Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 17-11-2014 Ran by Remek at 2014-11-18 20:38:32 Run:3 Running from C:\Users\Remek\Downloads Loaded Profiles: Remek & serwis (Available profiles: Remek & serwis) Boot Mode: Normal ============================================== Content of fixlist: ***************** S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [X] FF Plugin-x32: @java.com/DTPlugin,version=10.5.1 -> C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll RemoveDirectory: C:\FRST\Quarantine RemoveDirectory: C:\Program Files (x86)\MyFree Codec RemoveDirectory: C:\Users\Remek\Desktop\Stare dane programu Firefox ListPermissions: HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Reg: reg query HKLM\SYSTEM\CurrentControlSet\Services\Eventlog /s Reg: reg query HKLM\SYSTEM\CurrentControlSet\Services\Winmgmt /s File: C:\Windows\system32\wevtsvc.dll ***************** ACDaemon => Service deleted successfully. "HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=10.5.1" => Key Deleted successfully. C:\Windows\SysWOW64\npDeployJava1.dll => Moved successfully. C:\Windows\SysWOW64\deployJava1.dll => Moved successfully. "C:\FRST\Quarantine" => Removed successfully. "C:\Program Files (x86)\MyFree Codec" => Removed successfully. "C:\Users\Remek\Desktop\Stare dane programu Firefox" => Removed successfully. "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} -> Listing permissions failed. Access Denied. ========= reg query HKLM\SYSTEM\CurrentControlSet\Services\Eventlog /s ========= HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog ServiceDll REG_EXPAND_SZ %SystemRoot%\System32\wevtsvc.dll ServiceMain REG_SZ ServiceMain PlugPlayServiceType REG_DWORD 0x3 ServiceDllUnloadOnStop REG_DWORD 0x1 DisplayName REG_SZ @%SystemRoot%\system32\wevtsvc.dll,-200 Group REG_SZ Event Log ImagePath REG_EXPAND_SZ %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted Description REG_SZ @%SystemRoot%\system32\wevtsvc.dll,-201 ObjectName REG_SZ NT AUTHORITY\LocalService ErrorControl REG_DWORD 0x1 Start REG_DWORD 0x2 Type REG_DWORD 0x20 ServiceSidType REG_DWORD 0x1 RequiredPrivileges REG_MULTI_SZ SeChangeNotifyPrivilege\0SeImpersonatePrivilege FailureActionsOnNonCrashFailures REG_DWORD 0x1 FailureActions REG_BINARY 80510100000000000000000003000000140000000100000060EA000001000000C0D401000000000000000000 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application DisplayNameFile REG_EXPAND_SZ %SystemRoot%\system32\wevtapi.dll DisplayNameID REG_DWORD 0x100 PrimaryModule REG_SZ Application File REG_EXPAND_SZ %SystemRoot%\system32\winevt\Logs\Application.evtx MaxSize REG_DWORD 0x1400000 Retention REG_DWORD 0x0 RestrictGuestAccess REG_DWORD 0x1 AutoBackupLogFiles REG_DWORD 0x0 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\.NET Runtime TypesSupported REG_DWORD 0x7 EventMessageFile REG_SZ C:\Windows\system32\mscoree.dll HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\.NET Runtime Optimization Service TypesSupported REG_DWORD 0x7 EventMessageFile REG_SZ C:\Windows\system32\mscoree.dll HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Application CategoryCount REG_DWORD 0x7 CategoryMessageFile REG_EXPAND_SZ %SystemRoot%\system32\wevtapi.dll HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Application Error EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\wer.dll TypesSupported REG_DWORD 0x7 CategoryMessageFile REG_EXPAND_SZ %SystemRoot%\System32\wer.dll CategoryCount REG_DWORD 0x1 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Application Hang EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\wersvc.dll TypesSupported REG_DWORD 0x7 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Application Management ParameterMessageFile REG_EXPAND_SZ %SystemRoot%\System32\kernel32.dll TypesSupported REG_DWORD 0x7 EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\appmgmts.dll HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Application-Addon-Event-Provider ProviderGuid REG_SZ {a83fa99f-c356-4ded-9fd6-5a5eb8546d68} EventMessageFile REG_EXPAND_SZ %SystemRoot%\system32\ieframe.dll HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\ASP.NET 1.1.4322.0 TypesSupported REG_DWORD 0x7 EventMessageFile REG_EXPAND_SZ C:\Windows\Microsoft.NET\Framework\v1.1.4322\aspnet_rc.dll CategoryCount REG_DWORD 0x2 CategoryMessageFile REG_EXPAND_SZ C:\Windows\Microsoft.NET\Framework\v1.1.4322\aspnet_rc.dll HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\ASP.NET 2.0.50727.0 TypesSupported REG_DWORD 0x7 EventMessageFile REG_EXPAND_SZ C:\Windows\Microsoft.NET\Framework64\v2.0.50727\aspnet_rc.dll CategoryCount REG_DWORD 0x5 CategoryMessageFile REG_EXPAND_SZ C:\Windows\Microsoft.NET\Framework64\v2.0.50727\aspnet_rc.dll HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\ASP.NET 4.0.30319.0 TypesSupported REG_DWORD 0x7 EventMessageFile REG_EXPAND_SZ C:\Windows\Microsoft.NET\Framework\v4.0.30319\pl\aspnet_rc.dll CategoryCount REG_DWORD 0x5 CategoryMessageFile REG_EXPAND_SZ C:\Windows\Microsoft.NET\Framework\v4.0.30319\pl\aspnet_rc.dll HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\AutoEnrollment ProviderGuid REG_EXPAND_SZ {F0DB7EF8-B6F3-4005-9937-FEB77B9E1B43} HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\BugSplat EventMessageFile REG_EXPAND_SZ C:\Program Files (x86)\Pando Networks\Media Booster\BugSplatRc.dll TypesSupported REG_DWORD 0x7 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\BusinessObjects_MsiExec CategoryCount REG_DWORD 0x2a CategoryMessageFile REG_SZ C:\Program Files (x86)\Business Objects\BusinessObjects Enterprise 11.5\win32_x86\log_xn_system.dll EventMessageFile REG_SZ C:\Program Files (x86)\Business Objects\BusinessObjects Enterprise 11.5\win32_x86\log_xn_system.dll TypesSupported REG_DWORD 0x7 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\CardSpace 3.0.0.0 CategoryCount REG_DWORD 0x1 CategoryMessageFile REG_SZ C:\Windows\System32\icardres.dll EventMessageFile REG_SZ C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\ServiceModelEvents.dll;C:\Windows\System32\icardres.dll HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\CardSpace 4.0.0.0 CategoryCount REG_DWORD 0x1 CategoryMessageFile REG_SZ C:\Windows\system32\icardres.dll EventMessageFile REG_SZ C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ServiceModelEvents.dll;C:\Windows\system32\icardres.dll HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\CertCli ProviderGuid REG_EXPAND_SZ {98BF1CD3-583E-4926-95EE-A61BF3F46470} HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\CertEnroll ProviderGuid REG_EXPAND_SZ {54164045-7C50-4905-963F-E5BC1EEF0CCA} HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Chkdsk TypesSupported REG_DWORD 0x7 EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\ulib.dll HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\COM providerGuid REG_EXPAND_SZ {bf406804-6afa-46e7-8a48-6c357e1d6d61} HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\COM+ providerGuid REG_EXPAND_SZ {0f177893-4a9c-4709-b921-f432d67f43d5} HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Crystal_RDC EventMessageFile REG_SZ C:\Program Files (x86)\Business Objects\Common\3.5\bin\craxdrt.dll HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Customer Experience Improvement Program providerGuid REG_EXPAND_SZ {A402FE09-DA6E-45F2-82AF-3CB37170EE0C} HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Desktop Window Manager EventMessageFile REG_EXPAND_SZ %SystemRoot%\system32\dwm.exe TypesSupported REG_DWORD 0x7 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\DiskQuota EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\dskquota.dll TypesSupported REG_SZ 0x00000007 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Dvd Maker TypesSupported REG_DWORD 0x7 EventMessageFile REG_EXPAND_SZ %ProgramFiles%\DVD Maker\DVDMaker.exe HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\DYMO Pnp Service EventMessageFile REG_EXPAND_SZ C:\Windows\Microsoft.NET\Framework64\v2.0.50727\EventLogMessages.dll HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\DymoPnpService EventMessageFile REG_EXPAND_SZ C:\Windows\Microsoft.NET\Framework64\v2.0.50727\EventLogMessages.dll HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\ESENT EventMessageFile REG_EXPAND_SZ %systemroot%\system32\esent.dll CategoryMessageFile REG_EXPAND_SZ %systemroot%\system32\esent.dll CategoryCount REG_DWORD 0x10 TypesSupported REG_DWORD 0x7 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\EventSystem providerGuid REG_EXPAND_SZ {899daace-4868-4295-afcd-9eb8fb497561} HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Folder Redirection EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\fdeploy.dll ProviderGuid REG_EXPAND_SZ {7D7B0C39-93F6-4100-BD96-4DDA859652C5} TypesSupported REG_DWORD 0x7 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Group Policy EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\gpapi.dll TypesSupported REG_DWORD 0x7 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Group Policy Applications ParameterMessageFile REG_SZ gpprefcl.dll TypesSupported REG_DWORD 0x7 CategoryCount REG_DWORD 0x2 CategoryMessageFile REG_SZ gpprefcl.dll EventMessageFile REG_SZ gpprefcl.dll HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Group Policy Client ParameterMessageFile REG_SZ gpprefcl.dll TypesSupported REG_DWORD 0x7 CategoryCount REG_DWORD 0x2 CategoryMessageFile REG_SZ gpprefcl.dll EventMessageFile REG_SZ gpprefcl.dll HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Group Policy Data Sources ParameterMessageFile REG_SZ gpprefcl.dll TypesSupported REG_DWORD 0x7 CategoryCount REG_DWORD 0x2 CategoryMessageFile REG_SZ gpprefcl.dll EventMessageFile REG_SZ gpprefcl.dll HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Group Policy Device Settings ParameterMessageFile REG_SZ gpprefcl.dll TypesSupported REG_DWORD 0x7 CategoryCount REG_DWORD 0x2 CategoryMessageFile REG_SZ gpprefcl.dll EventMessageFile REG_SZ gpprefcl.dll HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Group Policy Drive Maps ParameterMessageFile REG_SZ gpprefcl.dll TypesSupported REG_DWORD 0x7 CategoryCount REG_DWORD 0x2 CategoryMessageFile REG_SZ gpprefcl.dll EventMessageFile REG_SZ gpprefcl.dll HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Group Policy Environment ParameterMessageFile REG_SZ gpprefcl.dll TypesSupported REG_DWORD 0x7 CategoryCount REG_DWORD 0x2 CategoryMessageFile REG_SZ gpprefcl.dll EventMessageFile REG_SZ gpprefcl.dll HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Group Policy Files ParameterMessageFile REG_SZ gpprefcl.dll TypesSupported REG_DWORD 0x7 CategoryCount REG_DWORD 0x2 CategoryMessageFile REG_SZ gpprefcl.dll EventMessageFile REG_SZ gpprefcl.dll HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Group Policy Folder Options ParameterMessageFile REG_SZ gpprefcl.dll TypesSupported REG_DWORD 0x7 CategoryCount REG_DWORD 0x2 CategoryMessageFile REG_SZ gpprefcl.dll EventMessageFile REG_SZ gpprefcl.dll HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Group Policy Folders ParameterMessageFile REG_SZ gpprefcl.dll TypesSupported REG_DWORD 0x7 CategoryCount REG_DWORD 0x2 CategoryMessageFile REG_SZ gpprefcl.dll EventMessageFile REG_SZ gpprefcl.dll HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Group Policy Ini Files ParameterMessageFile REG_SZ gpprefcl.dll TypesSupported REG_DWORD 0x7 CategoryCount REG_DWORD 0x2 CategoryMessageFile REG_SZ gpprefcl.dll EventMessageFile REG_SZ gpprefcl.dll HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Group Policy Internet Settings ParameterMessageFile REG_SZ gpprefcl.dll TypesSupported REG_DWORD 0x7 CategoryCount