[SOLVED] Win 7-64 Always Reverts and Backs Out After Quarterly Update Attempt.

raaone · Apr 12, 2018

I did but, got the same result - "Reverting Changes.

raaone · Apr 12, 2018

I did but, got the same result - "Reverting Changes."

Sysnative Windows Update · Apr 12, 2018

Please do the following.

Step#1 - FRST Scan
1. Please download Farbar Recovery Scan Tool and save it to your Desktop.
Note: You need to run the 64-bit Version so please ensure you download that one.
2. Right click to run as administrator. When the tool opens click Yes to disclaimer.
3. Please ensure you place a check mark in the Addition.txt check box at the bottom of the form before running (if not already).
4. Press Scan button.
5. It will produce a log called FRST.txt in the same directory the tool is run from (which should now be the desktop)
6. Please copy and paste log back here.
7. Another log (Addition.txt - also located in the same directory as FRST64.exe) will be generated Please also paste that along with the FRST.txt into your reply.

raaone · Apr 12, 2018

Taking a quick dinner break. I'll be back with the above done shortly after 7:30.
Thank you again so much.

Sysnative Windows Update · Apr 12, 2018

Enjoy your meal! I'll be with you tomorrow as it's very late here. Good night.

raaone · Apr 12, 2018

Goodnight and thank you again.

Here are those two files:
Dropbox - FRST.txt
Dropbox - Addition.txt

Sysnative Windows Update · Apr 12, 2018

Please uninstall the following:

Avast Cleanup Premium
Avast Driver Updater
AVG PC TuneUp 2014
Dll-Files.com Fixer

Afterwards, boot to Clean Boot mode and try updating again.

https://support.microsoft.com/en-us/help/929135/how-to-perform-a-clean-boot-in-windows

raaone · Apr 13, 2018

Good morning. I uninstalled Avast Cleanup Premium and Avast Driver Updater.
I could not find either AVG PC TuneUp 2014 or Dll-Files.com Fixer in Programs and Features.
I then performed a Clean Boot but, the updates still failed.

Sysnative Windows Update · Apr 13, 2018

Hello :)

I have done some research and I believe I know what the issue is, please do the following so I can confirm my suspicions:

FRST Fix
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
1. Download attached file and save it to the Desktop.
Note. It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work (in this case...the desktop).
2. Run FRST64 by Right-Clicking on the file and choosing Run as administrator.
3. Press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
4. When finished FRST64 will generate a log on the Desktop (Fixlog.txt). Please post the contents of it in your reply.

raaone · Apr 13, 2018

The run was very short. Here are the results:

Fix result of Farbar Recovery Scan Tool (x64) Version: 14.03.2018
Ran by ROBERT (13-04-2018 08:15:12) Run:2
Running from C:\Users\ROBERT\Desktop\Update Fix\New folder (2)
Loaded Profiles: ROBERT (Available Profiles: ROBERT & RCS & Sysnative & Administrator & Classic .NET AppPool & DefaultAppPool)
Boot Mode: Normal
==============================================

fixlist content:
*****************
cmd: reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog" /s
*****************

========= reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog" /s =========

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog
ServiceDll REG_EXPAND_SZ %SystemRoot%\System32\wevtsvc.dll
ServiceMain REG_SZ ServiceMain
PlugPlayServiceType REG_DWORD 0x3
ServiceDllUnloadOnStop REG_DWORD 0x1
DisplayName REG_SZ @%SystemRoot%\system32\wevtsvc.dll,-200
Group REG_SZ Event Log
ImagePath REG_EXPAND_SZ %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted
Description REG_SZ @%SystemRoot%\system32\wevtsvc.dll,-201
ObjectName REG_SZ NT AUTHORITY\LocalService
ErrorControl REG_DWORD 0x1
Start REG_DWORD 0x2
Type REG_DWORD 0x20
ServiceSidType REG_DWORD 0x1
RequiredPrivileges REG_MULTI_SZ SeChangeNotifyPrivilege\0SeImpersonatePrivilege
FailureActionsOnNonCrashFailures REG_DWORD 0x1
FailureActions REG_BINARY 80510100000000000000000003000000140000000100000060EA000001000000C0D401000000000000000000

