[SOLVED] KB4103718 broken (Win 7)

Malbec · Jul 1, 2018

Still not going to the end. Maybe crashes a bit sooner (85% ?).
here is the CBS.log: Liste des fichiers partages
Here is the result of SFCFix

Code:

SFCFix version 3.0.0.0 by niemiro.
Start time: 2018-07-01 15:45:23.848
Microsoft Windows 7 Service Pack 1 - amd64
Using .txt script file at C:\Users\Bruno\Desktop\SFCFixScript.txt [0]

RegistryScript::::
Successfully took ownership and permissions for registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Publishers.
Successfully took ownership and permissions for registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Publishers\{7f8e35ca-68e8-41b9-86fe-d6adc5b327e7}.
Successfully took ownership and permissions for registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Publishers\{7f8e35ca-68e8-41b9-86fe-d6adc5b327e7}\ChannelReferences.

Successfully imported registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Publishers\{7f8e35ca-68e8-41b9-86fe-d6adc5b327e7}.
Successfully imported registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Publishers\{7f8e35ca-68e8-41b9-86fe-d6adc5b327e7}\ChannelReferences.
Successfully imported registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Publishers\{7f8e35ca-68e8-41b9-86fe-d6adc5b327e7}\ChannelReferences\0.

Successfully restored ownership and permissions for registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Publishers\{7f8e35ca-68e8-41b9-86fe-d6adc5b327e7}.
Successfully restored ownership and permissions for registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Publishers.
Successfully restored ownership and permissions for registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Publishers\{7f8e35ca-68e8-41b9-86fe-d6adc5b327e7}\ChannelReferences.
Successfully restored ownership and permissions for registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Publishers\{7f8e35ca-68e8-41b9-86fe-d6adc5b327e7}.
Successfully restored ownership and permissions for registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Publishers\{7f8e35ca-68e8-41b9-86fe-d6adc5b327e7}\ChannelReferences\0.
Successfully restored ownership and permissions for registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Publishers\{7f8e35ca-68e8-41b9-86fe-d6adc5b327e7}\ChannelReferences.
RegistryScript:: directive completed successfully.

Successfully processed all directives.
SFCFix version 3.0.0.0 by niemiro has completed.
Currently storing 17 datablocks.
Finish time: 2018-07-01 15:45:25.221
Script hash: iE2NJbBSpsTzK2fx+Jq0EAqmrvCs6D2/LBOpf8akEX4=
----------------------EOF-----------------------

Sysnative Windows Update · Jul 1, 2018

1. Click your start button and type cmd in the search box.
2. Right-click on cmd that comes up in the search results and select Run as administrator. Answer Yes to the UAC prompt if it appears.
3. Copy/Paste the following into the command-prompt window and hit enter.
reg query HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog /s >1.txt && notepad 1.txt

4. Notepad will open showing some info. Can you copy and paste this into your next reply?

Malbec · Jul 1, 2018

Here it is:

Code:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog
    ServiceDll    REG_EXPAND_SZ    %SystemRoot%\System32\wevtsvc.dll
    ServiceMain    REG_SZ    ServiceMain
    PlugPlayServiceType    REG_DWORD    0x3
    ServiceDllUnloadOnStop    REG_DWORD    0x1
    DisplayName    REG_SZ    @%SystemRoot%\system32\wevtsvc.dll,-200
    Group    REG_SZ    Event Log
    ImagePath    REG_EXPAND_SZ    %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted
    Description    REG_SZ    @%SystemRoot%\system32\wevtsvc.dll,-201
    ObjectName    REG_SZ    NT AUTHORITY\LocalService
    ErrorControl    REG_DWORD    0x1
    Start    REG_DWORD    0x2
    Type    REG_DWORD    0x20
    ServiceSidType    REG_DWORD    0x1
    RequiredPrivileges    REG_MULTI_SZ    SeChangeNotifyPrivilege\0SeImpersonatePrivilege
    FailureActionsOnNonCrashFailures    REG_DWORD    0x1
    FailureActions    REG_BINARY    80510100000000000000000003000000140000000100000060EA000001000000C0D401000000000000000000

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\ACEEventLog
    MaxSize    REG_DWORD    0x80000
    AutoBackupLogFiles    REG_DWORD    0x0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\ACEEventLog\ACEEventLog
    EventMessageFile    REG_EXPAND_SZ    C:\Windows\Microsoft.NET\Framework64\v2.0.50727\EventLogMessages.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\ACEEventLog\ACEEventLogSource
    EventMessageFile    REG_EXPAND_SZ    C:\Windows\Microsoft.NET\Framework64\v2.0.50727\EventLogMessages.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application
    DisplayNameFile    REG_EXPAND_SZ    %SystemRoot%\system32\wevtapi.dll
    DisplayNameID    REG_DWORD    0x100
    PrimaryModule    REG_SZ    Application
    File    REG_EXPAND_SZ    %SystemRoot%\system32\winevt\Logs\Application.evtx
    MaxSize    REG_DWORD    0x1400000
    Retention    REG_DWORD    0x0
    RestrictGuestAccess    REG_DWORD    0x1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\.NET Runtime
    TypesSupported    REG_DWORD    0x7
    EventMessageFile    REG_SZ    C:\Windows\system32\mscoree.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\.NET Runtime Optimization Service
    TypesSupported    REG_DWORD    0x7
    EventMessageFile    REG_SZ    C:\Windows\system32\mscoree.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\Application
    CategoryCount    REG_DWORD    0x7
    CategoryMessageFile    REG_EXPAND_SZ    %SystemRoot%\system32\wevtapi.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\Application Error
    EventMessageFile    REG_EXPAND_SZ    %SystemRoot%\System32\wer.dll
    TypesSupported    REG_DWORD    0x7
    CategoryMessageFile    REG_EXPAND_SZ    %SystemRoot%\System32\wer.dll
    CategoryCount    REG_DWORD    0x1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\Application Hang
    EventMessageFile    REG_EXPAND_SZ    %SystemRoot%\System32\wersvc.dll
    TypesSupported    REG_DWORD    0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\Application Virtualization
    TypesSupported    REG_DWORD    0x7
    EventMessageFile    REG_SZ    C:\Program Files (x86)\Microsoft Application Virtualization Client\sftsharedres.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\Application Virtualization Client
    TypesSupported    REG_DWORD    0x7
    EventMessageFile    REG_SZ    C:\Program Files (x86)\Microsoft Application Virtualization Client\sftevent.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\Application-Addon-Event-Provider
    ProviderGuid    REG_SZ    {a83fa99f-c356-4ded-9fd6-5a5eb8546d68}
    EventMessageFile    REG_EXPAND_SZ    %SystemRoot%\system32\ieframe.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\ASP.NET 2.0.50727.0
    TypesSupported    REG_DWORD    0x7
    EventMessageFile    REG_EXPAND_SZ    C:\Windows\Microsoft.NET\Framework64\v2.0.50727\aspnet_rc.dll
    CategoryCount    REG_DWORD    0x5
    CategoryMessageFile    REG_EXPAND_SZ    C:\Windows\Microsoft.NET\Framework64\v2.0.50727\aspnet_rc.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\ASP.NET 4.0.30319.0
    TypesSupported    REG_DWORD    0x7
    EventMessageFile    REG_EXPAND_SZ    C:\Windows\Microsoft.NET\Framework\v4.0.30319\fr\aspnet_rc.dll
    CategoryCount    REG_DWORD    0x5
    CategoryMessageFile    REG_EXPAND_SZ    C:\Windows\Microsoft.NET\Framework\v4.0.30319\fr\aspnet_rc.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\ATIeRecord
    eRecordEnable    REG_DWORD    0x1
    CategoryCount    REG_DWORD    0x3f
    TypesSupported    REG_DWORD    0x7
    CategoryMessageFile    REG_EXPAND_SZ    %SystemRoot%\System32\drivers\ati2erec.dll
    EventMessageFile    REG_EXPAND_SZ    %SystemRoot%\System32\drivers\ati2erec.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\AutoEnrollment
    ProviderGuid    REG_EXPAND_SZ    {F0DB7EF8-B6F3-4005-9937-FEB77B9E1B43}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\CardSpace 3.0.0.0
    CategoryCount    REG_DWORD    0x1
    CategoryMessageFile    REG_SZ    C:\Windows\System32\icardres.dll
    EventMessageFile    REG_SZ    C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\ServiceModelEvents.dll;C:\Windows\System32\icardres.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\CardSpace 4.0.0.0
    CategoryCount    REG_DWORD    0x1
    CategoryMessageFile    REG_SZ    C:\Windows\system32\icardres.dll
    EventMessageFile    REG_SZ    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ServiceModelEvents.dll;C:\Windows\system32\icardres.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\CertCli
    ProviderGuid    REG_EXPAND_SZ    {98BF1CD3-583E-4926-95EE-A61BF3F46470}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\CertEnroll
    ProviderGuid    REG_EXPAND_SZ    {54164045-7C50-4905-963F-E5BC1EEF0CCA}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\Chkdsk
    TypesSupported    REG_DWORD    0x7
    EventMessageFile    REG_EXPAND_SZ    %SystemRoot%\System32\ulib.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\COM
    providerGuid    REG_EXPAND_SZ    {bf406804-6afa-46e7-8a48-6c357e1d6d61}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\COM+
    providerGuid    REG_EXPAND_SZ    {0f177893-4a9c-4709-b921-f432d67f43d5}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\Customer Experience Improvement Program
    providerGuid    REG_EXPAND_SZ    {A402FE09-DA6E-45F2-82AF-3CB37170EE0C}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\CVHSVC
    EventMessageFile    REG_SZ    C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\fr-fr\CVHIntl.dll
    CategoryMessageFile    REG_SZ    C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\fr-fr\CVHIntl.dll
    CategoryCount    REG_DWORD    0x7
    TypesSupported    REG_DWORD    0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\Desktop Window Manager
    EventMessageFile    REG_EXPAND_SZ    %SystemRoot%\system32\dwm.exe
    TypesSupported    REG_DWORD    0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\DiskQuota
    EventMessageFile    REG_EXPAND_SZ    %SystemRoot%\System32\dskquota.dll
    TypesSupported    REG_SZ    0x00000007

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\Dvd Maker
    TypesSupported    REG_DWORD    0x7
    EventMessageFile    REG_EXPAND_SZ    %ProgramFiles%\DVD Maker\DVDMaker.exe

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\ESENT
    EventMessageFile    REG_EXPAND_SZ    %systemroot%\system32\esent.dll
    CategoryMessageFile    REG_EXPAND_SZ    %systemroot%\system32\esent.dll
    CategoryCount    REG_DWORD    0x10
    TypesSupported    REG_DWORD    0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\EventSystem
    providerGuid    REG_EXPAND_SZ    {899daace-4868-4295-afcd-9eb8fb497561}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\Folder Redirection
    EventMessageFile    REG_EXPAND_SZ    %SystemRoot%\System32\fdeploy.dll
    ProviderGuid    REG_EXPAND_SZ    {7D7B0C39-93F6-4100-BD96-4DDA859652C5}
    TypesSupported    REG_DWORD    0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\Group Policy
    EventMessageFile    REG_EXPAND_SZ    %SystemRoot%\System32\gpapi.dll
    TypesSupported    REG_DWORD    0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\Interactive Services detection
    EventMessageFile    REG_EXPAND_SZ    %SystemRoot%\System32\UI0Detect.exe
    TypesSupported    REG_DWORD    0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\LoadPerf
    ProviderGuid    REG_EXPAND_SZ    {122EE297-BB47-41AE-B265-1CA8D1886D40}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\LocationNotifications
    ProviderGuid    REG_SZ    {5b93cdfa-5f51-45e0-9fde-296983129e6c}
    EventMessageFile    REG_EXPAND_SZ    %SystemRoot%\System32\LocationNotifications.exe

