OTL logfile created on: 2014-06-10 18:46:11 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = D:\Users\Mati\Downloads 64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 3,94 Gb Total Physical Memory | 2,43 Gb Available Physical Memory | 61,78% Memory free 7,87 Gb Paging File | 6,22 Gb Available in Paging File | 79,06% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 99,90 Gb Total Space | 60,34 Gb Free Space | 60,40% Space Free | Partition Type: NTFS Drive D: | 198,09 Gb Total Space | 27,56 Gb Free Space | 13,91% Space Free | Partition Type: NTFS Computer Name: MATI-KOMPUTER | User Name: Mati | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Custom Scans ==========[/color] [color=#A23BEC]< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog /S >[/color] "ServiceDll" = %SystemRoot%\System32\wevtsvc.dll "ServiceMain" = ServiceMain "PlugPlayServiceType" = 3 "ServiceDllUnloadOnStop" = 1 "DisplayName" = Dziennik zdarzeń systemu Windows "Group" = Event Log "ImagePath" = %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted -- [2009-07-14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) "Description" = @%SystemRoot%\system32\wevtsvc.dll,-201 "ObjectName" = NT AUTHORITY\LocalService "ErrorControl" = 1 "Start" = 4 "Type" = 32 "ServiceSidType" = 1 "RequiredPrivileges" = SeChangeNotifyPrivilegeSeImpersonatePrivilege [binary data] "FailureActionsOnNonCrashFailures" = 1 "FailureActions" = 80 51 01 00 00 00 00 00 00 00 00 00 03 00 00 00 14 00 00 00 01 00 00 00 60 EA 00 00 01 00 00 00 C0 D4 01 00 00 00 00 00 00 00 00 00 [binary data] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application] "DisplayNameFile" = %SystemRoot%\system32\wevtapi.dll -- [2009-07-14 03:16:18 | 000,262,144 | ---- | M] (Microsoft Corporation) "DisplayNameID" = 256 "PrimaryModule" = Application "File" = %SystemRoot%\system32\winevt\Logs\Application.evtx "MaxSize" = 20971520 "Retention" = 0 "RestrictGuestAccess" = 1 "AutoBackupLogFiles" = 0 "Sources" = MSDMine [binary data] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\.NET Runtime] "TypesSupported" = 7 "EventMessageFile" = C:\Windows\system32\mscoree.dll -- [2009-11-25 21:47:33 | 000,297,808 | ---- | M] (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\.NET Runtime Optimization Service] "TypesSupported" = 7 "EventMessageFile" = C:\Windows\system32\mscoree.dll -- [2009-11-25 21:47:33 | 000,297,808 | ---- | M] (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\Application] "CategoryCount" = 7 "CategoryMessageFile" = %SystemRoot%\system32\wevtapi.dll -- [2009-07-14 03:16:18 | 000,262,144 | ---- | M] (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\Application Error] "EventMessageFile" = %SystemRoot%\System32\wer.dll -- [2009-07-14 03:16:18 | 000,377,856 | ---- | M] (Microsoft Corporation) "TypesSupported" = 7 "CategoryMessageFile" = %SystemRoot%\System32\wer.dll -- [2009-07-14 03:16:18 | 000,377,856 | ---- | M] (Microsoft Corporation) "CategoryCount" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\Application Hang] "EventMessageFile" = %SystemRoot%\System32\wersvc.dll "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\Application Management] "ParameterMessageFile" = %SystemRoot%\System32\kernel32.dll -- [2013-01-04 06:51:08 | 001,114,112 | ---- | M] (Microsoft Corporation) "TypesSupported" = 7 "EventMessageFile" = %SystemRoot%\System32\appmgmts.dll -- [2009-07-14 03:14:53 | 000,149,504 | ---- | M] (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\Application-Addon-Event-Provider] "ProviderGuid" = {a83fa99f-c356-4ded-9fd6-5a5eb8546d68} "EventMessageFile" = %SystemRoot%\system32\ieframe.dll -- [2014-04-27 18:32:00 | 009,739,264 | ---- | M] (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\ASP.NET 2.0.50727.0] "TypesSupported" = 7 "EventMessageFile" = C:\Windows\Microsoft.NET\Framework64\v2.0.50727\aspnet_rc.dll -- [2009-06-10 22:39:44 | 000,080,720 | ---- | M] (Microsoft Corporation) "CategoryCount" = 5 "CategoryMessageFile" = C:\Windows\Microsoft.NET\Framework64\v2.0.50727\aspnet_rc.dll -- [2009-06-10 22:39:44 | 000,080,720 | ---- | M] (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\ASP.NET 4.0.30319.0] "TypesSupported" = 7 "EventMessageFile" = C:\Windows\Microsoft.NET\Framework\v4.0.30319\pl\aspnet_rc.dll -- [2010-06-14 22:32:38 | 000,090,960 | ---- | M] (Microsoft Corporation) "CategoryCount" = 5 "CategoryMessageFile" = C:\Windows\Microsoft.NET\Framework\v4.0.30319\pl\aspnet_rc.dll -- [2010-06-14 22:32:38 | 000,090,960 | ---- | M] (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\ATIeRecord] "eRecordEnable" = 1 "CategoryCount" = 63 "TypesSupported" = 7 "CategoryMessageFile" = %SystemRoot%\System32\drivers\ati2erec.dll "EventMessageFile" = %SystemRoot%\System32\drivers\ati2erec.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\AutoEnrollment] "ProviderGuid" = {F0DB7EF8-B6F3-4005-9937-FEB77B9E1B43} [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\CardSpace 3.0.0.0] "CategoryCount" = 1 "CategoryMessageFile" = C:\Windows\System32\icardres.dll -- [2009-06-10 23:14:08 | 000,008,000 | ---- | M] (Microsoft Corporation) "EventMessageFile" = C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\ServiceModelEvents.dll;C:\Windows\System32\icardres.dll -- [2009-06-10 22:30:45 | 000,008,032 | ---- | M] (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\CardSpace 4.0.0.0] "CategoryCount" = 1 "CategoryMessageFile" = icardres.dll.mui "EventMessageFile" = c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ServiceModelEvents.dll;icardres.dll.mui [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\CertCli] "ProviderGuid" = {98BF1CD3-583E-4926-95EE-A61BF3F46470} [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\CertEnroll] "ProviderGuid" = {54164045-7C50-4905-963F-E5BC1EEF0CCA} [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\Chkdsk] "TypesSupported" = 7 "EventMessageFile" = %SystemRoot%\System32\ulib.dll -- [2009-07-14 03:16:17 | 000,108,544 | ---- | M] (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\COM] "providerGuid" = {bf406804-6afa-46e7-8a48-6c357e1d6d61} [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\COM+] "providerGuid" = {0f177893-4a9c-4709-b921-f432d67f43d5} [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\Customer Experience Improvement Program] "providerGuid" = {A402FE09-DA6E-45F2-82AF-3CB37170EE0C} [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\Desktop Window Manager] "EventMessageFile" = %SystemRoot%\system32\dwm.exe "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\DiskQuota] "EventMessageFile" = %SystemRoot%\System32\dskquota.dll -- [2009-07-14 03:15:13 | 000,087,040 | ---- | M] (Microsoft Corporation) "TypesSupported" = 0x00000007 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\Dvd Maker] "TypesSupported" = 7 "EventMessageFile" = %ProgramFiles%\DVD Maker\DVDMaker.exe [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\ESENT] "EventMessageFile" = %systemroot%\system32\esent.dll -- [2009-07-14 03:15:19 | 001,684,992 | ---- | M] (Microsoft Corporation) "CategoryMessageFile" = %systemroot%\system32\esent.dll -- [2009-07-14 03:15:19 | 001,684,992 | ---- | M] (Microsoft Corporation) "CategoryCount" = 16 "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\EventSystem] "providerGuid" = {899daace-4868-4295-afcd-9eb8fb497561} [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\Folder Redirection] "EventMessageFile" = %SystemRoot%\System32\fdeploy.dll -- [2009-07-14 03:15:20 | 000,058,880 | ---- | M] (Microsoft Corporation) "ProviderGuid" = {7D7B0C39-93F6-4100-BD96-4DDA859652C5} "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\Group Policy] "EventMessageFile" = %SystemRoot%\System32\gpapi.dll -- [2009-07-14 03:15:22 | 000,079,872 | ---- | M] (Microsoft Corporation) "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\Group Policy Applications] "ParameterMessageFile" = gpprefcl.dll -- [2009-07-14 03:15:24 | 000,582,656 | ---- | M] (Microsoft Corporation) "TypesSupported" = 7 "CategoryCount" = 2 "CategoryMessageFile" = gpprefcl.dll -- [2009-07-14 03:15:24 | 000,582,656 | ---- | M] (Microsoft Corporation) "EventMessageFile" = gpprefcl.dll -- [2009-07-14 03:15:24 | 000,582,656 | ---- | M] (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\Group Policy Client] "ParameterMessageFile" = gpprefcl.dll -- [2009-07-14 03:15:24 | 000,582,656 | ---- | M] (Microsoft Corporation) "TypesSupported" = 7 "CategoryCount" = 2 "CategoryMessageFile" = gpprefcl.dll -- [2009-07-14 03:15:24 | 000,582,656 | ---- | M] (Microsoft Corporation) "EventMessageFile" = gpprefcl.dll -- [2009-07-14 03:15:24 | 000,582,656 | ---- | M] (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\Group Policy Data Sources] "ParameterMessageFile" = gpprefcl.dll -- [2009-07-14 03:15:24 | 000,582,656 | ---- | M] (Microsoft Corporation) "TypesSupported" = 7 "CategoryCount" = 2 "CategoryMessageFile" = gpprefcl.dll -- [2009-07-14 03:15:24 | 000,582,656 | ---- | M] (Microsoft Corporation) "EventMessageFile" = gpprefcl.dll -- [2009-07-14 03:15:24 | 000,582,656 | ---- | M] (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\Group Policy Device Settings] "ParameterMessageFile" = gpprefcl.dll -- [2009-07-14 03:15:24 | 000,582,656 | ---- | M] (Microsoft Corporation) "TypesSupported" = 7 "CategoryCount" = 2 "CategoryMessageFile" = gpprefcl.dll -- [2009-07-14 03:15:24 | 000,582,656 | ---- | M] (Microsoft Corporation) "EventMessageFile" = gpprefcl.dll -- [2009-07-14 03:15:24 | 000,582,656 | ---- | M] (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\Group Policy Drive Maps] "ParameterMessageFile" = gpprefcl.dll -- [2009-07-14 03:15:24 | 000,582,656 | ---- | M] (Microsoft Corporation) "TypesSupported" = 7 "CategoryCount" = 2 "CategoryMessageFile" = gpprefcl.dll -- [2009-07-14 03:15:24 | 000,582,656 | ---- | M] (Microsoft Corporation) "EventMessageFile" = gpprefcl.dll -- [2009-07-14 03:15:24 | 000,582,656 | ---- | M] (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\Group Policy Environment] "ParameterMessageFile" = gpprefcl.dll -- [2009-07-14 03:15:24 | 000,582,656 | ---- | M] (Microsoft Corporation) "TypesSupported" = 7 "CategoryCount" = 2 "CategoryMessageFile" = gpprefcl.dll -- [2009-07-14 03:15:24 | 000,582,656 | ---- | M] (Microsoft Corporation) "EventMessageFile" = gpprefcl.dll -- [2009-07-14 03:15:24 | 000,582,656 | ---- | M] (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\Group Policy Files] "ParameterMessageFile" = gpprefcl.dll -- [2009-07-14 03:15:24 | 000,582,656 | ---- | M] (Microsoft Corporation) "TypesSupported" = 7 "CategoryCount" = 2 "CategoryMessageFile" = gpprefcl.dll -- [2009-07-14 03:15:24 | 000,582,656 | ---- | M] (Microsoft Corporation) "EventMessageFile" = gpprefcl.dll -- [2009-07-14 03:15:24 | 000,582,656 | ---- | M] (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\Group Policy Folder Options] "ParameterMessageFile" = gpprefcl.dll -- [2009-07-14 03:15:24 | 000,582,656 | ---- | M] (Microsoft Corporation) "TypesSupported" = 7 "CategoryCount" = 2 "CategoryMessageFile" = gpprefcl.dll -- [2009-07-14 03:15:24 | 000,582,656 | ---- | M] (Microsoft Corporation) "EventMessageFile" = gpprefcl.dll -- [2009-07-14 03:15:24 | 000,582,656 | ---- | M] (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\Group Policy Folders] "ParameterMessageFile" = gpprefcl.dll -- [2009-07-14 03:15:24 | 000,582,656 | ---- | M] (Microsoft Corporation) "TypesSupported" = 7 "CategoryCount" = 2 "CategoryMessageFile" = gpprefcl.dll -- [2009-07-14 03:15:24 | 000,582,656 | ---- | M] (Microsoft Corporation) "EventMessageFile" = gpprefcl.dll -- [2009-07-14 03:15:24 | 000,582,656 | ---- | M] (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\Group Policy Ini Files] "ParameterMessageFile" = gpprefcl.dll -- [2009-07-14 03:15:24 | 000,582,656 | ---- | M] (Microsoft Corporation) "TypesSupported" = 7 "CategoryCount" = 2 "CategoryMessageFile" = gpprefcl.dll -- [2009-07-14 03:15:24 | 000,582,656 | ---- | M] (Microsoft Corporation) "EventMessageFile" = gpprefcl.dll -- [2009-07-14 03:15:24 | 000,582,656 | ---- | M] (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\Group Policy Internet Settings] "ParameterMessageFile" = gpprefcl.dll -- [2009-07-14 03:15:24 | 000,582,656 | ---- | M] (Microsoft Corporation) "TypesSupported" = 7 "CategoryCount" = 2 "CategoryMessageFile" = gpprefcl.dll -- [2009-07-14 03:15:24 | 000,582,656 | ---- | M] (Microsoft Corporation) "EventMessageFile" = gpprefcl.dll -- [2009-07-14 