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application
DisplayNameFile REG_EXPAND_SZ %SystemRoot%\system32\wevtapi.dll
DisplayNameID REG_DWORD 0x100
PrimaryModule REG_SZ Application
File REG_EXPAND_SZ %SystemRoot%\system32\winevt\Logs\Application.evtx
MaxSize REG_DWORD 0x1400000
Retention REG_DWORD 0x0
RestrictGuestAccess REG_DWORD 0x1
AutoBackupLogFiles REG_DWORD 0x0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\.NET Runtime
TypesSupported REG_DWORD 0x7
EventMessageFile REG_SZ C:\Windows\system32\mscoree.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\.NET Runtime Optimization Service
TypesSupported REG_DWORD 0x7
EventMessageFile REG_SZ C:\Windows\system32\mscoree.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\Application
CategoryCount REG_DWORD 0x7
CategoryMessageFile REG_EXPAND_SZ %SystemRoot%\system32\wevtapi.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\Application Error
EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\wer.dll
TypesSupported REG_DWORD 0x7
CategoryMessageFile REG_EXPAND_SZ %SystemRoot%\System32\wer.dll
CategoryCount REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\Application Hang
EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\wersvc.dll
TypesSupported REG_DWORD 0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\Application Management
ParameterMessageFile REG_EXPAND_SZ %SystemRoot%\System32\kernel32.dll
TypesSupported REG_DWORD 0x7
EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\appmgmts.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\Application-Addon-Event-Provider
ProviderGuid REG_SZ {a83fa99f-c356-4ded-9fd6-5a5eb8546d68}
EventMessageFile REG_EXPAND_SZ %SystemRoot%\system32\ieframe.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\ASP.NET 2.0.50727.0
TypesSupported REG_DWORD 0x7
EventMessageFile REG_EXPAND_SZ C:\Windows\Microsoft.NET\Framework64\v2.0.50727\aspnet_rc.dll
CategoryCount REG_DWORD 0x5
CategoryMessageFile REG_EXPAND_SZ C:\Windows\Microsoft.NET\Framework64\v2.0.50727\aspnet_rc.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\ASP.NET 4.0.30319.0
TypesSupported REG_DWORD 0x7
EventMessageFile REG_EXPAND_SZ C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_rc.dll
CategoryCount REG_DWORD 0x5
CategoryMessageFile REG_EXPAND_SZ C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_rc.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\Autodesk Content Service
EventMessageFile REG_EXPAND_SZ C:\Windows\Microsoft.NET\Framework\v4.0.30319\EventLogMessages.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\AutoEnrollment
ProviderGuid REG_EXPAND_SZ {F0DB7EF8-B6F3-4005-9937-FEB77B9E1B43}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\Business Connectivity Services(Legacy Provider)
EventMessageFile REG_SZ %windir%\Microsoft.NET\Framework\v2.0.50727\EventLogMessages.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\CardSpace 3.0.0.0
CategoryCount REG_DWORD 0x1
CategoryMessageFile REG_SZ C:\Windows\System32\icardres.dll
EventMessageFile REG_SZ C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\ServiceModelEvents.dll;C:\Windows\System32\icardres.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\CardSpace 4.0.0.0
CategoryCount REG_DWORD 0x1
CategoryMessageFile REG_SZ C:\Windows\system32\icardres.dll
EventMessageFile REG_SZ C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ServiceModelEvents.dll;C:\Windows\system32\icardres.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\CertCli
ProviderGuid REG_EXPAND_SZ {98BF1CD3-583E-4926-95EE-A61BF3F46470}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\CertEnroll
ProviderGuid REG_EXPAND_SZ {54164045-7C50-4905-963F-E5BC1EEF0CCA}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\Chkdsk
TypesSupported REG_DWORD 0x7
EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\ulib.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\COM
providerGuid REG_EXPAND_SZ {bf406804-6afa-46e7-8a48-6c357e1d6d61}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\COM+
providerGuid REG_EXPAND_SZ {0f177893-4a9c-4709-b921-f432d67f43d5}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\Crystal Reports
EventMessageFile REG_SZ

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\Crystal Reports for .NET
EventMessageFile REG_SZ

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\Customer Experience Improvement Program
providerGuid REG_EXPAND_SZ {A402FE09-DA6E-45F2-82AF-3CB37170EE0C}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\DbxSvc
EventMessageFile REG_EXPAND_SZ %SystemRoot%\system32\DbxSvc.exe
TypesSupported REG_DWORD 0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\Desktop Window Manager
EventMessageFile REG_EXPAND_SZ %SystemRoot%\system32\dwm.exe
TypesSupported REG_DWORD 0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\DiskQuota
EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\dskquota.dll
TypesSupported REG_SZ 0x00000007

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\DPE
EventMessageFile REG_SZ C:\Program Files (x86)\HP\Digital Imaging\DocProc\XEventMessage.dll
TypesSupported REG_DWORD 0x1f

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\Driver Detective
EventMessageFile REG_EXPAND_SZ C:\Windows\Microsoft.NET\Framework64\v2.0.50727\EventLogMessages.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\Dvd Maker
TypesSupported REG_DWORD 0x7
EventMessageFile REG_EXPAND_SZ %ProgramFiles%\DVD Maker\DVDMaker.exe