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\mclogevent

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\Microsoft Security Client
    EventMessageFile    REG_SZ    c:\Program Files\Microsoft Security Client\MsMpRes.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\Microsoft Security Client Setup
    EventMessageFile    REG_EXPAND_SZ    %SystemRoot%\System32\EventCreate.exe
    TypesSupported    REG_DWORD    0x7
    CustomSource    REG_DWORD    0x1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\Microsoft-Windows-Application-Experience
    ProviderGuid    REG_SZ    {eef54e71-0661-422d-9a98-82fd4940b820}
    EventMessageFile    REG_EXPAND_SZ    %SystemRoot%\system32\aeevts.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\Microsoft-Windows-ApplicationExperienceInfrastructure
    ProviderGuid    REG_SZ    {5ec13d8e-4b3f-422e-a7e7-3121a1d90c7a}
    EventMessageFile    REG_EXPAND_SZ    %SystemRoot%\system32\apphelp.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\Microsoft-Windows-Audio
    ProviderGuid    REG_SZ    {ae4bd3be-f36f-45b6-8d21-bdd6fb832853}
    EventMessageFile    REG_EXPAND_SZ    %SystemRoot%\System32\audioses.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\Microsoft-Windows-AxInstallService
    ProviderGuid    REG_SZ    {dab3b18c-3c0f-43e8-80b1-e44bc0dad901}
    EventMessageFile    REG_EXPAND_SZ    %SystemRoot%\System32\AxInstSv.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\Microsoft-Windows-Backup
    ProviderGuid    REG_SZ    {1db28f2e-8f80-4027-8c5a-a11f7f10f62d}
    EventMessageFile    REG_EXPAND_SZ    %windir%\system32\BlbEvents.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\Microsoft-Windows-CAPI2
    ProviderGuid    REG_SZ    {5bbca4a8-b209-48dc-a8c7-b23d3e5216fb}
    EventMessageFile    REG_EXPAND_SZ    %SystemRoot%\System32\crypt32.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\Microsoft-Windows-CertificateServicesClient
    ProviderGuid    REG_SZ    {73370bd6-85e5-430b-b60a-fea1285808a7}
    EventMessageFile    REG_EXPAND_SZ    %SystemRoot%\system32\dimsjob.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\Microsoft-Windows-CertificateServicesClient-AutoEnrollment
    ProviderGuid    REG_SZ    {f0db7ef8-b6f3-4005-9937-feb77b9e1b43}
    EventMessageFile    REG_EXPAND_SZ    %SystemRoot%\system32\pautoenr.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\Microsoft-Windows-CertificateServicesClient-CertEnroll
    ProviderGuid    REG_SZ    {54164045-7c50-4905-963f-e5bc1eef0cca}
    EventMessageFile    REG_EXPAND_SZ    %SystemRoot%\system32\certenroll.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\Microsoft-Windows-CertificateServicesClient-CredentialRoaming
    ProviderGuid    REG_SZ    {89a2278b-c662-4aff-a06c-46ad3f220bca}
    EventMessageFile    REG_EXPAND_SZ    %SystemRoot%\system32\dimsroam.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\Microsoft-Windows-CertificationAuthorityClient-CertCli
    ProviderGuid    REG_SZ    {98bf1cd3-583e-4926-95ee-a61bf3f46470}
    EventMessageFile    REG_EXPAND_SZ    %SystemRoot%\system32\certcli.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\Microsoft-Windows-Crypto-RNG
    providerGuid    REG_SZ    {54d5ac20-e14f-4fda-92da-ebf7556ff176}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\Microsoft-Windows-Defrag
    TypesSupported    REG_DWORD    0x7
    EventMessageFile    REG_EXPAND_SZ    %systemroot%\system32\defragsvc.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\Microsoft-Windows-DirectShow-Core
    ProviderGuid    REG_SZ    {968f313b-097f-4e09-9cdd-bc62692d138b}
    EventMessageFile    REG_EXPAND_SZ    %SystemRoot%\system32\quartz.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\Microsoft-Windows-DirectShow-KernelSupport
    ProviderGuid    REG_SZ    {3cc2d4af-da5e-4ed4-bcbe-3cf995940483}
    EventMessageFile    REG_EXPAND_SZ    ksproxy.ax

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\Microsoft-Windows-EapHost
    ProviderGuid    REG_SZ    {6eb8db94-fe96-443f-a366-5fe0cee7fb1c}
    EventMessageFile    REG_EXPAND_SZ    %systemroot%\system32\eapsvc.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\Microsoft-Windows-EFS
    ProviderGuid    REG_SZ    {3663a992-84be-40ea-bba9-90c7ed544222}
    EventMessageFile    REG_EXPAND_SZ    %SystemRoot%\system32\efscore.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\Microsoft-Windows-EventCollector
    ProviderGuid    REG_SZ    {b977cf02-76f6-df84-cc1a-6a4b232322b6}
    EventMessageFile    REG_EXPAND_SZ    %SystemRoot%\system32\wecsvc.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\Microsoft-Windows-Folder Redirection
    ProviderGuid    REG_SZ    {7d7b0c39-93f6-4100-bd96-4dda859652c5}
    EventMessageFile    REG_EXPAND_SZ    %SystemRoot%\System32\fdeploy.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\Microsoft-Windows-LoadPerf
    ProviderGuid    REG_SZ    {122ee297-bb47-41ae-b265-1ca8d1886d40}
    EventMessageFile    REG_EXPAND_SZ    %SystemRoot%\system32\loadperf.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\Microsoft-Windows-PerfCtrs
    ProviderGuid    REG_SZ    {973143dd-f3c7-4ef5-b156-544ac38c39b6}
    EventMessageFile    REG_EXPAND_SZ    %SystemRoot%\system32\perfctrs.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\Microsoft-Windows-PerfNet
    ProviderGuid    REG_SZ    {cab2b8a5-49b9-4eec-b1b0-fac21da05a3b}
    EventMessageFile    REG_EXPAND_SZ    %SystemRoot%\system32\perfnet.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\Microsoft-Windows-PerfOS
    ProviderGuid    REG_SZ    {f82fb576-e941-4956-a2c7-a0cf83f6450a}
    EventMessageFile    REG_EXPAND_SZ    %SystemRoot%\system32\perfos.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\Microsoft-Windows-PerfProc
    ProviderGuid    REG_SZ    {72d211e1-4c54-4a93-9520-4901681b2271}
    EventMessageFile    REG_EXPAND_SZ    %SystemRoot%\system32\perfproc.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\Microsoft-Windows-propsys
    ProviderGuid    REG_EXPAND_SZ    {9485FA1E-23CD-49A1-84E3-11D8BC550CB7}
    EventMessageFile    REG_EXPAND_SZ    %SystemRoot%\system32\propsys.dll
    TypesSupported    REG_DWORD    0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\Microsoft-Windows-RemoteApp and Desktop Connections
    ProviderGuid    REG_SZ    {1b8b402d-78dc-46fb-bf71-46e64aedf165}
    EventMessageFile    REG_EXPAND_SZ    %SystemRoot%\system32\TSWorkspace.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\Microsoft-Windows-RemoteAssistance
    ProviderGuid    REG_SZ    {5b0a651a-8807-45cc-9656-7579815b6af0}
    EventMessageFile    REG_EXPAND_SZ    %systemroot%\system32\msra.exe

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\Microsoft-Windows-RestartManager
    ProviderGuid    REG_SZ    {0888e5ef-9b98-4695-979d-e92ce4247224}
    EventMessageFile    REG_EXPAND_SZ    %SystemRoot%\System32\RstrtMgr.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\Microsoft-Windows-RPC-Events
    ProviderGuid    REG_SZ    {f4aed7c7-a898-4627-b053-44a7caa12fcd}
    EventMessageFile    REG_EXPAND_SZ    %SystemRoot%\system32\rpcrt4.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\Microsoft-Windows-SoftwareRestrictionPolicies
    ProviderGuid    REG_SZ    {7d29d58a-931a-40ac-8743-48c733045548}
    EventMessageFile    REG_EXPAND_SZ    %SystemRoot%\system32\advapi32.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\Microsoft-Windows-Spell-Checking
    ProviderGuid    REG_SZ    {d0e22efc-ac66-4b25-a72d-382736b5e940}
    EventMessageFile    REG_EXPAND_SZ    %systemroot%\System32\MsSpellCheckingFacility.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\Microsoft-Windows-SpellChecker
    ProviderGuid    REG_SZ    {b2fcd41f-9a40-4150-8c92-b224b7d8c8aa}
    EventMessageFile    REG_EXPAND_SZ    %systemroot%\System32\MsSpellCheckingFacility.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\Microsoft-Windows-TerminalServices-ClientActiveXCore
    ProviderGuid    REG_SZ    {28aa95bb-d444-4719-a36f-40462168127e}
    EventMessageFile    REG_EXPAND_SZ    %SystemRoot%\system32\mstscax.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\Microsoft-Windows-User Profiles General
    ProviderGuid    REG_SZ    {db00dfb6-29f9-4a9c-9b3b-1f4f9e7d9770}
    EventMessageFile    REG_EXPAND_SZ    %SystemRoot%\System32\userenv.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\Microsoft-Windows-User Profiles Service
    ProviderGuid    REG_SZ    {89b1e9f0-5aff-44a6-9b44-0a07a7ce5845}
    EventMessageFile    REG_EXPAND_SZ    %SystemRoot%\System32\profsvc.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\Microsoft-Windows-User-Loader
    ProviderGuid    REG_SZ    {b059b83f-d946-4b13-87ca-4292839dc2f2}
    EventMessageFile    REG_EXPAND_SZ    %SystemRoot%\system32\advapi32.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\Microsoft-Windows-Video-For-Windows
    ProviderGuid    REG_SZ    {712abb2d-d806-4b42-9682-26da01d8b307}
    EventMessageFile    REG_EXPAND_SZ    %SystemRoot%\system32\mciavi32.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\Microsoft-Windows-WBioSrvc
    providerGuid    REG_SZ    {A0E3D8EA-C34F-4419-A1DB-90435B8B21D0}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\Microsoft-Windows-WindowsSystemAssessmentTool
    ProviderGuid    REG_SZ    {11a75546-3234-465e-bec8-2d301cb501ac}
    EventMessageFile    REG_EXPAND_SZ    %SystemRoot%\system32\WINSAT.EXE

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\Microsoft-Windows-Winsrv
    ProviderGuid    REG_SZ    {9d55b53d-449b-4824-a637-24f9d69aa02f}
    EventMessageFile    REG_EXPAND_SZ    %SystemRoot%\system32\winsrv.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\Microsoft-Windows-XWizards
    ProviderGuid    REG_SZ    {777ba8fe-2498-4875-933a-3067de883070}
    EventMessageFile    REG_EXPAND_SZ    %windir%\system32\xwizards.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\Microsoft.Transactions.Bridge 3.0.0.0
    CategoryCount    REG_DWORD    0xe
    CategoryMessageFile    REG_SZ    C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\ServiceModelEvents.dll
    EventMessageFile    REG_SZ    C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\ServiceModelEvents.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\Microsoft.Transactions.Bridge 4.0.0.0
    CategoryCount    REG_DWORD    0xf
    CategoryMessageFile    REG_SZ    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ServiceModelEvents.dll
    EventMessageFile    REG_SZ    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ServiceModelEvents.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\MPSampleSubmission
    (par d‚faut)    REG_SZ    1
    EventMessageFile    REG_SZ    
    TypesSupported    REG_DWORD    0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\MSDTC
    providerGuid    REG_EXPAND_SZ    {719BE4ED-E9BC-4DD8-A7CF-C85CE8E4975D}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\MSDTC 2
    providerGuid    REG_EXPAND_SZ    {5D9E0020-3761-4f36-90C8-38CE6511BD12}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\MSDTC Client
    providerGuid    REG_EXPAND_SZ    {7A67066E-193F-4D3A-82D3-322FEE5259DE}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\MSDTC Client 2
    providerGuid    REG_EXPAND_SZ    {155CB334-3D7F-4ff1-B107-DF8AFC3C0363}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\MsiInstaller
    EventMessageFile    REG_EXPAND_SZ    %SystemRoot%\system32\msimsg.dll
    TypesSupported    REG_DWORD    0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\Office Software Protection Platform Service
    EventMessageFile    REG_SZ    C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    TypesSupported    REG_DWORD    0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\PDH
    ProviderGuid    REG_EXPAND_SZ    {04D66358-C4A1-419B-8023-23B73902DE2C}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\PerfCtrs
    ProviderGuid    REG_EXPAND_SZ    {973143DD-F3C7-4EF5-B156-544AC38C39B6}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\PerfDisk
    ProviderGuid    REG_EXPAND_SZ    {7F9D83DE-8ABB-457F-98E8-4AD161449ECC}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\Perflib
    ProviderGuid    REG_EXPAND_SZ    {13B197BD-7CEE-4B4E-8DD0-59314CE374CE}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\PerfNet
    ProviderGuid    REG_EXPAND_SZ    {CAB2B8A5-49B9-4EEC-B1B0-FAC21DA05A3B}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\PerfOs
    ProviderGuid    REG_EXPAND_SZ    {F82FB576-E941-4956-A2C7-A0CF83F6450A}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\PerfProc
    ProviderGuid    REG_EXPAND_SZ    {72D211E1-4C54-4A93-9520-4901681B2271}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\Process Exit Monitor
    providerGuid    REG_EXPAND_SZ    {FD771D53-8492-4057-8E35-8C02813AF49B}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\Profsvc
    EventMessageFile    REG_EXPAND_SZ    %SystemRoot%\System32\profsvc.dll
    TypesSupported    REG_DWORD    0x7
    ProviderGuid    REG_SZ    {89B1E9F0-5AFF-44A6-9B44-0A07A7CE5845}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\RasClient
    EventMessageFile    REG_EXPAND_SZ    %SystemRoot%\System32\mprmsg.dll
    TypesSupported    REG_DWORD    0x1f

