceModelEvents.dll.mui -- [2010-03-18 13:16:28 | 000,033,128 | ---- | M] (Microsoft Corporation) "EventMessageFile" = C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\MUI\0409\ServiceModelEvents.dll.mui -- [2010-03-18 13:16:28 | 000,033,128 | ---- | M] (Microsoft Corporation) "EventSourceFlags" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Spooler] "ParameterMessageFile" = %SystemRoot%\System32\MsObjs.dll -- [2001-10-26 19:28:34 | 000,040,960 | ---- | M] (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Spooler\ObjectNames] "Document" = 6944 "Printer" = 6928 "Server" = 6912 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System] "DisplayNameFile" = %SystemRoot%\system32\els.dll -- [2008-04-14 22:50:32 | 000,185,344 | ---- | M] (Microsoft Corporation) "DisplayNameID" = 258 "File" = %SystemRoot%\system32\config\SysEvent.Evt -- [2010-08-20 10:51:58 | 000,524,288 | ---- | M] () "MaxSize" = 524288 "PrimaryModule" = System "Retention" = 604800 "Sources" = [Binary data over 100 bytes] "RestrictGuestAccess" = 1 "EventMessageFile" = %systemroot%\system32\stisvc.exe "TypesSupported" = 07 00 00 00 [binary data] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\abiosdsk] "EventMessageFile" = %SystemRoot%\System32\IoLogMsg.dll -- [2001-10-26 19:28:08 | 000,036,352 | ---- | M] (Microsoft Corporation) "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\abp480n5] "EventMessageFile" = %SystemRoot%\System32\IoLogMsg.dll -- [2001-10-26 19:28:08 | 000,036,352 | ---- | M] (Microsoft Corporation) "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\acpi] "EventMessageFile" = %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\Drivers\acpi.sys "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\acpiec] "EventMessageFile" = %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\Drivers\acpiec.sys "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\adpu160m] "EventMessageFile" = %SystemRoot%\System32\IoLogMsg.dll -- [2001-10-26 19:28:08 | 000,036,352 | ---- | M] (Microsoft Corporation) "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\aha154x] "EventMessageFile" = %SystemRoot%\System32\IoLogMsg.dll -- [2001-10-26 19:28:08 | 000,036,352 | ---- | M] (Microsoft Corporation) "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\aic78u2] "EventMessageFile" = %SystemRoot%\System32\IoLogMsg.dll -- [2001-10-26 19:28:08 | 000,036,352 | ---- | M] (Microsoft Corporation) "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\aic78xx] "EventMessageFile" = %SystemRoot%\System32\IoLogMsg.dll -- [2001-10-26 19:28:08 | 000,036,352 | ---- | M] (Microsoft Corporation) "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Alerter] "EventMessageFile" = %SystemRoot%\System32\netmsg.dll -- [2001-10-26 19:27:14 | 000,187,392 | ---- | M] (Microsoft Corporation) "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\aliide] "EventMessageFile" = %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\Drivers\AliIde.sys "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\AmdK7] "EventMessageFile" = %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\amdk7.sys "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\ami0nt] "EventMessageFile" = %SystemRoot%\System32\IoLogMsg.dll -- [2001-10-26 19:28:08 | 000,036,352 | ---- | M] (Microsoft Corporation) "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\amsint] "EventMessageFile" = %SystemRoot%\System32\IoLogMsg.dll -- [2001-10-26 19:28:08 | 000,036,352 | ---- | M] (Microsoft Corporation) "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Application Popup] "EventMessageFile" = %SystemRoot%\System32\ntdll.dll;%SystemRoot%\System32\xpsp2res.dll "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\asc] "EventMessageFile" = %SystemRoot%\System32\IoLogMsg.dll -- [2001-10-26 19:28:08 | 000,036,352 | ---- | M] (Microsoft Corporation) "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\asc3350p] "EventMessageFile" = %SystemRoot%\System32\IoLogMsg.dll -- [2001-10-26 19:28:08 | 000,036,352 | ---- | M] (Microsoft Corporation) "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\asc3550] "EventMessageFile" = %SystemRoot%\System32\IoLogMsg.dll -- [2001-10-26 19:28:08 | 000,036,352 | ---- | M] (Microsoft Corporation) "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\AsyncMac] "EventMessageFile" = %SystemRoot%\System32\mprmsg.dll -- [2001-10-26 19:28:32 | 000,106,496 | ---- | M] (Microsoft Corporation) "TypesSupported" = 31 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\atapi] "EventMessageFile" = %SystemRoot%\System32\IoLogMsg.dll -- [2001-10-26 19:28:08 | 000,036,352 | ---- | M] (Microsoft Corporation) "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\atdisk] "EventMessageFile" = %SystemRoot%\System32\IoLogMsg.dll -- [2001-10-26 19:28:08 | 000,036,352 | ---- | M] (Microsoft Corporation) "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Ati HotKey Poller] "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\ati2mtag] "EventMessageFile" = %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\ati2erec.dll;%SystemRoot%\System32\drivers\ati2mtag.sys "TypesSupported" = 7 "CategoryMessageFile" = %SystemRoot%\System32\drivers\ati2erec.dll "CategoryCount" = 63 