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\ESENT
EventMessageFile REG_EXPAND_SZ %systemroot%\system32\esent.dll
CategoryMessageFile REG_EXPAND_SZ %systemroot%\system32\esent.dll
CategoryCount REG_DWORD 0x10
TypesSupported REG_DWORD 0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\EventSystem
providerGuid REG_EXPAND_SZ {899daace-4868-4295-afcd-9eb8fb497561}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\Folder Redirection
EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\fdeploy.dll
ProviderGuid REG_EXPAND_SZ {7D7B0C39-93F6-4100-BD96-4DDA859652C5}
TypesSupported REG_DWORD 0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\Group Policy
EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\gpapi.dll
TypesSupported REG_DWORD 0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\Group Policy Applications
ParameterMessageFile REG_SZ gpprefcl.dll
TypesSupported REG_DWORD 0x7
CategoryCount REG_DWORD 0x2
CategoryMessageFile REG_SZ gpprefcl.dll
EventMessageFile REG_SZ gpprefcl.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\Group Policy Client
ParameterMessageFile REG_SZ gpprefcl.dll
TypesSupported REG_DWORD 0x7
CategoryCount REG_DWORD 0x2
CategoryMessageFile REG_SZ gpprefcl.dll
EventMessageFile REG_SZ gpprefcl.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\Group Policy Data Sources
ParameterMessageFile REG_SZ gpprefcl.dll
TypesSupported REG_DWORD 0x7
CategoryCount REG_DWORD 0x2
CategoryMessageFile REG_SZ gpprefcl.dll
EventMessageFile REG_SZ gpprefcl.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\Group Policy Device Settings
ParameterMessageFile REG_SZ gpprefcl.dll
TypesSupported REG_DWORD 0x7
CategoryCount REG_DWORD 0x2
CategoryMessageFile REG_SZ gpprefcl.dll
EventMessageFile REG_SZ gpprefcl.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\Group Policy Drive Maps
ParameterMessageFile REG_SZ gpprefcl.dll
TypesSupported REG_DWORD 0x7
CategoryCount REG_DWORD 0x2
CategoryMessageFile REG_SZ gpprefcl.dll
EventMessageFile REG_SZ gpprefcl.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\Group Policy Environment
ParameterMessageFile REG_SZ gpprefcl.dll
TypesSupported REG_DWORD 0x7
CategoryCount REG_DWORD 0x2
CategoryMessageFile REG_SZ gpprefcl.dll
EventMessageFile REG_SZ gpprefcl.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\Group Policy Files
ParameterMessageFile REG_SZ gpprefcl.dll
TypesSupported REG_DWORD 0x7
CategoryCount REG_DWORD 0x2
CategoryMessageFile REG_SZ gpprefcl.dll
EventMessageFile REG_SZ gpprefcl.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\Group Policy Folder Options
ParameterMessageFile REG_SZ gpprefcl.dll
TypesSupported REG_DWORD 0x7
CategoryCount REG_DWORD 0x2
CategoryMessageFile REG_SZ gpprefcl.dll
EventMessageFile REG_SZ gpprefcl.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\Group Policy Folders
ParameterMessageFile REG_SZ gpprefcl.dll
TypesSupported REG_DWORD 0x7
CategoryCount REG_DWORD 0x2
CategoryMessageFile REG_SZ gpprefcl.dll
EventMessageFile REG_SZ gpprefcl.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\Group Policy Ini Files
ParameterMessageFile REG_SZ gpprefcl.dll
TypesSupported REG_DWORD 0x7
CategoryCount REG_DWORD 0x2
CategoryMessageFile REG_SZ gpprefcl.dll
EventMessageFile REG_SZ gpprefcl.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\Group Policy Internet Settings
ParameterMessageFile REG_SZ gpprefcl.dll
TypesSupported REG_DWORD 0x7
CategoryCount REG_DWORD 0x2
CategoryMessageFile REG_SZ gpprefcl.dll
EventMessageFile REG_SZ gpprefcl.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\Group Policy Local Users and Groups
ParameterMessageFile REG_SZ gpprefcl.dll
TypesSupported REG_DWORD 0x7
CategoryCount REG_DWORD 0x2
CategoryMessageFile REG_SZ gpprefcl.dll
EventMessageFile REG_SZ gpprefcl.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\Group Policy Mail Profiles
ParameterMessageFile REG_SZ gpprefcl.dll
TypesSupported REG_DWORD 0x7
CategoryCount REG_DWORD 0x2
CategoryMessageFile REG_SZ gpprefcl.dll
EventMessageFile REG_SZ gpprefcl.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\Group Policy Network Options
ParameterMessageFile REG_SZ gpprefcl.dll
TypesSupported REG_DWORD 0x7
CategoryCount REG_DWORD 0x2
CategoryMessageFile REG_SZ gpprefcl.dll
EventMessageFile REG_SZ gpprefcl.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\Group Policy Network Shares
ParameterMessageFile REG_SZ gpprefcl.dll
TypesSupported REG_DWORD 0x7
CategoryCount REG_DWORD 0x2
CategoryMessageFile REG_SZ gpprefcl.dll
EventMessageFile REG_SZ gpprefcl.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\Group Policy Power Options
ParameterMessageFile REG_SZ gpprefcl.dll
TypesSupported REG_DWORD 0x7
CategoryCount REG_DWORD 0x2
CategoryMessageFile REG_SZ gpprefcl.dll
EventMessageFile REG_SZ gpprefcl.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\Group Policy Printers
ParameterMessageFile REG_SZ gpprefcl.dll
TypesSupported REG_DWORD 0x7
CategoryCount REG_DWORD 0x2
CategoryMessageFile REG_SZ gpprefcl.dll
EventMessageFile REG_SZ gpprefcl.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\Group Policy Regional Options
ParameterMessageFile REG_SZ gpprefcl.dll
TypesSupported REG_DWORD 0x7
CategoryCount REG_DWORD 0x2
CategoryMessageFile REG_SZ gpprefcl.dll
EventMessageFile REG_SZ gpprefcl.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\Group Policy Registry
ParameterMessageFile REG_SZ gpprefcl.dll
TypesSupported REG_DWORD 0x7
CategoryCount REG_DWORD 0x2
CategoryMessageFile REG_SZ gpprefcl.dll
EventMessageFile REG_SZ gpprefcl.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\Group Policy Scheduled Tasks
ParameterMessageFile REG_SZ gpprefcl.dll
TypesSupported REG_DWORD 0x7
CategoryCount REG_DWORD 0x2
CategoryMessageFile REG_SZ gpprefcl.dll
EventMessageFile REG_SZ gpprefcl.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\Group Policy Services
ParameterMessageFile REG_SZ gpprefcl.dll
TypesSupported REG_DWORD 0x7
CategoryCount REG_DWORD 0x2
CategoryMessageFile REG_SZ gpprefcl.dll
EventMessageFile REG_SZ gpprefcl.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\Group Policy Shortcuts
ParameterMessageFile REG_SZ gpprefcl.dll
TypesSupported REG_DWORD 0x7
CategoryCount REG_DWORD 0x2
CategoryMessageFile REG_SZ gpprefcl.dll
EventMessageFile REG_SZ gpprefcl.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\Group Policy Standard Edition
ParameterMessageFile REG_SZ gpprefcl.dll
TypesSupported REG_DWORD 0x7
CategoryCount REG_DWORD 0x2
CategoryMessageFile REG_SZ gpprefcl.dll
EventMessageFile REG_SZ gpprefcl.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\Group Policy Start Menu Settings
ParameterMessageFile REG_SZ gpprefcl.dll
TypesSupported REG_DWORD 0x7
CategoryCount REG_DWORD 0x2
CategoryMessageFile REG_SZ gpprefcl.dll
EventMessageFile REG_SZ gpprefcl.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\Handwriting Recognition
TypesSupported REG_DWORD 0x7
CategoryCount REG_DWORD 0x7
CategoryMessageFile REG_EXPAND_SZ %CommonProgramFiles%\Microsoft Shared\Ink\IPSEventLogMsg.dll
EventMessageFile REG_EXPAND_SZ %CommonProgramFiles%\Microsoft Shared\Ink\IPSEventLogMsg.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\HostableWebCore
TypesSupported REG_DWORD 0x7
EventMessageFile REG_EXPAND_SZ %windir%\system32\inetsrv\iisres.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\HotFixInstaller
EventMessageFile REG_EXPAND_SZ C:\Program Files (x86)\Common Files\Microsoft Shared\DW\DW20.exe
TypesSupported REG_DWORD 0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\IAStorDataMgrSvc
EventMessageFile REG_EXPAND_SZ C:\Windows\Microsoft.NET\Framework\v2.0.50727\EventLogMessages.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\IISInfoCtrs
TypesSupported REG_DWORD 0x7
EventMessageFile REG_EXPAND_SZ %Windir%\system32\infoctrs.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\Intel(R) AMT
CategoryCount REG_DWORD 0x4
CategoryMessageFile REG_EXPAND_SZ C:\Program Files (x86)\Intel\AMT\UNS.exe
EventMessageFile REG_EXPAND_SZ C:\Program Files (x86)\Intel\AMT\UNS.exe
MaxSize REG_DWORD 0x80000
TypesSupported REG_DWORD 0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\Intel(R) Capability Licensing Service Interface
EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\IusEventLog.dll
TypesSupported REG_DWORD 0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\Intel(R) ME Application
CategoryCount REG_DWORD 0x9
CategoryMessageFile REG_EXPAND_SZ C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
EventMessageFile REG_EXPAND_SZ C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
MaxSize REG_DWORD 0x80000
TypesSupported REG_DWORD 0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\IntelDalJhi
EventMessageFile REG_SZ C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
TypesSupported REG_DWORD 0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\Interactive Services detection
EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\UI0Detect.exe
TypesSupported REG_DWORD 0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\Intuit Update Service
EventMessageFile REG_EXPAND_SZ C:\Windows\Microsoft.NET\Framework\v4.0.30319\EventLogMessages.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\IRST_UI
EventMessageFile REG_EXPAND_SZ C:\Windows\Microsoft.NET\Framework\v2.0.50727\EventLogMessages.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\LBTServ
EventMessageFile REG_EXPAND_SZ c:\program files\common files\logishrd\bluetooth\LBTServMsg.dll
TypesSupported REG_DWORD 0x7
CategoryMessageFile REG_EXPAND_SZ c:\program files\common files\logishrd\bluetooth\LBTServMsg.dll
CategoryCount REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\Little Registry Cleaner
EventMessageFile REG_EXPAND_SZ C:\Windows\Microsoft.NET\Framework64\v2.0.50727\EventLogMessages.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\LMS
EventMessageFile REG_EXPAND_SZ C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
TypesSupported REG_DWORD 0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\LoadPerf
ProviderGuid REG_EXPAND_SZ {122EE297-BB47-41AE-B265-1CA8D1886D40}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\LocationNotifications
ProviderGuid REG_SZ {5b93cdfa-5f51-45e0-9fde-296983129e6c}
EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\LocationNotifications.exe