REG_DWORD 0x2 CategoryMessageFile REG_SZ gpprefcl.dll EventMessageFile REG_SZ gpprefcl.dll HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Group Policy Local Users and Groups ParameterMessageFile REG_SZ gpprefcl.dll TypesSupported REG_DWORD 0x7 CategoryCount REG_DWORD 0x2 CategoryMessageFile REG_SZ gpprefcl.dll EventMessageFile REG_SZ gpprefcl.dll HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Group Policy Mail Profiles ParameterMessageFile REG_SZ gpprefcl.dll TypesSupported REG_DWORD 0x7 CategoryCount REG_DWORD 0x2 CategoryMessageFile REG_SZ gpprefcl.dll EventMessageFile REG_SZ gpprefcl.dll HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Group Policy Network Options ParameterMessageFile REG_SZ gpprefcl.dll TypesSupported REG_DWORD 0x7 CategoryCount REG_DWORD 0x2 CategoryMessageFile REG_SZ gpprefcl.dll EventMessageFile REG_SZ gpprefcl.dll HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Group Policy Network Shares ParameterMessageFile REG_SZ gpprefcl.dll TypesSupported REG_DWORD 0x7 CategoryCount REG_DWORD 0x2 CategoryMessageFile REG_SZ gpprefcl.dll EventMessageFile REG_SZ gpprefcl.dll HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Group Policy Power Options ParameterMessageFile REG_SZ gpprefcl.dll TypesSupported REG_DWORD 0x7 CategoryCount REG_DWORD 0x2 CategoryMessageFile REG_SZ gpprefcl.dll EventMessageFile REG_SZ gpprefcl.dll HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Group Policy Printers ParameterMessageFile REG_SZ gpprefcl.dll TypesSupported REG_DWORD 0x7 CategoryCount REG_DWORD 0x2 CategoryMessageFile REG_SZ gpprefcl.dll EventMessageFile REG_SZ gpprefcl.dll HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Group Policy Regional Options ParameterMessageFile REG_SZ gpprefcl.dll TypesSupported REG_DWORD 0x7 CategoryCount REG_DWORD 0x2 CategoryMessageFile REG_SZ gpprefcl.dll EventMessageFile REG_SZ gpprefcl.dll HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Group Policy Registry ParameterMessageFile REG_SZ gpprefcl.dll TypesSupported REG_DWORD 0x7 CategoryCount REG_DWORD 0x2 CategoryMessageFile REG_SZ gpprefcl.dll EventMessageFile REG_SZ gpprefcl.dll HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Group Policy Scheduled Tasks ParameterMessageFile REG_SZ gpprefcl.dll TypesSupported REG_DWORD 0x7 CategoryCount REG_DWORD 0x2 CategoryMessageFile REG_SZ gpprefcl.dll EventMessageFile REG_SZ gpprefcl.dll HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Group Policy Services ParameterMessageFile REG_SZ gpprefcl.dll TypesSupported REG_DWORD 0x7 CategoryCount REG_DWORD 0x2 CategoryMessageFile REG_SZ gpprefcl.dll EventMessageFile REG_SZ gpprefcl.dll HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Group Policy Shortcuts ParameterMessageFile REG_SZ gpprefcl.dll TypesSupported REG_DWORD 0x7 CategoryCount REG_DWORD 0x2 CategoryMessageFile REG_SZ gpprefcl.dll EventMessageFile REG_SZ gpprefcl.dll HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Group Policy Standard Edition ParameterMessageFile REG_SZ gpprefcl.dll TypesSupported REG_DWORD 0x7 CategoryCount REG_DWORD 0x2 CategoryMessageFile REG_SZ gpprefcl.dll EventMessageFile REG_SZ gpprefcl.dll HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Group Policy Start Menu Settings ParameterMessageFile REG_SZ gpprefcl.dll TypesSupported REG_DWORD 0x7 CategoryCount REG_DWORD 0x2 CategoryMessageFile REG_SZ gpprefcl.dll EventMessageFile REG_SZ gpprefcl.dll HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Handwriting Recognition TypesSupported REG_DWORD 0x7 CategoryCount REG_DWORD 0x7 CategoryMessageFile REG_EXPAND_SZ %CommonProgramFiles%\Microsoft Shared\Ink\IPSEventLogMsg.dll EventMessageFile REG_EXPAND_SZ %CommonProgramFiles%\Microsoft Shared\Ink\IPSEventLogMsg.dll HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\HotFixInstaller EventMessageFile REG_EXPAND_SZ C:\PROGRA~2\COMMON~1\MICROS~1\DW\DW20.EXE TypesSupported REG_DWORD 0x7 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\idsvc EventMessageFile REG_EXPAND_SZ C:\Windows\Microsoft.NET\Framework64\v2.0.50727\EventLogMessages.dll HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\IePluginServices EventMessageFile REG_EXPAND_SZ C:\ProgramData\IePluginSe TypesSupported REG_DWORD 0x7 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\IFXSPMGT TypesSupported REG_DWORD 0x7 EventMessageFile REG_EXPAND_SZ C:\Program Files (x86)\Infineon\Security Platform Software\IfxTrsMs.dll HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\IFXTCS TypesSupported REG_DWORD 0x7 EventMessageFile REG_EXPAND_SZ C:\Program Files (x86)\Infineon\Security Platform Software\IfxTrsMs.dll HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\IFXTPMCK TypesSupported REG_DWORD 0x7 EventMessageFile REG_EXPAND_SZ C:\Program Files (x86)\Infineon\Security Platform Software\IfxTrsMs.dll HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\IFXTPMCP TypesSupported REG_DWORD 0x7 EventMessageFile REG_EXPAND_SZ C:\Program Files (x86)\Infineon\Security Platform Software\IfxTrsMs.dll HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\IFXTSP TypesSupported REG_DWORD 0x7 EventMessageFile REG_EXPAND_SZ C:\Program Files (x86)\Infineon\Security Platform Software\IfxTrsMs.dll HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\IFXUAGUI TypesSupported REG_DWORD 0x7 EventMessageFile REG_EXPAND_SZ C:\Program Files (x86)\Infineon\Security Platform Software\IfxTrsMs.dll HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Infineon Server Integration Services TypesSupported REG_DWORD 0x7 EventMessageFile REG_EXPAND_SZ C:\Program Files (x86)\Infineon\Security Platform Software\IfxTrsMs.dll HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Intel Control Center HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Intel(R) ME Application MaxSize REG_DWORD 0x80000 CategoryCount REG_DWORD 0x9 CategoryMessageFile REG_EXPAND_SZ C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe EventMessageFile REG_EXPAND_SZ C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe TypesSupported REG_DWORD 0x7 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Interactive Services detection EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\UI0Detect.exe TypesSupported REG_DWORD 0x7 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\LMS EventMessageFile REG_EXPAND_SZ C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe TypesSupported REG_DWORD 0x7 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\LoadPerf ProviderGuid REG_EXPAND_SZ {122EE297-BB47-41AE-B265-1CA8D1886D40} HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\LocationNotifications ProviderGuid REG_SZ {5b93cdfa-5f51-45e0-9fde-296983129e6c} EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\LocationNotifications.exe HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\MEProv MaxSize REG_DWORD 0x80000 CategoryCount REG_DWORD 0x2 CategoryMessageFile REG_EXPAND_SZ C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\MEWMIProv\MeProv.dll EventMessageFile REG_EXPAND_SZ C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\MEWMIProv\MeProv.dll TypesSupported REG_DWORD 0x7 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Microsoft Fax publisherGuid REG_EXPAND_SZ {9F8639E0-9EEF-4125-9B1C-86109BDD8289} TypesSupported REG_DWORD 0x7 CategoryCount REG_DWORD 0x4 CategoryMessageFile REG_EXPAND_SZ %systemroot%\system32\fxsevent.dll EventMessageFile REG_EXPAND_SZ %systemroot%\system32\fxsevent.dll HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Microsoft Security Client EventMessageFile REG_SZ C:\Program Files\Microsoft Security Client\MsMpRes.dll HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Microsoft Security Client Setup EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\EventCreate.exe TypesSupported REG_DWORD 0x7 CustomSource REG_DWORD 0x1 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Microsoft-Windows-Application-Experience ProviderGuid REG_SZ {eef54e71-0661-422d-9a98-82fd4940b820} EventMessageFile REG_EXPAND_SZ %SystemRoot%\system32\aeevts.dll HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Microsoft-Windows-ApplicationExperienceInfrastructure ProviderGuid REG_SZ {5ec13d8e-4b3f-422e-a7e7-3121a1d90c7a} EventMessageFile REG_EXPAND_SZ %SystemRoot%\system32\apphelp.dll HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Microsoft-Windows-Audio ProviderGuid REG_SZ {ae4bd3be-f36f-45b6-8d21-bdd6fb832853} EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\audioses.dll HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Microsoft-Windows-AxInstallService ProviderGuid REG_SZ {dab3b18c-3c0f-43e8-80b1-e44bc0dad901} EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\AxInstSv.dll HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Microsoft-Windows-Backup ProviderGuid REG_SZ {1db28f2e-8f80-4027-8c5a-a11f7f10f62d} EventMessageFile REG_EXPAND_SZ %windir%\system32\BlbEvents.dll HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Microsoft-Windows-CAPI2 ProviderGuid REG_SZ {5bbca4a8-b209-48dc-a8c7-b23d3e5216fb} EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\crypt32.dll HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Microsoft-Windows-CertificateServicesClient ProviderGuid REG_SZ {73370bd6-85e5-430b-b60a-fea1285808a7} EventMessageFile REG_EXPAND_SZ %SystemRoot%\system32\dimsjob.dll HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Microsoft-Windows-CertificateServicesClient-AutoEnrollment ProviderGuid REG_SZ {f0db7ef8-b6f3-4005-9937-feb77b9e1b43} EventMessageFile REG_EXPAND_SZ %SystemRoot%\system32\pautoenr.dll HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Microsoft-Windows-CertificateServicesClient-CertEnroll ProviderGuid REG_SZ {54164045-7c50-4905-963f-e5bc1eef0cca} EventMessageFile REG_EXPAND_SZ %SystemRoot%\system32\certenroll.dll HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Microsoft-Windows-CertificateServicesClient-CredentialRoaming ProviderGuid REG_SZ {89a2278b-c662-4aff-a06c-46ad3f220bca} EventMessageFile REG_EXPAND_SZ %SystemRoot%\system32\dimsroam.dll HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Microsoft-Windows-CertificationAuthorityClient-CertCli ProviderGuid REG_SZ {98bf1cd3-583e-4926-95ee-a61bf3f46470} EventMessageFile REG_EXPAND_SZ %SystemRoot%\system32\certcli.dll HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Microsoft-Windows-Crypto-RNG providerGuid REG_SZ {54d5ac20-e14f-4fda-92da-ebf7556ff176} HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Microsoft-Windows-Defrag TypesSupported REG_DWORD 0x7 EventMessageFile REG_EXPAND_SZ %systemroot%\system32\defragsvc.dll HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Microsoft-Windows-DirectShow-Core ProviderGuid REG_SZ {968f313b-097f-4e09-9cdd-bc62692d138b} EventMessageFile REG_EXPAND_SZ %SystemRoot%\system32\quartz.dll HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Microsoft-Windows-DirectShow-KernelSupport ProviderGuid REG_SZ {3cc2d4af-da5e-4ed4-bcbe-3cf995940483} EventMessageFile REG_EXPAND_SZ ksproxy.ax HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Microsoft-Windows-EapHost ProviderGuid REG_SZ {6eb8db94-fe96-443f-a366-5fe0cee7fb1c} EventMessageFile REG_EXPAND_SZ %systemroot%\system32\eapsvc.dll HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Microsoft-Windows-EFS ProviderGuid REG_SZ {3663a992-84be-40ea-bba9-90c7ed544222} EventMessageFile REG_EXPAND_SZ %SystemRoot%\system32\efscore.dll HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Microsoft-Windows-EventCollector ProviderGuid REG_SZ {b977cf02-76f6-df84-cc1a-6a4b232322b6} EventMessageFile REG_EXPAND_SZ %SystemRoot%\system32\wecsvc.dll HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Microsoft-Windows-Folder