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\SampleCollector
    EventMessageFile    REG_EXPAND_SZ    C:\Program Files\Sony\VAIO Care\VCPerfService.exe
    TypesSupported    REG_DWORD    0x7
    CategoryMessageFile    REG_EXPAND_SZ    C:\Program Files\Sony\VAIO Care\VCPerfService.exe
    CategoryCount    REG_DWORD    0x1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\SceCli
    EventMessageFile    REG_EXPAND_SZ    %SystemRoot%\System32\scecli.dll
    TypesSupported    REG_DWORD    0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\SceSrv
    EventMessageFile    REG_EXPAND_SZ    %SystemRoot%\System32\scesrv.dll
    TypesSupported    REG_DWORD    0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\SecurityCenter
    TypesSupported    REG_DWORD    0x7
    EventMessageFile    REG_EXPAND_SZ    %SystemRoot%\System32\wscsvc.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\ServiceModel Audit 3.0.0.0
    TypesSupported    REG_DWORD    0x1f
    CategoryCount    REG_DWORD    0x2
    CategoryMessageFile    REG_SZ    C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\ServiceModelEvents.dll
    EventMessageFile    REG_SZ    C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\ServiceModelEvents.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\ServiceModel Audit 4.0.0.0
    TypesSupported    REG_DWORD    0x1f
    CategoryCount    REG_DWORD    0x2
    CategoryMessageFile    REG_SZ    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ServiceModelEvents.dll
    EventMessageFile    REG_SZ    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ServiceModelEvents.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\SideBySide
    EventMessageFile    REG_EXPAND_SZ    %SystemRoot%\System32\sxs.dll
    TypesSupported    REG_DWORD    0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\Software Protection Platform Service
    EventMessageFile    REG_EXPAND_SZ    %windir%\system32\sppsvc.exe
    TypesSupported    REG_DWORD    0x7
    ProviderGuid    REG_SZ    {E23B33B0-C8C9-472C-A5F9-F2BDFEA0F156}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\SPP
    TypesSupported    REG_DWORD    0x7
    EventMessageFile    REG_EXPAND_SZ    %systemroot%\system32\sxproxy.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\Standard TCP/IP Port
    ProviderGuid    REG_EXPAND_SZ    {CAD2D809-03D9-4F46-9CF4-72AA4F04B6B9}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\System Restore
    TypesSupported    REG_DWORD    0x7
    EventMessageFile    REG_EXPAND_SZ    %systemroot%\system32\srcore.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\System.IdentityModel 3.0.0.0
    CategoryCount    REG_DWORD    0xe
    CategoryMessageFile    REG_SZ    C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\ServiceModelEvents.dll
    EventMessageFile    REG_SZ    C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\ServiceModelEvents.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\System.IdentityModel 4.0.0.0
    CategoryCount    REG_DWORD    0xf
    CategoryMessageFile    REG_SZ    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ServiceModelEvents.dll
    EventMessageFile    REG_SZ    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ServiceModelEvents.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\System.IO.Log 3.0.0.0
    CategoryCount    REG_DWORD    0xe
    CategoryMessageFile    REG_SZ    C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\ServiceModelEvents.dll
    EventMessageFile    REG_SZ    C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\ServiceModelEvents.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\System.IO.Log 4.0.0.0
    CategoryCount    REG_DWORD    0xf
    CategoryMessageFile    REG_SZ    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ServiceModelEvents.dll
    EventMessageFile    REG_SZ    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ServiceModelEvents.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\System.Runtime.Serialization 3.0.0.0
    CategoryCount    REG_DWORD    0xe
    CategoryMessageFile    REG_SZ    C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\ServiceModelEvents.dll
    EventMessageFile    REG_SZ    C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\ServiceModelEvents.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\System.Runtime.Serialization 4.0.0.0
    CategoryCount    REG_DWORD    0xf
    CategoryMessageFile    REG_SZ    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ServiceModelEvents.dll
    EventMessageFile    REG_SZ    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ServiceModelEvents.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\System.ServiceModel 3.0.0.0
    CategoryCount    REG_DWORD    0xe
    CategoryMessageFile    REG_SZ    C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\ServiceModelEvents.dll
    EventMessageFile    REG_SZ    C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\ServiceModelEvents.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\System.ServiceModel 4.0.0.0
    CategoryCount    REG_DWORD    0xf
    CategoryMessageFile    REG_SZ    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ServiceModelEvents.dll
    EventMessageFile    REG_SZ    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ServiceModelEvents.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\usbperf
    EventMessageFile    REG_EXPAND_SZ    %SystemRoot%\system32\usbperf.dll
    TypesSupported    REG_DWORD    0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\Userenv
    EventMessageFile    REG_EXPAND_SZ    %SystemRoot%\System32\userenv.dll
    TypesSupported    REG_DWORD    0x7
    ProviderGuid    REG_SZ    {DB00DFB6-29F9-4A9C-9B3B-1F4F9E7D9770}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\VBRuntime
    EventMessageFile    REG_SZ    C:\Windows\SysWOW64\msvbvm60.dll
    TypesSupported    REG_DWORD    0x4

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\VSS
    TypesSupported    REG_DWORD    0x7
    EventMessageFile    REG_EXPAND_SZ    %SystemRoot%\System32\VSSVC.EXE

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\VSSetup
    EventMessageFile    REG_EXPAND_SZ    C:\03ac24f3b135cc3e033e9212\DW\DW20.exe
    TypesSupported    REG_DWORD    0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\WerSvc
    EventMessageFile    REG_EXPAND_SZ    %SystemRoot%\System32\wersvc.dll
    TypesSupported    REG_DWORD    0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\Windows Activation Technologies
    TypesSupported    REG_DWORD    0x7
    EventMessageFile    REG_EXPAND_SZ    %SystemRoot%\system32\Wat\WatUX.exe

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\Windows Backup
    TypesSupported    REG_DWORD    0x7
    EventMessageFile    REG_EXPAND_SZ    %systemroot%\system32\sdengin2.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\Windows Error Reporting
    EventMessageFile    REG_EXPAND_SZ    %SystemRoot%\System32\wer.dll
    TypesSupported    REG_DWORD    0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\Windows Search Service
    ProviderGuid    REG_SZ    {CA4E628D-8567-4896-AB6B-835B221F373F}
    TypesSupported    REG_DWORD    0x7
    CategoryCount    REG_DWORD    0x7
    CategoryMessageFile    REG_EXPAND_SZ    %systemroot%\system32\tquery.dll
    EventMessageFile    REG_EXPAND_SZ    %systemroot%\system32\tquery.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\Windows Search Service Profile Notification
    ProviderGuid    REG_SZ    {FC6F77DD-769A-470E-BCF9-1B6555A118BE}
    TypesSupported    REG_DWORD    0x7
    EventMessageFile    REG_EXPAND_SZ    %SystemRoot%\system32\wsepno.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\Wininit
    EventMessageFile    REG_EXPAND_SZ    %SystemRoot%\System32\wininit.exe
    TypesSupported    REG_DWORD    0x7
    providerGuid    REG_SZ    {206f6dea-d3c5-4d10-bc72-989f03c8b84b}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\Winlogon
    EventMessageFile    REG_EXPAND_SZ    %SystemRoot%\System32\winlogon.exe
    TypesSupported    REG_DWORD    0x7
    providerGuid    REG_SZ    {DBE9B383-7CF3-4331-91CC-A3CB16A3B538}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\WinMgmt
    ProviderGuid    REG_EXPAND_SZ    {1edeee53-0afe-4609-b846-d8c0b2075b1f}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\Wlclntfy
    EventMessageFile    REG_EXPAND_SZ    %SystemRoot%\System32\winlogon.exe
    TypesSupported    REG_DWORD    0x7
    providerGuid    REG_SZ    {DBE9B383-7CF3-4331-91CC-A3CB16A3B538}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\WMI.NET Provider Extension
    TypesSupported    REG_DWORD    0x7
    EventMessageFile    REG_SZ    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\EventLogMessages.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\Wow64 Emulation Layer
    EventMessageFile    REG_EXPAND_SZ    %SystemRoot%\System32\ntvdm64.dll
    TypesSupported    REG_DWORD    0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\WSH
    EventMessageFile    REG_EXPAND_SZ    %SystemRoot%\System32\wshext.dll
    TypesSupported    REG_DWORD    0x1f

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\HardwareEvents
    File    REG_EXPAND_SZ    %systemroot%\system32\winevt\logs\HardwareEvents.evtx
    MaxSize    REG_DWORD    0x1400000
    Retention    REG_DWORD    0x0
    DisplayNameFile    REG_EXPAND_SZ    %SystemRoot%\system32\wecsvc.dll
    DisplayNameID    REG_DWORD    0x100

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Internet Explorer
    CustomSD    REG_SZ    O:BAG:SYD:(A;;0x07;;;WD)S:(ML;;0x1;;;LW)

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Key Management Service
    MaxSize    REG_DWORD    0x1400000
    Retention    REG_DWORD    0x0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Key Management Service\KmsRequests
    EventMessageFile    REG_EXPAND_SZ    %windir%\system32\sppsvc.exe
    TypesSupported    REG_DWORD    0x7
    ProviderGuid    REG_SZ    {E23B33B0-C8C9-472C-A5F9-F2BDFEA0F156}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Media Center
    MaxSize    REG_DWORD    0x800000
    File    REG_EXPAND_SZ    %SystemRoot%\System32\winevt\Logs\Media Center.evtx
    Retention    REG_DWORD    0x0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Media Center\ehExtHost
    EventMessageFile    REG_EXPAND_SZ    %SystemRoot%\ehome\ehepgres.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Media Center\ehRecvr
    EventMessageFile    REG_EXPAND_SZ    %SystemRoot%\ehome\ehRecvr.exe

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Media Center\ehSched
    EventMessageFile    REG_EXPAND_SZ    %SystemRoot%\ehome\ehSched.exe