03:15:24 | 000,582,656 | ---- | M] (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\Group Policy Local Users and Groups] "ParameterMessageFile" = gpprefcl.dll -- [2009-07-14 03:15:24 | 000,582,656 | ---- | M] (Microsoft Corporation) "TypesSupported" = 7 "CategoryCount" = 2 "CategoryMessageFile" = gpprefcl.dll -- [2009-07-14 03:15:24 | 000,582,656 | ---- | M] (Microsoft Corporation) "EventMessageFile" = gpprefcl.dll -- [2009-07-14 03:15:24 | 000,582,656 | ---- | M] (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\Group Policy Mail Profiles] "ParameterMessageFile" = gpprefcl.dll -- [2009-07-14 03:15:24 | 000,582,656 | ---- | M] (Microsoft Corporation) "TypesSupported" = 7 "CategoryCount" = 2 "CategoryMessageFile" = gpprefcl.dll -- [2009-07-14 03:15:24 | 000,582,656 | ---- | M] (Microsoft Corporation) "EventMessageFile" = gpprefcl.dll -- [2009-07-14 03:15:24 | 000,582,656 | ---- | M] (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\Group Policy Network Options] "ParameterMessageFile" = gpprefcl.dll -- [2009-07-14 03:15:24 | 000,582,656 | ---- | M] (Microsoft Corporation) "TypesSupported" = 7 "CategoryCount" = 2 "CategoryMessageFile" = gpprefcl.dll -- [2009-07-14 03:15:24 | 000,582,656 | ---- | M] (Microsoft Corporation) "EventMessageFile" = gpprefcl.dll -- [2009-07-14 03:15:24 | 000,582,656 | ---- | M] (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\Group Policy Network Shares] "ParameterMessageFile" = gpprefcl.dll -- [2009-07-14 03:15:24 | 000,582,656 | ---- | M] (Microsoft Corporation) "TypesSupported" = 7 "CategoryCount" = 2 "CategoryMessageFile" = gpprefcl.dll -- [2009-07-14 03:15:24 | 000,582,656 | ---- | M] (Microsoft Corporation) "EventMessageFile" = gpprefcl.dll -- [2009-07-14 03:15:24 | 000,582,656 | ---- | M] (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\Group Policy Power Options] "ParameterMessageFile" = gpprefcl.dll -- [2009-07-14 03:15:24 | 000,582,656 | ---- | M] (Microsoft Corporation) "TypesSupported" = 7 "CategoryCount" = 2 "CategoryMessageFile" = gpprefcl.dll -- [2009-07-14 03:15:24 | 000,582,656 | ---- | M] (Microsoft Corporation) "EventMessageFile" = gpprefcl.dll -- [2009-07-14 03:15:24 | 000,582,656 | ---- | M] (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\Group Policy Printers] "ParameterMessageFile" = gpprefcl.dll -- [2009-07-14 03:15:24 | 000,582,656 | ---- | M] (Microsoft Corporation) "TypesSupported" = 7 "CategoryCount" = 2 "CategoryMessageFile" = gpprefcl.dll -- [2009-07-14 03:15:24 | 000,582,656 | ---- | M] (Microsoft Corporation) "EventMessageFile" = gpprefcl.dll -- [2009-07-14 03:15:24 | 000,582,656 | ---- | M] (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\Group Policy Regional Options] "ParameterMessageFile" = gpprefcl.dll -- [2009-07-14 03:15:24 | 000,582,656 | ---- | M] (Microsoft Corporation) "TypesSupported" = 7 "CategoryCount" = 2 "CategoryMessageFile" = gpprefcl.dll -- [2009-07-14 03:15:24 | 000,582,656 | ---- | M] (Microsoft Corporation) "EventMessageFile" = gpprefcl.dll -- [2009-07-14 03:15:24 | 000,582,656 | ---- | M] (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\Group Policy Registry] "ParameterMessageFile" = gpprefcl.dll -- [2009-07-14 03:15:24 | 000,582,656 | ---- | M] (Microsoft Corporation) "TypesSupported" = 7 "CategoryCount" = 2 "CategoryMessageFile" = gpprefcl.dll -- [2009-07-14 03:15:24 | 000,582,656 | ---- | M] (Microsoft Corporation) "EventMessageFile" = gpprefcl.dll -- [2009-07-14 03:15:24 | 000,582,656 | ---- | M] (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\Group Policy Scheduled Tasks] "ParameterMessageFile" = gpprefcl.dll -- [2009-07-14 03:15:24 | 000,582,656 | ---- | M] (Microsoft Corporation) "TypesSupported" = 7 "CategoryCount" = 2 "CategoryMessageFile" = gpprefcl.dll -- [2009-07-14 03:15:24 | 000,582,656 | ---- | M] (Microsoft Corporation) "EventMessageFile" = gpprefcl.dll -- [2009-07-14 03:15:24 | 000,582,656 | ---- | M] (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\Group Policy Services] "ParameterMessageFile" = gpprefcl.dll -- [2009-07-14 03:15:24 | 000,582,656 | ---- | M] (Microsoft Corporation) "TypesSupported" = 7 "CategoryCount" = 2 "CategoryMessageFile" = gpprefcl.dll -- [2009-07-14 03:15:24 | 000,582,656 | ---- | M] (Microsoft Corporation) "EventMessageFile" = gpprefcl.dll -- [2009-07-14 03:15:24 | 000,582,656 | ---- | M] (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\Group Policy Shortcuts] "ParameterMessageFile" = gpprefcl.dll -- [2009-07-14 03:15:24 | 000,582,656 | ---- | M] (Microsoft Corporation) "TypesSupported" = 7 "CategoryCount" = 2 "CategoryMessageFile" = gpprefcl.dll -- [2009-07-14 03:15:24 | 000,582,656 | ---- | M] (Microsoft Corporation) "EventMessageFile" = gpprefcl.dll -- [2009-07-14 03:15:24 | 000,582,656 | ---- | M] (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\Group Policy Standard Edition] "ParameterMessageFile" = gpprefcl.dll -- [2009-07-14 03:15:24 | 000,582,656 | ---- | M] (Microsoft Corporation) "TypesSupported" = 7 "CategoryCount" = 2 "CategoryMessageFile" = gpprefcl.dll -- [2009-07-14 03:15:24 | 000,582,656 | ---- | M] (Microsoft Corporation) "EventMessageFile" = gpprefcl.dll -- [2009-07-14 03:15:24 | 000,582,656 | ---- | M] (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\Group Policy Start Menu Settings] "ParameterMessageFile" = gpprefcl.dll -- [2009-07-14 03:15:24 | 000,582,656 | ---- | M] (Microsoft Corporation) "TypesSupported" = 7 "CategoryCount" = 2 "CategoryMessageFile" = gpprefcl.dll -- [2009-07-14 03:15:24 | 000,582,656 | ---- | M] (Microsoft Corporation) "EventMessageFile" = gpprefcl.dll -- [2009-07-14 03:15:24 | 000,582,656 | ---- | M] (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\Handwriting Recognition] "TypesSupported" = 7 "CategoryCount" = 7 "CategoryMessageFile" = %CommonProgramFiles%\Microsoft Shared\Ink\IPSEventLogMsg.dll "EventMessageFile" = %CommonProgramFiles%\Microsoft Shared\Ink\IPSEventLogMsg.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\IAStorDataMgrSvc] "EventMessageFile" = C:\Windows\Microsoft.NET\Framework\v2.0.50727\EventLogMessages.dll -- [2009-06-10 23:22:52 | 000,794,976 | ---- | M] (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\Intel Control Center] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\Interactive Services detection] "EventMessageFile" = %SystemRoot%\System32\UI0Detect.exe "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\LoadPerf] "ProviderGuid" = {122EE297-BB47-41AE-B265-1CA8D1886D40} [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\LocationNotifications] "ProviderGuid" = {5b93cdfa-5f51-45e0-9fde-296983129e6c} "EventMessageFile" = %SystemRoot%\System32\LocationNotifications.exe -- [2009-07-14 03:14:22 | 000,089,600 | ---- | M] (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\Microsoft Fax] "publisherGuid" = {9F8639E0-9EEF-4125-9B1C-86109BDD8289} "TypesSupported" = 7 "CategoryCount" = 4 "CategoryMessageFile" = %systemroot%\system32\fxsevent.dll "EventMessageFile" = %systemroot%\system32\fxsevent.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\Microsoft Office 12] "EventMessageFile" = C:\PROGRA~2\COMMON~1\MICROS~1\DW\DW20.EXE -- [2006-10-26 20:48:16 | 000,813,384 | ---- | M] (Microsoft Corporation) "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\Microsoft-Windows-Application-Experience] "ProviderGuid" = {eef54e71-0661-422d-9a98-82fd4940b820} "EventMessageFile" = %SystemRoot%\system32\aeevts.dll -- [2009-07-14 03:03:48 | 000,023,040 | ---- | M] (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\Microsoft-Windows-ApplicationExperienceInfrastructure] "ProviderGuid" = {5ec13d8e-4b3f-422e-a7e7-3121a1d90c7a} "EventMessageFile" = %SystemRoot%\system32\apphelp.dll -- [2009-07-14 03:14:53 | 000,292,352 | ---- | M] (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\Microsoft-Windows-Audio] "ProviderGuid" = {ae4bd3be-f36f-45b6-8d21-bdd6fb832853} "EventMessageFile" = %SystemRoot%\System32\audioses.dll -- [2009-07-14 03:14:57 | 000,195,584 | ---- | M] (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\Microsoft-Windows-AxInstallService] "ProviderGuid" = {dab3b18c-3c0f-43e8-80b1-e44bc0dad901} "EventMessageFile" = %SystemRoot%\System32\AxInstSv.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\Microsoft-Windows-Backup] "ProviderGuid" = {1db28f2e-8f80-4027-8c5a-a11f7f10f62d} "EventMessageFile" = %windir%\system32\BlbEvents.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\Microsoft-Windows-CAPI2] "ProviderGuid" = {5bbca4a8-b209-48dc-a8c7-b23d3e5216fb} "EventMessageFile" = %SystemRoot%\System32\crypt32.dll -- [2012-06-02 06:45:21 | 001,157,632 | ---- | M] (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\Microsoft-Windows-CertificateServicesClient] "ProviderGuid" = {73370bd6-85e5-430b-b60a-fea1285808a7} "EventMessageFile" = %SystemRoot%\system32\dimsjob.dll -- [2009-07-14 03:15:11 | 000,033,792 | ---- | M] (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\Microsoft-Windows-CertificateServicesClient-AutoEnrollment] "ProviderGuid" = {f0db7ef8-b6f3-4005-9937-feb77b9e1b43} "EventMessageFile" = %SystemRoot%\system32\pautoenr.dll -- [2009-07-14 03:16:12 | 000,044,032 | ---- | M] (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\Microsoft-Windows-CertificateServicesClient-CertEnroll] "ProviderGuid" = {54164045-7c50-4905-963f-e5bc1eef0cca} "EventMessageFile" = %SystemRoot%\system32\certenroll.dll -- [2009-09-03 09:04:15 | 001,320,960 | ---- | M] (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\Microsoft-Windows-CertificateServicesClient-CredentialRoaming] "ProviderGuid" = {89a2278b-c662-4aff-a06c-46ad3f220bca} "EventMessageFile" = %SystemRoot%\system32\dimsroam.dll -- [2009-07-14 03:15:11 | 000,036,864 | ---- | M] (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\Microsoft-Windows-CertificationAuthorityClient-CertCli] "ProviderGuid" = {98bf1cd3-583e-4926-95ee-a61bf3f46470} "EventMessageFile" = %SystemRoot%\system32\certcli.dll -- [2009-07-14 03:15:01 | 000,335,360 | ---- | M] (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\Microsoft-Windows-Crypto-RNG] "providerGuid" = {54d5ac20-e14f-4fda-92da-ebf7556ff176} [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\Microsoft-Windows-Defrag] "TypesSupported" = 7 "EventMessageFile" = %systemroot%\system32\defragsvc.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\Microsoft-Windows-DirectShow-Core] "ProviderGuid" = {968f313b-097f-4e09-9cdd-bc62692d138b} "EventMessageFile" = %SystemRoot%\system32\quartz.dll -- [2011-10-26 06:28:26 | 001,328,640 | ---- | M] (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\Microsoft-Windows-DirectShow-KernelSupport] "ProviderGuid" = {3cc2d4af-da5e-4ed4-bcbe-3cf995940483} "EventMessageFile" = ksproxy.ax -- [2009-07-14 03:14:11 | 000,194,048 | ---- | M] (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\Microsoft-Windows-EapHost] "ProviderGuid" = {6eb8db94-fe96-443f-a366-5fe0cee7fb1c} "EventMessageFile" = %systemroot%\system32\eapsvc.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\Microsoft-Windows-EFS] "ProviderGuid" = {3663a992-84be-40ea-bba9-90c7ed544222} "EventMessageFile" = %SystemRoot%\system32\efscore.dll -- [2009-07-14 03:15:13 | 000,204,800 | ---- | M] (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\Microsoft-Windows-EventCollector] "ProviderGuid" = {b977cf02-76f6-df84-cc1a-6a4b232322b6} "EventMessageFile" = %SystemRoot%\system32\wecsvc.