Redirection ProviderGuid REG_SZ {7d7b0c39-93f6-4100-bd96-4dda859652c5} EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\fdeploy.dll HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Microsoft-Windows-LoadPerf ProviderGuid REG_SZ {122ee297-bb47-41ae-b265-1ca8d1886d40} EventMessageFile REG_EXPAND_SZ %SystemRoot%\system32\loadperf.dll HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Microsoft-Windows-PerfCtrs ProviderGuid REG_SZ {973143dd-f3c7-4ef5-b156-544ac38c39b6} EventMessageFile REG_EXPAND_SZ %SystemRoot%\system32\perfctrs.dll HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Microsoft-Windows-PerfNet ProviderGuid REG_SZ {cab2b8a5-49b9-4eec-b1b0-fac21da05a3b} EventMessageFile REG_EXPAND_SZ %SystemRoot%\system32\perfnet.dll HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Microsoft-Windows-PerfOS ProviderGuid REG_SZ {f82fb576-e941-4956-a2c7-a0cf83f6450a} EventMessageFile REG_EXPAND_SZ %SystemRoot%\system32\perfos.dll HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Microsoft-Windows-PerfProc ProviderGuid REG_SZ {72d211e1-4c54-4a93-9520-4901681b2271} EventMessageFile REG_EXPAND_SZ %SystemRoot%\system32\perfproc.dll HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Microsoft-Windows-propsys ProviderGuid REG_EXPAND_SZ {9485FA1E-23CD-49A1-84E3-11D8BC550CB7} EventMessageFile REG_EXPAND_SZ %SystemRoot%\system32\propsys.dll TypesSupported REG_DWORD 0x7 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Microsoft-Windows-RemoteApp and Desktop Connections ProviderGuid REG_SZ {1b8b402d-78dc-46fb-bf71-46e64aedf165} EventMessageFile REG_EXPAND_SZ %SystemRoot%\system32\TSWorkspace.dll HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Microsoft-Windows-RemoteAssistance ProviderGuid REG_SZ {5b0a651a-8807-45cc-9656-7579815b6af0} EventMessageFile REG_EXPAND_SZ %systemroot%\system32\msra.exe HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Microsoft-Windows-RestartManager ProviderGuid REG_SZ {0888e5ef-9b98-4695-979d-e92ce4247224} EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\RstrtMgr.dll HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Microsoft-Windows-RPC-Events ProviderGuid REG_SZ {f4aed7c7-a898-4627-b053-44a7caa12fcd} EventMessageFile REG_EXPAND_SZ %SystemRoot%\system32\rpcrt4.dll HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Microsoft-Windows-SoftwareRestrictionPolicies ProviderGuid REG_SZ {7d29d58a-931a-40ac-8743-48c733045548} EventMessageFile REG_EXPAND_SZ %SystemRoot%\system32\advapi32.dll HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Microsoft-Windows-Spell-Checking ProviderGuid REG_SZ {d0e22efc-ac66-4b25-a72d-382736b5e940} EventMessageFile REG_EXPAND_SZ %systemroot%\System32\MsSpellCheckingFacility.dll HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Microsoft-Windows-SpellChecker ProviderGuid REG_SZ {b2fcd41f-9a40-4150-8c92-b224b7d8c8aa} EventMessageFile REG_EXPAND_SZ %systemroot%\System32\MsSpellCheckingFacility.dll HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Microsoft-Windows-TerminalServices-ClientActiveXCore ProviderGuid REG_SZ {28aa95bb-d444-4719-a36f-40462168127e} EventMessageFile REG_EXPAND_SZ %SystemRoot%\system32\mstscax.dll HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Microsoft-Windows-User Profiles General ProviderGuid REG_SZ {db00dfb6-29f9-4a9c-9b3b-1f4f9e7d9770} EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\userenv.dll HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Microsoft-Windows-User Profiles Service ProviderGuid REG_SZ {89b1e9f0-5aff-44a6-9b44-0a07a7ce5845} EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\profsvc.dll HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Microsoft-Windows-Video-For-Windows ProviderGuid REG_SZ {712abb2d-d806-4b42-9682-26da01d8b307} EventMessageFile REG_EXPAND_SZ %SystemRoot%\system32\mciavi32.dll HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Microsoft-Windows-WBioSrvc providerGuid REG_SZ {A0E3D8EA-C34F-4419-A1DB-90435B8B21D0} HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Microsoft-Windows-WindowsSystemAssessmentTool ProviderGuid REG_SZ {11a75546-3234-465e-bec8-2d301cb501ac} EventMessageFile REG_EXPAND_SZ %SystemRoot%\system32\WINSAT.EXE HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Microsoft-Windows-Winsrv ProviderGuid REG_SZ {9d55b53d-449b-4824-a637-24f9d69aa02f} EventMessageFile REG_EXPAND_SZ %SystemRoot%\system32\winsrv.dll HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Microsoft-Windows-XWizards ProviderGuid REG_SZ {777ba8fe-2498-4875-933a-3067de883070} EventMessageFile REG_EXPAND_SZ %windir%\system32\xwizards.dll HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Microsoft.Transactions.Bridge 3.0.0.0 CategoryCount REG_DWORD 0xe CategoryMessageFile REG_SZ C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\ServiceModelEvents.dll EventMessageFile REG_SZ C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\ServiceModelEvents.dll HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Microsoft.Transactions.Bridge 4.0.0.0 CategoryCount REG_DWORD 0xf CategoryMessageFile REG_SZ C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ServiceModelEvents.dll EventMessageFile REG_SZ C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ServiceModelEvents.dll HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\MPSampleSubmission (domy˜lny) REG_SZ 1 EventMessageFile REG_SZ TypesSupported REG_DWORD 0x7 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\MSDTC providerGuid REG_EXPAND_SZ {719BE4ED-E9BC-4DD8-A7CF-C85CE8E4975D} HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\MSDTC 2 providerGuid REG_EXPAND_SZ {5D9E0020-3761-4f36-90C8-38CE6511BD12} HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\MSDTC Client providerGuid REG_EXPAND_SZ {7A67066E-193F-4D3A-82D3-322FEE5259DE} HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\MSDTC Client 2 providerGuid REG_EXPAND_SZ {155CB334-3D7F-4ff1-B107-DF8AFC3C0363} HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\MsiInstaller EventMessageFile REG_SZ C:\Windows\system32\msimsg.dll TypesSupported REG_DWORD 0x7 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Nokia M Platform EventMessageFile REG_SZ C:\Users\Remek\AppData\Local\Temp\NEventMessages.dll TypesSupported REG_DWORD 0x7 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Nokia Suite EventMessageFile REG_SZ C:\Users\Remek\AppData\Local\Temp\NOSEventMessages.dll TypesSupported REG_DWORD 0x7 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\PDH ProviderGuid REG_EXPAND_SZ {04D66358-C4A1-419B-8023-23B73902DE2C} HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\PerfCtrs ProviderGuid REG_EXPAND_SZ {973143DD-F3C7-4EF5-B156-544AC38C39B6} HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\PerfDisk ProviderGuid REG_EXPAND_SZ {7F9D83DE-8ABB-457F-98E8-4AD161449ECC} HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Perflib ProviderGuid REG_EXPAND_SZ {13B197BD-7CEE-4B4E-8DD0-59314CE374CE} HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\PerfNet ProviderGuid REG_EXPAND_SZ {CAB2B8A5-49B9-4EEC-B1B0-FAC21DA05A3B} HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\PerfOs ProviderGuid REG_EXPAND_SZ {F82FB576-E941-4956-A2C7-A0CF83F6450A} HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\PerfProc ProviderGuid REG_EXPAND_SZ {72D211E1-4C54-4A93-9520-4901681B2271} HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Picasa3 EventMessageFile REG_SZ C:\Program Files (x86)\Google\Picasa3\Picasa3.exe TypesSupported REG_DWORD 0x1 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\PrintBrm ProviderGuid REG_EXPAND_SZ {CF3F502E-B40D-4071-996F-00981EDF938E} HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Process Exit Monitor providerGuid REG_EXPAND_SZ {FD771D53-8492-4057-8E35-8C02813AF49B} HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Profsvc EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\profsvc.dll TypesSupported REG_DWORD 0x7 ProviderGuid REG_SZ {89B1E9F0-5AFF-44A6-9B44-0A07A7CE5845} HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\PSDapp TypesSupported REG_DWORD 0x7 EventMessageFile REG_SZ C:\Program Files (x86)\Infineon\Security Platform Software\PSDmsg.DLL HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\RasClient EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\mprmsg.dll TypesSupported REG_DWORD 0x1f HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\SceCli EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\scecli.dll TypesSupported REG_DWORD 0x7 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\SceSrv EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\scesrv.dll TypesSupported REG_DWORD 0x7 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\SecurityCenter TypesSupported REG_DWORD 0x7 EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\wscsvc.dll HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\ServiceModel Audit 3.0.0.0 TypesSupported REG_DWORD 0x1f CategoryCount REG_DWORD 0x2 CategoryMessageFile REG_SZ C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\ServiceModelEvents.dll EventMessageFile REG_SZ C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\ServiceModelEvents.dll HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\ServiceModel Audit 4.0.0.0 TypesSupported REG_DWORD 0x1f CategoryCount REG_DWORD 0x2 CategoryMessageFile REG_SZ C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ServiceModelEvents.dll EventMessageFile REG_SZ C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ServiceModelEvents.dll HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\SideBySide EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\sxs.dll TypesSupported REG_DWORD 0x7 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\SkypeUpdate EventMessageFile REG_EXPAND_SZ C:\Program Files (x86)\Skype\Updater\Updater.exe CategoryMessageFile REG_EXPAND_SZ C:\Program Files (x86)\Skype\Updater\Updater.exe CategoryCount REG_DWORD 0x2 TypesSupported REG_DWORD 0x7 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Software Installation TypesSupported REG_DWORD 0x7 EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\appmgr.dll HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Software Protection Platform Service EventMessageFile REG_EXPAND_SZ %windir%\system32\sppsvc.exe TypesSupported REG_DWORD 0x7 ProviderGuid REG_SZ {E23B33B0-C8C9-472C-A5F9-F2BDFEA0F156} HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\SPP TypesSupported REG_DWORD 0x7 EventMessageFile REG_EXPAND_SZ %systemroot%\system32\sxproxy.dll HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\SQLNCLI10 TypesSupported REG_DWORD 0x7 EventMessageFile REG_SZ C:\Windows\system32\sqlncli.dll HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Standard TCP/IP Port ProviderGuid REG_EXPAND_SZ {CAD2D809-03D9-4F46-9CF4-72AA4F04B6B9} HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Steam Client Service EventMessageFile REG_EXPAND_SZ C:\Program Files (x86)\Common Files\Steam\SteamService.exe TypesSupported REG_DWORD 0x7 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\System Restore TypesSupported REG_DWORD 0x7 EventMessageFile REG_EXPAND_SZ %systemroot%\system32\srcore.dll HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\System.IdentityModel 3.0.0.0 CategoryCount REG_DWORD 0xe CategoryMessageFile REG_SZ C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\ServiceModelEvents.dll EventMessageFile REG_SZ C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\ServiceModelEvents.dll HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\System.IdentityModel 4.0.0.0 CategoryCount REG_DWORD 0xf CategoryMessageFile REG_SZ C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ServiceModelEvents.dll EventMessageFile REG_SZ C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ServiceModelEvents.dll HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\System.IO.Log 3.0.0.0 CategoryCount REG_DWORD 0xe CategoryMessageFile REG_SZ C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\ServiceModelEvents.dll EventMessageFile REG_SZ C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\ServiceModelEvents.dll HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\System.IO.Log 4.0.0.0 CategoryCount REG_DWORD 0xf CategoryMessageFile REG_SZ C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ServiceModelEvents.dll EventMessageFile REG_SZ C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ServiceModelEvents.dll HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\System.Runtime.Serialization 3.0.0.0 CategoryCount REG_DWORD 0xe CategoryMessageFile REG_SZ C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\ServiceModelEvents.dll EventMessageFile REG_SZ C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\ServiceModelEvents.dll HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\System.Runtime.Serialization 4.0.0.0 CategoryCount REG_DWORD 0xf CategoryMessageFile REG_SZ C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ServiceModelEvents.dll EventMessageFile REG_SZ C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ServiceModelEvents.dll HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\System.ServiceModel 3.0.0.0 CategoryCount REG_DWORD 0xe CategoryMessageFile REG_SZ C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\ServiceModelEvents.dll EventMessageFile REG_SZ C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\ServiceModelEvents.dll HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\System.ServiceModel 4.0.0.0 CategoryCount REG_DWORD 0xf CategoryMessageFile REG_SZ C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ServiceModelEvents.dll EventMessageFile REG_SZ C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ServiceModelEvents.dll HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\UNS MaxSize REG_DWORD 0x80000 CategoryCount REG_DWORD 0x9 CategoryMessageFile REG_EXPAND_SZ C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe EventMessageFile REG_EXPAND_SZ C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe TypesSupported REG_DWORD 0x7 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\usbperf EventMessageFile REG_EXPAND_SZ %SystemRoot%\system32\usbperf.dll TypesSupported REG_DWORD 0x7 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Userenv EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\userenv.dll TypesSupported REG_DWORD 0x7 ProviderGuid REG_SZ {DB00DFB6-29F9-4A9C-9B3B-1F4F9E7D9770} HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\VBRuntime EventMessageFile REG_SZ C:\Windows\system32\MSVBVM60.DLL TypesSupported REG_DWORD 0x4 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\VSS TypesSupported REG_DWORD 0x7 EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\VSSVC.EXE HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\VSSetup EventMessageFile REG_EXPAND_SZ d:\cc0357da26583ce7b0f3c6aeb0\DW\DW20.exe TypesSupported REG_DWORD 0x7 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\VSTO 3.0 TypesSupported REG_DWORD 0x1 EventMessageFile REG_EXPAND_SZ C:\Program Files (x86)\Common Files\Microsoft Shared\VSTO\9.0\VSTOMessageProvider.dll HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WerSvc EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\wersvc.dll TypesSupported REG_DWORD 0x7 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Windows Activation Technologies TypesSupported REG_DWORD 0x7 EventMessageFile REG_EXPAND_SZ %SystemRoot%\system32\Wat\WatUX.exe HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Windows Backup TypesSupported REG_DWORD 0x7 EventMessageFile REG_EXPAND_SZ %systemroot%\system32\sdengin2.dll HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Windows Error Reporting EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\wer.dll TypesSupported REG_DWORD 0x7 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Windows Search Service ProviderGuid REG_SZ {CA4E628D-8567-4896-AB6B-835B221F373F} TypesSupported REG_DWORD 0x7 CategoryCount REG_DWORD 0x7 CategoryMessageFile REG_EXPAND_SZ %systemroot%\system32\tquery.dll EventMessageFile REG_EXPAND_SZ %systemroot%\system32\tquery.dll HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Windows Search Service Profile Notification ProviderGuid REG_SZ {FC6F77DD-769A-470E-BCF9-1B6555A118BE} TypesSupported REG_DWORD 0x7 EventMessageFile REG_EXPAND_SZ %SystemRoot%\system32\wsepno.dll HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect EventMessageFile REG_EXPAND_SZ C:\ProgramData\WindowsMangerPro TypesSupported REG_DWORD 0x7 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Wininit EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\wininit.exe TypesSupported REG_DWORD 0x7 providerGuid REG_SZ {206f6dea-d3c5-4d10-bc72-989f03c8b84b} HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Winlogon EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\winlogon.exe TypesSupported REG_DWORD 0x7 providerGuid REG_SZ {DBE9B383-7CF3-4331-91CC-A3CB16A3B538} HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WinMgmt ProviderGuid REG_EXPAND_SZ {1edeee53-0afe-4609-b846-d8c0b2075b1f} HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Wlclntfy EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\winlogon.exe TypesSupported REG_DWORD 0x7 providerGuid REG_SZ {DBE9B383-7CF3-4331-91CC-A3CB16A3B538} HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WMI.NET Provider Extension TypesSupported REG_DWORD 0x7 EventMessageFile REG_SZ C:\Windows\Microsoft.NET\Framework64\v4.0.30319\EventLogMessages.dll HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Wow64 Emulation Layer EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\ntvdm64.dll TypesSupported REG_DWORD 0x7 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WSH EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\wshext.dll TypesSupported REG_DWORD 0x1f HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\XLive EventMessageFile REG_SZ C:\Windows\SysWOW64\xlive.dll TypesSupported REG_DWORD 0x7 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\HardwareEvents File REG_EXPAND_SZ %systemroot%\system32\winevt\logs\HardwareEvents.evtx MaxSize REG_DWORD 0x1400000 Retention REG_DWORD 0x0 DisplayNameFile REG_EXPAND_SZ %SystemRoot%\system32\wecsvc.dll DisplayNameID REG_DWORD 0x100 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Internet Explorer CustomSD REG_SZ O:BAG:SYD:(A;;0x07;;;WD)S:(ML;;0x1;;;LW) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Key Management Service MaxSize REG_DWORD 0x1400000 Retention REG_DWORD 0x0 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Key Management Service\KmsRequests EventMessageFile REG_EXPAND_SZ %windir%\system32\sppsvc.exe TypesSupported REG_DWORD 0x7 ProviderGuid REG_SZ {E23B33B0-C8C9-472C-A5F9-F2BDFEA0F156} HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Media Center MaxSize REG_DWORD 0x800000 File REG_EXPAND_SZ %SystemRoot%\System32\winevt\Logs\Media Center.evtx Retention REG_DWORD 0x0 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Media Center\ehExtHost EventMessageFile REG_EXPAND_SZ %SystemRoot%\ehome\ehepgres.dll HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Media Center\ehRecvr EventMessageFile REG_EXPAND_SZ %SystemRoot%\ehome\ehRecvr.exe HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Media Center\ehSched EventMessageFile REG_EXPAND_SZ %SystemRoot%\ehome\ehSched.exe HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Media Center\ehshell EventMessageFile REG_EXPAND_SZ %SystemRoot%\ehome\ehepgres.dll HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Media Center\mcstore EventMessageFile REG_EXPAND_SZ %SystemRoot%\ehome\ehepgres.dll HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Media Center\MCUpdate EventMessageFile REG_EXPAND_SZ %SystemRoot%\ehome\ehepgres.dll HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Media Center\Recording EventMessageFile REG_EXPAND_SZ %SystemRoot%\ehome\ehepgres.dll HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security DisplayNameFile REG_EXPAND_SZ %SystemRoot%\system32\wevtapi.dll DisplayNameID REG_DWORD 0x101 Isolation REG_DWORD 0x2 PrimaryModule REG_SZ Security File REG_EXPAND_SZ %SystemRoot%\System32\winevt\Logs\Security.evtx MaxSize REG_DWORD 0x1400000 Retention REG_DWORD 0x0 Security REG_BINARY 010014808C00000098000000140000004400000002003000020000000240140072010D0001010000000000010000000002801400FF010F000101000000000001000000000200480003000000000014008D01020001010000000000050B00000000001800FF010F000102000000000005200000002002000000001400FD010200010100000000000512000000010100000000000512000000010100000000000512000000 RestrictGuestAccess REG_DWORD 0x1 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security\DS ParameterMessageFile REG_EXPAND_SZ %SystemRoot%\System32\MsObjs.dll HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security\DS\ObjectNames Directory Service Object REG_DWORD 0x1e00 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security\LSA ParameterMessageFile REG_EXPAND_SZ %SystemRoot%\System32\MsObjs.dll HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security\LSA\ObjectNames PolicyObject REG_DWORD 0x1600 SecretObject REG_DWORD 0x1610 TrustedDomainObject REG_DWORD 0x1620 UserAccountObject REG_DWORD 0x1630 AdtSecurity REG_DWORD 0x1f00 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Microsoft-Windows-Eventlog ProviderGuid REG_SZ {fc65ddd8-d6ef-4962-83d5-6e5cfe9ce148} EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\wevtsvc.dll HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Microsoft-Windows-Security-Auditing ProviderGuid REG_SZ {54849625-5478-4994-a5ba-3e3b0328c30d} EventMessageFile REG_EXPAND_SZ %SystemRoot%\system32\adtschema.dll HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security\SC Manager ParameterMessageFile REG_EXPAND_SZ %SystemRoot%\System32\MsObjs.dll HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security\SC Manager\ObjectNames SC_MANAGER Object REG_DWORD 0x1c00 SERVICE Object REG_DWORD 0x1c10 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security CategoryCount REG_DWORD 0x9 CategoryMessageFile REG_EXPAND_SZ %SystemRoot%\System32\MsAuditE.dll EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\MsAuditE.dll ParameterMessageFile REG_EXPAND_SZ %SystemRoot%\System32\MsObjs.dll TypesSupported REG_DWORD 0x1c HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security\ObjectNames Channel REG_DWORD 0x1400 Desktop REG_DWORD 0x1a10 Device REG_DWORD 0x1100 Directory REG_DWORD 0x1110 Event REG_DWORD 0x1120 EventPair REG_DWORD 0x1130 File REG_DWORD 0x1140 IoCompletion REG_DWORD 0x1300 Job REG_DWORD 0x1410 Key REG_DWORD 0x1150 KeyedEvent REG_DWORD 0x1640 MailSlot REG_DWORD 0x1140 Mutant REG_DWORD 0x1160 NamedPipe REG_DWORD 0x1140 Port REG_DWORD 0x1170 Process REG_DWORD 0x1180 Profile REG_DWORD 0x1190 Section REG_DWORD 0x11a0 Semaphore REG_DWORD 0x11b0 SymbolicLink REG_DWORD 0x11c0 Thread REG_DWORD 0x11d0 Timer REG_DWORD 0x11e0 Token REG_DWORD 0x11f0 Type REG_DWORD 0x1200 WaitablePort REG_DWORD 0x1170 ALPC Port REG_DWORD 0x1170 WindowStation REG_DWORD 0x1a00 WMI Namespace REG_DWORD 0x4200 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security Account Manager ParameterMessageFile REG_EXPAND_SZ %SystemRoot%\System32\MsObjs.dll HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security Account Manager\ObjectNames SAM_ALIAS