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Media Center\ehshell
    EventMessageFile    REG_EXPAND_SZ    %SystemRoot%\ehome\ehepgres.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Media Center\mcstore
    EventMessageFile    REG_EXPAND_SZ    %SystemRoot%\ehome\ehepgres.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Media Center\MCUpdate
    EventMessageFile    REG_EXPAND_SZ    %SystemRoot%\ehome\ehepgres.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Media Center\Recording
    EventMessageFile    REG_EXPAND_SZ    %SystemRoot%\ehome\ehepgres.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\OAlerts
    DisplayNameFile    REG_SZ    C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\OFFREL.DLL
    DisplayNameID    REG_DWORD    0x66
    MaxSize    REG_DWORD    0x20000
    PrimaryModule    REG_SZ    OAlerts
    Retention    REG_DWORD    0x0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\OAlerts\Microsoft Office 14 Alerts
    EventMessageFile    REG_SZ    C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\OFFREL.DLL
    TypesSupported    REG_DWORD    0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Security
    DisplayNameFile    REG_EXPAND_SZ    %SystemRoot%\system32\wevtapi.dll
    DisplayNameID    REG_DWORD    0x101
    Isolation    REG_DWORD    0x2
    PrimaryModule    REG_SZ    Security
    File    REG_EXPAND_SZ    %SystemRoot%\System32\winevt\Logs\Security.evtx
    MaxSize    REG_DWORD    0x1400000
    Retention    REG_DWORD    0x0
    Security    REG_BINARY    01001480B4000000C4000000140000004400000002003000020000000240140072010D0001010000000000010000000002801400FF010F00010100000000000100000000020070000400000000002800FF010F00010600000000000550000000B589FB381984C2CB5C6C236D5700776EC002648700001800FF010F000102000000000005200000002002000000001400FF010F00010100000000000512000000000014008D01020001010000000000050B00000001020000000000052000000020020000010100000000000512000000
    RestrictGuestAccess    REG_DWORD    0x1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Security\DS
    ParameterMessageFile    REG_EXPAND_SZ    %SystemRoot%\System32\MsObjs.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Security\DS\ObjectNames
    Directory Service Object    REG_DWORD    0x1e00

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Security\LSA
    ParameterMessageFile    REG_EXPAND_SZ    %SystemRoot%\System32\MsObjs.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Security\LSA\ObjectNames
    PolicyObject    REG_DWORD    0x1600
    SecretObject    REG_DWORD    0x1610
    TrustedDomainObject    REG_DWORD    0x1620
    UserAccountObject    REG_DWORD    0x1630
    AdtSecurity    REG_DWORD    0x1f00

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Security\Microsoft-Windows-Eventlog
    ProviderGuid    REG_SZ    {fc65ddd8-d6ef-4962-83d5-6e5cfe9ce148}
    EventMessageFile    REG_EXPAND_SZ    %SystemRoot%\System32\wevtsvc.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Security\Microsoft-Windows-Security-Auditing
    ProviderGuid    REG_SZ    {54849625-5478-4994-a5ba-3e3b0328c30d}
    EventMessageFile    REG_EXPAND_SZ    %SystemRoot%\system32\adtschema.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Security\SC Manager
    ParameterMessageFile    REG_EXPAND_SZ    %SystemRoot%\System32\MsObjs.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Security\SC Manager\ObjectNames
    SC_MANAGER Object    REG_DWORD    0x1c00
    SERVICE Object    REG_DWORD    0x1c10

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Security\Security
    CategoryCount    REG_DWORD    0x9
    CategoryMessageFile    REG_EXPAND_SZ    %SystemRoot%\System32\MsAuditE.dll
    EventMessageFile    REG_EXPAND_SZ    %SystemRoot%\System32\MsAuditE.dll
    ParameterMessageFile    REG_EXPAND_SZ    %SystemRoot%\System32\MsObjs.dll
    TypesSupported    REG_DWORD    0x1c

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Security\Security\ObjectNames
    Channel    REG_DWORD    0x1400
    Desktop    REG_DWORD    0x1a10
    Device    REG_DWORD    0x1100
    Directory    REG_DWORD    0x1110
    Event    REG_DWORD    0x1120
    EventPair    REG_DWORD    0x1130
    File    REG_DWORD    0x1140
    IoCompletion    REG_DWORD    0x1300
    Job    REG_DWORD    0x1410
    Key    REG_DWORD    0x1150
    KeyedEvent    REG_DWORD    0x1640
    MailSlot    REG_DWORD    0x1140
    Mutant    REG_DWORD    0x1160
    NamedPipe    REG_DWORD    0x1140
    Port    REG_DWORD    0x1170
    Process    REG_DWORD    0x1180
    Profile    REG_DWORD    0x1190
    Section    REG_DWORD    0x11a0
    Semaphore    REG_DWORD    0x11b0
    SymbolicLink    REG_DWORD    0x11c0
    Thread    REG_DWORD    0x11d0
    Timer    REG_DWORD    0x11e0
    Token    REG_DWORD    0x11f0
    Type    REG_DWORD    0x1200
    WaitablePort    REG_DWORD    0x1170
    ALPC Port    REG_DWORD    0x1170
    WindowStation    REG_DWORD    0x1a00
    WMI Namespace    REG_DWORD    0x4200

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Security\Security Account Manager
    ParameterMessageFile    REG_EXPAND_SZ    %SystemRoot%\System32\MsObjs.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Security\Security Account Manager\ObjectNames
    SAM_ALIAS    REG_DWORD    0x1530
    SAM_DOMAIN    REG_DWORD    0x1510
    SAM_GROUP    REG_DWORD    0x1520
    SAM_SERVER    REG_DWORD    0x1500
    SAM_USER    REG_DWORD    0x1540

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Security\ServiceModel 3.0.0.0
    ParameterMessageFile    REG_SZ    C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\ServiceModelEvents.dll
    TypesSupported    REG_DWORD    0x1f
    CategoryCount    REG_DWORD    0x3
    CategoryMessageFile    REG_SZ    %SystemRoot%\System32\MsAuditE.dll
    EventSourceFlags    REG_DWORD    0x1
    EventMessageFile    REG_SZ    C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\ServiceModelEvents.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Security\ServiceModel 4.0.0.0
    TypesSupported    REG_DWORD    0x1f
    CategoryMessageFile    REG_SZ    %SystemRoot%\System32\MsAuditE.dll
    CategoryCount    REG_DWORD    0x3
    ParameterMessageFile    REG_SZ    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ServiceModelEvents.dll
    EventMessageFile    REG_SZ    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ServiceModelEvents.dll
    EventSourceFlags    REG_DWORD    0x1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Security\Spooler
    ParameterMessageFile    REG_EXPAND_SZ    %SystemRoot%\System32\MsObjs.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Security\Spooler\ObjectNames
    Document    REG_DWORD    0x1b20
    Printer    REG_DWORD    0x1b10
    Server    REG_DWORD    0x1b00

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Security\TCP/IP
    ParameterMessageFile    REG_EXPAND_SZ    %SystemRoot%\System32\MsObjs.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Security\TCP/IP\ObjectNames
    InternetPort    REG_DWORD    0x1f80

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Security\VSSAudit
    EventMessageFile    REG_EXPAND_SZ    %SystemRoot%\System32\VSSVC.EXE
    EventSourceFlags    REG_DWORD    0x0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System
    DisplayNameFile    REG_EXPAND_SZ    %SystemRoot%\system32\wevtapi.dll
    DisplayNameID    REG_DWORD    0x102
    PrimaryModule    REG_SZ    System
    File    REG_EXPAND_SZ    %SystemRoot%\system32\winevt\Logs\System.evtx
    MaxSize    REG_DWORD    0x1400000
    Retention    REG_DWORD    0x0
    RestrictGuestAccess    REG_DWORD    0x1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\ACPI
    EventMessageFile    REG_EXPAND_SZ    %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\Drivers\acpi.sys
    TypesSupported    REG_DWORD    0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\adp94xx
    EventMessageFile    REG_EXPAND_SZ    %SystemRoot%\System32\IoLogMsg.dll
    TypesSupported    REG_DWORD    0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\adpahci
    EventMessageFile    REG_EXPAND_SZ    %SystemRoot%\System32\IoLogMsg.dll
    TypesSupported    REG_DWORD    0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\adpu320
    EventMessageFile    REG_EXPAND_SZ    %SystemRoot%\System32\IoLogMsg.dll
    TypesSupported    REG_DWORD    0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\AeLookupSvc
    EventMessageFile    REG_EXPAND_SZ    %SystemRoot%\System32\aelupsvc.dll
    TypesSupported    REG_DWORD    0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\AmdK8
    EventMessageFile    REG_EXPAND_SZ    %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\amdk8.sys
    TypesSupported    REG_DWORD    0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\amdkmdag
    EventMessageFile    REG_EXPAND_SZ    %SystemRoot%\System32\drivers\ati2erec.dll
    TypesSupported    REG_DWORD    0x7
    CategoryMessageFile    REG_EXPAND_SZ    %SystemRoot%\System32\drivers\ati2erec.dll
    CategoryCount    REG_DWORD    0x3f

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\amdkmdap
    EventMessageFile    REG_EXPAND_SZ    %SystemRoot%\System32\drivers\ati2erec.dll
    TypesSupported    REG_DWORD    0x7
    CategoryMessageFile    REG_EXPAND_SZ    %SystemRoot%\System32\drivers\ati2erec.dll
    CategoryCount    REG_DWORD    0x3f

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\AmdPPM
    EventMessageFile    REG_EXPAND_SZ    %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\amdppm.sys
    TypesSupported    REG_DWORD    0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\amdsata
    EventMessageFile    REG_EXPAND_SZ    %SystemRoot%\System32\IoLogMsg.dll
    TypesSupported    REG_DWORD    0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\amdsbs
    EventMessageFile    REG_EXPAND_SZ    %SystemRoot%\System32\IoLogMsg.dll
    TypesSupported    REG_DWORD    0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\amdxata
    EventMessageFile    REG_EXPAND_SZ    %SystemRoot%\System32\IoLogMsg.dll
    TypesSupported    REG_DWORD    0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\amd_sata
    EventMessageFile    REG_EXPAND_SZ    %SystemRoot%\System32\IoLogMsg.dll
    TypesSupported    REG_DWORD    0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\amd_xata
    EventMessageFile    REG_EXPAND_SZ    %SystemRoot%\System32\IoLogMsg.dll
    TypesSupported    REG_DWORD    0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\Application Popup
    EventMessageFile    REG_EXPAND_SZ    %SystemRoot%\System32\ntdll.dll
    TypesSupported    REG_DWORD    0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\arc
    EventMessageFile    REG_EXPAND_SZ    %SystemRoot%\System32\IoLogMsg.dll
    TypesSupported    REG_DWORD    0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\arcsas
    EventMessageFile    REG_EXPAND_SZ    %SystemRoot%\System32\IoLogMsg.dll
    TypesSupported    REG_DWORD    0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\AsyncMac
    EventMessageFile    REG_EXPAND_SZ    %SystemRoot%\System32\mprmsg.dll
    TypesSupported    REG_DWORD    0x1f

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\atapi
    EventMessageFile    REG_EXPAND_SZ    %SystemRoot%\System32\IoLogMsg.dll
    TypesSupported    REG_DWORD    0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\athr
    EventMessageFile    REG_EXPAND_SZ    %SystemRoot%\System32\netevent.dll
    TypesSupported    REG_DWORD    0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\atikmdag
    EventMessageFile    REG_EXPAND_SZ    %SystemRoot%\System32\drivers\ati2erec.dll
    TypesSupported    REG_DWORD    0x7
    CategoryMessageFile    REG_EXPAND_SZ    %SystemRoot%\System32\drivers\ati2erec.dll
    CategoryCount    REG_DWORD    0x3f

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\avipbb
    TypesSupported    REG_DWORD    0x7
    EventMessageFile    REG_EXPAND_SZ    %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\avipbb.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\b06bdrv
    eventmessagefile    REG_EXPAND_SZ    %SystemRoot%\System32\iologmsg.dll;%SystemRoot%\System32\drivers\bxvbda.sys
    typessupported    REG_DWORD    0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\b57nd60a
    EventMessageFile    REG_EXPAND_SZ    %SystemRoot%\System32\netevent.dll;%SystemRoot%\System32\drivers\b57nd60a.sys
    TypesSupported    REG_DWORD    0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\beep
    EventMessageFile    REG_EXPAND_SZ    %SystemRoot%\System32\IoLogMsg.dll
    TypesSupported    REG_DWORD    0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\Bowser
    EventMessageFile    REG_EXPAND_SZ    %systemroot%\system32\netevent.dll
    TypesSupported    REG_DWORD    0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\Browser
    EventMessageFile    REG_EXPAND_SZ    %systemroot%\system32\netevent.dll
    TypesSupported    REG_DWORD    0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\BthEnum

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\BTHPORT
    EventMessageFile    REG_EXPAND_SZ    %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\Drivers\Bthport.sys
    TypesSupported    REG_DWORD    0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\BTHUSB
    EventMessageFile    REG_EXPAND_SZ    %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\Drivers\Bthport.sys;%SystemRoot%\System32\Drivers\BthUsb.sys
    TypesSupported    REG_DWORD    0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\btwrchid