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\Microsoft-Windows-Folder Redirection] "ProviderGuid" = {7d7b0c39-93f6-4100-bd96-4dda859652c5} "EventMessageFile" = %SystemRoot%\System32\fdeploy.dll -- [2009-07-14 03:15:20 | 000,058,880 | ---- | M] (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\Microsoft-Windows-LoadPerf] "ProviderGuid" = {122ee297-bb47-41ae-b265-1ca8d1886d40} "EventMessageFile" = %SystemRoot%\system32\loadperf.dll -- [2009-07-14 03:15:36 | 000,115,712 | ---- | M] (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\Microsoft-Windows-PerfCtrs] "ProviderGuid" = {973143dd-f3c7-4ef5-b156-544ac38c39b6} "EventMessageFile" = %SystemRoot%\system32\perfctrs.dll -- [2009-07-14 03:16:12 | 000,039,424 | ---- | M] (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\Microsoft-Windows-PerfNet] "ProviderGuid" = {cab2b8a5-49b9-4eec-b1b0-fac21da05a3b} "EventMessageFile" = %SystemRoot%\system32\perfnet.dll -- [2009-07-14 03:16:12 | 000,020,992 | ---- | M] (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\Microsoft-Windows-PerfOS] "ProviderGuid" = {f82fb576-e941-4956-a2c7-a0cf83f6450a} "EventMessageFile" = %SystemRoot%\system32\perfos.dll -- [2009-07-14 03:16:12 | 000,028,672 | ---- | M] (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\Microsoft-Windows-PerfProc] "ProviderGuid" = {72d211e1-4c54-4a93-9520-4901681b2271} "EventMessageFile" = %SystemRoot%\system32\perfproc.dll -- [2009-07-14 03:16:12 | 000,035,328 | ---- | M] (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\Microsoft-Windows-propsys] "ProviderGuid" = {9485FA1E-23CD-49A1-84E3-11D8BC550CB7} "EventMessageFile" = %SystemRoot%\system32\propsys.dll -- [2009-07-14 03:16:12 | 000,988,160 | ---- | M] (Microsoft Corporation) "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\Microsoft-Windows-RemoteApp and Desktop Connections] "ProviderGuid" = {1b8b402d-78dc-46fb-bf71-46e64aedf165} "EventMessageFile" = %SystemRoot%\system32\TSWorkspace.dll -- [2009-07-14 03:16:16 | 000,594,432 | ---- | M] (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\Microsoft-Windows-RemoteAssistance] "ProviderGuid" = {5b0a651a-8807-45cc-9656-7579815b6af0} "EventMessageFile" = %systemroot%\system32\msra.exe -- [2009-07-14 03:14:26 | 000,108,032 | ---- | M] (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\Microsoft-Windows-RestartManager] "ProviderGuid" = {0888e5ef-9b98-4695-979d-e92ce4247224} "EventMessageFile" = %SystemRoot%\System32\RstrtMgr.dll -- [2009-07-14 03:16:13 | 000,152,064 | ---- | M] (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\Microsoft-Windows-RPC-Events] "ProviderGuid" = {f4aed7c7-a898-4627-b053-44a7caa12fcd} "EventMessageFile" = %SystemRoot%\system32\rpcrt4.dll -- [2009-07-14 03:11:23 | 000,662,528 | ---- | M] (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\Microsoft-Windows-SoftwareRestrictionPolicies] "ProviderGuid" = {7d29d58a-931a-40ac-8743-48c733045548} "EventMessageFile" = %SystemRoot%\system32\advapi32.dll -- [2009-07-14 03:14:53 | 000,640,000 | ---- | M] (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\Microsoft-Windows-TerminalServices-ClientActiveXCore] "ProviderGuid" = {28aa95bb-d444-4719-a36f-40462168127e} "EventMessageFile" = %SystemRoot%\system32\mstscax.dll -- [2013-02-12 17:13:55 | 002,691,072 | ---- | M] (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\Microsoft-Windows-User Profiles General] "ProviderGuid" = {db00dfb6-29f9-4a9c-9b3b-1f4f9e7d9770} "EventMessageFile" = %SystemRoot%\System32\userenv.dll -- [2009-07-14 03:16:17 | 000,079,360 | ---- | M] (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\Microsoft-Windows-User Profiles Service] "ProviderGuid" = {89b1e9f0-5aff-44a6-9b44-0a07a7ce5845} "EventMessageFile" = %SystemRoot%\System32\profsvc.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\Microsoft-Windows-Video-For-Windows] "ProviderGuid" = {712abb2d-d806-4b42-9682-26da01d8b307} "EventMessageFile" = %SystemRoot%\system32\mciavi32.dll -- [2009-12-19 11:02:40 | 000,084,480 | ---- | M] (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\Microsoft-Windows-WBioSrvc] "providerGuid" = {A0E3D8EA-C34F-4419-A1DB-90435B8B21D0} [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\Microsoft-Windows-WindowsSystemAssessmentTool] "ProviderGuid" = {11a75546-3234-465e-bec8-2d301cb501ac} "EventMessageFile" = %SystemRoot%\system32\WINSAT.EXE [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\Microsoft-Windows-Winsrv] "ProviderGuid" = {9d55b53d-449b-4824-a637-24f9d69aa02f} "EventMessageFile" = %SystemRoot%\system32\winsrv.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\Microsoft-Windows-XWizards] "ProviderGuid" = {777ba8fe-2498-4875-933a-3067de883070} "EventMessageFile" = %windir%\system32\xwizards.dll -- [2009-07-14 03:16:21 | 000,354,816 | ---- | M] (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\Microsoft.Transactions.Bridge 3.0.0.0] "CategoryCount" = 14 "CategoryMessageFile" = C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\ServiceModelEvents.dll -- [2009-06-10 22:30:45 | 000,008,032 | ---- | M] (Microsoft Corporation) "EventMessageFile" = C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\ServiceModelEvents.dll -- [2009-06-10 22:30:45 | 000,008,032 | ---- | M] (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\Microsoft.Transactions.Bridge 4.0.0.0] "CategoryCount" = 15 "CategoryMessageFile" = c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ServiceModelEvents.dll -- [2010-03-18 14:27:14 | 000,008,032 | ---- | M] (Microsoft Corporation) "EventMessageFile" = c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ServiceModelEvents.dll -- [2010-03-18 14:27:14 | 000,008,032 | ---- | M] (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\MSDMine] "EventMessageFile" = C:\PROGRA~2\COMMON~1\SYSTEM\OLEDB~1\MSDMINE.DLL -- [2005-05-04 01:06:30 | 001,411,816 | ---- | M] (Microsoft Corporation) "CategoryMessageFile" = C:\PROGRA~2\COMMON~1\SYSTEM\OLEDB~1\MSDMINE.DLL -- [2005-05-04 01:06:30 | 001,411,816 | ---- | M] (Microsoft Corporation) "TypesSupported" = 00 12 B8 58 [binary data] "CategoryCount" = 2 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\MSDTC] "providerGuid" = {719BE4ED-E9BC-4DD8-A7CF-C85CE8E4975D} [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\MSDTC 2] "providerGuid" = {5D9E0020-3761-4f36-90C8-38CE6511BD12} [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\MSDTC Client] "providerGuid" = {7A67066E-193F-4D3A-82D3-322FEE5259DE} [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\MSDTC Client 2] "providerGuid" = {155CB334-3D7F-4ff1-B107-DF8AFC3C0363} [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\MsiInstaller] "EventMessageFile" = C:\Windows\system32\msimsg.dll -- [2009-07-14 03:07:12 | 000,025,088 | ---- | M] (Microsoft Corporation) "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\MSSOAP] "TypesSupported" = 1 "CategoryCount" = 4 "EventMessageFile" = C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\MSSOAP30.DLL -- [2006-10-26 14:56:40 | 000,505,136 | ---- | M] (Microsoft Corporation) "CategoryMessageFile" = C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\MSSOAP30.DLL -- [2006-10-26 14:56:40 | 000,505,136 | ---- | M] (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\MySQL] "EventMessageFile" = d:\xampp\mysql\bin\mysqld.exe -- [2013-05-16 19:44:21 | 008,151,040 | ---- | M] () "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\Nokia M Platform] "EventMessageFile" = C:\Users\Mati\AppData\Local\Temp\NEventMessages.dll -- [2014-05-03 19:57:27 | 000,001,536 | ---- | M] () "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\Nokia Suite] "EventMessageFile" = C:\Users\Mati\AppData\Local\Temp\NOSEventMessages.dll -- [2014-05-03 19:57:12 | 000,001,536 | ---- | M] () "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\Outlook] "EventMessageFile" = C:\PROGRA~2\MICROS~1\Office12\1045\MAPIR.DLL -- [2006-11-24 09:31:52 | 001,289,000 | ---- | M] (Microsoft Corporation) "Version" = 13 "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\PDH] "ProviderGuid" = {04D66358-C4A1-419B-8023-23B73902DE2C} [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\PerfCtrs] "ProviderGuid" = {973143DD-F3C7-4EF5-B156-544AC38C39B6} [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\PerfDisk] "ProviderGuid" = {7F9D83DE-8ABB-457F-98E8-4AD161449ECC} [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\Perflib] "ProviderGuid" = {13B197BD-7CEE-4B4E-8DD0-59314CE374CE} [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\PerfNet] "ProviderGuid" = {CAB2B8A5-49B9-4EEC-B1B0-FAC21DA05A3B} [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\PerfOs] "ProviderGuid" = {F82FB576-E941-4956-A2C7-A0CF83F6450A} [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\PerfProc] "ProviderGuid" = {72D211E1-4C54-4A93-9520-4901681B2271} [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\PLFlash DeviceIoControl Service] "EventMessageFile" = C:\Windows\SysWOW64\IoctlSvc.exe -- [2006-12-19 10:30:26 | 000,081,920 | ---- | M] (Prolific Technology Inc.) "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\PrintBrm] "ProviderGuid" = {CF3F502E-B40D-4071-996F-00981EDF938E} [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\Process Exit Monitor] "providerGuid" = {FD771D53-8492-4057-8E35-8C02813AF49B} [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\Profsvc] "EventMessageFile" = %SystemRoot%\System32\profsvc.dll "TypesSupported" = 7 "ProviderGuid" = {89B1E9F0-5AFF-44A6-9B44-0A07A7CE5845} [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\RasClient] "EventMessageFile" = %SystemRoot%\System32\mprmsg.dll -- [2009-07-14 03:15:41 | 000,104,960 | ---- | M] (Microsoft Corporation) "TypesSupported" = 31 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\SceCli] "EventMessageFile" = %SystemRoot%\System32\scecli.dll -- [2009-07-14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\SceSrv] "EventMessageFile" = %SystemRoot%\System32\scesrv.dll -- [2009-07-14 03:16:13 | 000,307,712 | ---- | M] (Microsoft Corporation) "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\SecurityCenter] "TypesSupported" = 7 "EventMessageFile" = %SystemRoot%\System32\wscsvc.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\ServiceModel Audit 3.0.0.0] "TypesSupported" = 31 "CategoryCount" = 2 "CategoryMessageFile" = C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\ServiceModelEvents.dll -- [2009-06-10 22:30:45 | 000,008,032 | ---- | M] (Microsoft Corporation) "EventMessageFile" = C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\ServiceModelEvents.dll -- [2009-06-10 22:30:45 | 000,008,032 | ---- | M] (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\ServiceModel Audit 4.0.0.0] "TypesSupported" = 31 "CategoryCount" = 2 "CategoryMessageFile" = c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ServiceModelEvents.dll -- [2010-03-18 14:27:14 | 000,008,032 | ---- | M] (Microsoft Corporation) "EventMessageFile" = c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ServiceModelEvents.dll -- [2010-03-18 14:27:14 | 000,008,032 | ---- | M] (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\SideBySide] "EventMessageFile" = %SystemRoot%\System32\sxs.dll -- [2009-07-14 03:16:15 | 000,380,416 | ---- | M] (Microsoft Corporation) "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\SkypeUpdate] "EventMessageFile" = C:\Program Files (x86)\Skype\Updater\Updater.exe -- [2013-10-23 09:15:08 | 000,172,192 | R--- | M] (Skype Technologies) "CategoryMessageFile" = C:\Program Files (x86)\Skype\Updater\Updater.exe -- [2013-10-23 09:15:08 | 000,172,192 | R--- | M] (Skype Technologies) "CategoryCount" = 2 "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\Software Installation] "TypesSupported" = 7 "EventMessageFile" = %SystemRoot%\System32\appmgr.dll -- [2009-07-14 03:14:54 | 000,339,456 | ---- | M] (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\Software Protection Platform Service] "EventMessageFile" = %windir%\system32\sppsvc.exe "TypesSupported" = 7 "ProviderGuid" = {E23B33B0-C8C9-472C-A5F9-F2BDFEA0F156} [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\SPP] "TypesSupported" = 7 "EventMessageFile" = %systemroot%\system32\sxproxy.dll -- [2009-07-14 03:16:15 | 000,031,744 | ---- | M] (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\Standard TCP/IP Port] "ProviderGuid" = {CAD2D809-03D9-4F46-9CF4-72AA4F04B6B9} [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\System Restore] "TypesSupported" = 7 "EventMessageFile" = %systemroot%\system32\srcore.