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Atmarpc] "EventMessageFile" = %SystemRoot%\System32\netevent.dll;%SystemRoot%\System32\xpsp2res.dll "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\beep] "EventMessageFile" = %SystemRoot%\System32\IoLogMsg.dll -- [2001-10-26 19:28:08 | 000,036,352 | ---- | M] (Microsoft Corporation) "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\BITS] "TypesSupported" = 7 "CategoryCount" = 1 "CategoryMessageFile" = %systemroot%\system32\xpob2res.dll -- [2008-04-14 00:10:46 | 000,427,008 | ---- | M] (Microsoft Corporation) "EventMessageFile" = %systemroot%\system32\xpob2res.dll -- [2008-04-14 00:10:46 | 000,427,008 | ---- | M] (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Browser] "EventMessageFile" = %SystemRoot%\System32\netevent.dll -- [2001-10-26 19:27:12 | 000,227,328 | ---- | M] (Microsoft Corporation) "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\cbidf2k] "EventMessageFile" = %SystemRoot%\System32\IoLogMsg.dll -- [2001-10-26 19:28:08 | 000,036,352 | ---- | M] (Microsoft Corporation) "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\cd20xrnt] "EventMessageFile" = %SystemRoot%\System32\IoLogMsg.dll -- [2001-10-26 19:28:08 | 000,036,352 | ---- | M] (Microsoft Corporation) "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\cdaudio] "EventMessageFile" = %SystemRoot%\System32\IoLogMsg.dll -- [2001-10-26 19:28:08 | 000,036,352 | ---- | M] (Microsoft Corporation) "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\cdfs] "EventMessageFile" = %SystemRoot%\System32\IoLogMsg.dll -- [2001-10-26 19:28:08 | 000,036,352 | ---- | M] (Microsoft Corporation) "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Cdm] "" = [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\cdrom] "EventMessageFile" = %SystemRoot%\System32\IoLogMsg.dll -- [2001-10-26 19:28:08 | 000,036,352 | ---- | M] (Microsoft Corporation) "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\changer] "EventMessageFile" = %SystemRoot%\System32\IoLogMsg.dll -- [2001-10-26 19:28:08 | 000,036,352 | ---- | M] (Microsoft Corporation) "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\cmdide] "EventMessageFile" = %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\Drivers\CmdIde.sys "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\cpqarray] "EventMessageFile" = %SystemRoot%\System32\IoLogMsg.dll -- [2001-10-26 19:28:08 | 000,036,352 | ---- | M] (Microsoft Corporation) "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\cryptsvc] "EventMessageFile" = %SystemRoot%\System32\cryptsvc.dll -- [2008-04-14 22:50:18 | 000,062,464 | ---- | M] (Microsoft Corporation) "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\dac2w2k] "EventMessageFile" = %SystemRoot%\System32\IoLogMsg.dll -- [2001-10-26 19:28:08 | 000,036,352 | ---- | M] (Microsoft Corporation) "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\dac960nt] "EventMessageFile" = %SystemRoot%\System32\IoLogMsg.dll -- [2001-10-26 19:28:08 | 000,036,352 | ---- | M] (Microsoft Corporation) "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\DCOM] "EventMessageFile" = %SystemRoot%\System32\netevent.dll;%SystemRoot%\System32\xpsp2res.dll "ParameterMessageFile" = %SystemRoot%\System32\kernel32.dll -- [2009-03-21 16:08:59 | 001,018,368 | ---- | M] (Microsoft Corporation) "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\DfsDriver] "EventMessageFile" = %SystemRoot%\System32\netevent.dll -- [2001-10-26 19:27:12 | 000,227,328 | ---- | M] (Microsoft Corporation) "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\DfsSvc] "EventMessageFile" = %SystemRoot%\System32\netevent.dll -- [2001-10-26 19:27:12 | 000,227,328 | ---- | M] (Microsoft Corporation) "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Dhcp] "EventMessageFile" = %SystemRoot%\System32\dhcpcsvc.dll -- [2008-04-14 22:50:24 | 000,126,464 | ---- | M] (Microsoft Corporation) "ParameterMessageFile" = %SystemRoot%\System32\kernel32.dll -- [2009-03-21 16:08:59 | 001,018,368 | ---- | M] (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\DhcpQec] "EventMessageFile" = %SystemRoot%\System32\dhcpqec.dll -- [2008-04-14 22:50:24 | 000,048,640 | ---- | M] (Microsoft Corporation) "ParameterMessageFile" = %SystemRoot%\System32\dhcpqec.dll -- [2008-04-14 22:50:24 | 000,048,640 | ---- | M] (Microsoft Corporation) "TypesSupported" = 31 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\disk] "EventMessageFile" = %SystemRoot%\System32\IoLogMsg.dll -- [2001-10-26 19:28:08 | 000,036,352 | ---- | M] (Microsoft Corporation) "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Distributed Link Tracking Client] "EventMessageFile" = %SystemRoot%\System32\netevent.dll -- [2001-10-26 19:27:12 | 000,227,328 | ---- | M] (Microsoft Corporation) "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\dmboot] "EventMessageFile" = %SystemRoot%\System32\Drivers\dmboot.sys -- [2008-04-14 21:52:42 | 000,800,000 | ---- | M] (Microsoft Corp., Veritas Software) "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\dmio] "EventMessageFile" = %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\Drivers\dmio.sys "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Dnsapi] "ParameterMessageFile" = %SystemRoot%\System32\kernel32.dll -- [2009-03-21 16:08:59 | 001,018,368 | ---- | M] (Microsoft Corporation) "EventMessageFile" = %SystemRoot%\System32\netevent.dll -- [2001-10-26 19:27:12 | 000,227,328 | ---- | M] (Microsoft Corporation) "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Dnscache] "EventMessageFile" = %SystemRoot%\System32\netevent.dll;%SystemRoot%\System32\xpsp2res.dll "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\dpti2o] "EventMessageFile" = %SystemRoot%\System32\IoLogMsg.dll -- [2001-10-26 19:28:08 | 000,036,352 | ---- | M] (Microsoft Corporation) "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\efs] "EventMessageFile" = %SystemRoot%\System32\lsasrv.dll -- [2010-12-20 19:25:52 | 000,732,160 | ---- | M] (Microsoft Corporation) "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\eventlog] "EventMessageFile" = %SystemRoot%\System32\netevent.dll -- [2001-10-26 19:27:12 | 000,227,328 | ---- | M] (Microsoft Corporation) "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\F-Secure Gatekeeper] "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\fastfat] "EventMessageFile" = %SystemRoot%\System32\IoLogMsg.dll -- [2001-10-26 19:28:08 | 000,036,352 | ---- | M] (Microsoft Corporation) "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\fdc] "EventMessageFile" = %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\Drivers\fdc.sys "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Fips] "EventMessageFile" = %SystemRoot%\System32\Drivers\fips.sys -- [2008-04-14 21:33:38 | 000,044,672 | ---- | M] (Microsoft Corporation) "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\flpydisk] "EventMessageFile" = %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\Drivers\flpydisk.sys "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\fs_rec] "EventMessageFile" = %SystemRoot%\System32\IoLogMsg.dll -- [2001-10-26 19:28:08 | 000,036,352 | ---- | M] (Microsoft Corporation) "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\ftdisk] "EventMessageFile" = %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\Drivers\FtDisk.sys "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\hpn] "EventMessageFile" = %SystemRoot%\System32\IoLogMsg.dll -- [2001-10-26 19:28:08 | 000,036,352 | ---- | M] (Microsoft Corporation) "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Http] "TypesSupported" = 7 "EventMessageFile" = %SystemRoot%\System32\xpsp2res.dll -- [2008-04-14 00:08:00 | 002,953,216 | ---- | M] (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\i2omgmt] "EventMessageFile" = %SystemRoot%\System32\IoLogMsg.dll -- [2001-10-26 19:28:08 | 000,036,352 | ---- | M] (Microsoft Corporation) "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\i2omp] "EventMessageFile" = %SystemRoot%\System32\IoLogMsg.dll -- [2001-10-26 19:28:08 | 000,036,352 | ---- | M] (Microsoft Corporation) "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\i8042prt] "EventMessageFile" = %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\i8042prt.sys "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\IGMPv2] "EventMessageFile" = %SystemRoot%\System32\igmpv2.dll "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\ini910u] "EventMessageFile" = %SystemRoot%\System32\IoLogMsg.dll -- [2001-10-26 19:28:08 | 000,036,352 | ---- | M] (Microsoft Corporation) "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\intelide] "EventMessageFile" = %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\Drivers\IntelIde.sys "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Internet Explorer 8] "EventMessageFile" = %SystemRoot%\System32\spmsg.dll -- [2009-01-07 19:21:32 | 000,018,976 | ---- | M] (Microsoft Corporation) "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\IPBOOTP] "EventMessageFile" = %SystemRoot%\System32\ipbootp.dll "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\IPMGM] "EventMessageFile" = %SystemRoot%\System32\rtm.dll -- [2001-10-26 19:29:40 | 000,098,304 | ---- | M] (Microsoft Corporation) "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\IPNATHLP] "EventMessageFile" = %SystemRoot%\System32\ipnathlp.dll -- [2008-04-14 22:50:34 | 000,330,752 | ---- | M] (Microsoft Corporation) "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\IPRIP2] "EventMessageFile" = %SystemRoot%\System32\iprip2.dll "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\IPRouterManager] "EventMessageFile" = %SystemRoot%\System32\mprmsg.dll -- [2001-10-26 19:28:32 | 000,106,496 | ---- | M] (Microsoft Corporation) "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\IPXCP] "EventMessageFile" = %SystemRoot%\System32\mprmsg.dll -- [2001-10-26 19:28:32 | 000,106,496 | ---- | M] (Microsoft Corporation) "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\IPXRIP] "EventMessageFile" = %SystemRoot%\System32\mprmsg.dll -- [2001-10-26 19:28:32 | 000,106,496 | ---- | M] (Microsoft Corporation) "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\IPXRouterManager] "EventMessageFile" = %SystemRoot%\System32\mprmsg.dll -- [2001-10-26 19:28:32 | 000,106,496 | ---- | M] (Microsoft Corporation) "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\IPXSAP] "EventMessageFile" = %SystemRoot%\System32\mprmsg.dll -- [2001-10-26 19:28:32 | 000,106,496 | ---- | M] (Microsoft Corporation) "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\irsir] "EventMessageFile" = %SystemRoot%\System32\netevent.dll -- [2001-10-26 19:27:12 | 000,227,328 | ---- | M] (Microsoft Corporation) "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\isapnp] "EventMessageFile" = %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\isapnp.sys "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\kbdclass] "EventMessageFile" = %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\kbdclass.sys "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\kbdhid] "EventMessageFile" = %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\kbdhid.sys "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Kerberos] "EventMessageFile" = %SystemRoot%\System32\kerberos.dll;%SystemRoot%\System32\xpsp2res.dll "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\lbrtfdc] "EventMessageFile" = %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\Drivers\lbrtfdc.sys "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\LDM] "EventMessageFile" = %SystemRoot%\System32\dmadmin.exe -- [2008-04-14 22:51:14 | 000,225,280 | ---- | M] (Microsoft Corp., Veritas Software) "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\LDMS] "EventMessageFile" = %SystemRoot%\System32\dmserver.dll -- [2008-04-14 22:50:28 | 000,024,064 | ---- | M] (Microsoft Corp.) "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\LmHosts] "EventMessageFile" = %SystemRoot%\System32\netevent.dll;%SystemRoot%\System32\xpsp2res.dll "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\LsaSrv] "TypesSupported" = 7 "EventMessageFile" = %SystemRoot%\System32\lsasrv.dll -- [2010-12-20 19:25:52 | 000,732,160 | ---- | M] (Microsoft Corporation) "CategoryMessageFile" = %SystemRoot%\System32\lsasrv.dll -- [2010-12-20 19:25:52 | 000,732,160 | ---- | M] (Microsoft Corporation) "CategoryCount" = 4 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Modem] "EventMessageFile" = %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\Drivers\Modem.sys "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\mouclass] "EventMessageFile" = %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\mouclass.sys "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\mouhid] "EventMessageFile" = %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\mouhid.sys "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\mraid35x] "EventMessageFile" = %SystemRoot%\System32\IoLogMsg.dll -- [2001-10-26 19:28:08 | 000,036,352 | ---- | M] (Microsoft Corporation) "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\MRxDAV] "EventMessageFile" = %SystemRoot%\System32\netevent.dll -- [2001-10-26 19:27:12 | 000,227,328 | ---- | M] (Microsoft Corporation) "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\MrxSmb] "EventMessageFile" = %SystemRoot%\System32\netevent.dll;%SystemRoot%\System32\iologmsg.dll "TypesSupported" = 7 "ParameterMessageFile" = %SystemRoot%\System32\kernel32.dll -- [2009-03-21 16:08:59 | 001,018,368 | ---- | M] (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\msadlib] "EventMessageFile" = %SystemRoot%\System32\IoLogMsg.dll -- [2001-10-26 19:28:08 | 000,036,352 | ---- | M] (Microsoft Corporation) "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\MSDTC Gateway] "EventMessageFile" = C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\EventLogMessages.dll -- [2008-07-25 12:17:00 | 000,798,224 | ---- | M] (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\MSDTC WS-AT Protocol] "EventMessageFile" = C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\EventLogMessages.dll -- [2008-07-25 12:17:00 | 000,798,224 | ---- | M] (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\msfs] "EventMessageFile" = %SystemRoot%\System32\IoLogMsg.dll -- [2001-10-26 19:28:08 | 000,036,352 | ---- | M] (Microsoft Corporation) "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Mup] "EventMessageFile" = %SystemRoot%\System32\netevent.dll -- [2001-10-26 19:27:12 | 000,227,328 | ---- | M] (Microsoft Corporation) "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\napagent] "EventMessageFile" = %SystemRoot%\System32\qagentrt.dll -- [2008-04-14 22:50:46 | 000,293,376 | ---- | M] (Microsoft Corporation) "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\napipsecenf] "EventMessageFile" = %SystemRoot%\System32\napipsec.dll -- [2008-04-14 22:50:40 | 000,030,720 | ---- | M] (Microsoft Corporation) "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\ndis] "EventMessageFile" = %SystemRoot%\System32\netevent.dll -- [2001-10-26 19:27:12 | 000,227,328 | ---- | M] (Microsoft Corporation) "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\NdisIP] "EventMessageFile" = %SystemRoot%\System32\netevent.dll -- [2001-10-26 19:27:12 | 000,227,328 | ---- | M] (Microsoft Corporation) "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\NdisWan] "EventMessageFile" = %SystemRoot%\System32\mprmsg.dll -- [2001-10-26 19:28:32 | 000,106,496 | ---- | M] (Microsoft Corporation) "TypesSupported" = 31 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\NetBIOS] "EventMessageFile" = %SystemRoot%\System32\iologmsg.dll -- [2001-10-26 19:28:08 | 