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\BugCheck
    providerGuid    REG_EXPAND_SZ    {ABCE23E7-DE45-4366-8631-84FA6C525952}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\cdrom
    EventMessageFile    REG_EXPAND_SZ    %SystemRoot%\System32\IoLogMsg.dll
    TypesSupported    REG_DWORD    0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\DCOM
    providerGuid    REG_EXPAND_SZ    {1B562E86-B7AA-4131-BADC-B6F3A001407E}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\DfsSvc
    ProviderGuid    REG_EXPAND_SZ    {7DA4FE0E-FD42-4708-9AA5-89B77A224885}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\Dhcp
    providerGuid    REG_EXPAND_SZ    {15A7A4F8-0072-4EAB-ABAD-F98A4D666AED}
    EventMessageFile    REG_EXPAND_SZ    %SystemRoot%\System32\dhcpcore.dll
    ParameterMessageFile    REG_EXPAND_SZ    %SystemRoot%\System32\kernel32.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\Dhcpv6
    providerGuid    REG_EXPAND_SZ    {6A1F2B00-6A90-4C38-95A5-5CAB3B056778}
    EventMessageFile    REG_EXPAND_SZ    %SystemRoot%\system32\dhcpcore6.dll
    ParameterMessageFile    REG_EXPAND_SZ    %SystemRoot%\system32\kernelbase.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\Dhcp_QEC
    EventMessageFile    REG_EXPAND_SZ    %Systemroot%\System32\dhcpqec.dll
    ParameterMessageFile    REG_EXPAND_SZ    %Systemroot%\System32\dhcpqec.dll
    TypesSupported    REG_DWORD    0x1f
    providerGuid    REG_EXPAND_SZ    {F6DA35CE-D312-41C8-9828-5A2E173C91B6}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\disk
    EventMessageFile    REG_EXPAND_SZ    %SystemRoot%\System32\IoLogMsg.dll
    TypesSupported    REG_DWORD    0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\Display
    EventMessageFile    REG_EXPAND_SZ    %SystemRoot%\System32\DispCI.dll
    TypesSupported    REG_DWORD    0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\Dnsapi
    ParameterMessageFile    REG_EXPAND_SZ    %Systemroot%\system32\kernel32.dll
    EventMessageFile    REG_EXPAND_SZ    %Systemroot%\system32\netevent.dll
    TypesSupported    REG_DWORD    0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\Dnscache
    ParameterMessageFile    REG_EXPAND_SZ    %Systemroot%\system32\kernel32.dll
    EventMessageFile    REG_EXPAND_SZ    %Systemroot%\system32\netevent.dll
    TypesSupported    REG_DWORD    0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\ebdrv
    eventmessagefile    REG_EXPAND_SZ    %SystemRoot%\System32\iologmsg.dll;%SystemRoot%\System32\drivers\evbda.sys
    typessupported    REG_DWORD    0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\elxstor
    EventMessageFile    REG_EXPAND_SZ    %SystemRoot%\System32\IoLogMsg.dll
    TypesSupported    REG_DWORD    0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\eventlog
    EventMessageFile    REG_EXPAND_SZ    %SystemRoot%\System32\netevent.dll
    TypesSupported    REG_DWORD    0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\exFAT
    TypesSupported    REG_DWORD    0x7
    EventMessageFile    REG_EXPAND_SZ    %SystemRoot%\System32\IoLogMsg.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\FltMgr
    TypesSupported    REG_DWORD    0x7
    EventMessageFile    REG_EXPAND_SZ    %SystemRoot%\System32\drivers\fltmgr.sys;%SystemRoot%\System32\IoLogMsg.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\fvevol
    ProviderGuid    REG_EXPAND_SZ    {651DF93B-5053-4D1E-94C5-F6E6D25908D0}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\HidBth
    EventMessageFile    REG_EXPAND_SZ    %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\Drivers\hidbth.sys
    TypesSupported    REG_DWORD    0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\HpSAMD
    EventMessageFile    REG_EXPAND_SZ    %SystemRoot%\System32\IoLogMsg.dll
    TypesSupported    REG_DWORD    0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\Http
    ProviderGuid    REG_EXPAND_SZ    {7b6bc78c-898b-4170-bbf8-1a469ea43fc5}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\i8042prt
    EventMessageFile    REG_EXPAND_SZ    %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\i8042prt.sys
    TypesSupported    REG_DWORD    0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\iaStorV
    EventMessageFile    REG_EXPAND_SZ    %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\iaStorV.sys
    TypesSupported    REG_DWORD    0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\iirsp
    EventMessageFile    REG_EXPAND_SZ    %SystemRoot%\System32\IoLogMsg.dll
    TypesSupported    REG_DWORD    0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\intelppm
    EventMessageFile    REG_EXPAND_SZ    %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\intelppm.sys
    TypesSupported    REG_DWORD    0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\IPMGM
    providerGuid    REG_EXPAND_SZ    {29D13147-1C2E-48EC-9994-E29DFE496EB3}
    EventMessageFile    REG_EXPAND_SZ    %SystemRoot%\System32\rtm.dll
    TypesSupported    REG_DWORD    0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\IPMIDRV
    EventMessageFile    REG_EXPAND_SZ    %SystemRoot%\System32\drivers\ipmidrv.sys
    TypesSupported    REG_DWORD    0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\IPNATHLP
    providerGuid    REG_EXPAND_SZ    {A6F32731-9A38-4159-A220-3D9B7FC5FE5D}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\IPRouterManager
    providerGuid    REG_EXPAND_SZ    {F2C628AE-D26C-4352-9C45-74754E1E2F9F}
    EventMessageFile    REG_EXPAND_SZ    %SystemRoot%\System32\mprmsg.dll
    TypesSupported    REG_DWORD    0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\isapnp
    EventMessageFile    REG_EXPAND_SZ    %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\isapnp.sys
    TypesSupported    REG_DWORD    0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\iScsiPrt
    EventMessageFile    REG_EXPAND_SZ    %SystemRoot%\System32\iscsilog.dll
    TypesSupported    REG_DWORD    0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\kbdclass
    EventMessageFile    REG_EXPAND_SZ    %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\kbdclass.sys
    TypesSupported    REG_DWORD    0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\kbdhid
    EventMessageFile    REG_EXPAND_SZ    %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\kbdhid.sys
    TypesSupported    REG_DWORD    0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\Kerberos
    EventMessageFile    REG_EXPAND_SZ    %SystemRoot%\System32\kerberos.dll
    TypesSupported    REG_DWORD    0x7
    ProviderGuid    REG_EXPAND_SZ    {98E6CFCB-EE0A-41E0-A57B-622D4E1B30B1}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\lltdio
    EventMessageFile    REG_EXPAND_SZ    %SystemRoot%\System32\netevent.dll
    TypesSupported    REG_DWORD    0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\LmHosts
    EventMessageFile    REG_EXPAND_SZ    %SystemRoot%\System32\netevent.dll
    TypesSupported    REG_DWORD    0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\LsaSrv
    ProviderGuid    REG_SZ    {199fe037-2b82-40a9-82ac-e1d46c792b99}
    EventMessageFile    REG_EXPAND_SZ    %windir%\System32\lsasrv.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\LSI_FC
    EventMessageFile    REG_EXPAND_SZ    %SystemRoot%\System32\IoLogMsg.dll
    TypesSupported    REG_DWORD    0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\LSI_SAS
    EventMessageFile    REG_EXPAND_SZ    %SystemRoot%\System32\IoLogMsg.dll
    TypesSupported    REG_DWORD    0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\LSI_SAS2
    EventMessageFile    REG_EXPAND_SZ    %SystemRoot%\System32\IoLogMsg.dll
    TypesSupported    REG_DWORD    0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\LSI_SCSI
    EventMessageFile    REG_EXPAND_SZ    %SystemRoot%\System32\IoLogMsg.dll
    TypesSupported    REG_DWORD    0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\LSM
    EventMessageFile    REG_EXPAND_SZ    %SystemRoot%\system32\lsm.exe
    TypesSupported    REG_DWORD    0x7
    providerGuid    REG_SZ    {5d896912-022d-40aa-a3a8-4fa5515c76d7}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\megasas
    EventMessageFile    REG_EXPAND_SZ    %SystemRoot%\System32\IoLogMsg.dll
    TypesSupported    REG_DWORD    0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\MegaSR
    EventMessageFile    REG_EXPAND_SZ    %SystemRoot%\System32\IoLogMsg.dll
    TypesSupported    REG_DWORD    0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\mfehidk
    EventMessageFile    REG_EXPAND_SZ    C:\Program Files\Common Files\McAfee\SystemCore\mfehidk_messages.dll
    TypesSupported    REG_DWORD    0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\Microsoft Antimalware
    (par d‚faut)    REG_SZ    
    EventMessageFile    REG_SZ    c:\Program Files\Microsoft Security Client\MpEvMsg.dll
    ParameterMessageFile    REG_SZ    c:\Program Files\Microsoft Security Client\MpEvMsg.dll
    TypesSupported    REG_DWORD    0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\Microsoft-Windows-Application-Experience
    ProviderGuid    REG_SZ    {eef54e71-0661-422d-9a98-82fd4940b820}
    EventMessageFile    REG_EXPAND_SZ    %SystemRoot%\system32\aeevts.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\Microsoft-Windows-BitLocker-API
    ProviderGuid    REG_SZ    {5d674230-ca9f-11da-a94d-0800200c9a66}
    EventMessageFile    REG_EXPAND_SZ    %SystemRoot%\system32\fveapi.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\Microsoft-Windows-BitLocker-Driver
    ProviderGuid    REG_SZ    {651df93b-5053-4d1e-94c5-f6e6d25908d0}
    EventMessageFile    REG_EXPAND_SZ    %SystemRoot%\system32\drivers\fvevol.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\Microsoft-Windows-Bits-Client
    ProviderGuid    REG_SZ    {ef1cc15b-46c1-414e-bb95-e76b077bd51e}
    EventMessageFile    REG_EXPAND_SZ    %systemroot%\system32\qmgr.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\Microsoft-Windows-CorruptedFileRecovery-Client
    ProviderGuid    REG_SZ    {ba093605-3909-4345-990b-26b746adee0a}
    EventMessageFile    REG_EXPAND_SZ    %SystemRoot%\system32\cofiredm.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\Microsoft-Windows-CorruptedFileRecovery-Server
    ProviderGuid    REG_SZ    {d6f68875-cdf5-43a5-a3e3-53ffd683311c}
    EventMessageFile    REG_EXPAND_SZ    %SystemRoot%\system32\cofiredm.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\Microsoft-Windows-DfsSvc
    ProviderGuid    REG_SZ    {7da4fe0e-fd42-4708-9aa5-89b77a224885}
    EventMessageFile    REG_EXPAND_SZ    %SystemRoot%\system32\netevent.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\Microsoft-Windows-Dhcp-Client
    ProviderGuid    REG_SZ    {15a7a4f8-0072-4eab-abad-f98a4d666aed}
    EventMessageFile    REG_EXPAND_SZ    %SystemRoot%\system32\dhcpcore.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\Microsoft-Windows-Dhcp-Nap-Enforcement-Client
    ProviderGuid    REG_SZ    {f6da35ce-d312-41c8-9828-5a2e173c91b6}
    EventMessageFile    REG_EXPAND_SZ    %Systemroot%\system32\dhcpqec.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\Microsoft-Windows-DHCPv6-Client
    ProviderGuid    REG_SZ    {6a1f2b00-6a90-4c38-95a5-5cab3b056778}
    EventMessageFile    REG_EXPAND_SZ    %systemroot%\system32\dhcpcore6.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\Microsoft-Windows-Diagnostics-Networking
    ProviderGuid    REG_SZ    {36c23e18-0e66-11d9-bbeb-505054503030}
    EventMessageFile    REG_EXPAND_SZ    %windir%\system32\netdiagfx.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\Microsoft-Windows-Directory-Services-SAM
    ProviderGuid    REG_SZ    {0d4fdc09-8c27-494a-bda0-505e4fd8adae}
    EventMessageFile    REG_EXPAND_SZ    %SystemRoot%\System32\samsrv.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\Microsoft-Windows-DiskDiagnostic
    ProviderGuid    REG_SZ    {e670a5a2-ce74-4ab4-9347-61b815319f4c}
    EventMessageFile    REG_EXPAND_SZ    %windir%\system32\dfdts.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\Microsoft-Windows-DNS-Client
    ProviderGuid    REG_SZ    {1c95126e-7eea-49a9-a3fe-a378b03ddb4d}
    EventMessageFile    REG_EXPAND_SZ    %SystemRoot%\system32\dnsapi.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\Microsoft-Windows-DriverFrameworks-UserMode
    ProviderGuid    REG_SZ    {2e35aaeb-857f-4beb-a418-2e6c0e54d988}
    EventMessageFile    REG_EXPAND_SZ    %SystemRoot%\system32\WUDFPlatform.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\Microsoft-Windows-EnhancedStorage-EhStorCertDrv
    ProviderGuid    REG_SZ    {bd2d1dae-d678-4e10-9667-21cba2aa70c3}
    EventMessageFile    REG_EXPAND_SZ    %SystemRoot%\System32\EhStorAuthn.exe