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\MatSvc
EventMessageFile REG_SZ C:\Windows\MATS\MatsRes.dll
TypesSupported REG_DWORD 0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\MEProv
CategoryCount REG_DWORD 0x2
CategoryMessageFile REG_EXPAND_SZ C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\MEWMIProv\MeProv.dll
EventMessageFile REG_EXPAND_SZ C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\MEWMIProv\MeProv.dll
MaxSize REG_DWORD 0x80000
TypesSupported REG_DWORD 0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\Microsoft Fax
publisherGuid REG_EXPAND_SZ {9F8639E0-9EEF-4125-9B1C-86109BDD8289}
TypesSupported REG_DWORD 0x7
CategoryCount REG_DWORD 0x4
CategoryMessageFile REG_EXPAND_SZ %systemroot%\system32\fxsevent.dll
EventMessageFile REG_EXPAND_SZ %systemroot%\system32\fxsevent.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\Microsoft Office 14
EventMessageFile REG_SZ C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE14\MSORES.DLL;C:\PROGRA~1\COMMON~1\MICROS~1\DW\DW20.EXE
TypesSupported REG_DWORD 0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\Microsoft WSE 3.0
EventMessageFile REG_EXPAND_SZ C:\Windows\Microsoft.NET\Framework64\v2.0.50727\EventLogMessages.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\Microsoft-Office-Business Connectivity Services
EventMessageFile REG_EXPAND_SZ C:\Program Files\Microsoft Office\Office14\BCSClient.Msg.dll
ProviderGuid REG_SZ {b8622a02-c377-46b1-b861-38a787a8e44a}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\Microsoft-Windows-Application-Experience
ProviderGuid REG_SZ {eef54e71-0661-422d-9a98-82fd4940b820}
EventMessageFile REG_EXPAND_SZ %SystemRoot%\system32\aeevts.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\Microsoft-Windows-ApplicationExperienceInfrastructure
ProviderGuid REG_SZ {5ec13d8e-4b3f-422e-a7e7-3121a1d90c7a}
EventMessageFile REG_EXPAND_SZ %SystemRoot%\system32\apphelp.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\Microsoft-Windows-Audio
ProviderGuid REG_SZ {ae4bd3be-f36f-45b6-8d21-bdd6fb832853}
EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\audioses.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\Microsoft-Windows-AxInstallService
ProviderGuid REG_SZ {dab3b18c-3c0f-43e8-80b1-e44bc0dad901}
EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\AxInstSv.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\Microsoft-Windows-Backup
ProviderGuid REG_SZ {1db28f2e-8f80-4027-8c5a-a11f7f10f62d}
EventMessageFile REG_EXPAND_SZ %windir%\system32\BlbEvents.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\Microsoft-Windows-CAPI2
ProviderGuid REG_SZ {5bbca4a8-b209-48dc-a8c7-b23d3e5216fb}
EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\crypt32.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\Microsoft-Windows-CertificateServicesClient
ProviderGuid REG_SZ {73370bd6-85e5-430b-b60a-fea1285808a7}
EventMessageFile REG_EXPAND_SZ %SystemRoot%\system32\dimsjob.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\Microsoft-Windows-CertificateServicesClient-AutoEnrollment
ProviderGuid REG_SZ {f0db7ef8-b6f3-4005-9937-feb77b9e1b43}
EventMessageFile REG_EXPAND_SZ %SystemRoot%\system32\pautoenr.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\Microsoft-Windows-CertificateServicesClient-CertEnroll
ProviderGuid REG_SZ {54164045-7c50-4905-963f-e5bc1eef0cca}
EventMessageFile REG_EXPAND_SZ %SystemRoot%\system32\certenroll.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\Microsoft-Windows-CertificateServicesClient-CredentialRoaming
ProviderGuid REG_SZ {89a2278b-c662-4aff-a06c-46ad3f220bca}
EventMessageFile REG_EXPAND_SZ %SystemRoot%\system32\dimsroam.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\Microsoft-Windows-CertificationAuthorityClient-CertCli
ProviderGuid REG_SZ {98bf1cd3-583e-4926-95ee-a61bf3f46470}
EventMessageFile REG_EXPAND_SZ %SystemRoot%\system32\certcli.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\Microsoft-Windows-Crypto-RNG
providerGuid REG_SZ {54d5ac20-e14f-4fda-92da-ebf7556ff176}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\Microsoft-Windows-Defrag
TypesSupported REG_DWORD 0x7
EventMessageFile REG_EXPAND_SZ %systemroot%\system32\defragsvc.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\Microsoft-Windows-DirectShow-Core
ProviderGuid REG_SZ {968f313b-097f-4e09-9cdd-bc62692d138b}
EventMessageFile REG_EXPAND_SZ %SystemRoot%\system32\quartz.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\Microsoft-Windows-DirectShow-KernelSupport
ProviderGuid REG_SZ {3cc2d4af-da5e-4ed4-bcbe-3cf995940483}
EventMessageFile REG_EXPAND_SZ ksproxy.ax