REG_DWORD 0x1530 SAM_DOMAIN REG_DWORD 0x1510 SAM_GROUP REG_DWORD 0x1520 SAM_SERVER REG_DWORD 0x1500 SAM_USER REG_DWORD 0x1540 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security\ServiceModel 3.0.0.0 ParameterMessageFile REG_SZ C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\ServiceModelEvents.dll TypesSupported REG_DWORD 0x1f CategoryCount REG_DWORD 0x3 CategoryMessageFile REG_SZ %SystemRoot%\System32\MsAuditE.dll EventSourceFlags REG_DWORD 0x1 EventMessageFile REG_SZ C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\ServiceModelEvents.dll HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security\ServiceModel 4.0.0.0 TypesSupported REG_DWORD 0x1f CategoryMessageFile REG_SZ %SystemRoot%\System32\MsAuditE.dll CategoryCount REG_DWORD 0x3 ParameterMessageFile REG_SZ C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ServiceModelEvents.dll EventMessageFile REG_SZ C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ServiceModelEvents.dll EventSourceFlags REG_DWORD 0x1 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Spooler ParameterMessageFile REG_EXPAND_SZ %SystemRoot%\System32\MsObjs.dll HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Spooler\ObjectNames Document REG_DWORD 0x1b20 Printer REG_DWORD 0x1b10 Server REG_DWORD 0x1b00 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security\TCP/IP ParameterMessageFile REG_EXPAND_SZ %SystemRoot%\System32\MsObjs.dll HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security\TCP/IP\ObjectNames InternetPort REG_DWORD 0x1f80 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security\VSSAudit EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\VSSVC.EXE EventSourceFlags REG_DWORD 0x0 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System DisplayNameFile REG_EXPAND_SZ %SystemRoot%\system32\wevtapi.dll DisplayNameID REG_DWORD 0x102 PrimaryModule REG_SZ System File REG_EXPAND_SZ %SystemRoot%\system32\winevt\Logs\System.evtx MaxSize REG_DWORD 0x1400000 Retention REG_DWORD 0x0 RestrictGuestAccess REG_DWORD 0x1 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\ACPI EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\Drivers\acpi.sys TypesSupported REG_DWORD 0x7 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\adp94xx EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\IoLogMsg.dll TypesSupported REG_DWORD 0x7 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\adpahci EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\IoLogMsg.dll TypesSupported REG_DWORD 0x7 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\adpu320 EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\IoLogMsg.dll TypesSupported REG_DWORD 0x7 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\AeLookupSvc EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\aelupsvc.dll TypesSupported REG_DWORD 0x7 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\AmdK8 EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\amdk8.sys TypesSupported REG_DWORD 0x7 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\AmdPPM EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\amdppm.sys TypesSupported REG_DWORD 0x7 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\amdsata EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\IoLogMsg.dll TypesSupported REG_DWORD 0x7 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\amdsbs EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\IoLogMsg.dll TypesSupported REG_DWORD 0x7 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\amdxata EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\IoLogMsg.dll TypesSupported REG_DWORD 0x7 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Application Management Group Policy ParameterMessageFile REG_EXPAND_SZ %SystemRoot%\System32\kernel32.dll TypesSupported REG_DWORD 0x7 EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\appmgmts.dll HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Application Popup EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\ntdll.dll TypesSupported REG_DWORD 0x7 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\arc EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\IoLogMsg.dll TypesSupported REG_DWORD 0x7 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\arcsas EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\IoLogMsg.dll TypesSupported REG_DWORD 0x7 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\AsyncMac EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\mprmsg.dll TypesSupported REG_DWORD 0x1f HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\atapi EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\IoLogMsg.dll TypesSupported REG_DWORD 0x7 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\athr EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\netevent.dll TypesSupported REG_DWORD 0x7 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\b06bdrv eventmessagefile REG_EXPAND_SZ %SystemRoot%\System32\iologmsg.dll;%SystemRoot%\System32\drivers\bxvbda.sys typessupported REG_DWORD 0x7 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\b57nd60a EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\netevent.dll;%SystemRoot%\System32\drivers\b57nd60a.sys TypesSupported REG_DWORD 0x7 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\beep EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\IoLogMsg.dll TypesSupported REG_DWORD 0x7 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Bowser EventMessageFile REG_EXPAND_SZ %systemroot%\system32\netevent.dll TypesSupported REG_DWORD 0x7 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Browser EventMessageFile REG_EXPAND_SZ %systemroot%\system32\netevent.dll TypesSupported REG_DWORD 0x7 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\BthEnum HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\BTHPORT EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\Drivers\Bthport.sys TypesSupported REG_DWORD 0x7 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\BTHUSB EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\Drivers\Bthport.sys;%SystemRoot%\System32\Drivers\BthUsb.sys TypesSupported REG_DWORD 0x7 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\BugCheck providerGuid REG_EXPAND_SZ {ABCE23E7-DE45-4366-8631-84FA6C525952} HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\cdrom EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\IoLogMsg.dll TypesSupported REG_DWORD 0x7 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\DCOM providerGuid REG_EXPAND_SZ {1B562E86-B7AA-4131-BADC-B6F3A001407E} HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\DfsSvc ProviderGuid REG_EXPAND_SZ {7DA4FE0E-FD42-4708-9AA5-89B77A224885} HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Dhcp providerGuid REG_EXPAND_SZ {15A7A4F8-0072-4EAB-ABAD-F98A4D666AED} EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\dhcpcore.dll ParameterMessageFile REG_EXPAND_SZ %SystemRoot%\System32\kernel32.dll HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Dhcpv6 providerGuid REG_EXPAND_SZ {6A1F2B00-6A90-4C38-95A5-5CAB3B056778} EventMessageFile REG_EXPAND_SZ %SystemRoot%\system32\dhcpcore6.dll ParameterMessageFile REG_EXPAND_SZ %SystemRoot%\system32\kernelbase.dll HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Dhcp_QEC EventMessageFile REG_EXPAND_SZ %Systemroot%\System32\dhcpqec.dll ParameterMessageFile REG_EXPAND_SZ %Systemroot%\System32\dhcpqec.dll TypesSupported REG_DWORD 0x1f providerGuid REG_EXPAND_SZ {F6DA35CE-D312-41C8-9828-5A2E173C91B6} HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\disk EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\IoLogMsg.dll TypesSupported REG_DWORD 0x7 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Display EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\DispCI.dll TypesSupported REG_DWORD 0x7 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Dnsapi ParameterMessageFile REG_EXPAND_SZ %Systemroot%\system32\kernel32.dll EventMessageFile REG_EXPAND_SZ %Systemroot%\system32\netevent.dll TypesSupported REG_DWORD 0x7 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Dnscache ParameterMessageFile REG_EXPAND_SZ %Systemroot%\system32\kernel32.dll EventMessageFile REG_EXPAND_SZ %Systemroot%\system32\netevent.dll TypesSupported REG_DWORD 0x7 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\ebdrv eventmessagefile REG_EXPAND_SZ %SystemRoot%\System32\iologmsg.dll;%SystemRoot%\System32\drivers\evbda.sys typessupported REG_DWORD 0x7 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\elxstor EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\IoLogMsg.dll TypesSupported REG_DWORD 0x7 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\eventlog EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\netevent.dll TypesSupported REG_DWORD 0x7 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\ewusbmbb EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\netevent.dll TypesSupported REG_DWORD 0x7 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\ewusbnet EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\netevent.dll TypesSupported REG_DWORD 0x7 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\exFAT TypesSupported REG_DWORD 0x7 EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\IoLogMsg.dll HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\FltMgr TypesSupported REG_DWORD 0x7 EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\drivers\fltmgr.sys;%SystemRoot%\System32\IoLogMsg.dll HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\fvevol ProviderGuid REG_EXPAND_SZ {651DF93B-5053-4D1E-94C5-F6E6D25908D0} HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\HECIx64 EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\netevent.dll;%SystemRoot%\System32\drivers\HECIx64.sys TypesSupported REG_DWORD 0x7 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\HidBth EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\Drivers\hidbth.sys TypesSupported REG_DWORD 0x7 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\HpSAMD EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\IoLogMsg.dll TypesSupported REG_DWORD 0x7 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Http ProviderGuid REG_EXPAND_SZ {7b6bc78c-898b-4170-bbf8-1a469ea43fc5} HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\huawei_cdcecm EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\netevent.dll TypesSupported REG_DWORD 0x7 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\i8042prt EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\i8042prt.sys TypesSupported REG_DWORD 0x7 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\iaStor EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\iaStor.sys TypesSupported REG_DWORD 0x7 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\iaStorV EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\iaStorV.sys TypesSupported REG_DWORD 0x7 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\iirsp EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\IoLogMsg.dll TypesSupported REG_DWORD 0x7 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\intelppm EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\intelppm.sys TypesSupported REG_DWORD 0x7 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\IPMGM providerGuid REG_EXPAND_SZ {29D13147-1C2E-48EC-9994-E29DFE496EB3} EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\rtm.dll TypesSupported REG_DWORD 0x7 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\IPMIDRV EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\drivers\ipmidrv.sys TypesSupported REG_DWORD 0x7 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\IPNATHLP providerGuid