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\System.IdentityModel 3.0.0.0] "CategoryCount" = 14 "CategoryMessageFile" = C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\ServiceModelEvents.dll -- [2009-06-10 22:30:45 | 000,008,032 | ---- | M] (Microsoft Corporation) "EventMessageFile" = C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\ServiceModelEvents.dll -- [2009-06-10 22:30:45 | 000,008,032 | ---- | M] (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\System.IdentityModel 4.0.0.0] "CategoryCount" = 15 "CategoryMessageFile" = c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ServiceModelEvents.dll -- [2010-03-18 14:27:14 | 000,008,032 | ---- | M] (Microsoft Corporation) "EventMessageFile" = c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ServiceModelEvents.dll -- [2010-03-18 14:27:14 | 000,008,032 | ---- | M] (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\System.IO.Log 3.0.0.0] "CategoryCount" = 14 "CategoryMessageFile" = C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\ServiceModelEvents.dll -- [2009-06-10 22:30:45 | 000,008,032 | ---- | M] (Microsoft Corporation) "EventMessageFile" = C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\ServiceModelEvents.dll -- [2009-06-10 22:30:45 | 000,008,032 | ---- | M] (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\System.IO.Log 4.0.0.0] "CategoryCount" = 15 "CategoryMessageFile" = c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ServiceModelEvents.dll -- [2010-03-18 14:27:14 | 000,008,032 | ---- | M] (Microsoft Corporation) "EventMessageFile" = c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ServiceModelEvents.dll -- [2010-03-18 14:27:14 | 000,008,032 | ---- | M] (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\System.Runtime.Serialization 3.0.0.0] "CategoryCount" = 14 "CategoryMessageFile" = C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\ServiceModelEvents.dll -- [2009-06-10 22:30:45 | 000,008,032 | ---- | M] (Microsoft Corporation) "EventMessageFile" = C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\ServiceModelEvents.dll -- [2009-06-10 22:30:45 | 000,008,032 | ---- | M] (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\System.Runtime.Serialization 4.0.0.0] "CategoryCount" = 15 "CategoryMessageFile" = c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ServiceModelEvents.dll -- [2010-03-18 14:27:14 | 000,008,032 | ---- | M] (Microsoft Corporation) "EventMessageFile" = c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ServiceModelEvents.dll -- [2010-03-18 14:27:14 | 000,008,032 | ---- | M] (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\System.ServiceModel 3.0.0.0] "CategoryCount" = 14 "CategoryMessageFile" = C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\ServiceModelEvents.dll -- [2009-06-10 22:30:45 | 000,008,032 | ---- | M] (Microsoft Corporation) "EventMessageFile" = C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\ServiceModelEvents.dll -- [2009-06-10 22:30:45 | 000,008,032 | ---- | M] (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\System.ServiceModel 4.0.0.0] "CategoryCount" = 15 "CategoryMessageFile" = c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ServiceModelEvents.dll -- [2010-03-18 14:27:14 | 000,008,032 | ---- | M] (Microsoft Corporation) "EventMessageFile" = c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ServiceModelEvents.dll -- [2010-03-18 14:27:14 | 000,008,032 | ---- | M] (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\usbperf] "EventMessageFile" = %SystemRoot%\system32\usbperf.dll -- [2009-07-14 03:16:17 | 000,011,264 | ---- | M] (Microsoft Corporation) "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\Userenv] "EventMessageFile" = %SystemRoot%\System32\userenv.dll -- [2009-07-14 03:16:17 | 000,079,360 | ---- | M] (Microsoft Corporation) "TypesSupported" = 7 "ProviderGuid" = {DB00DFB6-29F9-4A9C-9B3B-1F4F9E7D9770} [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\VBRuntime] "EventMessageFile" = C:\Windows\SysWOW64\msvbvm60.dll -- [2009-07-14 03:15:50 | 001,386,496 | ---- | M] (Microsoft Corporation) "TypesSupported" = 4 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\VSS] "TypesSupported" = 7 "EventMessageFile" = %SystemRoot%\System32\VSSVC.EXE [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\VSSetup] "EventMessageFile" = C:\PROGRA~2\COMMON~1\MICROS~1\DW\DW20.EXE -- [2006-10-26 20:48:16 | 000,813,384 | ---- | M] (Microsoft Corporation) "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\WerSvc] "EventMessageFile" = %SystemRoot%\System32\wersvc.dll "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\Windows Activation Technologies] "TypesSupported" = 7 "EventMessageFile" = %SystemRoot%\system32\Wat\WatUX.exe [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\Windows Backup] "TypesSupported" = 7 "EventMessageFile" = %systemroot%\system32\sdengin2.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\Windows Error Reporting] "EventMessageFile" = %SystemRoot%\System32\wer.dll -- [2009-07-14 03:16:18 | 000,377,856 | ---- | M] (Microsoft Corporation) "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\Windows Search Service] "ProviderGuid" = {CA4E628D-8567-4896-AB6B-835B221F373F} "TypesSupported" = 7 "CategoryCount" = 7 "CategoryMessageFile" = %systemroot%\system32\tquery.dll -- [2011-05-04 06:53:10 | 001,553,920 | ---- | M] (Microsoft Corporation) "EventMessageFile" = %systemroot%\system32\tquery.dll -- [2011-05-04 06:53:10 | 001,553,920 | ---- | M] (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\Windows Search Service Profile Notification] "ProviderGuid" = {FC6F77DD-769A-470E-BCF9-1B6555A118BE} "TypesSupported" = 7 "EventMessageFile" = %SystemRoot%\system32\wsepno.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\Wininit] "EventMessageFile" = %SystemRoot%\System32\wininit.exe -- [2009-07-14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) "TypesSupported" = 7 "providerGuid" = {206f6dea-d3c5-4d10-bc72-989f03c8b84b} [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\Winlogon] "EventMessageFile" = %SystemRoot%\System32\winlogon.exe "TypesSupported" = 7 "providerGuid" = {DBE9B383-7CF3-4331-91CC-A3CB16A3B538} [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\WinMgmt] "ProviderGuid" = {1edeee53-0afe-4609-b846-d8c0b2075b1f} [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\Wlclntfy] "EventMessageFile" = %SystemRoot%\System32\winlogon.exe "TypesSupported" = 7 "providerGuid" = {DBE9B383-7CF3-4331-91CC-A3CB16A3B538} [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\WMI.NET Provider Extension] "TypesSupported" = 7 "EventMessageFile" = c:\Windows\Microsoft.NET\Framework64\v4.0.30319\EventLogMessages.dll -- [2010-03-18 14:27:14 | 000,794,464 | ---- | M] (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\Wow64 Emulation Layer] "EventMessageFile" = %SystemRoot%\System32\ntvdm64.dll -- [2013-01-04 04:48:34 | 000,014,336 | ---- | M] (Microsoft Corporation) "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\WSH] "EventMessageFile" = %SystemRoot%\System32\wshext.dll -- [2009-07-14 03:16:20 | 000,080,896 | ---- | M] (Microsoft Corporation) "TypesSupported" = 31 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\HardwareEvents] "File" = %systemroot%\system32\winevt\logs\HardwareEvents.evtx "MaxSize" = 20971520 "Retention" = 0 "DisplayNameFile" = %SystemRoot%\system32\wecsvc.dll "DisplayNameID" = 256 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Internet Explorer] "CustomSD" = O:BAG:SYD:(A;;0x07;;;WD)S:(ML;;0x1;;;LW) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Key Management Service] "MaxSize" = 20971520 "Retention" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Key Management Service\KmsRequests] "EventMessageFile" = %windir%\system32\sppsvc.exe "TypesSupported" = 7 "ProviderGuid" = {E23B33B0-C8C9-472C-A5F9-F2BDFEA0F156} [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Media Center] "MaxSize" = 8388608 "File" = %SystemRoot%\System32\winevt\Logs\Media Center.evtx "Retention" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Media Center\ehExtHost] "EventMessageFile" = %SystemRoot%\ehome\ehepgres.dll -- [2009-07-14 03:26:39 | 000,004,608 | ---- | M] (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Media Center\ehRecvr] "EventMessageFile" = %SystemRoot%\ehome\ehRecvr.exe -- [2010-08-04 09:05:58 | 000,696,320 | ---- | M] (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Media Center\ehSched] "EventMessageFile" = %SystemRoot%\ehome\ehSched.exe -- [2009-07-14 03:39:09 | 000,127,488 | ---- | M] (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Media Center\ehshell] "EventMessageFile" = %SystemRoot%\ehome\ehepgres.dll -- [2009-07-14 03:26:39 | 000,004,608 | ---- | M] (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Media Center\mcstore] "EventMessageFile" = %SystemRoot%\ehome\ehepgres.dll -- [2009-07-14 03:26:39 | 000,004,608 | ---- | M] (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Media Center\MCUpdate] "EventMessageFile" = %SystemRoot%\ehome\ehepgres.dll -- [2009-07-14 03:26:39 | 000,004,608 | ---- | M] (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Media Center\Recording] "EventMessageFile" = %SystemRoot%\ehome\ehepgres.dll -- [2009-07-14 03:26:39 | 000,004,608 | ---- | M] (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\ODiag] "DisplayNameFile" = C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\OFFREL.DLL -- [2006-10-26 20:59:40 | 000,013,584 | ---- | M] () "DisplayNameID" = 101 "MaxSize" = 16777216 "PrimaryModule" = ODiag "Retention" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\ODiag\Microsoft Office 12 Diagnostics] "EventMessageFile" = C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\OFFREL.DLL -- [2006-10-26 20:59:40 | 000,013,584 | ---- | M] () "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\OSession] "DisplayNameFile" = C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\OFFREL.DLL -- [2006-10-26 20:59:40 | 000,013,584 | ---- | M] () "DisplayNameID" = 100 "MaxSize" = 16777216 "PrimaryModule" = OSessions "Retention" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\OSession\Microsoft Office 12 Sessions] "EventMessageFile" = C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\OFFREL.DLL -- [2006-10-26 20:59:40 | 000,013,584 | ---- | M] () "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Security] "DisplayNameFile" = %SystemRoot%\system32\wevtapi.dll -- [2009-07-14 03:16:18 | 000,262,144 | ---- | M] (Microsoft Corporation) "DisplayNameID" = 257 "Isolation" = 2 "PrimaryModule" = Security -- [2009-07-14 03:09:53 | 000,004,608 | ---- | M] (Microsoft Corporation) "File" = %SystemRoot%\System32\winevt\Logs\Security.evtx "MaxSize" = 20971520 "Retention" = 0 "Security" = 01 00 14 80 8C 00 00 00 98 00 00 00 14 00 00 00 44 00 00 00 02 00 30 00 02 00 00 00 02 40 14 00 72 01 0D 00 01 01 00 00 00 00 00 01 00 00 00 00 02 80 14 00 FF 01 0F 00 01 01 00 00 00 00 00 01 00 00 00 00 02 00 48 00 03 00 00 00 00 00 14 00 8D 01 02 00 01 01 00 00 00 00 00 05 0B 00 00 00 00 00 18 00 FF 01 0F 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 00 00 14 00 FD 01 02 00 01 01 00 00 00 00 00 05 12 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00 [Binary data over 200 bytes] "RestrictGuestAccess" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Security\DS] "ParameterMessageFile" = %SystemRoot%\System32\MsObjs.dll -- [2009-07-14 03:07:14 | 000,060,416 | ---- | M] (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Security\DS\ObjectNames] "Directory Service Object" = 7680 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Security\LSA] "ParameterMessageFile" = %SystemRoot%\System32\MsObjs.dll -- [2009-07-14 03:07:14 | 000,060,416 | ---- | M] (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Security\LSA\ObjectNames] "PolicyObject" = 5632 "SecretObject" = 5648 "TrustedDomainObject" = 5664 "UserAccountObject" = 5680 "AdtSecurity" = 7936 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Security\Microsoft-Windows-Eventlog] "ProviderGuid" = {fc65ddd8-d6ef-4962-83d5-6e5cfe9ce148} "EventMessageFile" = %SystemRoot%\System32\wevtsvc.