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\Microsoft-Windows-EapHost
ProviderGuid REG_SZ {6eb8db94-fe96-443f-a366-5fe0cee7fb1c}
EventMessageFile REG_EXPAND_SZ %systemroot%\system32\eapsvc.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\Microsoft-Windows-EFS
ProviderGuid REG_SZ {3663a992-84be-40ea-bba9-90c7ed544222}
EventMessageFile REG_EXPAND_SZ %SystemRoot%\system32\efscore.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\Microsoft-Windows-EventCollector
ProviderGuid REG_SZ {b977cf02-76f6-df84-cc1a-6a4b232322b6}
EventMessageFile REG_EXPAND_SZ %SystemRoot%\system32\wecsvc.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\Microsoft-Windows-Folder Redirection
ProviderGuid REG_SZ {7d7b0c39-93f6-4100-bd96-4dda859652c5}
EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\fdeploy.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\Microsoft-Windows-IIS-IISManager
EventMessageFile REG_EXPAND_SZ %windir%\Microsoft.NET\Framework\v2.0.50727\EventLogMessages.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\Microsoft-Windows-LoadPerf
ProviderGuid REG_SZ {122ee297-bb47-41ae-b265-1ca8d1886d40}
EventMessageFile REG_EXPAND_SZ %SystemRoot%\system32\loadperf.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\Microsoft-Windows-PerfCtrs
ProviderGuid REG_SZ {973143dd-f3c7-4ef5-b156-544ac38c39b6}
EventMessageFile REG_EXPAND_SZ %SystemRoot%\system32\perfctrs.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\Microsoft-Windows-PerfNet
ProviderGuid REG_SZ {cab2b8a5-49b9-4eec-b1b0-fac21da05a3b}
EventMessageFile REG_EXPAND_SZ %SystemRoot%\system32\perfnet.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\Microsoft-Windows-PerfOS
ProviderGuid REG_SZ {f82fb576-e941-4956-a2c7-a0cf83f6450a}
EventMessageFile REG_EXPAND_SZ %SystemRoot%\system32\perfos.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\Microsoft-Windows-PerfProc
ProviderGuid REG_SZ {72d211e1-4c54-4a93-9520-4901681b2271}
EventMessageFile REG_EXPAND_SZ %SystemRoot%\system32\perfproc.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\Microsoft-Windows-propsys
ProviderGuid REG_EXPAND_SZ {9485FA1E-23CD-49A1-84E3-11D8BC550CB7}
EventMessageFile REG_EXPAND_SZ %SystemRoot%\system32\propsys.dll
TypesSupported REG_DWORD 0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\Microsoft-Windows-RemoteApp and Desktop Connections
ProviderGuid REG_SZ {1b8b402d-78dc-46fb-bf71-46e64aedf165}
EventMessageFile REG_EXPAND_SZ %SystemRoot%\system32\TSWorkspace.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\Microsoft-Windows-RemoteAssistance
ProviderGuid REG_SZ {5b0a651a-8807-45cc-9656-7579815b6af0}
EventMessageFile REG_EXPAND_SZ %systemroot%\system32\msra.exe