REG_EXPAND_SZ {A6F32731-9A38-4159-A220-3D9B7FC5FE5D} HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\IPRouterManager providerGuid REG_EXPAND_SZ {F2C628AE-D26C-4352-9C45-74754E1E2F9F} EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\mprmsg.dll TypesSupported REG_DWORD 0x7 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\isapnp EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\isapnp.sys TypesSupported REG_DWORD 0x7 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\iScsiPrt EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\iscsilog.dll TypesSupported REG_DWORD 0x7 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\kbdclass EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\kbdclass.sys TypesSupported REG_DWORD 0x7 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\kbdhid EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\kbdhid.sys TypesSupported REG_DWORD 0x7 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Kerberos EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\kerberos.dll TypesSupported REG_DWORD 0x7 ProviderGuid REG_EXPAND_SZ {98E6CFCB-EE0A-41E0-A57B-622D4E1B30B1} HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\L1C EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\Drivers\L1C62x64.sys TypesSupported REG_DWORD 0x7 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\lltdio EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\netevent.dll TypesSupported REG_DWORD 0x7 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\LmHosts EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\netevent.dll TypesSupported REG_DWORD 0x7 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\LsaSrv ProviderGuid REG_SZ {199fe037-2b82-40a9-82ac-e1d46c792b99} EventMessageFile REG_EXPAND_SZ %windir%\System32\lsasrv.dll HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\LSI_FC EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\IoLogMsg.dll TypesSupported REG_DWORD 0x7 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\LSI_SAS EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\IoLogMsg.dll TypesSupported REG_DWORD 0x7 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\LSI_SAS2 EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\IoLogMsg.dll TypesSupported REG_DWORD 0x7 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\LSI_SCSI EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\IoLogMsg.dll TypesSupported REG_DWORD 0x7 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\LSM EventMessageFile REG_EXPAND_SZ %SystemRoot%\system32\lsm.exe TypesSupported REG_DWORD 0x7 providerGuid REG_SZ {5d896912-022d-40aa-a3a8-4fa5515c76d7} HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\megasas EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\IoLogMsg.dll TypesSupported REG_DWORD 0x7 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\MegaSR EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\IoLogMsg.dll TypesSupported REG_DWORD 0x7 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft Antimalware (domy˜lny) REG_SZ EventMessageFile REG_SZ C:\Program Files\Microsoft Security Client\MpEvMsg.dll ParameterMessageFile REG_SZ C:\Program Files\Microsoft Security Client\MpEvMsg.dll TypesSupported REG_DWORD 0x7 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-Application-Experience ProviderGuid REG_SZ {eef54e71-0661-422d-9a98-82fd4940b820} EventMessageFile REG_EXPAND_SZ %SystemRoot%\system32\aeevts.dll HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-BitLocker-API ProviderGuid REG_SZ {5d674230-ca9f-11da-a94d-0800200c9a66} EventMessageFile REG_EXPAND_SZ %SystemRoot%\system32\fveapi.dll HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-BitLocker-Driver ProviderGuid REG_SZ {651df93b-5053-4d1e-94c5-f6e6d25908d0} EventMessageFile REG_EXPAND_SZ %SystemRoot%\system32\drivers\fvevol.sys HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-Bits-Client ProviderGuid REG_SZ {ef1cc15b-46c1-414e-bb95-e76b077bd51e} EventMessageFile REG_EXPAND_SZ %systemroot%\system32\qmgr.dll HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-CorruptedFileRecovery-Client ProviderGuid REG_SZ {ba093605-3909-4345-990b-26b746adee0a} EventMessageFile REG_EXPAND_SZ %SystemRoot%\system32\cofiredm.dll HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-CorruptedFileRecovery-Server ProviderGuid REG_SZ {d6f68875-cdf5-43a5-a3e3-53ffd683311c} EventMessageFile REG_EXPAND_SZ %SystemRoot%\system32\cofiredm.dll HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-DfsSvc ProviderGuid REG_SZ {7da4fe0e-fd42-4708-9aa5-89b77a224885} EventMessageFile REG_EXPAND_SZ %SystemRoot%\system32\netevent.dll HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-Dhcp-Client ProviderGuid REG_SZ {15a7a4f8-0072-4eab-abad-f98a4d666aed} EventMessageFile REG_EXPAND_SZ %SystemRoot%\system32\dhcpcore.dll HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-Dhcp-Nap-Enforcement-Client ProviderGuid REG_SZ {f6da35ce-d312-41c8-9828-5a2e173c91b6} EventMessageFile REG_EXPAND_SZ %Systemroot%\system32\dhcpqec.dll HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-DHCPv6-Client ProviderGuid REG_SZ {6a1f2b00-6a90-4c38-95a5-5cab3b056778} EventMessageFile REG_EXPAND_SZ %systemroot%\system32\dhcpcore6.dll HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-Diagnostics-Networking ProviderGuid REG_SZ {36c23e18-0e66-11d9-bbeb-505054503030} EventMessageFile REG_EXPAND_SZ %windir%\system32\netdiagfx.dll HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-Directory-Services-SAM ProviderGuid REG_SZ {0d4fdc09-8c27-494a-bda0-505e4fd8adae} EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\samsrv.dll HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-DiskDiagnostic ProviderGuid REG_SZ {e670a5a2-ce74-4ab4-9347-61b815319f4c} EventMessageFile REG_EXPAND_SZ %windir%\system32\dfdts.dll HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-DNS-Client ProviderGuid REG_SZ {1c95126e-7eea-49a9-a3fe-a378b03ddb4d} EventMessageFile REG_EXPAND_SZ %SystemRoot%\system32\dnsapi.dll HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-DriverFrameworks-UserMode ProviderGuid REG_SZ {2e35aaeb-857f-4beb-a418-2e6c0e54d988} EventMessageFile REG_EXPAND_SZ %SystemRoot%\system32\WUDFPlatform.dll HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-EnhancedStorage-EhStorCertDrv ProviderGuid REG_SZ {bd2d1dae-d678-4e10-9667-21cba2aa70c3} EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\EhStorAuthn.exe HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-EventCollector ProviderGuid REG_SZ {b977cf02-76f6-df84-cc1a-6a4b232322b6} EventMessageFile REG_EXPAND_SZ %SystemRoot%\system32\wecsvc.dll HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-Eventlog ProviderGuid REG_SZ {fc65ddd8-d6ef-4962-83d5-6e5cfe9ce148} EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\wevtsvc.dll HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-Fault-Tolerant-Heap ProviderGuid REG_SZ {6b93bf66-a922-4c11-a617-cf60d95c133d} EventMessageFile REG_EXPAND_SZ %SystemRoot%\system32\fthsvc.dll HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-FilterManager ProviderGuid REG_SZ {f3c5e28e-63f6-49c7-a204-e48a1bc4b09d} EventMessageFile REG_EXPAND_SZ %SystemRoot%\system32\drivers\fltmgr.sys HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-Firewall ProviderGuid REG_SZ {e595f735-b42a-494b-afcd-b68666945cd3} EventMessageFile REG_EXPAND_SZ %SystemRoot%\system32\mpssvc.dll HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-FMS ProviderGuid REG_SZ {dea07764-0790-44de-b9c4-49677b17174f} EventMessageFile REG_EXPAND_SZ %SystemRoot%\system32\fms.dll HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-FunctionDiscoveryHost ProviderGuid REG_SZ {538cbbad-4877-4eb2-b26e-7caee8f0f8cb} EventMessageFile REG_EXPAND_SZ %SystemRoot%\system32\fdphost.dll HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-GroupPolicy ProviderGuid REG_SZ {aea1b4fa-97d1-45f2-a64c-4d69fffd92c9} EventMessageFile REG_EXPAND_SZ %systemroot%\system32\gpsvc.dll HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-HAL ProviderGuid REG_SZ {63d1e632-95cc-4443-9312-af927761d52a} EventMessageFile REG_EXPAND_SZ %systemroot%\system32\microsoft-windows-hal-events.dll HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-HttpEvent ProviderGuid REG_SZ {7b6bc78c-898b-4170-bbf8-1a469ea43fc5} EventMessageFile REG_EXPAND_SZ %SystemRoot%\system32\drivers\HTTP.SYS HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-IPBusEnum ProviderGuid REG_SZ {cd032e15-15ad-4da4-afc6-03bf83516195} EventMessageFile REG_EXPAND_SZ %systemroot%\system32\ipbusenum.dll HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-Iphlpsvc ProviderGuid REG_SZ {66a5c15c-4f8e-4044-bf6e-71d896038977} EventMessageFile REG_EXPAND_SZ %windir%\system32\iphlpsvc.dll HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-Kernel-Boot ProviderGuid REG_SZ {15ca44ff-4d7a-4baa-bba5-0998955e531e} EventMessageFile REG_EXPAND_SZ %SystemRoot%\system32\advapi32.dll HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-Kernel-General ProviderGuid REG_SZ {a68ca8b7-004f-d7b6-a698-07e2de0f1f5d} EventMessageFile REG_EXPAND_SZ %SystemRoot%\system32\advapi32.dll HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-Kernel-PnP ProviderGuid REG_SZ {9c205a39-1250-487d-abd7-e831c6290539} EventMessageFile REG_EXPAND_SZ %SystemRoot%\system32\advapi32.dll HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-Kernel-Power ProviderGuid REG_SZ {331c3b3a-2005-44c2-ac5e-77220c37d6b4} EventMessageFile REG_EXPAND_SZ %systemroot%\system32\microsoft-windows-kernel-power-events.dll HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-Kernel-Processor-Power ProviderGuid REG_SZ {0f67e49f-fe51-4e9f-b490-6f2948cc6027} EventMessageFile REG_EXPAND_SZ %systemroot%\system32\microsoft-windows-kernel-processor-power-events.dll HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-Kernel-Tm ProviderGuid REG_SZ {4cec9c95-a65f-4591-b5c4-30100e51d870} EventMessageFile REG_EXPAND_SZ %SystemRoot%\system32\ktmw32.dll HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-Kernel-WHEA ProviderGuid REG_SZ {7b563579-53c8-44e7-8236-0f87b9fe6594} EventMessageFile REG_EXPAND_SZ %SystemRoot%\system32\PSHED.DLL HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-LanguagePackSetup ProviderGuid REG_SZ {7237fff9-a08a-4804-9c79-4a8704b70b87} EventMessageFile REG_EXPAND_SZ %SystemRoot%\system32\lpksetup.exe HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-MemoryDiagnostics-Results ProviderGuid REG_SZ {5f92bc59-248f-4111-86a9-e393e12c6139} EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\relpost.exe HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-MemoryDiagnostics-Schedule ProviderGuid REG_SZ {73e9c9de-a148-41f7-b1db-4da051fdc327} EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\mdsched.exe HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-OfflineFiles ProviderGuid REG_SZ {95353826-4fbe-41d4-9c42-f521c6e86360} EventMessageFile REG_EXPAND_SZ %systemroot%\system32\cscsvc.dll HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-Power-Troubleshooter ProviderGuid REG_SZ {cdc05e28-c449-49c6-b9d2-88cf761644df} EventMessageFile REG_EXPAND_SZ %systemroot%\system32\pots.dll HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-RasSstp ProviderGuid REG_SZ {6c260f2c-049a-43d8-bf4d-d350a4e6611a} EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\sstpsvc.dll HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-Recovery ProviderGuid REG_SZ {9e95e4d0-4cb4-4b5d-a936-c972d7d08d90} EventMessageFile REG_EXPAND_SZ %SystemRoot%\system32\recovery.dll HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-Resource-Exhaustion-Detector ProviderGuid