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Security\Microsoft-Windows-Security-Auditing] "ProviderGuid" = {54849625-5478-4994-a5ba-3e3b0328c30d} "EventMessageFile" = %SystemRoot%\system32\adtschema.dll -- [2009-07-14 03:03:48 | 000,680,448 | ---- | M] (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Security\SC Manager] "ParameterMessageFile" = %SystemRoot%\System32\MsObjs.dll -- [2009-07-14 03:07:14 | 000,060,416 | ---- | M] (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Security\SC Manager\ObjectNames] "SC_MANAGER Object" = 7168 "SERVICE Object" = 7184 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Security\Security] "CategoryCount" = 9 "CategoryMessageFile" = %SystemRoot%\System32\MsAuditE.dll -- [2009-07-14 03:06:53 | 000,145,920 | ---- | M] (Microsoft Corporation) "EventMessageFile" = %SystemRoot%\System32\MsAuditE.dll -- [2009-07-14 03:06:53 | 000,145,920 | ---- | M] (Microsoft Corporation) "ParameterMessageFile" = %SystemRoot%\System32\MsObjs.dll -- [2009-07-14 03:07:14 | 000,060,416 | ---- | M] (Microsoft Corporation) "TypesSupported" = 28 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Security\Security\ObjectNames] "Channel" = 5120 "Desktop" = 6672 "Device" = 4352 "Directory" = 4368 "Event" = 4384 "EventPair" = 4400 "File" = 4416 "IoCompletion" = 4864 "Job" = 5136 "Key" = 4432 "KeyedEvent" = 5696 "MailSlot" = 4416 "Mutant" = 4448 "NamedPipe" = 4416 "Port" = 4464 "Process" = 4480 "Profile" = 4496 "Section" = 4512 "Semaphore" = 4528 "SymbolicLink" = 4544 "Thread" = 4560 "Timer" = 4576 "Token" = 4592 "Type" = 4608 "WaitablePort" = 4464 "ALPC Port" = 4464 "WindowStation" = 6656 "WMI Namespace" = 16896 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Security\Security Account Manager] "ParameterMessageFile" = %SystemRoot%\System32\MsObjs.dll -- [2009-07-14 03:07:14 | 000,060,416 | ---- | M] (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Security\Security Account Manager\ObjectNames] "SAM_ALIAS" = 5424 "SAM_DOMAIN" = 5392 "SAM_GROUP" = 5408 "SAM_SERVER" = 5376 "SAM_USER" = 5440 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Security\ServiceModel 3.0.0.0] "ParameterMessageFile" = C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\ServiceModelEvents.dll -- [2009-06-10 22:30:45 | 000,008,032 | ---- | M] (Microsoft Corporation) "TypesSupported" = 31 "CategoryCount" = 3 "CategoryMessageFile" = %SystemRoot%\System32\MsAuditE.dll -- [2009-07-14 03:06:53 | 000,145,920 | ---- | M] (Microsoft Corporation) "EventSourceFlags" = 1 "EventMessageFile" = C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\ServiceModelEvents.dll -- [2009-06-10 22:30:45 | 000,008,032 | ---- | M] (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Security\ServiceModel 4.0.0.0] "TypesSupported" = 31 "CategoryMessageFile" = %SystemRoot%\System32\MsAuditE.dll -- [2009-07-14 03:06:53 | 000,145,920 | ---- | M] (Microsoft Corporation) "CategoryCount" = 3 "ParameterMessageFile" = c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ServiceModelEvents.dll -- [2010-03-18 14:27:14 | 000,008,032 | ---- | M] (Microsoft Corporation) "EventMessageFile" = c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ServiceModelEvents.dll -- [2010-03-18 14:27:14 | 000,008,032 | ---- | M] (Microsoft Corporation) "EventSourceFlags" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Security\Spooler] "ParameterMessageFile" = %SystemRoot%\System32\MsObjs.dll -- [2009-07-14 03:07:14 | 000,060,416 | ---- | M] (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Security\Spooler\ObjectNames] "Document" = 6944 "Printer" = 6928 "Server" = 6912 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Security\TCP/IP] "ParameterMessageFile" = %SystemRoot%\System32\MsObjs.dll -- [2009-07-14 03:07:14 | 000,060,416 | ---- | M] (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Security\TCP/IP\ObjectNames] "InternetPort" = 8064 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Security\VSSAudit] "EventMessageFile" = %SystemRoot%\System32\VSSVC.EXE "EventSourceFlags" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System] "DisplayNameFile" = %SystemRoot%\system32\wevtapi.dll -- [2009-07-14 03:16:18 | 000,262,144 | ---- | M] (Microsoft Corporation) "DisplayNameID" = 258 "PrimaryModule" = System "File" = %SystemRoot%\system32\winevt\Logs\System.evtx "MaxSize" = 20971520 "Retention" = 0 "RestrictGuestAccess" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\ACPI] "EventMessageFile" = %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\Drivers\acpi.sys "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\adp94xx] "EventMessageFile" = %SystemRoot%\System32\IoLogMsg.dll -- [2009-07-14 03:06:09 | 000,002,048 | ---- | M] (Microsoft Corporation) "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\adpahci] "EventMessageFile" = %SystemRoot%\System32\IoLogMsg.dll -- [2009-07-14 03:06:09 | 000,002,048 | ---- | M] (Microsoft Corporation) "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\adpu320] "EventMessageFile" = %SystemRoot%\System32\IoLogMsg.dll -- [2009-07-14 03:06:09 | 000,002,048 | ---- | M] (Microsoft Corporation) "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\AeLookupSvc] "EventMessageFile" = %SystemRoot%\System32\aelupsvc.dll "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\AmdK8] "EventMessageFile" = %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\amdk8.sys "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\AmdPPM] "EventMessageFile" = %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\amdppm.sys "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\amdsata] "EventMessageFile" = %SystemRoot%\System32\IoLogMsg.dll -- [2009-07-14 03:06:09 | 000,002,048 | ---- | M] (Microsoft Corporation) "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\amdsbs] "EventMessageFile" = %SystemRoot%\System32\IoLogMsg.dll -- [2009-07-14 03:06:09 | 000,002,048 | ---- | M] (Microsoft Corporation) "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\amdxata] "EventMessageFile" = %SystemRoot%\System32\IoLogMsg.dll -- [2009-07-14 03:06:09 | 000,002,048 | ---- | M] (Microsoft Corporation) "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\Application Management Group Policy] "ParameterMessageFile" = %SystemRoot%\System32\kernel32.dll -- [2013-01-04 06:51:08 | 001,114,112 | ---- | M] (Microsoft Corporation) "TypesSupported" = 7 "EventMessageFile" = %SystemRoot%\System32\appmgmts.dll -- [2009-07-14 03:14:53 | 000,149,504 | ---- | M] (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\Application Popup] "EventMessageFile" = %SystemRoot%\System32\ntdll.dll -- [2011-11-17 07:41:38 | 001,292,592 | ---- | M] (Microsoft Corporation) "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\arc] "EventMessageFile" = %SystemRoot%\System32\IoLogMsg.dll -- [2009-07-14 03:06:09 | 000,002,048 | ---- | M] (Microsoft Corporation) "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\arcsas] "EventMessageFile" = %SystemRoot%\System32\IoLogMsg.dll -- [2009-07-14 03:06:09 | 000,002,048 | ---- | M] (Microsoft Corporation) "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\AsyncMac] "EventMessageFile" = %SystemRoot%\System32\mprmsg.dll -- [2009-07-14 03:15:41 | 000,104,960 | ---- | M] (Microsoft Corporation) "TypesSupported" = 31 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\atapi] "EventMessageFile" = %SystemRoot%\System32\IoLogMsg.dll -- [2009-07-14 03:06:09 | 000,002,048 | ---- | M] (Microsoft Corporation) "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\atikmdag] "EventMessageFile" = %SystemRoot%\System32\drivers\ati2erec.dll "TypesSupported" = 7 "CategoryMessageFile" = %SystemRoot%\System32\drivers\ati2erec.dll "CategoryCount" = 63 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\b06bdrv] "eventmessagefile" = %SystemRoot%\System32\iologmsg.dll;%SystemRoot%\System32\drivers\bxvbda.sys "typessupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\b57nd60a] "EventMessageFile" = %SystemRoot%\System32\netevent.dll;%SystemRoot%\System32\drivers\b57nd60a.sys "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\beep] "EventMessageFile" = %SystemRoot%\System32\IoLogMsg.dll -- [2009-07-14 03:06:09 | 000,002,048 | ---- | M] (Microsoft Corporation) "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\Bowser] "EventMessageFile" = %systemroot%\system32\netevent.dll -- [2009-07-14 03:07:56 | 000,018,944 | ---- | M] (Microsoft Corporation) "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\Browser] "EventMessageFile" = %systemroot%\system32\netevent.dll -- [2009-07-14 03:07:56 | 000,018,944 | ---- | M] (Microsoft Corporation) "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\BthEnum] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\BTHPORT] "EventMessageFile" = %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\Drivers\Bthport.sys "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\BTHUSB] "EventMessageFile" = %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\Drivers\Bthport.sys;%SystemRoot%\System32\Drivers\BthUsb.sys "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\BugCheck] "providerGuid" = {ABCE23E7-DE45-4366-8631-84FA6C525952} [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\cdrom] "EventMessageFile" = %SystemRoot%\System32\IoLogMsg.dll -- [2009-07-14 03:06:09 | 000,002,048 | ---- | M] (Microsoft Corporation) "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\DCOM] "providerGuid" = {1B562E86-B7AA-4131-BADC-B6F3A001407E} [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\DfsSvc] "ProviderGuid" = {7DA4FE0E-FD42-4708-9AA5-89B77A224885} [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\Dhcp] "providerGuid" = {15A7A4F8-0072-4EAB-ABAD-F98A4D666AED} "EventMessageFile" = %SystemRoot%\System32\dhcpcore.dll -- [2009-07-14 03:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) "ParameterMessageFile" = %SystemRoot%\System32\kernel32.dll -- [2013-01-04 06:51:08 | 001,114,112 | ---- | M] (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\Dhcpv6] "providerGuid" = {6A1F2B00-6A90-4C38-95A5-5CAB3B056778} "EventMessageFile" = %SystemRoot%\system32\dhcpcore6.dll -- [2009-07-14 03:15:11 | 000,191,488 | ---- | M] (Microsoft Corporation) "ParameterMessageFile" = %SystemRoot%\system32\kernelbase.dll -- [2013-01-04 06:51:08 | 000,274,944 | ---- | M] (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\Dhcp_QEC] "EventMessageFile" = %Systemroot%\System32\dhcpqec.dll -- [2009-07-14 03:15:11 | 000,081,920 | ---- | M] (Microsoft Corporation) "ParameterMessageFile" = %Systemroot%\System32\dhcpqec.dll -- [2009-07-14 03:15:11 | 000,081,920 | ---- | M] (Microsoft Corporation) "TypesSupported" = 31 "providerGuid" = {F6DA35CE-D312-41C8-9828-5A2E173C91B6} [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\disk] "EventMessageFile" = %SystemRoot%\System32\IoLogMsg.dll -- [2009-07-14 03:06:09 | 000,002,048 | ---- | M] (Microsoft Corporation) "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\Display] "EventMessageFile" = %SystemRoot%\System32\DispCI.dll "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\Dnsapi] "ParameterMessageFile" = %Systemroot%\system32\kernel32.dll -- [2013-01-04 06:51:08 | 001,114,112 | ---- | M] (Microsoft Corporation) "EventMessageFile" = %Systemroot%\system32\netevent.dll -- [2009-07-14 03:07:56 | 000,018,944 | ---- | M] (Microsoft Corporation) "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\Dnscache] "ParameterMessageFile" = %Systemroot%\system32\kernel32.dll -- [2013-01-04 06:51:08 | 001,114,112 | ---- | M] (Microsoft Corporation) "EventMessageFile" = %Systemroot%\system32\netevent.dll -- [2009-07-14 03:07:56 | 000,018,944 | ---- | M] (Microsoft Corporation) "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\e1express] "EventMessageFile" = %SystemRoot%\System32\netevent.dll;%SystemRoot%\System32\drivers\e1e6232e.sys "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\ebdrv] "eventmessagefile" = %SystemRoot%\System32\iologmsg.dll;%SystemRoot%\System32\drivers\evbda.sys "typessupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\elxstor] "EventMessageFile" = %SystemRoot%\System32\IoLogMsg.dll -- [2009-07-14 03:06:09 | 000,002,048 | ---- | M] (Microsoft Corporation) "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\eventlog] "EventMessageFile" = %SystemRoot%\System32\netevent.dll -- [2009-07-14 03:07:56 | 000,018,944 | ---- | M] (Microsoft Corporation) "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\exFAT] "TypesSupported" = 7 "EventMessageFile" = %SystemRoot%\System32\IoLogMsg.dll -- [2009-07-14 03:06:09 | 000,002,048 | ---- | M] (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\FltMgr] "TypesSupported" = 7 "EventMessageFile" = %SystemRoot%\System32\drivers\fltmgr.sys;%SystemRoot%\System32\IoLogMsg.