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\Microsoft-Windows-RestartManager
ProviderGuid REG_SZ {0888e5ef-9b98-4695-979d-e92ce4247224}
EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\RstrtMgr.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\Microsoft-Windows-RPC-Events
ProviderGuid REG_SZ {f4aed7c7-a898-4627-b053-44a7caa12fcd}
EventMessageFile REG_EXPAND_SZ %SystemRoot%\system32\rpcrt4.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\Microsoft-Windows-SoftwareRestrictionPolicies
ProviderGuid REG_SZ {7d29d58a-931a-40ac-8743-48c733045548}
EventMessageFile REG_EXPAND_SZ %SystemRoot%\system32\advapi32.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\Microsoft-Windows-Spell-Checking
ProviderGuid REG_SZ {d0e22efc-ac66-4b25-a72d-382736b5e940}
EventMessageFile REG_EXPAND_SZ %systemroot%\System32\MsSpellCheckingFacility.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\Microsoft-Windows-SpellChecker
ProviderGuid REG_SZ {b2fcd41f-9a40-4150-8c92-b224b7d8c8aa}
EventMessageFile REG_EXPAND_SZ %systemroot%\System32\MsSpellCheckingFacility.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\Microsoft-Windows-TerminalServices-ClientActiveXCore
ProviderGuid REG_SZ {28aa95bb-d444-4719-a36f-40462168127e}
EventMessageFile REG_EXPAND_SZ %SystemRoot%\system32\mstscax.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\Microsoft-Windows-User Profiles General
ProviderGuid REG_SZ {db00dfb6-29f9-4a9c-9b3b-1f4f9e7d9770}
EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\userenv.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\Microsoft-Windows-User Profiles Service
ProviderGuid REG_SZ {89b1e9f0-5aff-44a6-9b44-0a07a7ce5845}
EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\profsvc.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\Microsoft-Windows-User-Loader
ProviderGuid REG_SZ {b059b83f-d946-4b13-87ca-4292839dc2f2}
EventMessageFile REG_EXPAND_SZ %SystemRoot%\system32\advapi32.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\Microsoft-Windows-Video-For-Windows
ProviderGuid REG_SZ {712abb2d-d806-4b42-9682-26da01d8b307}
EventMessageFile REG_EXPAND_SZ %SystemRoot%\system32\mciavi32.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\Microsoft-Windows-WBioSrvc
providerGuid REG_SZ {A0E3D8EA-C34F-4419-A1DB-90435B8B21D0}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\Microsoft-Windows-WindowsSystemAssessmentTool
ProviderGuid REG_SZ {11a75546-3234-465e-bec8-2d301cb501ac}
EventMessageFile REG_EXPAND_SZ %SystemRoot%\system32\WINSAT.EXE

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\Microsoft-Windows-Winsrv
ProviderGuid REG_SZ {9d55b53d-449b-4824-a637-24f9d69aa02f}
EventMessageFile REG_EXPAND_SZ %SystemRoot%\system32\winsrv.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\Microsoft-Windows-XWizards
ProviderGuid REG_SZ {777ba8fe-2498-4875-933a-3067de883070}
EventMessageFile REG_EXPAND_SZ %windir%\system32\xwizards.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\Microsoft.Transactions.Bridge 3.0.0.0
CategoryCount REG_DWORD 0xe
CategoryMessageFile REG_SZ C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\ServiceModelEvents.dll
EventMessageFile REG_SZ C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\ServiceModelEvents.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\Microsoft.Transactions.Bridge 4.0.0.0
CategoryCount REG_DWORD 0xf
CategoryMessageFile REG_SZ C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ServiceModelEvents.dll
EventMessageFile REG_SZ C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ServiceModelEvents.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\MSDTC
providerGuid REG_EXPAND_SZ {719BE4ED-E9BC-4DD8-A7CF-C85CE8E4975D}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\MSDTC 2
providerGuid REG_EXPAND_SZ {5D9E0020-3761-4f36-90C8-38CE6511BD12}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\MSDTC Client
providerGuid REG_EXPAND_SZ {7A67066E-193F-4D3A-82D3-322FEE5259DE}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\MSDTC Client 2
providerGuid REG_EXPAND_SZ {155CB334-3D7F-4ff1-B107-DF8AFC3C0363}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\MsiInstaller
EventMessageFile REG_EXPAND_SZ %SystemRoot%\system32\msimsg.dll
TypesSupported REG_DWORD 0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\MSSOAP
CategoryCount REG_DWORD 0x4
CategoryMessageFile REG_SZ C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSSOAP30.DLL
EventMessageFile REG_SZ C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSSOAP30.DLL
TypesSupported REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\NVIDIA OpenGL Driver
EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\nvoglv64.dll
TypesSupported REG_DWORD 0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\nview
TypesSupported REG_DWORD 0x1f
EventMessageFile REG_SZ C:\Program Files\NVIDIA Corporation\nview\nview64.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\NVWMI
EventMessageFile REG_SZ C:\Windows\system32\nvwmi64.exe
TypesSupported REG_DWORD 0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\Office Software Protection Platform Service
EventMessageFile REG_SZ C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
TypesSupported REG_DWORD 0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\Outlook
EventMessageFile REG_SZ C:\PROGRA~1\MICROS~2\Office14\1033\MAPIR.DLL
TypesSupported REG_DWORD 0x7
Version REG_DWORD 0xd

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\PDH
ProviderGuid REG_EXPAND_SZ {04D66358-C4A1-419B-8023-23B73902DE2C}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\PerfCtrs
ProviderGuid REG_EXPAND_SZ {973143DD-F3C7-4EF5-B156-544AC38C39B6}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\PerfDisk
ProviderGuid REG_EXPAND_SZ {7F9D83DE-8ABB-457F-98E8-4AD161449ECC}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\Perflib
ProviderGuid REG_EXPAND_SZ {13B197BD-7CEE-4B4E-8DD0-59314CE374CE}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\PerfNet
ProviderGuid REG_EXPAND_SZ {CAB2B8A5-49B9-4EEC-B1B0-FAC21DA05A3B}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\PerfOs
ProviderGuid REG_EXPAND_SZ {F82FB576-E941-4956-A2C7-A0CF83F6450A}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\PerfProc
ProviderGuid REG_EXPAND_SZ {72D211E1-4C54-4A93-9520-4901681B2271}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\PrintBrm
ProviderGuid REG_EXPAND_SZ {CF3F502E-B40D-4071-996F-00981EDF938E}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\Process Exit Monitor
providerGuid REG_EXPAND_SZ {FD771D53-8492-4057-8E35-8C02813AF49B}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\Profsvc
EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\profsvc.dll
TypesSupported REG_DWORD 0x7
ProviderGuid REG_SZ {89B1E9F0-5AFF-44A6-9B44-0A07A7CE5845}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\Protexis Licensing Service
EventMessageFile REG_EXPAND_SZ c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
TypesSupported REG_DWORD 0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\PSI
EventMessageFile REG_EXPAND_SZ C:\Windows\Microsoft.NET\Framework\v2.0.50727\EventLogMessages.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\QCServiceAVUE
EventMessageFile REG_EXPAND_SZ C:\Windows\Microsoft.NET\Framework\v4.0.30319\EventLogMessages.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\RADF
EventMessageFile REG_EXPAND_SZ C:\Windows\Microsoft.NET\Framework\v2.0.50727\EventLogMessages.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\RasClient
EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\mprmsg.dll
TypesSupported REG_DWORD 0x1f