REG_SZ {9988748e-c2e8-4054-85f6-0c3e1cad2470} EventMessageFile REG_EXPAND_SZ %SystemRoot%\system32\radardt.dll HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-ResourcePublication ProviderGuid REG_SZ {74c2135f-cc76-45c3-879a-ef3bb1eeaf86} EventMessageFile REG_EXPAND_SZ %SystemRoot%\system32\fdrespub.dll HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-SCPNP ProviderGuid REG_SZ {9f650c63-9409-453c-a652-83d7185a2e83} EventMessageFile REG_EXPAND_SZ %SystemRoot%\system32\certprop.dll HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-Service Pack Installer ProviderGuid REG_SZ {62ef8b9f-ee45-4aba-a9b9-b70e878bf30a} EventMessageFile REG_EXPAND_SZ %systemroot%\system32\EventProviders\spcmsg.dll HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-Servicing EventMessageFile REG_EXPAND_SZ %SystemRoot%\servicing\cbsmsg.dll TypesSupported REG_DWORD 0x7 ProviderGuid REG_EXPAND_SZ {bd12f3b8-fc40-4a61-a307-b7a013a069c1} HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-Setup ProviderGuid REG_SZ {75ebc33e-997f-49cf-b49f-ecc50184b75d} EventMessageFile REG_EXPAND_SZ %SystemRoot%\system32\oobe\winsetup.dll HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-Spell-Checking ProviderGuid REG_SZ {d0e22efc-ac66-4b25-a72d-382736b5e940} EventMessageFile REG_EXPAND_SZ %systemroot%\System32\MsSpellCheckingFacility.dll HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-SpellChecker ProviderGuid REG_SZ {b2fcd41f-9a40-4150-8c92-b224b7d8c8aa} EventMessageFile REG_EXPAND_SZ %systemroot%\System32\MsSpellCheckingFacility.dll HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-StartupRepair ProviderGuid REG_SZ {c914f0df-835a-4a22-8c70-732c9a80c634} EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\reagent.dll HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-Subsys-SMSS ProviderGuid REG_SZ {43e63da5-41d1-4fbf-aded-1bbed98fdd1d} EventMessageFile REG_EXPAND_SZ %windir%\system32\csrsrv.dll HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-TaskScheduler ProviderGuid REG_SZ {de7b24ea-73c8-4a09-985d-5bdadcfa9017} EventMessageFile REG_EXPAND_SZ %SystemRoot%\system32\schedsvc.dll HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-TBS ProviderGuid REG_SZ {51480c1a-90aa-416e-98fd-4c11f735349b} EventMessageFile REG_EXPAND_SZ %SystemRoot%\system32\tbssvc.dll HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-TerminalServices-LocalSessionManager ProviderGuid REG_SZ {5d896912-022d-40aa-a3a8-4fa5515c76d7} EventMessageFile REG_EXPAND_SZ %SystemRoot%\system32\lsm.exe HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-TerminalServices-RemoteConnectionManager ProviderGuid REG_SZ {c76baa63-ae81-421c-b425-340b4b24157f} EventMessageFile REG_EXPAND_SZ %SystemRoot%\system32\termsrv.dll HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-Time-Service ProviderGuid REG_SZ {06edcfeb-0fd0-4e53-acca-a6f8bbf81bcb} EventMessageFile REG_EXPAND_SZ %SystemRoot%\system32\w32time.dll HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-TPM-WMI ProviderGuid REG_SZ {7d5387b0-cbe0-11da-a94d-0800200c9a66} EventMessageFile REG_EXPAND_SZ %SystemRoot%\system32\wbem\Win32_Tpm.dll HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-UserPnp ProviderGuid REG_SZ {96f4a050-7e31-453c-88be-9634f4e02139} EventMessageFile REG_EXPAND_SZ %SystemRoot%\system32\umpnpmgr.dll HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-WHEA-Logger ProviderGuid REG_SZ {c26c4f3c-3f66-4e99-8f8a-39405cfed220} EventMessageFile REG_EXPAND_SZ %systemroot%\system32\whealogr.dll HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-WindowsUpdateClient ProviderGuid REG_SZ {945a8954-c147-4acd-923f-40c45405a658} EventMessageFile REG_EXPAND_SZ %systemroot%\system32\wuaueng.dll HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-Wininit ProviderGuid REG_SZ {206f6dea-d3c5-4d10-bc72-989f03c8b84b} EventMessageFile REG_EXPAND_SZ %SystemRoot%\system32\wininit.exe HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-Winlogon ProviderGuid REG_SZ {dbe9b383-7cf3-4331-91cc-a3cb16a3b538} EventMessageFile REG_EXPAND_SZ %SystemRoot%\system32\winlogon.exe HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-WLAN-AutoConfig ProviderGuid REG_SZ {9580d7dd-0379-4658-9870-d5be7d52d6de} EventMessageFile REG_EXPAND_SZ %windir%\system32\wlansvc.dll HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\mouclass EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\mouclass.sys TypesSupported REG_DWORD 0x7 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\mouhid EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\mouhid.sys TypesSupported REG_DWORD 0x7 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\mpio EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\mpio.sys TypesSupported REG_DWORD 0x7 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\mrxsmb EventMessageFile REG_EXPAND_SZ %systemroot%\system32\netevent.dll;%systemroot%\system32\iologmsg.dll TypesSupported REG_DWORD 0x7 ParameterMessageFile REG_EXPAND_SZ %SystemRoot%\System32\kernel32.dll HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\MSDTC Gateway EventMessageFile REG_SZ C:\Windows\Microsoft.NET\Framework64\v2.0.50727\EventLogMessages.dll HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\MSDTC WS-AT Protocol EventMessageFile REG_SZ C:\Windows\Microsoft.NET\Framework64\v2.0.50727\EventLogMessages.dll HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\MSiSCSI EventMessageFile REG_EXPAND_SZ %systemroot%\System32\iscsiexe.dll TypesSupported REG_DWORD 0x7 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\MTConfig EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\MTConfig.sys TypesSupported REG_DWORD 0x7 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Mup EventMessageFile REG_EXPAND_SZ C:\Windows\system32\netevent.dll;C:\Windows\system32\iologmsg.dll TypesSupported REG_DWORD 0x7 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\NAPIPSecEnf providerGuid REG_EXPAND_SZ {8115579E-2BEA-4C9E-9AB1-821CC2C98AB0} HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\NdisWan EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\mprmsg.dll TypesSupported REG_DWORD 0x1f HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\NetBIOS EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\iologmsg.dll TypesSupported REG_DWORD 0x7 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\NetBT EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\netevent.dll TypesSupported REG_DWORD 0x7 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Netlogon EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\netmsg.dll ParameterMessageFile REG_EXPAND_SZ %SystemRoot%\System32\kernel32.dll TypesSupported REG_DWORD 0x7 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\netr28ux EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\netevent.dll,%SystemRoot%\System32\drivers\netr28ux.sys TypesSupported REG_DWORD 0x7 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\nfrd960 EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\IoLogMsg.dll TypesSupported REG_DWORD 0x7 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Ntfs EventMessageFile REG_EXPAND_SZ %SystemRoot%\system32\drivers\ntfs.sys HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\nvraid HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\nvstor EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\nvstor.sys TypesSupported REG_DWORD 0x7 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\P2PIMSvc ProviderGuid REG_EXPAND_SZ {2992E9CF-4F99-48f5-A0B6-B99B11CD387D} HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Parport EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\parport.sys TypesSupported REG_DWORD 0x7 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\partmgr EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\IoLogMsg.dll TypesSupported REG_DWORD 0x7 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\pcmcia EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\Drivers\Pcmcia.sys TypesSupported REG_DWORD 0x7 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\PersonalSecureDrive EventMessageFile REG_SZ %SystemRoot%\system32\drivers\psd.sys TypesSupported REG_DWORD 0x7 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\PlugPlayManager EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\umpnpmgr.dll TypesSupported REG_DWORD 0x7 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\PNRPSvc ProviderGuid REG_EXPAND_SZ {BBE94F36-F8DC-4C33-8227-81602B7A3D53} HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Power EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\umpo.dll TypesSupported REG_DWORD 0x7 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\PptpMiniport EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\netevent.dll TypesSupported REG_DWORD 0x7 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Print EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\ntprint.dll TypesSupported REG_DWORD 0x7 providerGuid REG_SZ {747EF6FD-E535-4d16-B510-42C90F6873A1} HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\PrintFilterPipelineSvc ProviderGuid REG_EXPAND_SZ {5B33145C-1C66-49F3-B4CA-F563C165F2C0} TypesSupported REG_DWORD 0x1 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Processor EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\processr.sys TypesSupported REG_DWORD 0x7 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\ql2300 EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\IoLogMsg.dll TypesSupported REG_DWORD 0x7 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\ql40xx EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\IoLogMsg.dll TypesSupported REG_DWORD 0x7 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\RasAuto EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\mprmsg.dll TypesSupported REG_DWORD 0x1f HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Rasman EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\mprmsg.dll TypesSupported REG_DWORD 0x1f HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\RasSstp TypesSupported REG_DWORD 0x1c EventMessageFile REG_EXPAND_SZ %systemroot%\system32\sstpsvc.dll ProviderGuid REG_SZ {6c260f2c-049a-43d8-bf4d-d350a4e6611a} HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\rdbss EventMessageFile REG_EXPAND_SZ C:\Windows\system32\netevent.dll TypesSupported REG_DWORD 0x7 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\RemoteAccess EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\mprmsg.dll ParameterMessageFile REG_EXPAND_SZ %SystemRoot%\System32\iassvcs.dll TypesSupported REG_DWORD 0x1f HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\rspndr EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\netevent.dll TypesSupported REG_DWORD 0x7 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\SAM EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\samsrv.dll TypesSupported REG_DWORD 0x7 providerGuid REG_SZ {0D4FDC09-8C27-494A-BDA0-505E4FD8ADAE} HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\sbp2port EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\sbp2port.sys TypesSupported REG_DWORD 0x7 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\SCardSvr providerGuid REG_EXPAND_SZ {4FCBF664-A33A-4652-B436-9D558983D955} HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Schannel ProviderGuid REG_SZ {1f678132-5938-4686-9fdc-c8ff68f15c85} EventMessageFile REG_EXPAND_SZ %windir%\System32\lsasrv.dll HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Serial EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\serial.sys TypesSupported REG_DWORD 0x7 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\sermouse EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\sermouse.sys