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\fvevol] "ProviderGuid" = {651DF93B-5053-4D1E-94C5-F6E6D25908D0} [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\HidBth] "EventMessageFile" = %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\Drivers\hidbth.sys "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\HpSAMD] "EventMessageFile" = %SystemRoot%\System32\IoLogMsg.dll -- [2009-07-14 03:06:09 | 000,002,048 | ---- | M] (Microsoft Corporation) "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\Http] "ProviderGuid" = {7b6bc78c-898b-4170-bbf8-1a469ea43fc5} [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\huawei_cdcacm] "EventMessageFile" = %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\ew_jucdcacm.sys "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\huawei_wwanecm] "EventMessageFile" = %SystemRoot%\System32\netevent.dll -- [2009-07-14 03:07:56 | 000,018,944 | ---- | M] (Microsoft Corporation) "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\i8042prt] "EventMessageFile" = %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\i8042prt.sys "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\iaStor] "EventMessageFile" = %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\iaStor.sys "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\iaStorV] "EventMessageFile" = %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\iaStorV.sys "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\iirsp] "EventMessageFile" = %SystemRoot%\System32\IoLogMsg.dll -- [2009-07-14 03:06:09 | 000,002,048 | ---- | M] (Microsoft Corporation) "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\intelppm] "EventMessageFile" = %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\intelppm.sys "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\IPMGM] "providerGuid" = {29D13147-1C2E-48EC-9994-E29DFE496EB3} "EventMessageFile" = %SystemRoot%\System32\rtm.dll -- [2009-07-14 03:16:13 | 000,115,200 | ---- | M] (Microsoft Corporation) "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\IPMIDRV] "EventMessageFile" = %SystemRoot%\System32\drivers\ipmidrv.sys "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\IPNATHLP] "providerGuid" = {A6F32731-9A38-4159-A220-3D9B7FC5FE5D} [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\IPRouterManager] "providerGuid" = {F2C628AE-D26C-4352-9C45-74754E1E2F9F} "EventMessageFile" = %SystemRoot%\System32\mprmsg.dll -- [2009-07-14 03:15:41 | 000,104,960 | ---- | M] (Microsoft Corporation) "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\irevents] "CategoryCount" = 1 "TypesSupported" = 7 "CategoryMessageFile" = "EventMessageFile" = %SystemRoot%\System32\irmon.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\isapnp] "EventMessageFile" = %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\isapnp.sys "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\iScsiPrt] "EventMessageFile" = %SystemRoot%\System32\iscsilog.dll "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\ITEIRDA] "EventMessageFile" = %SystemRoot%\System32\netevent.dll -- [2009-07-14 03:07:56 | 000,018,944 | ---- | M] (Microsoft Corporation) "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\kbdclass] "EventMessageFile" = %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\kbdclass.sys "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\kbdhid] "EventMessageFile" = %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\kbdhid.sys "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\Kerberos] "EventMessageFile" = %SystemRoot%\System32\kerberos.dll -- [2012-08-11 01:54:04 | 000,541,184 | ---- | M] (Microsoft Corporation) "TypesSupported" = 7 "ProviderGuid" = {98E6CFCB-EE0A-41E0-A57B-622D4E1B30B1} [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\lltdio] "EventMessageFile" = %SystemRoot%\System32\netevent.dll -- [2009-07-14 03:07:56 | 000,018,944 | ---- | M] (Microsoft Corporation) "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\LmHosts] "EventMessageFile" = %SystemRoot%\System32\netevent.dll -- [2009-07-14 03:07:56 | 000,018,944 | ---- | M] (Microsoft Corporation) "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\LsaSrv] "ProviderGuid" = {199fe037-2b82-40a9-82ac-e1d46c792b99} "EventMessageFile" = %windir%\System32\lsasrv.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\LSI_FC] "EventMessageFile" = %SystemRoot%\System32\IoLogMsg.dll -- [2009-07-14 03:06:09 | 000,002,048 | ---- | M] (Microsoft Corporation) "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\LSI_SAS] "EventMessageFile" = %SystemRoot%\System32\IoLogMsg.dll -- [2009-07-14 03:06:09 | 000,002,048 | ---- | M] (Microsoft Corporation) "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\LSI_SAS2] "EventMessageFile" = %SystemRoot%\System32\IoLogMsg.dll -- [2009-07-14 03:06:09 | 000,002,048 | ---- | M] (Microsoft Corporation) "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\LSI_SCSI] "EventMessageFile" = %SystemRoot%\System32\IoLogMsg.dll -- [2009-07-14 03:06:09 | 000,002,048 | ---- | M] (Microsoft Corporation) "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\LSM] "EventMessageFile" = %SystemRoot%\system32\lsm.exe "TypesSupported" = 7 "providerGuid" = {5d896912-022d-40aa-a3a8-4fa5515c76d7} [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\megasas] "EventMessageFile" = %SystemRoot%\System32\IoLogMsg.dll -- [2009-07-14 03:06:09 | 000,002,048 | ---- | M] (Microsoft Corporation) "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\MegaSR] "EventMessageFile" = %SystemRoot%\System32\IoLogMsg.dll -- [2009-07-14 03:06:09 | 000,002,048 | ---- | M] (Microsoft Corporation) "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\Microsoft-Windows-Application-Experience] "ProviderGuid" = {eef54e71-0661-422d-9a98-82fd4940b820} "EventMessageFile" = %SystemRoot%\system32\aeevts.dll -- [2009-07-14 03:03:48 | 000,023,040 | ---- | M] (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\Microsoft-Windows-BitLocker-API] "ProviderGuid" = {5d674230-ca9f-11da-a94d-0800200c9a66} "EventMessageFile" = %SystemRoot%\system32\fveapi.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\Microsoft-Windows-BitLocker-Driver] "ProviderGuid" = {651df93b-5053-4d1e-94c5-f6e6d25908d0} "EventMessageFile" = %SystemRoot%\system32\drivers\fvevol.sys [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\Microsoft-Windows-Bits-Client] "ProviderGuid" = {ef1cc15b-46c1-414e-bb95-e76b077bd51e} "EventMessageFile" = %systemroot%\system32\qmgr.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\Microsoft-Windows-CorruptedFileRecovery-Client] "ProviderGuid" = {ba093605-3909-4345-990b-26b746adee0a} "EventMessageFile" = %SystemRoot%\system32\cofiredm.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\Microsoft-Windows-CorruptedFileRecovery-Server] "ProviderGuid" = {d6f68875-cdf5-43a5-a3e3-53ffd683311c} "EventMessageFile" = %SystemRoot%\system32\cofiredm.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\Microsoft-Windows-DfsSvc] "ProviderGuid" = {7da4fe0e-fd42-4708-9aa5-89b77a224885} "EventMessageFile" = %SystemRoot%\system32\netevent.dll -- [2009-07-14 03:07:56 | 000,018,944 | ---- | M] (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\Microsoft-Windows-Dhcp-Client] "ProviderGuid" = {15a7a4f8-0072-4eab-abad-f98a4d666aed} "EventMessageFile" = %SystemRoot%\system32\dhcpcore.dll -- [2009-07-14 03:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\Microsoft-Windows-Dhcp-Nap-Enforcement-Client] "ProviderGuid" = {f6da35ce-d312-41c8-9828-5a2e173c91b6} "EventMessageFile" = %Systemroot%\system32\dhcpqec.dll -- [2009-07-14 03:15:11 | 000,081,920 | ---- | M] (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\Microsoft-Windows-DHCPv6-Client] "ProviderGuid" = {6a1f2b00-6a90-4c38-95a5-5cab3b056778} "EventMessageFile" = %systemroot%\system32\dhcpcore6.dll -- [2009-07-14 03:15:11 | 000,191,488 | ---- | M] (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\Microsoft-Windows-Diagnostics-Networking] "ProviderGuid" = {36c23e18-0e66-11d9-bbeb-505054503030} "EventMessageFile" = %windir%\system32\netdiagfx.dll -- [2009-07-14 03:16:02 | 000,225,792 | ---- | M] (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\Microsoft-Windows-Directory-Services-SAM] "ProviderGuid" = {0d4fdc09-8c27-494a-bda0-505e4fd8adae} "EventMessageFile" = %SystemRoot%\System32\samsrv.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\Microsoft-Windows-DiskDiagnostic] "ProviderGuid" = {e670a5a2-ce74-4ab4-9347-61b815319f4c} "EventMessageFile" = %windir%\system32\dfdts.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\Microsoft-Windows-DNS-Client] "ProviderGuid" = {1c95126e-7eea-49a9-a3fe-a378b03ddb4d} "EventMessageFile" = %SystemRoot%\system32\dnsapi.dll -- [2011-03-03 07:29:23 | 000,269,824 | ---- | M] (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\Microsoft-Windows-DriverFrameworks-UserMode] "ProviderGuid" = {2e35aaeb-857f-4beb-a418-2e6c0e54d988} "EventMessageFile" = %SystemRoot%\system32\WUDFPlatform.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\Microsoft-Windows-EnhancedStorage-EhStorCertDrv] "ProviderGuid" = {bd2d1dae-d678-4e10-9667-21cba2aa70c3} "EventMessageFile" = %SystemRoot%\System32\EhStorAuthn.exe -- [2009-07-14 03:14:19 | 000,130,560 | ---- | M] (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\Microsoft-Windows-EventCollector] "ProviderGuid" = {b977cf02-76f6-df84-cc1a-6a4b232322b6} "EventMessageFile" = %SystemRoot%\system32\wecsvc.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\Microsoft-Windows-Eventlog] "ProviderGuid" = {fc65ddd8-d6ef-4962-83d5-6e5cfe9ce148} "EventMessageFile" = %SystemRoot%\System32\wevtsvc.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\Microsoft-Windows-Fault-Tolerant-Heap] "ProviderGuid" = {6b93bf66-a922-4c11-a617-cf60d95c133d} "EventMessageFile" = %SystemRoot%\system32\fthsvc.dll -- [2009-07-14 03:15:21 | 000,179,712 | ---- | M] (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\Microsoft-Windows-FilterManager] "ProviderGuid" = {f3c5e28e-63f6-49c7-a204-e48a1bc4b09d} "EventMessageFile" = %SystemRoot%\system32\drivers\fltmgr.sys [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\Microsoft-Windows-Firewall] "ProviderGuid" = {e595f735-b42a-494b-afcd-b68666945cd3} "EventMessageFile" = %SystemRoot%\system32\mpssvc.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\Microsoft-Windows-FMS] "ProviderGuid" = {dea07764-0790-44de-b9c4-49677b17174f} "EventMessageFile" = %SystemRoot%\system32\fms.dll -- [2009-07-14 03:15:21 | 000,093,696 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\Microsoft-Windows-FunctionDiscoveryHost] "ProviderGuid" = {538cbbad-4877-4eb2-b26e-7caee8f0f8cb} "EventMessageFile" = %SystemRoot%\system32\fdphost.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\Microsoft-Windows-GroupPolicy] "ProviderGuid" = {aea1b4fa-97d1-45f2-a64c-4d69fffd92c9} "EventMessageFile" = %systemroot%\system32\gpsvc.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\Microsoft-Windows-HAL] "ProviderGuid" = {63d1e632-95cc-4443-9312-af927761d52a} "EventMessageFile" = %systemroot%\system32\microsoft-windows-hal-events.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\Microsoft-Windows-HttpEvent] "ProviderGuid" = {7b6bc78c-898b-4170-bbf8-1a469ea43fc5} "EventMessageFile" = %SystemRoot%\system32\drivers\HTTP.SYS [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\Microsoft-Windows-IPBusEnum] "ProviderGuid" = {cd032e15-15ad-4da4-afc6-03bf83516195} "EventMessageFile" = %systemroot%\system32\ipbusenum.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\Microsoft-Windows-Iphlpsvc] "ProviderGuid" = {66a5c15c-4f8e-4044-bf6e-71d896038977} "EventMessageFile" = %windir%\system32\iphlpsvc.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\Microsoft-Windows-Kernel-Boot] "ProviderGuid" = {15ca44ff-4d7a-4baa-bba5-0998955e531e} "EventMessageFile" = %SystemRoot%\system32\advapi32.dll -- [2009-07-14 03:14:53 | 000,640,000 | ---- | M] (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\Microsoft-Windows-Kernel-General] "ProviderGuid" = {a68ca8b7-004f-d7b6-a698-07e2de0f1f5d} "EventMessageFile" = %SystemRoot%\system32\advapi32.dll -- [2009-07-14 03:14:53 | 000,640,000 | ---- | M] (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\Microsoft-Windows-Kernel-PnP] "ProviderGuid" = {9c205a39-1250-487d-abd7-e831c6290539} "EventMessageFile" = %SystemRoot%\system32\advapi32.dll -- [2009-07-14 03:14:53 | 000,640,000 | ---- | M] (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\Microsoft-Windows-Kernel-Power] "ProviderGuid" = {331c3b3a-2005-44c2-ac5e-77220c37d6b4} "EventMessageFile" = %systemroot%\system32\microsoft-windows-kernel-power-events.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\Microsoft-Windows-Kernel-Processor-Power] "ProviderGuid" = {0f67e49f-fe51-4e9f-b490-6f2948cc6027} "EventMessageFile" = %systemroot%\system32\microsoft-windows-kernel-processor-power-events.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\Microsoft-Windows-Kernel-Tm] "ProviderGuid" = {4cec9c95-a65f-4591-b5c4-30100e51d870} "EventMessageFile" = %SystemRoot%\system32\ktmw32.dll -- [2009-07-14 03:15:35 | 000,020,480 | ---- | M] (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\Microsoft-Windows-Kernel-WHEA] "ProviderGuid" = {7b563579-53c8-44e7-8236-0f87b9fe6594} "EventMessageFile" = %SystemRoot%\system32\PSHED.DLL -- [2009-07-14 03:19:03 | 000,052,816 | ---- | M] (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\Microsoft-Windows-LanguagePackSetup] "ProviderGuid" = {7237fff9-a08a-4804-9c79-4a8704b70b87} "EventMessageFile" = %SystemRoot%\system32\lpksetup.exe [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\Microsoft-Windows-MemoryDiagnostics-Results] "ProviderGuid" = {5f92bc59-248f-4111-86a9-e393e12c6139} "EventMessageFile" = %SystemRoot%\System32\relpost.exe [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\Microsoft-Windows-MemoryDiagnostics-Schedule] "ProviderGuid" = {73e9c9de-a148-41f7-b1db-4da051fdc327} "EventMessageFile" = %SystemRoot%\System32\mdsched.exe [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\Microsoft-Windows-OfflineFiles] "ProviderGuid" = {95353826-4fbe-41d4-9c42-f521c6e86360} "EventMessageFile" = %systemroot%\system32\cscsvc.