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\Microsoft-Windows-EventCollector
    ProviderGuid    REG_SZ    {b977cf02-76f6-df84-cc1a-6a4b232322b6}
    EventMessageFile    REG_EXPAND_SZ    %SystemRoot%\system32\wecsvc.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\Microsoft-Windows-Eventlog
    ProviderGuid    REG_SZ    {fc65ddd8-d6ef-4962-83d5-6e5cfe9ce148}
    EventMessageFile    REG_EXPAND_SZ    %SystemRoot%\System32\wevtsvc.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\Microsoft-Windows-Fault-Tolerant-Heap
    ProviderGuid    REG_SZ    {6b93bf66-a922-4c11-a617-cf60d95c133d}
    EventMessageFile    REG_EXPAND_SZ    %SystemRoot%\system32\fthsvc.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\Microsoft-Windows-FilterManager
    ProviderGuid    REG_SZ    {f3c5e28e-63f6-49c7-a204-e48a1bc4b09d}
    EventMessageFile    REG_EXPAND_SZ    %SystemRoot%\system32\drivers\fltmgr.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\Microsoft-Windows-Firewall
    ProviderGuid    REG_SZ    {e595f735-b42a-494b-afcd-b68666945cd3}
    EventMessageFile    REG_EXPAND_SZ    %SystemRoot%\system32\mpssvc.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\Microsoft-Windows-FMS
    ProviderGuid    REG_SZ    {dea07764-0790-44de-b9c4-49677b17174f}
    EventMessageFile    REG_EXPAND_SZ    %SystemRoot%\system32\fms.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\Microsoft-Windows-FunctionDiscoveryHost
    ProviderGuid    REG_SZ    {538cbbad-4877-4eb2-b26e-7caee8f0f8cb}
    EventMessageFile    REG_EXPAND_SZ    %SystemRoot%\system32\fdphost.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\Microsoft-Windows-GroupPolicy
    ProviderGuid    REG_SZ    {aea1b4fa-97d1-45f2-a64c-4d69fffd92c9}
    EventMessageFile    REG_EXPAND_SZ    %systemroot%\system32\gpsvc.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\Microsoft-Windows-HAL
    ProviderGuid    REG_SZ    {63d1e632-95cc-4443-9312-af927761d52a}
    EventMessageFile    REG_EXPAND_SZ    %systemroot%\system32\microsoft-windows-hal-events.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\Microsoft-Windows-HttpEvent
    ProviderGuid    REG_SZ    {7b6bc78c-898b-4170-bbf8-1a469ea43fc5}
    EventMessageFile    REG_EXPAND_SZ    %SystemRoot%\system32\drivers\HTTP.SYS

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\Microsoft-Windows-IPBusEnum
    ProviderGuid    REG_SZ    {cd032e15-15ad-4da4-afc6-03bf83516195}
    EventMessageFile    REG_EXPAND_SZ    %systemroot%\system32\ipbusenum.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\Microsoft-Windows-Iphlpsvc
    ProviderGuid    REG_SZ    {66a5c15c-4f8e-4044-bf6e-71d896038977}
    EventMessageFile    REG_EXPAND_SZ    %windir%\system32\iphlpsvc.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\Microsoft-Windows-Kernel-Boot
    ProviderGuid    REG_SZ    {15ca44ff-4d7a-4baa-bba5-0998955e531e}
    EventMessageFile    REG_EXPAND_SZ    %SystemRoot%\system32\advapi32.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\Microsoft-Windows-Kernel-General
    ProviderGuid    REG_SZ    {a68ca8b7-004f-d7b6-a698-07e2de0f1f5d}
    EventMessageFile    REG_EXPAND_SZ    %SystemRoot%\system32\advapi32.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\Microsoft-Windows-Kernel-PnP
    ProviderGuid    REG_SZ    {9c205a39-1250-487d-abd7-e831c6290539}
    EventMessageFile    REG_EXPAND_SZ    %SystemRoot%\system32\advapi32.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\Microsoft-Windows-Kernel-Power
    ProviderGuid    REG_SZ    {331c3b3a-2005-44c2-ac5e-77220c37d6b4}
    EventMessageFile    REG_EXPAND_SZ    %systemroot%\system32\microsoft-windows-kernel-power-events.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\Microsoft-Windows-Kernel-Processor-Power
    ProviderGuid    REG_SZ    {0f67e49f-fe51-4e9f-b490-6f2948cc6027}
    EventMessageFile    REG_EXPAND_SZ    %systemroot%\system32\microsoft-windows-kernel-processor-power-events.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\Microsoft-Windows-Kernel-Tm
    ProviderGuid    REG_SZ    {4cec9c95-a65f-4591-b5c4-30100e51d870}
    EventMessageFile    REG_EXPAND_SZ    %SystemRoot%\system32\ktmw32.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\Microsoft-Windows-Kernel-WHEA
    ProviderGuid    REG_SZ    {7b563579-53c8-44e7-8236-0f87b9fe6594}
    EventMessageFile    REG_EXPAND_SZ    %SystemRoot%\system32\PSHED.DLL

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\Microsoft-Windows-LanguagePackSetup
    ProviderGuid    REG_SZ    {7237fff9-a08a-4804-9c79-4a8704b70b87}
    EventMessageFile    REG_EXPAND_SZ    %SystemRoot%\system32\lpksetup.exe

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\Microsoft-Windows-MemoryDiagnostics-Results
    ProviderGuid    REG_SZ    {5f92bc59-248f-4111-86a9-e393e12c6139}
    EventMessageFile    REG_EXPAND_SZ    %SystemRoot%\System32\relpost.exe

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\Microsoft-Windows-MemoryDiagnostics-Schedule
    ProviderGuid    REG_SZ    {73e9c9de-a148-41f7-b1db-4da051fdc327}
    EventMessageFile    REG_EXPAND_SZ    %SystemRoot%\System32\mdsched.exe

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\Microsoft-Windows-MountMgr
    ProviderGuid    REG_SZ    {e3bac9f8-27be-4823-8d7f-1cc320c05fa7}
    EventMessageFile    REG_EXPAND_SZ    %SystemRoot%\system32\drivers\mountmgr.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\Microsoft-Windows-Power-Troubleshooter
    ProviderGuid    REG_SZ    {cdc05e28-c449-49c6-b9d2-88cf761644df}
    EventMessageFile    REG_EXPAND_SZ    %systemroot%\system32\pots.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\Microsoft-Windows-RasSstp
    ProviderGuid    REG_SZ    {6c260f2c-049a-43d8-bf4d-d350a4e6611a}
    EventMessageFile    REG_EXPAND_SZ    %SystemRoot%\System32\sstpsvc.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\Microsoft-Windows-Recovery
    ProviderGuid    REG_SZ    {9e95e4d0-4cb4-4b5d-a936-c972d7d08d90}
    EventMessageFile    REG_EXPAND_SZ    %SystemRoot%\system32\recovery.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\Microsoft-Windows-Resource-Exhaustion-Detector
    ProviderGuid    REG_SZ    {9988748e-c2e8-4054-85f6-0c3e1cad2470}
    EventMessageFile    REG_EXPAND_SZ    %SystemRoot%\system32\radardt.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\Microsoft-Windows-ResourcePublication
    ProviderGuid    REG_SZ    {74c2135f-cc76-45c3-879a-ef3bb1eeaf86}
    EventMessageFile    REG_EXPAND_SZ    %SystemRoot%\system32\fdrespub.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\Microsoft-Windows-SCPNP
    ProviderGuid    REG_SZ    {9f650c63-9409-453c-a652-83d7185a2e83}
    EventMessageFile    REG_EXPAND_SZ    %SystemRoot%\system32\certprop.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\Microsoft-Windows-Service Pack Installer
    ProviderGuid    REG_SZ    {62ef8b9f-ee45-4aba-a9b9-b70e878bf30a}
    EventMessageFile    REG_EXPAND_SZ    %systemroot%\system32\EventProviders\spcmsg.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\Microsoft-Windows-Servicing
    EventMessageFile    REG_EXPAND_SZ    %SystemRoot%\servicing\cbsmsg.dll
    TypesSupported    REG_DWORD    0x7
    ProviderGuid    REG_EXPAND_SZ    {bd12f3b8-fc40-4a61-a307-b7a013a069c1}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\Microsoft-Windows-Setup
    ProviderGuid    REG_SZ    {75ebc33e-997f-49cf-b49f-ecc50184b75d}
    EventMessageFile    REG_EXPAND_SZ    %SystemRoot%\system32\oobe\winsetup.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\Microsoft-Windows-Spell-Checking
    ProviderGuid    REG_SZ    {d0e22efc-ac66-4b25-a72d-382736b5e940}
    EventMessageFile    REG_EXPAND_SZ    %systemroot%\System32\MsSpellCheckingFacility.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\Microsoft-Windows-SpellChecker
    ProviderGuid    REG_SZ    {b2fcd41f-9a40-4150-8c92-b224b7d8c8aa}
    EventMessageFile    REG_EXPAND_SZ    %systemroot%\System32\MsSpellCheckingFacility.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\Microsoft-Windows-StartupRepair
    ProviderGuid    REG_SZ    {c914f0df-835a-4a22-8c70-732c9a80c634}
    EventMessageFile    REG_EXPAND_SZ    %SystemRoot%\System32\reagent.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\Microsoft-Windows-Subsys-SMSS
    ProviderGuid    REG_SZ    {43e63da5-41d1-4fbf-aded-1bbed98fdd1d}
    EventMessageFile    REG_EXPAND_SZ    %windir%\system32\csrsrv.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\Microsoft-Windows-TaskScheduler
    ProviderGuid    REG_SZ    {de7b24ea-73c8-4a09-985d-5bdadcfa9017}
    EventMessageFile    REG_EXPAND_SZ    %SystemRoot%\system32\schedsvc.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\Microsoft-Windows-TerminalServices-LocalSessionManager
    ProviderGuid    REG_SZ    {5d896912-022d-40aa-a3a8-4fa5515c76d7}
    EventMessageFile    REG_EXPAND_SZ    %SystemRoot%\system32\lsm.exe

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\Microsoft-Windows-TerminalServices-RemoteConnectionManager
    ProviderGuid    REG_SZ    {c76baa63-ae81-421c-b425-340b4b24157f}
    EventMessageFile    REG_EXPAND_SZ    %SystemRoot%\system32\termsrv.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\Microsoft-Windows-Time-Service
    ProviderGuid    REG_SZ    {06edcfeb-0fd0-4e53-acca-a6f8bbf81bcb}
    EventMessageFile    REG_EXPAND_SZ    %SystemRoot%\system32\w32time.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\Microsoft-Windows-TPM-WMI
    ProviderGuid    REG_SZ    {7d5387b0-cbe0-11da-a94d-0800200c9a66}
    EventMessageFile    REG_EXPAND_SZ    %SystemRoot%\system32\wbem\Win32_Tpm.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\Microsoft-Windows-UserPnp
    ProviderGuid    REG_SZ    {96f4a050-7e31-453c-88be-9634f4e02139}
    EventMessageFile    REG_EXPAND_SZ    %SystemRoot%\system32\umpnpmgr.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\Microsoft-Windows-WHEA-Logger
    ProviderGuid    REG_SZ    {c26c4f3c-3f66-4e99-8f8a-39405cfed220}
    EventMessageFile    REG_EXPAND_SZ    %systemroot%\system32\whealogr.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\Microsoft-Windows-WindowsUpdateClient
    ProviderGuid    REG_SZ    {945a8954-c147-4acd-923f-40c45405a658}
    EventMessageFile    REG_EXPAND_SZ    %systemroot%\system32\wuaueng.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\Microsoft-Windows-Wininit
    ProviderGuid    REG_SZ    {206f6dea-d3c5-4d10-bc72-989f03c8b84b}
    EventMessageFile    REG_EXPAND_SZ    %SystemRoot%\system32\wininit.exe