TypesSupported REG_DWORD 0x7 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Server TypesSupported REG_DWORD 0x7 EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\netevent.dll HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Service Control Manager ProviderGuid REG_SZ {555908d1-a6d7-4695-8e1e-26931d2012f4} EventMessageFile REG_EXPAND_SZ %SystemRoot%\system32\services.exe HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\SiSGbeLH EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\netevent.dll TypesSupported REG_DWORD 0x7 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\SiSRaid2 EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\IoLogMsg.dll TypesSupported REG_DWORD 0x7 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\SiSRaid4 EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\IoLogMsg.dll TypesSupported REG_DWORD 0x7 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Smb EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\netevent.dll TypesSupported REG_DWORD 0x7 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\SMSvcHost 3.0.0.0 CategoryCount REG_DWORD 0xe CategoryMessageFile REG_SZ C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\ServiceModelEvents.dll EventMessageFile REG_SZ C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\ServiceModelEvents.dll HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\SMSvcHost 4.0.0.0 CategoryCount REG_DWORD 0xf CategoryMessageFile REG_SZ C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ServiceModelEvents.dll EventMessageFile REG_SZ C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ServiceModelEvents.dll HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\SNMPTRAP EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\snmptrap.exe TypesSupported REG_DWORD 0x7 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\sptd EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\IoLogMsg.dll TypesSupported REG_DWORD 0x7 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Srv TypesSupported REG_DWORD 0x7 EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\netevent.dll HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\ssadbus EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\drivers\ssadbus.sys TypesSupported REG_DWORD 0x7 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\ssadmdm EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\drivers\ssadmdm.sys TypesSupported REG_DWORD 0x7 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\ssadserd EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\drivers\ssadserd.sys TypesSupported REG_DWORD 0x7 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\sscebus EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\drivers\sscebus.sys TypesSupported REG_DWORD 0x7 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\sscemdm EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\drivers\sscemdm.sys TypesSupported REG_DWORD 0x7 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\ssceserd EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\drivers\ssceserd.sys TypesSupported REG_DWORD 0x7 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\stexstor EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\IoLogMsg.dll TypesSupported REG_DWORD 0x7 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\StillImage TypesSupported REG_DWORD 0x7 EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\wiaservc.dll HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\storflt EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\vmstorfltres.dll TypesSupported REG_DWORD 0x7 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\System CategoryCount REG_DWORD 0x7 CategoryMessageFile REG_EXPAND_SZ %SystemRoot%\system32\wevtapi.dll HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Tcpip EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\netevent.dll TypesSupported REG_DWORD 0x7 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Tcpip6 EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\netevent.dll TypesSupported REG_DWORD 0x7 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\TCPMon TypesSupported REG_DWORD 0x7 EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\tcpmon.dll HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\TermDD TypesSupported REG_DWORD 0x7 EventMessageFile REG_EXPAND_SZ %SystemRoot%\system32\ntdll.dll HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\TermService EventMessageFile REG_EXPAND_SZ %SystemRoot%\system32\termsrv.dll TypesSupported REG_DWORD 0x7 providerGuid REG_SZ {C76BAA63-AE81-421C-B425-340B4B24157F} HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\TPM EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\tpm.sys TypesSupported REG_DWORD 0x7 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\TsUsbFlt ProviderGuid REG_EXPAND_SZ {6e400999-5b82-475f-b800-cef6fe361539} EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\drivers\tsusbflt.sys HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\tunnel EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\netevent.dll TypesSupported REG_DWORD 0x7 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\UmRdpService providerGuid REG_SZ {952773BF-C2B7-49BC-88F4-920744B82C43} EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\umrdp.dll HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\USER32 EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\user32.dll TypesSupported REG_DWORD 0x7 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\VDS Basic Provider EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\vdsbas.dll TypesSupported REG_DWORD 0x7 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\VDS Dynamic Provider EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\vdsdyn.dll TypesSupported REG_DWORD 0x7 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\VDS Virtual Disk Provider EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\vdsvd.dll TypesSupported REG_DWORD 0x7 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\vga EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\vgapnp.sys TypesSupported REG_DWORD 0x7 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Virtual Disk Service EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\vds.exe TypesSupported REG_DWORD 0x7 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\vmbus EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\vmbusres.dll TypesSupported REG_DWORD 0x7 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\volmgr EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\IoLogMsg.dll TypesSupported REG_DWORD 0x7 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Volsnap EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\Drivers\VolSnap.sys TypesSupported REG_DWORD 0x7 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\vsmraid EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\IoLogMsg.dll TypesSupported REG_DWORD 0x7 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\W32Time EventMessageFile REG_EXPAND_SZ %Systemroot%\system32\w32time.dll TypesSupported REG_DWORD 0x7 ProviderGuid REG_SZ {06EDCFEB-0FD0-4E53-ACCA-A6F8BBF81BCB} HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\WacomPen EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\wacompen.sys TypesSupported REG_DWORD 0x7 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Wd EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\drivers\wd.sys TypesSupported REG_DWORD 0x7 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\wdf01000 EventMessageFile REG_SZ C:\Windows\System32\drivers\Wdf01000.sys TypesSupported REG_DWORD 0x7 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\wecsvc EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\wecsvc.dll TypesSupported REG_DWORD 0x7 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Win32k EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\win32k.sys TypesSupported REG_DWORD 0x7 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\WinDefend ParameterMessageFile REG_EXPAND_SZ %ProgramFiles%\Windows Defender\MpEvMsg.dll ProviderGuid REG_SZ {11CD958A-C507-4EF3-B3F2-5FD9DFBD2C78} TypesSupported REG_DWORD 0x7 EventMessageFile REG_EXPAND_SZ %ProgramFiles%\Windows Defender\MpEvMsg.dll HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Windows Disk Diagnostic TypesSupported REG_DWORD 0x7 EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\DFDTS.dll HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Windows Script Host EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\wshext.dll TypesSupported REG_DWORD 0x18 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\WinHttpAutoProxySvc EventMessageFile REG_EXPAND_SZ winhttp.dll ProviderGuid REG_SZ {7D44233D-3055-4B9C-BA64-0D47CA40A232} TypesSupported REG_DWORD 0x7 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\WinRM ProviderGuid REG_EXPAND_SZ {A7975C8F-AC13-49F1-87DA-5A984A4AB417} HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\WMIxWDM EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\IoLogMsg.dll TypesSupported REG_DWORD 0x7 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\WMPNetworkSvc ProviderGuid REG_SZ {6A2DC7C1-930A-4FB5-BB44-80B30AEBED6C} HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Workstation EventMessageFile REG_EXPAND_SZ C:\Windows\system32\netmsg.dll TypesSupported REG_DWORD 0x7 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\WPC TypesSupported REG_DWORD 0x7 EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\wpcsvc.dll HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\WPDClassInstaller ProviderGuid REG_SZ {AD5162D8-DAF0-4A25-88A7-01CBEB33902E} HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Windows PowerShell AutoBackupLogFiles REG_DWORD 0x0 MaxSize REG_DWORD 0xf00000 Sources REG_MULTI_SZ PowerShell Retention REG_DWORD 0x0 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Windows PowerShell\PowerShell CategoryCount REG_DWORD 0x8 CategoryMessageFile REG_EXPAND_SZ %SystemRoot%\system32\WindowsPowerShell\v1.0\pwrshmsg.dll EventMessageFile REG_EXPAND_SZ %SystemRoot%\system32\WindowsPowerShell\v1.0\pwrshmsg.dll ========= End of Reg: ========= ========= reg query HKLM\SYSTEM\CurrentControlSet\Services\Winmgmt /s ========= HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Winmgmt DisplayName REG_SZ @%Systemroot%\system32\wbem\wmisvc.dll,-205 ImagePath REG_EXPAND_SZ %systemroot%\system32\svchost.exe -k netsvcs Description REG_SZ @%Systemroot%\system32\wbem\wmisvc.dll,-204 ObjectName REG_SZ localSystem ErrorControl REG_DWORD 0x0 Start REG_DWORD 0x2 Type REG_DWORD 0x20 DependOnService REG_MULTI_SZ RPCSS ServiceSidType REG_DWORD 0x1 FailureActions REG_BINARY 805101000000000000000000030000001400000001000000C0D4010001000000E09304000000000000000000 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Winmgmt\Parameters ServiceDllUnloadOnStop REG_DWORD 0x1 ServiceDll REG_EXPAND_SZ %SystemRoot%\system32\wbem\WMIsvc.dll ServiceMain REG_SZ ServiceMain ========= End of Reg: ========= ========================= File: C:\Windows\system32\wevtsvc.dll ======================== MD5: 6011714C8C5C55CBFFAD24D61E879FBD Creation and modification date: 2011-02-23 12:42 - 2010-11-20 14:27 Size: 1646080 Attributes: ----A Company Name: Microsoft Corporation Internal Name: wevtsvc.dll Original Name: wevtsvc.dll.mui Product Name: System operacyjny Microsoft® Windows® Description: Usługa rejestrowania zdarzeń File Version: 6.1.7600.16385 (win7_rtm.090713-1255) Product Version: 6.1.7600.16385 Copyright: © Microsoft Corporation. Wszelkie prawa zastrzeżone. ====== End Of File: ====== ==== End of Fixlog ====