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\Microsoft-Windows-Power-Troubleshooter] "ProviderGuid" = {cdc05e28-c449-49c6-b9d2-88cf761644df} "EventMessageFile" = %systemroot%\system32\pots.dll -- [2009-07-14 03:16:12 | 000,022,528 | ---- | M] (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\Microsoft-Windows-RasSstp] "ProviderGuid" = {6c260f2c-049a-43d8-bf4d-d350a4e6611a} "EventMessageFile" = %SystemRoot%\System32\sstpsvc.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\Microsoft-Windows-Recovery] "ProviderGuid" = {9e95e4d0-4cb4-4b5d-a936-c972d7d08d90} "EventMessageFile" = %SystemRoot%\system32\recovery.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\Microsoft-Windows-Resource-Exhaustion-Detector] "ProviderGuid" = {9988748e-c2e8-4054-85f6-0c3e1cad2470} "EventMessageFile" = %SystemRoot%\system32\radardt.dll -- [2009-07-14 03:16:12 | 000,085,504 | ---- | M] (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\Microsoft-Windows-ResourcePublication] "ProviderGuid" = {74c2135f-cc76-45c3-879a-ef3bb1eeaf86} "EventMessageFile" = %SystemRoot%\system32\fdrespub.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\Microsoft-Windows-SCPNP] "ProviderGuid" = {9f650c63-9409-453c-a652-83d7185a2e83} "EventMessageFile" = %SystemRoot%\system32\certprop.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\Microsoft-Windows-Servicing] "EventMessageFile" = %SystemRoot%\servicing\cbsmsg.dll -- [2009-07-14 03:40:13 | 000,028,672 | ---- | M] (Microsoft Corporation) "TypesSupported" = 7 "ProviderGuid" = {bd12f3b8-fc40-4a61-a307-b7a013a069c1} [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\Microsoft-Windows-Setup] "ProviderGuid" = {75ebc33e-997f-49cf-b49f-ecc50184b75d} "EventMessageFile" = %SystemRoot%\system32\oobe\winsetup.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\Microsoft-Windows-StartupRepair] "ProviderGuid" = {c914f0df-835a-4a22-8c70-732c9a80c634} "EventMessageFile" = %SystemRoot%\System32\reagent.dll -- [2009-07-14 03:16:13 | 000,247,808 | ---- | M] (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\Microsoft-Windows-Subsys-SMSS] "ProviderGuid" = {43e63da5-41d1-4fbf-aded-1bbed98fdd1d} "EventMessageFile" = %windir%\system32\csrsrv.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\Microsoft-Windows-TaskScheduler] "ProviderGuid" = {de7b24ea-73c8-4a09-985d-5bdadcfa9017} "EventMessageFile" = %SystemRoot%\system32\schedsvc.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\Microsoft-Windows-TBS] "ProviderGuid" = {51480c1a-90aa-416e-98fd-4c11f735349b} "EventMessageFile" = %SystemRoot%\system32\tbssvc.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\Microsoft-Windows-TerminalServices-LocalSessionManager] "ProviderGuid" = {5d896912-022d-40aa-a3a8-4fa5515c76d7} "EventMessageFile" = %SystemRoot%\system32\lsm.exe [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\Microsoft-Windows-TerminalServices-RemoteConnectionManager] "ProviderGuid" = {c76baa63-ae81-421c-b425-340b4b24157f} "EventMessageFile" = %SystemRoot%\system32\termsrv.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\Microsoft-Windows-Time-Service] "ProviderGuid" = {06edcfeb-0fd0-4e53-acca-a6f8bbf81bcb} "EventMessageFile" = %SystemRoot%\system32\w32time.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\Microsoft-Windows-TPM-WMI] "ProviderGuid" = {7d5387b0-cbe0-11da-a94d-0800200c9a66} "EventMessageFile" = %SystemRoot%\system32\wbem\Win32_Tpm.dll -- [2009-07-14 03:17:54 | 000,102,448 | ---- | M] (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\Microsoft-Windows-UserPnp] "ProviderGuid" = {96f4a050-7e31-453c-88be-9634f4e02139} "EventMessageFile" = %SystemRoot%\system32\umpnpmgr.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\Microsoft-Windows-WHEA-Logger] "ProviderGuid" = {c26c4f3c-3f66-4e99-8f8a-39405cfed220} "EventMessageFile" = %systemroot%\system32\whealogr.dll -- [2009-07-14 03:16:18 | 000,032,768 | ---- | M] (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\Microsoft-Windows-WindowsUpdateClient] "ProviderGuid" = {945a8954-c147-4acd-923f-40c45405a658} "EventMessageFile" = %systemroot%\system32\wuaueng.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\Microsoft-Windows-Wininit] "ProviderGuid" = {206f6dea-d3c5-4d10-bc72-989f03c8b84b} "EventMessageFile" = %SystemRoot%\system32\wininit.exe -- [2009-07-14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\Microsoft-Windows-Winlogon] "ProviderGuid" = {dbe9b383-7cf3-4331-91cc-a3cb16a3b538} "EventMessageFile" = %SystemRoot%\system32\winlogon.exe [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\Microsoft-Windows-WLAN-AutoConfig] "ProviderGuid" = {9580d7dd-0379-4658-9870-d5be7d52d6de} "EventMessageFile" = %windir%\system32\wlansvc.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\mouclass] "EventMessageFile" = %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\mouclass.sys "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\mouhid] "EventMessageFile" = %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\mouhid.sys "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\mpio] "EventMessageFile" = %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\mpio.sys "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\mrxsmb] "EventMessageFile" = %systemroot%\system32\netevent.dll;%systemroot%\system32\iologmsg.dll "TypesSupported" = 7 "ParameterMessageFile" = %SystemRoot%\System32\kernel32.dll -- [2013-01-04 06:51:08 | 001,114,112 | ---- | M] (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\MSDTC Gateway] "EventMessageFile" = C:\Windows\Microsoft.NET\Framework64\v2.0.50727\EventLogMessages.dll -- [2009-06-10 22:39:50 | 000,794,448 | ---- | M] (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\MSDTC WS-AT Protocol] "EventMessageFile" = C:\Windows\Microsoft.NET\Framework64\v2.0.50727\EventLogMessages.dll -- [2009-06-10 22:39:50 | 000,794,448 | ---- | M] (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\MSiSCSI] "EventMessageFile" = %systemroot%\System32\iscsiexe.dll "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\MTConfig] "EventMessageFile" = %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\MTConfig.sys "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\Mup] "EventMessageFile" = C:\Windows\system32\netevent.dll;C:\Windows\system32\iologmsg.dll -- [2009-07-14 03:07:56 | 000,018,944 | ---- | M] (Microsoft Corporation) "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\NAPIPSecEnf] "providerGuid" = {8115579E-2BEA-4C9E-9AB1-821CC2C98AB0} [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\NdisWan] "EventMessageFile" = %SystemRoot%\System32\mprmsg.dll -- [2009-07-14 03:15:41 | 000,104,960 | ---- | M] (Microsoft Corporation) "TypesSupported" = 31 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\NetBIOS] "EventMessageFile" = %SystemRoot%\System32\iologmsg.dll -- [2009-07-14 03:06:09 | 000,002,048 | ---- | M] (Microsoft Corporation) "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\NetBT] "EventMessageFile" = %SystemRoot%\System32\netevent.dll -- [2009-07-14 03:07:56 | 000,018,944 | ---- | M] (Microsoft Corporation) "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\Netlogon] "EventMessageFile" = %SystemRoot%\System32\netmsg.dll -- [2009-07-14 03:07:56 | 000,002,048 | ---- | M] (Microsoft Corporation) "ParameterMessageFile" = %SystemRoot%\System32\kernel32.dll -- [2013-01-04 06:51:08 | 001,114,112 | ---- | M] (Microsoft Corporation) "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\netr28ux] "EventMessageFile" = %SystemRoot%\System32\netevent.dll,%SystemRoot%\System32\drivers\netr28ux.sys "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\netw5v64] "EventMessageFile" = %SystemRoot%\System32\netevent.dll;%SystemRoot%\System32\Drivers\netw5v64.sys "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\nfrd960] "EventMessageFile" = %SystemRoot%\System32\IoLogMsg.dll -- [2009-07-14 03:06:09 | 000,002,048 | ---- | M] (Microsoft Corporation) "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\Ntfs] "EventMessageFile" = %SystemRoot%\system32\drivers\ntfs.sys [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\nvraid] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\nvstor] "EventMessageFile" = %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\nvstor.sys "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\O2MDRDR] "EventMessageFile" = %SystemRoot%\System32\drivers\o2mdx64.sys "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\O2SCBUS] "EventMessageFile" = %SystemRoot%\System32\drivers\ozscrx64.sys "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\O2SDRDR] "EventMessageFile" = %SystemRoot%\System32\drivers\o2sdx64.sys "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\P2PIMSvc] "ProviderGuid" = {2992E9CF-4F99-48f5-A0B6-B99B11CD387D} [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\Parport] "EventMessageFile" = %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\parport.sys "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\partmgr] "EventMessageFile" = %SystemRoot%\System32\IoLogMsg.dll -- [2009-07-14 03:06:09 | 000,002,048 | ---- | M] (Microsoft Corporation) "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\pcmcia] "EventMessageFile" = %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\Drivers\Pcmcia.sys "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\PlugPlayManager] "EventMessageFile" = %SystemRoot%\System32\umpnpmgr.dll "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\PNRPSvc] "ProviderGuid" = {BBE94F36-F8DC-4C33-8227-81602B7A3D53} [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\Power] "EventMessageFile" = %SystemRoot%\System32\umpo.dll "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\PptpMiniport] "EventMessageFile" = %SystemRoot%\System32\netevent.dll -- [2009-07-14 03:07:56 | 000,018,944 | ---- | M] (Microsoft Corporation) "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\Print] "EventMessageFile" = %SystemRoot%\System32\ntprint.dll -- [2009-07-14 03:16:11 | 000,297,472 | ---- | M] (Microsoft Corporation) "TypesSupported" = 7 "providerGuid" = {747EF6FD-E535-4d16-B510-42C90F6873A1} [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\PrintFilterPipelineSvc] "ProviderGuid" = {5B33145C-1C66-49F3-B4CA-F563C165F2C0} "TypesSupported" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\Processor] "EventMessageFile" = %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\processr.sys "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\ql2300] "EventMessageFile" = %SystemRoot%\System32\IoLogMsg.dll -- [2009-07-14 03:06:09 | 000,002,048 | ---- | M] (Microsoft Corporation) "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\ql40xx] "EventMessageFile" = %SystemRoot%\System32\IoLogMsg.dll -- [2009-07-14 03:06:09 | 000,002,048 | ---- | M] (Microsoft Corporation) "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\RasAuto] "EventMessageFile" = %SystemRoot%\System32\mprmsg.dll -- [2009-07-14 03:15:41 | 000,104,960 | ---- | M] (Microsoft Corporation) "TypesSupported" = 31 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\Rasman] "EventMessageFile" = %SystemRoot%\System32\mprmsg.dll -- [2009-07-14 03:15:41 | 000,104,960 | ---- | M] (Microsoft Corporation) "TypesSupported" = 31 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\RasSstp] "TypesSupported" = 28 "EventMessageFile" = %systemroot%\system32\sstpsvc.dll "ProviderGuid" = {6c260f2c-049a-43d8-bf4d-d350a4e6611a} [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\rdbss] "EventMessageFile" = C:\Windows\system32\netevent.dll -- [2009-07-14 03:07:56 | 000,018,944 | ---- | M] (Microsoft Corporation) "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\RemoteAccess] "EventMessageFile" = %SystemRoot%\System32\mprmsg.dll -- [2009-07-14 03:15:41 | 000,104,960 | ---- | M] (Microsoft Corporation) "ParameterMessageFile" = %SystemRoot%\System32\iassvcs.dll -- [2009-07-14 03:15:26 | 000,077,824 | ---- | M] (Microsoft Corporation) "TypesSupported" = 31 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\rspndr] "EventMessageFile" = %SystemRoot%\System32\netevent.dll -- [2009-07-14 03:07:56 | 000,018,944 | ---- | M] (Microsoft Corporation) "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\SAM] "EventMessageFile" = %SystemRoot%\System32\samsrv.dll "TypesSupported" = 7 "providerGuid" = {0D4FDC09-8C27-494A-BDA0-505E4FD8ADAE} [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\sbp2port] "EventMessageFile" = %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\sbp2port.sys "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\SCardSvr] "providerGuid" = {4FCBF664-A33A-4652-B436-9D558983D955} [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\Schannel] "ProviderGuid" = {1f678132-5938-4686-9fdc-c8ff68f15c85} "EventMessageFile" = %windir%\System32\lsasrv.