000,036,352 | ---- | M] (Microsoft Corporation) "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\NetBT] "EventMessageFile" = %SystemRoot%\System32\netevent.dll;%SystemRoot%\System32\xpsp2res.dll "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\NetDDE] "EventMessageFile" = %SystemRoot%\System32\netdde.exe -- [2008-04-14 22:51:32 | 000,114,688 | ---- | M] (Microsoft Corporation) "TypesSupported" = 31 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Netlogon] "ParameterMessageFile" = %SystemRoot%\System32\kernel32.dll -- [2009-03-21 16:08:59 | 001,018,368 | ---- | M] (Microsoft Corporation) "EventMessageFile" = %SystemRoot%\System32\netmsg.dll -- [2001-10-26 19:27:14 | 000,187,392 | ---- | M] (Microsoft Corporation) "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Nla] "EventMessageFile" = %SystemRoot%\System32\netevent.dll;%SystemRoot%\System32\xpsp2res.dll "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\npfs] "EventMessageFile" = %SystemRoot%\System32\IoLogMsg.dll -- [2001-10-26 19:28:08 | 000,036,352 | ---- | M] (Microsoft Corporation) "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\ntfs] "EventMessageFile" = %SystemRoot%\System32\IoLogMsg.dll -- [2001-10-26 19:28:08 | 000,036,352 | ---- | M] (Microsoft Corporation) "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\NtServicePack] "EventMessageFile" = %SystemRoot%\System32\spmsg.dll -- [2009-01-07 19:21:32 | 000,018,976 | ---- | M] (Microsoft Corporation) "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\null] "EventMessageFile" = %SystemRoot%\System32\IoLogMsg.dll -- [2001-10-26 19:28:08 | 000,036,352 | ---- | M] (Microsoft Corporation) "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\nv] "EventMessageFile" = %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\nv4_mini.sys "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\OSPF] "EventMessageFile" = %SystemRoot%\System32\ospf.dll "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\OSPFMib] "EventMessageFile" = %SystemRoot%\System32\ospfmib.dll "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\parport] "EventMessageFile" = %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\parport.sys "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\partmgr] "EventMessageFile" = %SystemRoot%\System32\IoLogMsg.dll -- [2001-10-26 19:28:08 | 000,036,352 | ---- | M] (Microsoft Corporation) "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\parvdm] "EventMessageFile" = %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\Drivers\ParVdm.sys "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\pci] "EventMessageFile" = %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\Drivers\Pci.sys "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\pciide] "EventMessageFile" = %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\Drivers\PciIde.sys "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\pcmcia] "EventMessageFile" = %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\Drivers\Pcmcia.sys "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\PCTCore] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\perc2] "EventMessageFile" = %SystemRoot%\System32\IoLogMsg.dll -- [2001-10-26 19:28:08 | 000,036,352 | ---- | M] (Microsoft Corporation) "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\PlugPlayManager] "EventMessageFile" = %SystemRoot%\System32\umpnpmgr.dll -- [2008-04-14 22:50:58 | 000,123,904 | ---- | M] (Microsoft Corporation) "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\PolicyAgent] "EventMessageFile" = %SystemRoot%\System32\polagent.dll "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\PptpMiniport] "EventMessageFile" = %SystemRoot%\System32\netevent.dll -- [2001-10-26 19:27:12 | 000,227,328 | ---- | M] (Microsoft Corporation) "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Print] "EventMessageFile" = %SystemRoot%\System32\LocalSpl.dll;%SystemRoot%\System32\xpsp2res.dll "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\PrintFilterPipelineSvc] "EventMessageFile" = %SystemRoot%\System32\PrintFilterPipelineSvc.exe "TypesSupported" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\PSched] "EventMessageFile" = %SystemRoot%\System32\netevent.dll -- [2001-10-26 19:27:12 | 000,227,328 | ---- | M] (Microsoft Corporation) "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\ql1080] "EventMessageFile" = %SystemRoot%\System32\IoLogMsg.dll -- [2001-10-26 19:28:08 | 000,036,352 | ---- | M] (Microsoft Corporation) "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\ql10wnt] "EventMessageFile" = %SystemRoot%\System32\IoLogMsg.dll -- [2001-10-26 19:28:08 | 000,036,352 | ---- | M] (Microsoft Corporation) "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\ql12160] "EventMessageFile" = %SystemRoot%\System32\IoLogMsg.dll -- [2001-10-26 19:28:08 | 000,036,352 | ---- | M] (Microsoft Corporation) "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\ql1240] "EventMessageFile" = %SystemRoot%\System32\IoLogMsg.dll -- [2001-10-26 19:28:08 | 000,036,352 | ---- | M] (Microsoft Corporation) "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\ql1280] "EventMessageFile" = %SystemRoot%\System32\IoLogMsg.dll -- [2001-10-26 19:28:08 | 