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\SceCli
EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\scecli.dll
TypesSupported REG_DWORD 0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\SceSrv
EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\scesrv.dll
TypesSupported REG_DWORD 0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\ScreenConnect Client (0e39f786-d8d1-4050-bc29-5d1f0ef6c775)
EventMessageFile REG_EXPAND_SZ C:\Windows\Microsoft.NET\Framework64\v4.0.30319\EventLogMessages.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\SecurityCenter
TypesSupported REG_DWORD 0x7
EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\wscsvc.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\ServiceModel Audit 3.0.0.0
TypesSupported REG_DWORD 0x1f
CategoryCount REG_DWORD 0x2
CategoryMessageFile REG_SZ C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\ServiceModelEvents.dll
EventMessageFile REG_SZ C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\ServiceModelEvents.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\ServiceModel Audit 4.0.0.0
CategoryCount REG_DWORD 0x2
CategoryMessageFile REG_SZ C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ServiceModelEvents.dll
EventMessageFile REG_SZ C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ServiceModelEvents.dll
TypesSupported REG_DWORD 0x1f

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\SideBySide
EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\sxs.dll
TypesSupported REG_DWORD 0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\Software Installation
TypesSupported REG_DWORD 0x7
EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\appmgr.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\Software Protection Platform Service
EventMessageFile REG_EXPAND_SZ %windir%\system32\sppsvc.exe
TypesSupported REG_DWORD 0x7
ProviderGuid REG_SZ {E23B33B0-C8C9-472C-A5F9-F2BDFEA0F156}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\SPP
TypesSupported REG_DWORD 0x7
EventMessageFile REG_EXPAND_SZ %systemroot%\system32\sxproxy.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\Standard TCP/IP Port
ProviderGuid REG_EXPAND_SZ {CAD2D809-03D9-4F46-9CF4-72AA4F04B6B9}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\SUService
EventMessageFile REG_EXPAND_SZ C:\Windows\Microsoft.NET\Framework\v4.0.30319\EventLogMessages.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\System Restore
TypesSupported REG_DWORD 0x7
EventMessageFile REG_EXPAND_SZ %systemroot%\system32\srcore.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\System.IdentityModel 3.0.0.0
CategoryCount REG_DWORD 0xe
CategoryMessageFile REG_SZ C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\ServiceModelEvents.dll
EventMessageFile REG_SZ C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\ServiceModelEvents.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\System.IdentityModel 4.0.0.0
CategoryCount REG_DWORD 0xf
CategoryMessageFile REG_SZ C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ServiceModelEvents.dll
EventMessageFile REG_SZ C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ServiceModelEvents.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\System.IO.Log 3.0.0.0
CategoryCount REG_DWORD 0xe
CategoryMessageFile REG_SZ C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\ServiceModelEvents.dll
EventMessageFile REG_SZ C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\ServiceModelEvents.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\System.IO.Log 4.0.0.0
CategoryCount REG_DWORD 0xf
CategoryMessageFile REG_SZ C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ServiceModelEvents.dll
EventMessageFile REG_SZ C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ServiceModelEvents.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\System.Runtime.Serialization 3.0.0.0
CategoryCount REG_DWORD 0xe
CategoryMessageFile REG_SZ C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\ServiceModelEvents.dll
EventMessageFile REG_SZ C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\ServiceModelEvents.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\System.Runtime.Serialization 4.0.0.0
CategoryCount REG_DWORD 0xf
CategoryMessageFile REG_SZ C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ServiceModelEvents.dll
EventMessageFile REG_SZ C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ServiceModelEvents.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\System.ServiceModel 3.0.0.0
CategoryCount REG_DWORD 0xe
CategoryMessageFile REG_SZ C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\ServiceModelEvents.dll
EventMessageFile REG_SZ C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\ServiceModelEvents.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\System.ServiceModel 4.0.0.0
CategoryCount REG_DWORD 0xf
CategoryMessageFile REG_SZ C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ServiceModelEvents.dll
EventMessageFile REG_SZ C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ServiceModelEvents.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\Tific System Service
EventMessageFile REG_SZ C:\Program Files (x86)\Common Files\Tific\Tific Client G1\Tific System Service.exe
TypesSupported REG_DWORD 0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\UNS
CategoryCount REG_DWORD 0x9
CategoryMessageFile REG_EXPAND_SZ C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
EventMessageFile REG_EXPAND_SZ C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
MaxSize REG_DWORD 0x80000
TypesSupported REG_DWORD 0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\usbperf
EventMessageFile REG_EXPAND_SZ %SystemRoot%\system32\usbperf.dll
TypesSupported REG_DWORD 0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\Userenv
EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\userenv.dll
TypesSupported REG_DWORD 0x7
ProviderGuid REG_SZ {DB00DFB6-29F9-4A9C-9B3B-1F4F9E7D9770}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\VBRuntime
EventMessageFile REG_SZ C:\Windows\SysWOW64\msvbvm60.dll
TypesSupported REG_DWORD 0x4

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\VPNService
EventMessageFile REG_EXPAND_SZ C:\Windows\Microsoft.NET\Framework\v4.0.30319\EventLogMessages.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\VSS
TypesSupported REG_DWORD 0x7
EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\VSSVC.EXE