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\Microsoft-Windows-Winlogon
    ProviderGuid    REG_SZ    {dbe9b383-7cf3-4331-91cc-a3cb16a3b538}
    EventMessageFile    REG_EXPAND_SZ    %SystemRoot%\system32\winlogon.exe

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\Microsoft-Windows-WLAN-AutoConfig
    ProviderGuid    REG_SZ    {9580d7dd-0379-4658-9870-d5be7d52d6de}
    EventMessageFile    REG_EXPAND_SZ    %windir%\system32\wlansvc.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\mouclass
    EventMessageFile    REG_EXPAND_SZ    %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\mouclass.sys
    TypesSupported    REG_DWORD    0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\mouhid
    EventMessageFile    REG_EXPAND_SZ    %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\mouhid.sys
    TypesSupported    REG_DWORD    0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\mpio
    EventMessageFile    REG_EXPAND_SZ    %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\mpio.sys
    TypesSupported    REG_DWORD    0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\mrxsmb
    EventMessageFile    REG_EXPAND_SZ    %systemroot%\system32\netevent.dll;%systemroot%\system32\iologmsg.dll
    TypesSupported    REG_DWORD    0x7
    ParameterMessageFile    REG_EXPAND_SZ    %SystemRoot%\System32\kernel32.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\MSDTC Gateway
    EventMessageFile    REG_SZ    C:\Windows\Microsoft.NET\Framework64\v2.0.50727\EventLogMessages.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\MSDTC WS-AT Protocol
    EventMessageFile    REG_SZ    C:\Windows\Microsoft.NET\Framework64\v2.0.50727\EventLogMessages.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\MSiSCSI
    EventMessageFile    REG_EXPAND_SZ    %systemroot%\System32\iscsiexe.dll
    TypesSupported    REG_DWORD    0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\MTConfig
    EventMessageFile    REG_EXPAND_SZ    %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\MTConfig.sys
    TypesSupported    REG_DWORD    0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\Mup
    EventMessageFile    REG_EXPAND_SZ    C:\Windows\system32\netevent.dll;C:\Windows\system32\iologmsg.dll
    TypesSupported    REG_DWORD    0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\NAPIPSecEnf
    providerGuid    REG_EXPAND_SZ    {8115579E-2BEA-4C9E-9AB1-821CC2C98AB0}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\NdisWan
    EventMessageFile    REG_EXPAND_SZ    %SystemRoot%\System32\mprmsg.dll
    TypesSupported    REG_DWORD    0x1f

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\NetBIOS
    EventMessageFile    REG_EXPAND_SZ    %SystemRoot%\System32\iologmsg.dll
    TypesSupported    REG_DWORD    0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\NetBT
    EventMessageFile    REG_EXPAND_SZ    %SystemRoot%\System32\netevent.dll
    TypesSupported    REG_DWORD    0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\Netlogon
    EventMessageFile    REG_EXPAND_SZ    %SystemRoot%\System32\netmsg.dll
    ParameterMessageFile    REG_EXPAND_SZ    %SystemRoot%\System32\kernel32.dll
    TypesSupported    REG_DWORD    0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\nfrd960
    EventMessageFile    REG_EXPAND_SZ    %SystemRoot%\System32\IoLogMsg.dll
    TypesSupported    REG_DWORD    0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\Ntfs
    EventMessageFile    REG_EXPAND_SZ    %SystemRoot%\system32\drivers\ntfs.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\nvraid

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\nvstor
    EventMessageFile    REG_EXPAND_SZ    %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\nvstor.sys
    TypesSupported    REG_DWORD    0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\P2PIMSvc
    ProviderGuid    REG_EXPAND_SZ    {2992E9CF-4F99-48f5-A0B6-B99B11CD387D}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\Parport
    EventMessageFile    REG_EXPAND_SZ    %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\parport.sys
    TypesSupported    REG_DWORD    0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\partmgr
    EventMessageFile    REG_EXPAND_SZ    %SystemRoot%\System32\IoLogMsg.dll
    TypesSupported    REG_DWORD    0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\pcmcia
    EventMessageFile    REG_EXPAND_SZ    %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\Drivers\Pcmcia.sys
    TypesSupported    REG_DWORD    0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\PlugPlayManager
    EventMessageFile    REG_EXPAND_SZ    %SystemRoot%\System32\umpnpmgr.dll
    TypesSupported    REG_DWORD    0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\PNRPSvc
    ProviderGuid    REG_EXPAND_SZ    {BBE94F36-F8DC-4C33-8227-81602B7A3D53}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\Power
    EventMessageFile    REG_EXPAND_SZ    %SystemRoot%\System32\umpo.dll
    TypesSupported    REG_DWORD    0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\PptpMiniport
    EventMessageFile    REG_EXPAND_SZ    %SystemRoot%\System32\netevent.dll
    TypesSupported    REG_DWORD    0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\Print
    EventMessageFile    REG_EXPAND_SZ    %SystemRoot%\System32\ntprint.dll
    TypesSupported    REG_DWORD    0x7
    providerGuid    REG_SZ    {747EF6FD-E535-4d16-B510-42C90F6873A1}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\PrintFilterPipelineSvc
    ProviderGuid    REG_EXPAND_SZ    {5B33145C-1C66-49F3-B4CA-F563C165F2C0}
    TypesSupported    REG_DWORD    0x1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\Processor
    EventMessageFile    REG_EXPAND_SZ    %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\processr.sys
    TypesSupported    REG_DWORD    0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\PSMounterEx
    EventMessageFile    REG_EXPAND_SZ    %SYSTEMROOT%\System32\drivers\psmounterex.sys
    TypesSupported    REG_DWORD    0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\ql2300
    EventMessageFile    REG_EXPAND_SZ    %SystemRoot%\System32\IoLogMsg.dll
    TypesSupported    REG_DWORD    0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\ql40xx
    EventMessageFile    REG_EXPAND_SZ    %SystemRoot%\System32\IoLogMsg.dll
    TypesSupported    REG_DWORD    0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\RasAuto
    EventMessageFile    REG_EXPAND_SZ    %SystemRoot%\System32\mprmsg.dll
    TypesSupported    REG_DWORD    0x1f

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\Rasman
    EventMessageFile    REG_EXPAND_SZ    %SystemRoot%\System32\mprmsg.dll
    TypesSupported    REG_DWORD    0x1f

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\RasSstp
    TypesSupported    REG_DWORD    0x1c
    EventMessageFile    REG_EXPAND_SZ    %systemroot%\system32\sstpsvc.dll
    ProviderGuid    REG_SZ    {6c260f2c-049a-43d8-bf4d-d350a4e6611a}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\rdbss
    EventMessageFile    REG_EXPAND_SZ    C:\Windows\system32\netevent.dll
    TypesSupported    REG_DWORD    0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\RemoteAccess
    EventMessageFile    REG_EXPAND_SZ    %SystemRoot%\System32\mprmsg.dll
    ParameterMessageFile    REG_EXPAND_SZ    %SystemRoot%\System32\iassvcs.dll
    TypesSupported    REG_DWORD    0x1f

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\rspndr
    EventMessageFile    REG_EXPAND_SZ    %SystemRoot%\System32\netevent.dll
    TypesSupported    REG_DWORD    0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\RTL8167
    EventMessageFile    REG_EXPAND_SZ    %SystemRoot%\System32\netevent.dll;%SystemRoot%\System32\drivers\Rt64win7.sys
    TypesSupported    REG_DWORD    0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\SAM
    EventMessageFile    REG_EXPAND_SZ    %SystemRoot%\System32\samsrv.dll
    TypesSupported    REG_DWORD    0x7
    providerGuid    REG_SZ    {0D4FDC09-8C27-494A-BDA0-505E4FD8ADAE}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\sbp2port
    EventMessageFile    REG_EXPAND_SZ    %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\sbp2port.sys
    TypesSupported    REG_DWORD    0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\SCardSvr
    providerGuid    REG_EXPAND_SZ    {4FCBF664-A33A-4652-B436-9D558983D955}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\Schannel
    ProviderGuid    REG_SZ    {1f678132-5938-4686-9fdc-c8ff68f15c85}
    EventMessageFile    REG_EXPAND_SZ    %windir%\System32\lsasrv.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\Serial
    EventMessageFile    REG_EXPAND_SZ    %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\serial.sys
    TypesSupported    REG_DWORD    0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\sermouse
    EventMessageFile    REG_EXPAND_SZ    %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\sermouse.sys
    TypesSupported    REG_DWORD    0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\Server
    TypesSupported    REG_DWORD    0x7
    EventMessageFile    REG_EXPAND_SZ    %SystemRoot%\System32\netevent.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\Service Control Manager
    ProviderGuid    REG_SZ    {555908d1-a6d7-4695-8e1e-26931d2012f4}
    EventMessageFile    REG_EXPAND_SZ    %SystemRoot%\system32\services.exe