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\Serial] "EventMessageFile" = %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\serial.sys "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\sermouse] "EventMessageFile" = %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\sermouse.sys "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\Server] "TypesSupported" = 7 "EventMessageFile" = %SystemRoot%\System32\netevent.dll -- [2009-07-14 03:07:56 | 000,018,944 | ---- | M] (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\Service Control Manager] "ProviderGuid" = {555908d1-a6d7-4695-8e1e-26931d2012f4} "EventMessageFile" = %SystemRoot%\system32\services.exe [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\SiSRaid2] "EventMessageFile" = %SystemRoot%\System32\IoLogMsg.dll -- [2009-07-14 03:06:09 | 000,002,048 | ---- | M] (Microsoft Corporation) "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\SiSRaid4] "EventMessageFile" = %SystemRoot%\System32\IoLogMsg.dll -- [2009-07-14 03:06:09 | 000,002,048 | ---- | M] (Microsoft Corporation) "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\Smb] "EventMessageFile" = %SystemRoot%\System32\netevent.dll -- [2009-07-14 03:07:56 | 000,018,944 | ---- | M] (Microsoft Corporation) "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\SMSvcHost 3.0.0.0] "CategoryCount" = 14 "CategoryMessageFile" = C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\ServiceModelEvents.dll -- [2009-06-10 22:30:45 | 000,008,032 | ---- | M] (Microsoft Corporation) "EventMessageFile" = C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\ServiceModelEvents.dll -- [2009-06-10 22:30:45 | 000,008,032 | ---- | M] (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\SMSvcHost 4.0.0.0] "CategoryCount" = 15 "CategoryMessageFile" = c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ServiceModelEvents.dll -- [2010-03-18 14:27:14 | 000,008,032 | ---- | M] (Microsoft Corporation) "EventMessageFile" = c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ServiceModelEvents.dll -- [2010-03-18 14:27:14 | 000,008,032 | ---- | M] (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\SNMPTRAP] "EventMessageFile" = %SystemRoot%\System32\snmptrap.exe "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\Srv] "TypesSupported" = 7 "EventMessageFile" = %SystemRoot%\System32\netevent.dll -- [2009-07-14 03:07:56 | 000,018,944 | ---- | M] (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\stexstor] "EventMessageFile" = %SystemRoot%\System32\IoLogMsg.dll -- [2009-07-14 03:06:09 | 000,002,048 | ---- | M] (Microsoft Corporation) "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\StillImage] "TypesSupported" = 7 "EventMessageFile" = %SystemRoot%\System32\wiaservc.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\storflt] "EventMessageFile" = %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\vmstorfltres.dll "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\System] "CategoryCount" = 7 "CategoryMessageFile" = %SystemRoot%\system32\wevtapi.dll -- [2009-07-14 03:16:18 | 000,262,144 | ---- | M] (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\Tcpip] "EventMessageFile" = %SystemRoot%\System32\netevent.dll -- [2009-07-14 03:07:56 | 000,018,944 | ---- | M] (Microsoft Corporation) "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\Tcpip6] "EventMessageFile" = %SystemRoot%\System32\netevent.dll -- [2009-07-14 03:07:56 | 000,018,944 | ---- | M] (Microsoft Corporation) "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\TCPMon] "TypesSupported" = 7 "EventMessageFile" = %SystemRoot%\System32\tcpmon.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\TermDD] "TypesSupported" = 7 "EventMessageFile" = %SystemRoot%\system32\ntdll.dll -- [2011-11-17 07:41:38 | 001,292,592 | ---- | M] (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\TermService] "EventMessageFile" = %SystemRoot%\system32\termsrv.dll "TypesSupported" = 7 "providerGuid" = {C76BAA63-AE81-421C-B425-340B4B24157F} [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\TPM] "EventMessageFile" = %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\tpm.sys "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\tunnel] "EventMessageFile" = %SystemRoot%\System32\netevent.dll -- [2009-07-14 03:07:56 | 000,018,944 | ---- | M] (Microsoft Corporation) "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\UmRdpService] "providerGuid" = {952773BF-C2B7-49BC-88F4-920744B82C43} "EventMessageFile" = %SystemRoot%\System32\umrdp.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\USB_Ethernet_Adaptor] "EventMessageFile" = %SystemRoot%\System32\netevent.dll -- [2009-07-14 03:07:56 | 000,018,944 | ---- | M] (Microsoft Corporation) "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\usb_rndisx] "EventMessageFile" = %SystemRoot%\System32\netevent.dll -- [2009-07-14 03:07:56 | 000,018,944 | ---- | M] (Microsoft Corporation) "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\USER32] "EventMessageFile" = %SystemRoot%\System32\user32.dll -- [2009-07-14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\VDS Basic Provider] "EventMessageFile" = %SystemRoot%\System32\vdsbas.dll -- [2009-07-14 03:16:17 | 000,160,256 | ---- | M] (Microsoft Corporation) "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\VDS Dynamic Provider] "EventMessageFile" = %SystemRoot%\System32\vdsdyn.dll -- [2009-07-14 03:16:17 | 000,518,144 | ---- | M] (Microsoft Corporation) "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\VDS Virtual Disk Provider] "EventMessageFile" = %SystemRoot%\System32\vdsvd.dll -- [2009-07-14 03:16:17 | 000,047,616 | ---- | M] (Microsoft Corporation) "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\vga] "EventMessageFile" = %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\vgapnp.sys "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\Virtual Disk Service] "EventMessageFile" = %SystemRoot%\System32\vds.exe "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\vmbus] "EventMessageFile" = %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\vmbusres.dll "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\volmgr] "EventMessageFile" = %SystemRoot%\System32\IoLogMsg.dll -- [2009-07-14 03:06:09 | 000,002,048 | ---- | M] (Microsoft Corporation) "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\Volsnap] "EventMessageFile" = %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\Drivers\VolSnap.sys "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\vsmraid] "EventMessageFile" = %SystemRoot%\System32\IoLogMsg.dll -- [2009-07-14 03:06:09 | 000,002,048 | ---- | M] (Microsoft Corporation) "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\W32Time] "EventMessageFile" = %Systemroot%\system32\w32time.dll "TypesSupported" = 7 "ProviderGuid" = {06EDCFEB-0FD0-4E53-ACCA-A6F8BBF81BCB} [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\WacomPen] "EventMessageFile" = %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\wacompen.sys "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\Wd] "EventMessageFile" = %SystemRoot%\System32\drivers\wd.sys "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\wdf01000] "EventMessageFile" = C:\Windows\System32\drivers\Wdf01000.sys "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\wecsvc] "EventMessageFile" = %SystemRoot%\System32\wecsvc.dll "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\Win32k] "EventMessageFile" = %SystemRoot%\System32\win32k.sys "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\WinDefend] "ParameterMessageFile" = %ProgramFiles%\Windows Defender\MpEvMsg.dll "ProviderGuid" = {11CD958A-C507-4EF3-B3F2-5FD9DFBD2C78} "TypesSupported" = 7 "EventMessageFile" = %ProgramFiles%\Windows Defender\MpEvMsg.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\Windows Disk Diagnostic] "TypesSupported" = 7 "EventMessageFile" = %SystemRoot%\System32\DFDTS.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\Windows Script Host] "EventMessageFile" = %SystemRoot%\System32\wshext.dll -- [2009-07-14 03:16:20 | 000,080,896 | ---- | M] (Microsoft Corporation) "TypesSupported" = 24 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\WinHttpAutoProxySvc] "EventMessageFile" = winhttp.dll -- [2010-12-21 07:38:22 | 000,350,720 | ---- | M] (Microsoft Corporation) "ProviderGuid" = {7D44233D-3055-4B9C-BA64-0D47CA40A232} "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\WinRM] "ProviderGuid" = {A7975C8F-AC13-49F1-87DA-5A984A4AB417} [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\WMIxWDM] "EventMessageFile" = %SystemRoot%\System32\IoLogMsg.dll -- [2009-07-14 03:06:09 | 000,002,048 | ---- | M] (Microsoft Corporation) "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\WMPNetworkSvc] "ProviderGuid" = {6A2DC7C1-930A-4FB5-BB44-80B30AEBED6C} [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\Workstation] "EventMessageFile" = C:\Windows\system32\netmsg.dll -- [2009-07-14 03:07:56 | 000,002,048 | ---- | M] (Microsoft Corporation) "TypesSupported" = 7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\WPC] "TypesSupported" = 7 "EventMessageFile" = %SystemRoot%\System32\wpcsvc.dll -- [2009-07-14 03:16:20 | 000,010,752 | ---- | M] (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\WPDClassInstaller] "ProviderGuid" = {AD5162D8-DAF0-4A25-88A7-01CBEB33902E} [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Windows PowerShell] "AutoBackupLogFiles" = 0 "MaxSize" = 15728640 "Sources" = PowerShell [binary data] "Retention" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Windows PowerShell\PowerShell] "CategoryCount" = 8 "CategoryMessageFile" = %SystemRoot%\system32\WindowsPowerShell\v1.0\pwrshmsg.dll -- [2009-07-14 03:06:47 | 000,002,048 | ---- | M] (Microsoft Corporation) "EventMessageFile" = %SystemRoot%\system32\WindowsPowerShell\v1.0\pwrshmsg.dll -- [2009-07-14 03:06:47 | 000,002,048 | ---- | M] (Microsoft Corporation) [color=#A23BEC]< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Schedule /S >[/color] "AtTaskMaxHours" = 72 "DisplayName" = @%SystemRoot%\system32\schedsvc.dll,-100 "Group" = SchedulerGroup "ImagePath" = %systemroot%\system32\svchost.exe -k netsvcs -- [2009-07-14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) "Description" = @%SystemRoot%\system32\schedsvc.dll,-101 "ObjectName" = LocalSystem "ErrorControl" = 1 "Start" = 2 "Type" = 32 "DependOnService" = RPCSSEventLog [binary data] "ServiceSidType" = 1 "RequiredPrivileges" = SeIncreaseQuotaPrivilegeSeChangeN [Binary data over 200 bytes] "FailureActions" = 80 51 01 00 00 00 00 00 00 00 00 00 03 00 00 00 14 00 00 00 01 00 00 00 60 EA 00 00 01 00 00 00 60 EA 00 00 00 00 00 00 00 00 00 00 [binary data] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Schedule\Parameters] "ServiceDll" = %systemroot%\system32\schedsvc.dll "ServiceDllUnloadOnStop" = 1 "ServiceMain" = ServiceMain [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Schedule\Security] "Security" = 01 00 14 80 90 00 00 00 9C 00 00 00 14 00 00 00 30 00 00 00 02 00 1C 00 01 00 00 00 02 80 14 00 FF 01 0F 00 01 01 00 00 00 00 00 01 00 00 00 00 02 00 60 00 04 00 00 00 00 00 14 00 8D 00 02 00 01 01 00 00 00 00 00 05 0B 00 00 00 00 00 18 00 DD 01 0E 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 00 00 14 00 FF 01 0F 00 01 01 00 00 00 00 00 05 12 00 00 00 00 00 18 00 8D 00 02 00 01 02 00 00 00 00 00 05 20 00 00 00 21 02 00 00 01 01 00 00 00 00 00 05 12 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00 [Binary data over 200 bytes] < End of report >