000,036,352 | ---- | M] (Microsoft Corporation) "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\RasAuto] "EventMessageFile" = %SystemRoot%\System32\mprmsg.dll -- [2001-10-26 19:28:32 | 000,106,496 | ---- | M] (Microsoft Corporation) "TypesSupported" = 31 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\RasMan] "EventMessageFile" = %SystemRoot%\System32\mprmsg.dll;%SystemRoot%\System32\xpsp3res.dll "TypesSupported" = 31 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Rdbss] "EventMessageFile" = %SystemRoot%\System32\netevent.dll -- [2001-10-26 19:27:12 | 000,227,328 | ---- | M] (Microsoft Corporation) "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\redbook] "EventMessageFile" = %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\redbook.sys "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\RemoteAccess] "EventMessageFile" = %SystemRoot%\System32\mprmsg.dll -- [2001-10-26 19:28:32 | 000,106,496 | ---- | M] (Microsoft Corporation) "ParameterMessageFile" = %SystemRoot%\System32\iassvcs.dll -- [2001-10-26 19:29:32 | 000,060,928 | ---- | M] (Microsoft Corporation) "TypesSupported" = 31 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\RSVP] "EventMessageFile" = %SystemRoot%\System32\rsvpmsg.dll -- [2001-10-26 19:28:44 | 000,026,624 | ---- | M] (Microsoft Corporation) "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\rtl8139] "EventMessageFile" = %SystemRoot%\System32\netevent.dll -- [2001-10-26 19:27:12 | 000,227,328 | ---- | M] (Microsoft Corporation) "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\s0016bus] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\s1018bus] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\SAM] "EventMessageFile" = %SystemRoot%\System32\samsrv.dll -- [2008-04-14 22:50:46 | 000,427,520 | ---- | M] (Microsoft Corporation) "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Save Dump] "EventMessageFile" = %SystemRoot%\System32\SaveDump.exe -- [2008-04-14 22:51:40 | 000,013,824 | ---- | M] (Microsoft Corporation) "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\SCardSvr] "EventMessageFile" = %SystemRoot%\System32\SCardSvr.exe -- [2008-04-14 22:51:40 | 000,098,304 | ---- | M] (Microsoft Corporation) "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Schannel] "EventMessageFile" = %SystemRoot%\system32\lsasrv.dll -- [2010-12-20 19:25:52 | 000,732,160 | ---- | M] (Microsoft Corporation) "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Schedule] "EventMessageFile" = %SystemRoot%\System32\netevent.dll -- [2001-10-26 19:27:12 | 000,227,328 | ---- | M] (Microsoft Corporation) "ParameterMessageFile" = %SystemRoot%\System32\kernel32.dll -- [2009-03-21 16:08:59 | 001,018,368 | ---- | M] (Microsoft Corporation) "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\scsiport] "EventMessageFile" = %SystemRoot%\System32\IoLogMsg.dll -- [2001-10-26 19:28:08 | 000,036,352 | ---- | M] (Microsoft Corporation) "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\serial] "EventMessageFile" = %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\serial.sys "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Server] "EventMessageFile" = %SystemRoot%\System32\netevent.dll -- [2001-10-26 19:27:12 | 000,227,328 | ---- | M] (Microsoft Corporation) "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Service Control Manager] "EventMessageFile" = %SystemRoot%\System32\netevent.dll -- [2001-10-26 19:27:12 | 000,227,328 | ---- | M] (Microsoft Corporation) "ParameterMessageFile" = %SystemRoot%\System32\kernel32.dll -- [2009-03-21 16:08:59 | 001,018,368 | ---- | M] (Microsoft Corporation) "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Setup] "EventMessageFile" = %SystemRoot%\System32\syssetup.dll -- [2008-04-14 22:50:58 | 000,999,936 | ---- | M] (Microsoft Corporation) "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\sfloppy] "EventMessageFile" = %SystemRoot%\System32\IoLogMsg.dll -- [2001-10-26 19:28:08 | 000,036,352 | ---- | M] (Microsoft Corporation) "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\SideBySide] "EventMessageFile" = %SystemRoot%\System32\sxs.dll -- [2008-04-14 22:50:58 | 000,714,240 | ---- | M] (Microsoft Corporation) "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Simbad] "EventMessageFile" = %SystemRoot%\System32\IoLogMsg.dll -- [2001-10-26 19:28:08 | 000,036,352 | ---- | M] (Microsoft Corporation) "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\SMSvcHost 3.0.0.0] "CategoryCount" = 14 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\SMSvcHost 4.0.0.0] "CategoryCount" = 14 "CategoryMessageFile" = C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\MUI\0409\ServiceModelEvents.dll.mui -- [2010-03-18 13:16:28 | 000,033,128 | ---- | M] (Microsoft Corporation) "EventMessageFile" = C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\MUI\0409\ServiceModelEvents.dll.mui -- [2010-03-18 13:16:28 | 000,033,128 | ---- | M] (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\sndblst] "EventMessageFile" = %SystemRoot%\System32\IoLogMsg.dll -- [2001-10-26 19:28:08 | 000,036,352 | ---- | M] (Microsoft Corporation) "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\sparrow] "EventMessageFile" = %SystemRoot%\System32\IoLogMsg.dll -- [2001-10-26 19:28:08 | 000,036,352 | ---- | M] (Microsoft Corporation) "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\sr] "EventMessageFile" = C:\WINDOWS\system32\IoLogMsg.dll;C:\WINDOWS\system32\DRIVERS\sr.sys -- [2001-10-26 19:28:08 | 000,036,352 | ---- | M] (Microsoft Corporation) "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\srservice] "EventMessageFile" = C:\WINDOWS\system32\srsvc.dll -- [2008-04-14 22:50:58 | 000,171,520 | ---- | M] (Microsoft Corporation) "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Srv] "EventMessageFile" = %SystemRoot%\System32\netevent.dll;%SystemRoot%\System32\xpsp4res.dll "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\SSDPSRV] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\StillImage] "EventMessageFile" = %SystemRoot%\System32\wiaservc.dll -- [2008-04-14 22:50:58 | 000,334,336 | ---- | M] (Microsoft Corporation) "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\symc810] "EventMessageFile" = %SystemRoot%\System32\IoLogMsg.dll -- [2001-10-26 19:28:08 | 000,036,352 | ---- | M] (Microsoft Corporation) "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\symc8xx] "EventMessageFile" = %SystemRoot%\System32\IoLogMsg.dll -- [2001-10-26 19:28:08 | 000,036,352 | ---- | M] (Microsoft Corporation) "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\sym_hi] "EventMessageFile" = %SystemRoot%\System32\IoLogMsg.dll -- [2001-10-26 19:28:08 | 000,036,352 | ---- | M] (Microsoft Corporation) "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\sym_u3] "EventMessageFile" = %SystemRoot%\System32\IoLogMsg.dll -- [2001-10-26 19:28:08 | 000,036,352 | ---- | M] (Microsoft Corporation) "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\System] "CategoryCount" = 7 "CategoryMessageFile" = %SystemRoot%\system32\eventlog.dll -- [2008-04-14 22:50:32 | 000,056,320 | ---- | M] (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\System Error] "EventMessageFile" = %SystemRoot%\System32\faultrep.dll -- [2008-04-14 22:50:32 | 000,080,896 | ---- | M] (Microsoft Corporation) "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Tcpip] "EventMessageFile" = %SystemRoot%\System32\netevent.dll;%SystemRoot%\System32\xpsp2res.dll "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\TCPMon] "TypesSupported" = 7 "EventMessageFile" = %SystemRoot%\System32\tcpmon.dll -- [2008-04-14 22:50:58 | 000,046,592 | ---- | M] (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\tdi] "EventMessageFile" = %SystemRoot%\System32\IoLogMsg.dll -- [2001-10-26 19:28:08 | 000,036,352 | ---- | M] (Microsoft Corporation) "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\TermDD] "EventMessageFile" = %SystemRoot%\System32\ntdll.dll -- [2010-12-09 17:15:25 | 000,726,528 | ---- | M] (Microsoft Corporation) "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\TermServDevices] "EventMessageFile" = %SystemRoot%\System32\wlnotify.dll -- [2008-04-14 22:50:58 | 000,093,184 | ---- | M] (Microsoft Corporation) "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\TermService] "TypesSupported" = 7 "EventMessageFile" = %SystemRoot%\System32\termsrv.dll;%SystemRoot%\System32\ntdll.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\TermServSessDir] "TypesSupported" = 7 "EventMessageFile" = %SystemRoot%\System32\tssdis.exe [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\toside] "EventMessageFile" = %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\Drivers\TosIde.sys "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\udfs] "EventMessageFile" = %SystemRoot%\System32\IoLogMsg.dll -- [2001-10-26 19:28:08 | 000,036,352 | ---- | M] (Microsoft Corporation) "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\ultra] "EventMessageFile" = %SystemRoot%\System32\IoLogMsg.dll -- [2001-10-26 19:28:08 | 000,036,352 | ---- | M] (Microsoft Corporation) "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\UPS] "EventMessageFile" = %SystemRoot%\System32\netmsg.dll -- [2001-10-26 19:27:14 | 000,187,392 | ---- | M] (Microsoft Corporation) "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\USER32] "EventMessageFile" = %SystemRoot%\System32\user32.dll -- [2008-04-14 22:50:58 | 000,580,096 | ---- | M] (Microsoft Corporation) "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Usługa Magazyn wymienny] "EventMessageFile" = %SystemRoot%\System32\NTMSEVT.DLL -- [2001-10-26 19:29:40 | 000,039,936 | ---- | M] (Microsoft Corporation) "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\VgaSave] "EventMessageFile" = %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\Drivers\vga.sys "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\viaide] "EventMessageFile" = %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\Drivers\ViaIde.sys "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\VolSnap] "EventMessageFile" = %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\Drivers\VolSnap.sys "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\W32Time] "EventMessageFile" = C:\WINDOWS\system32\w32time.dll -- [2008-04-14 22:50:58 | 000,176,128 | ---- | M] (Microsoft Corporation) "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Wdf01009] "EventMessageFile" = %SystemRoot%\System32\spmsgXP_2k3.dll -- [2008-11-07 19:55:30 | 000,016,928 | ---- | M] (Microsoft Corporation) "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\WGA] "EventMessageFile" = %SystemRoot%\System32\spmsg.dll -- [2009-01-07 19:21:32 | 000,018,976 | ---- | M] (Microsoft Corporation) "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\WgaNotify] "EventMessageFile" = %SystemRoot%\System32\spmsg.dll -- [2009-01-07 19:21:32 | 000,018,976 | ---- | M] (Microsoft Corporation) "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Win32k] "EventMessageFile" = %SystemRoot%\System32\win32k.sys -- [2012-04-11 15:54:42 | 001,862,528 | ---- | M] (Microsoft Corporation) "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Windows File Protection] "EventMessageFile" = %SystemRoot%\System32\sfc_os.dll -- [2008-04-14 22:50:48 | 000,140,800 | ---- | M] (Microsoft Corporation) "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Windows Installer 3.1] "EventMessageFile" = %SystemRoot%\System32\spmsg.dll -- [2009-01-07 19:21:32 | 000,018,976 | ---- | M] (Microsoft Corporation) "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Windows Script Host] "EventMessageFile" = %SystemRoot%\System32\wshext.dll -- [2008-05-09 12:56:45 | 000,090,112 | ---- | M] (Microsoft Corporation) "TypesSupported" = 24 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Windows Update Agent] "EventMessageFile" = %SystemRoot%\system32\wuaucpl.cpl;%SystemRoot%\system32\wuaucpl.cpl.mui "TypesSupported" = 7 "CategoryMessageFile" = %SystemRoot%\system32\wuaucpl.cpl.mui -- [2009-08-06 20:24:00 | 000,016,096 | ---- | M] (Microsoft Corporation) "CategoryCount" = 9 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\WindowsMedia] "EventMessageFile" = %SystemRoot%\System32\spmsg.dll -- [2009-01-07 19:21:32 | 000,018,976 | ---- | M] (Microsoft Corporation) "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\WMPNetworkSvc] "EventMessageFile" = C:\Program Files\Windows Media Player\wmpnetwk.exe -- [2006-12-01 12:46:28 | 000,918,016 | ---- | M] (Microsoft Corporation) "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Workstation] "EventMessageFile" = %SystemRoot%\System32\netmsg.dll -- [2001-10-26 19:27:14 | 000,187,392 | ---- | M] (Microsoft Corporation) "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\WPDClassInstaller] "CategoryCount" = 3 "EventMessageFile" = C:\WINDOWS\system32\wpd_ci.dll -- [2006-10-18 22:47:22 | 000,629,760 | ---- | M] (Microsoft Corporation) "CategoryMessageFile" = C:\WINDOWS\system32\wpd_ci.dll -- [2006-10-18 22:47:22 | 000,629,760 | ---- | M] (Microsoft Corporation) "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\WPDMTPDriver] "CategoryCount" = 3 "EventMessageFile" = C:\WINDOWS\system32\DRIVERS\umdf\wpdmtpdr.dll -- [2006-10-18 22:47:22 | 000,671,232 | ---- | M] (Microsoft Corporation) "CategoryMessageFile" = C:\WINDOWS\system32\DRIVERS\umdf\wpdmtpdr.dll -- [2006-10-18 22:47:22 | 000,671,232 | ---- | M] (Microsoft Corporation) "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\WpdUsb] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Wudf01000] "EventMessageFile" = %SystemRoot%\System32\spmsg.dll -- [2009-01-07 19:21:32 | 000,018,976 | ---- | M] (Microsoft Corporation) "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\WZCSVC] "EventMessageFile" = %SystemRoot%\System32\wzcsvc.dll -- [2008-04-14 22:51:02 | 000,483,840 | ---- | M] (Microsoft Corporation) "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\TuneUp] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Windows PowerShell] "AutoBackupLogFiles" = 0 "MaxSize" = 15728640 "Retention" = 0 "Sources" = PowerShell [binary data] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Windows PowerShell\PowerShell] "EventMessageFile" = C:\WINDOWS\system32\WindowsPowerShell\v1.0\pwrshmsg.dll -- [2007-06-30 20:49:11 | 000,004,608 | ---- | M] (Microsoft Corporation) "CategoryMessageFile" = C:\WINDOWS\system32\WindowsPowerShell\v1.0\pwrshmsg.dll -- [2007-06-30 20:49:11 | 000,004,608 | ---- | M] (Microsoft Corporation) "CategoryCount" = 8 [color=#A23BEC]< MD5 for: ELS.DLL >[/color] [2008-04-14 22:50:32 | 000,185,344 | ---- | M] (Microsoft Corporation) MD5=AE63D0079A6C29F69F909EC39B690DEF -- C:\WINDOWS\ServicePackFiles\i386\els.dll [2008-04-14 22:50:32 | 000,185,344 | ---- | M] (Microsoft Corporation) MD5=AE63D0079A6C29F69F909EC39B690DEF -- C:\WINDOWS\system32\dllcache\els.dll [2008-04-14 22:50:32 | 000,185,344 | ---- | M] (Microsoft Corporation) MD5=AE63D0079A6C29F69F909EC39B690DEF -- C:\WINDOWS\system32\els.dll [color=#A23BEC]< MD5 for: EVENTLOG.DLL >[/color] [2008-04-14 22:50:32 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=35FCCFD093582FA9098762E6F84EE119 -- C:\WINDOWS\ERDNT\cache\eventlog.dll [2008-04-14 22:50:32 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=35FCCFD093582FA9098762E6F84EE119 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll [2008-04-14 22:50:32 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=35FCCFD093582FA9098762E6F84EE119 -- C:\WINDOWS\system32\dllcache\eventlog.dll [2008-04-14 22:50:32 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=35FCCFD093582FA9098762E6F84EE119 -- C:\WINDOWS\system32\eventlog.dll < End of report >