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\SFEP

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\SiSRaid2
    EventMessageFile    REG_EXPAND_SZ    %SystemRoot%\System32\IoLogMsg.dll
    TypesSupported    REG_DWORD    0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\SiSRaid4
    EventMessageFile    REG_EXPAND_SZ    %SystemRoot%\System32\IoLogMsg.dll
    TypesSupported    REG_DWORD    0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\Smb
    EventMessageFile    REG_EXPAND_SZ    %SystemRoot%\System32\netevent.dll
    TypesSupported    REG_DWORD    0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\SMSvcHost 3.0.0.0
    CategoryCount    REG_DWORD    0xe
    CategoryMessageFile    REG_SZ    C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\ServiceModelEvents.dll
    EventMessageFile    REG_SZ    C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\ServiceModelEvents.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\SMSvcHost 4.0.0.0
    CategoryCount    REG_DWORD    0xf
    CategoryMessageFile    REG_SZ    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ServiceModelEvents.dll
    EventMessageFile    REG_SZ    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ServiceModelEvents.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\SNMPTRAP
    EventMessageFile    REG_EXPAND_SZ    %SystemRoot%\System32\snmptrap.exe
    TypesSupported    REG_DWORD    0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\Srv
    TypesSupported    REG_DWORD    0x7
    EventMessageFile    REG_EXPAND_SZ    %SystemRoot%\System32\netevent.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\stexstor
    EventMessageFile    REG_EXPAND_SZ    %SystemRoot%\System32\IoLogMsg.dll
    TypesSupported    REG_DWORD    0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\StillImage
    TypesSupported    REG_DWORD    0x7
    EventMessageFile    REG_EXPAND_SZ    %SystemRoot%\System32\wiaservc.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\System
    CategoryCount    REG_DWORD    0x7
    CategoryMessageFile    REG_EXPAND_SZ    %SystemRoot%\system32\wevtapi.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\Tcpip
    EventMessageFile    REG_EXPAND_SZ    %SystemRoot%\System32\netevent.dll
    TypesSupported    REG_DWORD    0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\Tcpip6
    EventMessageFile    REG_EXPAND_SZ    %SystemRoot%\System32\netevent.dll
    TypesSupported    REG_DWORD    0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\TCPMon
    TypesSupported    REG_DWORD    0x7
    EventMessageFile    REG_EXPAND_SZ    %SystemRoot%\System32\tcpmon.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\TermDD
    TypesSupported    REG_DWORD    0x7
    EventMessageFile    REG_EXPAND_SZ    %SystemRoot%\system32\ntdll.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\TermService
    EventMessageFile    REG_EXPAND_SZ    %SystemRoot%\system32\termsrv.dll
    TypesSupported    REG_DWORD    0x7
    providerGuid    REG_SZ    {C76BAA63-AE81-421C-B425-340B4B24157F}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\TsUsbFlt
    ProviderGuid    REG_EXPAND_SZ    {6e400999-5b82-475f-b800-cef6fe361539}
    EventMessageFile    REG_EXPAND_SZ    %SystemRoot%\System32\drivers\tsusbflt.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\tunnel
    EventMessageFile    REG_EXPAND_SZ    %SystemRoot%\System32\netevent.dll
    TypesSupported    REG_DWORD    0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\usbehci
    EventMessageFile    REG_EXPAND_SZ    %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\Drivers\usbehci.sys
    TypesSupported    REG_DWORD    0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\USER32
    EventMessageFile    REG_EXPAND_SZ    %SystemRoot%\System32\user32.dll
    TypesSupported    REG_DWORD    0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\VDS Basic Provider
    EventMessageFile    REG_EXPAND_SZ    %SystemRoot%\System32\vdsbas.dll
    TypesSupported    REG_DWORD    0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\VDS Dynamic Provider
    EventMessageFile    REG_EXPAND_SZ    %SystemRoot%\System32\vdsdyn.dll
    TypesSupported    REG_DWORD    0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\VDS Virtual Disk Provider
    EventMessageFile    REG_EXPAND_SZ    %SystemRoot%\System32\vdsvd.dll
    TypesSupported    REG_DWORD    0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\vga
    EventMessageFile    REG_EXPAND_SZ    %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\vgapnp.sys
    TypesSupported    REG_DWORD    0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\Virtual Disk Service
    EventMessageFile    REG_EXPAND_SZ    %SystemRoot%\System32\vds.exe
    TypesSupported    REG_DWORD    0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\volmgr
    EventMessageFile    REG_EXPAND_SZ    %SystemRoot%\System32\IoLogMsg.dll
    TypesSupported    REG_DWORD    0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\Volsnap
    EventMessageFile    REG_EXPAND_SZ    %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\Drivers\VolSnap.sys
    TypesSupported    REG_DWORD    0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\vsmraid
    EventMessageFile    REG_EXPAND_SZ    %SystemRoot%\System32\IoLogMsg.dll
    TypesSupported    REG_DWORD    0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\vwifimp
    EventMessageFile    REG_EXPAND_SZ    %SystemRoot%\System32\netevent.dll
    TypesSupported    REG_DWORD    0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\W32Time
    EventMessageFile    REG_EXPAND_SZ    %Systemroot%\system32\w32time.dll
    TypesSupported    REG_DWORD    0x7
    ProviderGuid    REG_SZ    {06EDCFEB-0FD0-4E53-ACCA-A6F8BBF81BCB}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\WacomPen
    EventMessageFile    REG_EXPAND_SZ    %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\wacompen.sys
    TypesSupported    REG_DWORD    0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\Wd
    EventMessageFile    REG_EXPAND_SZ    %SystemRoot%\System32\drivers\wd.sys
    TypesSupported    REG_DWORD    0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\wdf01000
    EventMessageFile    REG_SZ    C:\Windows\System32\drivers\Wdf01000.sys
    TypesSupported    REG_DWORD    0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\wecsvc
    EventMessageFile    REG_EXPAND_SZ    %SystemRoot%\System32\wecsvc.dll
    TypesSupported    REG_DWORD    0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\Win32k
    EventMessageFile    REG_EXPAND_SZ    %SystemRoot%\System32\win32k.sys
    TypesSupported    REG_DWORD    0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\WinDefend
    ProviderGuid    REG_SZ    {11CD958A-C507-4EF3-B3F2-5FD9DFBD2C78}
    TypesSupported    REG_DWORD    0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\Windows Disk Diagnostic
    TypesSupported    REG_DWORD    0x7
    EventMessageFile    REG_EXPAND_SZ    %SystemRoot%\System32\DFDTS.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\Windows Script Host
    EventMessageFile    REG_EXPAND_SZ    %SystemRoot%\System32\wshext.dll
    TypesSupported    REG_DWORD    0x18

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\WinHttpAutoProxySvc
    EventMessageFile    REG_EXPAND_SZ    winhttp.dll
    ProviderGuid    REG_SZ    {7D44233D-3055-4B9C-BA64-0D47CA40A232}
    TypesSupported    REG_DWORD    0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\WinRM
    ProviderGuid    REG_EXPAND_SZ    {A7975C8F-AC13-49F1-87DA-5A984A4AB417}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\WMIxWDM
    EventMessageFile    REG_EXPAND_SZ    %SystemRoot%\System32\IoLogMsg.dll
    TypesSupported    REG_DWORD    0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\WMPNetworkSvc
    ProviderGuid    REG_SZ    {6A2DC7C1-930A-4FB5-BB44-80B30AEBED6C}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\Workstation
    EventMessageFile    REG_EXPAND_SZ    C:\Windows\system32\netmsg.dll
    TypesSupported    REG_DWORD    0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\WPC
    TypesSupported    REG_DWORD    0x7
    EventMessageFile    REG_EXPAND_SZ    %SystemRoot%\System32\wpcsvc.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\WPDClassInstaller
    ProviderGuid    REG_SZ    {AD5162D8-DAF0-4A25-88A7-01CBEB33902E}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Windows PowerShell
    AutoBackupLogFiles    REG_DWORD    0x0
    MaxSize    REG_DWORD    0xf00000
    Sources    REG_MULTI_SZ    PowerShell
    Retention    REG_DWORD    0x0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Windows PowerShell\PowerShell
    CategoryCount    REG_DWORD    0x8
    CategoryMessageFile    REG_EXPAND_SZ    %SystemRoot%\system32\WindowsPowerShell\v1.0\pwrshmsg.dll
    EventMessageFile    REG_EXPAND_SZ    %SystemRoot%\system32\WindowsPowerShell\v1.0\pwrshmsg.dll

Sysnative Windows Update · Jul 1, 2018

Thank you, I'll review and get back to you later tonight!

Malbec · Jul 1, 2018

OK, and thanks for helping me even on Sunday!

Sysnative Windows Update · Jul 1, 2018

More info please:

Step#1 - Export WINEVT Key

Click on the Start button type regedit
When you see regedit on the list, right-click on it and select Run as administrator
When regedit opens, using the left pane, navigate to the following registry key and select it by clicking on it once.

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\WINEVT
Once selected, click File > Export....
Change the Save as type: to Registry Hive Files (*.*)
Name this file WINEVT (with no file extension) and save it to your Desktop.

Malbec · Jul 2, 2018

here is the WINEVT: View attachment WINEVT.zip

Sysnative Windows Update · Jul 2, 2018

SFCFix Script

Warning: this fix is specific to the user in this thread. No one else should follow these instructions as it may cause more harm than good. If you are after assistance, please start a thread of your own.

Download SFCFix.exe (by niemiro) and save this to your Desktop.
Download the attached file, SFCFixScript.txt, and save this to your Desktop. Ensure that this file is named SFCFixScript.txt - do not rename it.
Save any open documents and close all open windows.
On your Desktop, you should see two files: SFCFix.exe and SFCFixScript.txt.
Drag the file SFCFixScript.txt onto the file SFCFix.exe and release it.
SFCFix will now process the script.
Upon completion, a log should be created on your Desktop: SFCFix.txt.
Copy (Ctrl+C) and Paste (Ctrl+V) the contents of this into your next post for me to analyse please - put [CODE][/CODE] tags around the log to break up the text.

Malbec · Jul 2, 2018

Still giving error 80073AA2.
here is the CBSlog: Partage de gros fichier - Page de téléchargement
and here is the SFCFix:

Code:

SFCFix version 3.0.0.0 by niemiro.
Start time: 2018-07-02 22:17:42.076
Microsoft Windows 7 Service Pack 1 - amd64
Using .txt script file at C:\Users\Bruno\Desktop\SFCFixScript.txt [0]




RegistryScript::
Successfully took ownership and permissions for registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-PerfTrack-MSHTML\Diagnostic.

Successfully deleted registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-PerfTrack-MSHTML\Diagnostic.

Failed to open registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-PerfTrack-MSHTML\Diagnostic with error code ERROR_FILE_NOT_FOUND.
RegistryScript:: directive failed to complete successfully.




RegistryScript::
Successfully took ownership and permissions for registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels.

Successfully imported registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Diagnostics-PerfTrack\Diagnostic.

Successfully restored ownership and permissions for registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Diagnostics-PerfTrack\Diagnostic.
Successfully restored ownership and permissions for registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Diagnostics-PerfTrack.
Successfully restored ownership and permissions for registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels.
RegistryScript:: directive completed successfully.




Failed to process all directives successfully.
SFCFix version 3.0.0.0 by niemiro has completed.
Currently storing 20 datablocks.
Finish time: 2018-07-02 22:17:42.669
Script hash: kayZceEGmgj30dQAcuUVfH6yhOnN1+XEiYwOz2wdSk4=
----------------------EOF-----------------------

Sysnative Windows Update · Jul 2, 2018

Did you reboot after the fix?

Malbec · Jul 3, 2018

softwaremaniac said:
Did you
reboot after the fix?

Not the first time, but I just did it now, tried to update and it failed
again at 96%...

Sysnative Windows Update · Jul 3, 2018

I need CBS.log. We are definitely very close, but something is giving us grief.

Malbec · Jul 3, 2018

softwaremaniac said:
I need CBS.log.

Here it is: Partage de gros fichier - Page de téléchargement

softwaremaniac said:
We are definitely very close, but something is giving us grief.

Yes, indeed! I DO appreciate your help!

Sysnative Windows Update · Jul 3, 2018

Can you do the following again, please? KB4103718 broken (Win 7)

Malbec · Jul 3, 2018

Here is the WINEVT: Partage de gros fichier - Page de téléchargement

Sysnative Windows Update · Jul 3, 2018

Can you try temporarily removing (uninstalling) your Antivirus software and then trying the update?

Malbec · Jul 3, 2018

OK, I did it, but it didn't help... At the beginning, I already suspected antivirus being related to the problem, that's why I uninstalled Avast and replaced it by Win essentials. I removed this one just now and rebooted, thus causing the installation of the cursed update, which failed as usual...
Here is the new CBS.log: Partage de gros fichier - Page de téléchargement

Sysnative Windows Update · Jul 3, 2018

Step#1 - Capture Process Monitor Trace
1. Download and run Process Monitor. Leave this running while you perform the next steps.
2. Try installing the update just like you have in the past.
3. Stop Process Monitor as soon as it fails. You can simply do this by clicking the magnifying glass on the toolbar as shown below.

11908d1430506241-windows-updates-fail-repeatedly-stop-jpg

4. Select the File menu...Save... and save the file to your desktop. This is likely the default location. The name (unless changed) will be LogFile.PML. This is fine.
5. Zip up and attach the LogFile.PML file as well as your CBS.log

Malbec · Jul 4, 2018

As it is a two-step update, with a reboot in the middle, I'm afraid Process Monitor won't be able to capture anything useful...
We already had this discussion on the 06-29-2018, 06:06 PM

Sysnative Windows Update · Jul 4, 2018

This should make ProcMon useful :)

1. Download this file: http://live.sysinternals.com/procmon.exe
2. Run ProcMon.exe
3. Go to the Options menu, and click Enable Boot Logging and then close Procmon.
4. Create a folder on your Desktop in which you'll save the logs.
5. Try installing the update as you usually would.
6. Reboot your computer when requested.
7. Relaunch ProcMon. A dialogue box will appear asking if you wish to save the collected data. Please click Yes.
8. Save the file in the default format (.PML)
9. Save the file in a folder on your Desktop that you have created in Step 4.
10. Close ProcMon.
11. Zip up the entire folder containing ProcMon logs and upload to a filesharing service for me to review along with your CBS.log.

[SOLVED] KB4103718 broken (Win 7)

Active member

Inactive

Active member

Inactive

Active member

Inactive

Active member

Inactive

Attachments

Active member

Inactive

Active member

Inactive

Active member

Inactive

Active member

Inactive

Active member

Inactive

Active member

Inactive