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\VSSetup
TypesSupported REG_DWORD 0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\VSTO 4.0
EventMessageFile REG_EXPAND_SZ c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\VSTOMessageProvider.dll
TypesSupported REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\W3Ctrs
providerGuid REG_SZ {90303B54-419D-4081-A683-6DBCB532F261}
TypesSupported REG_DWORD 0x7
EventMessageFile REG_EXPAND_SZ %windir%\system32\inetsrv\iisres.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\W3SVC-WP
providerGuid REG_SZ {670080D9-742A-4187-8D16-41143D1290BD}
TypesSupported REG_DWORD 0x7
EventMessageFile REG_EXPAND_SZ %windir%\system32\inetsrv\iisres.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\WAS-LA
providerGuid REG_SZ {D60ACC81-2608-4617-BFB7-2452BF002430}
TypesSupported REG_DWORD 0xf
EventMessageFile REG_EXPAND_SZ %windir%\system32\inetsrv\iisres.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\WerSvc
EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\wersvc.dll
TypesSupported REG_DWORD 0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\Windows Activation Technologies
EventMessageFile REG_EXPAND_SZ %SystemRoot%\system32\Wat\WatUX.exe
TypesSupported REG_DWORD 0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\Windows Backup
TypesSupported REG_DWORD 0x7
EventMessageFile REG_EXPAND_SZ %systemroot%\system32\sdengin2.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\Windows Error Reporting
EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\wer.dll
TypesSupported REG_DWORD 0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\Windows Search Service
ProviderGuid REG_SZ {CA4E628D-8567-4896-AB6B-835B221F373F}
TypesSupported REG_DWORD 0x7
CategoryCount REG_DWORD 0x7
CategoryMessageFile REG_EXPAND_SZ %systemroot%\system32\tquery.dll
EventMessageFile REG_EXPAND_SZ %systemroot%\system32\tquery.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\Windows Search Service Profile Notification
ProviderGuid REG_SZ {FC6F77DD-769A-470E-BCF9-1B6555A118BE}
TypesSupported REG_DWORD 0x7
EventMessageFile REG_EXPAND_SZ %SystemRoot%\system32\wsepno.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\Wininit
EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\wininit.exe
TypesSupported REG_DWORD 0x7
providerGuid REG_SZ {206f6dea-d3c5-4d10-bc72-989f03c8b84b}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\Winlogon
EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\winlogon.exe
TypesSupported REG_DWORD 0x7
providerGuid REG_SZ {DBE9B383-7CF3-4331-91CC-A3CB16A3B538}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\WinMgmt
ProviderGuid REG_EXPAND_SZ {1edeee53-0afe-4609-b846-d8c0b2075b1f}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\Wlclntfy
EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\winlogon.exe
TypesSupported REG_DWORD 0x7
providerGuid REG_SZ {DBE9B383-7CF3-4331-91CC-A3CB16A3B538}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\WMI.NET Provider Extension
TypesSupported REG_DWORD 0x7
EventMessageFile REG_SZ C:\Windows\Microsoft.NET\Framework64\v4.0.30319\EventLogMessages.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\Wow64 Emulation Layer
EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\ntvdm64.dll
TypesSupported REG_DWORD 0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\WSH
EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\wshext.dll
TypesSupported REG_DWORD 0x1f

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\HardwareEvents
File REG_EXPAND_SZ %systemroot%\system32\winevt\logs\HardwareEvents.evtx
MaxSize REG_DWORD 0x1400000
Retention REG_DWORD 0x0
DisplayNameFile REG_EXPAND_SZ %SystemRoot%\system32\wecsvc.dll
DisplayNameID REG_DWORD 0x100

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Internet Explorer
CustomSD REG_SZ O:BAG:SYD

A;;0x07;;;WD)S

ML;;0x1;;;LW)

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Key Management Service
MaxSize REG_DWORD 0x1400000
Retention REG_DWORD 0x0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Key Management Service\KmsRequests
EventMessageFile REG_EXPAND_SZ %windir%\system32\sppsvc.exe
TypesSupported REG_DWORD 0x7
ProviderGuid REG_SZ {E23B33B0-C8C9-472C-A5F9-F2BDFEA0F156}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Lenovo-Customer Feedback
AutoBackupLogFiles REG_DWORD 0x0
MaxSize REG_DWORD 0x1400000
MaxSizeUpper REG_DWORD 0x0
Retention REG_DWORD 0x0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Lenovo-Customer Feedback\Lenovo-Customer Feedback
EventMessageFile REG_EXPAND_SZ C:\Windows\Microsoft.NET\Framework64\v2.0.50727\EventLogMessages.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Media Center
MaxSize REG_DWORD 0x800000
File REG_EXPAND_SZ %SystemRoot%\System32\winevt\Logs\Media Center.evtx
Retention REG_DWORD 0x0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Media Center\ehExtHost
EventMessageFile REG_EXPAND_SZ %SystemRoot%\ehome\ehepgres.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Media Center\ehRecvr
EventMessageFile REG_EXPAND_SZ %SystemRoot%\ehome\ehRecvr.exe

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Media Center\ehSched
EventMessageFile REG_EXPAND_SZ %SystemRoot%\ehome\ehSched.exe

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Media Center\ehshell
EventMessageFile REG_EXPAND_SZ %SystemRoot%\ehome\ehepgres.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Media Center\mcstore
EventMessageFile REG_EXPAND_SZ %SystemRoot%\ehome\ehepgres.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Media Center\MCUpdate
EventMessageFile REG_EXPAND_SZ %SystemRoot%\ehome\ehepgres.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Media Center\Recording
EventMessageFile REG_EXPAND_SZ %SystemRoot%\ehome\ehepgres.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Microsoft-Windows-PrintService/Admin

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Microsoft-Windows-PrintService/Operational

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\OAlerts
DisplayNameFile REG_SZ C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE14\OFFREL.DLL
DisplayNameID REG_DWORD 0x66
MaxSize REG_DWORD 0x20000
PrimaryModule REG_SZ OAlerts
Retention REG_DWORD 0x0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\OAlerts\Microsoft Office 14 Alerts
EventMessageFile REG_SZ C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE14\OFFREL.DLL
TypesSupported REG_DWORD 0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Security
DisplayNameFile REG_EXPAND_SZ %SystemRoot%\system32\wevtapi.dll
DisplayNameID REG_DWORD 0x101
Isolation REG_DWORD 0x2
PrimaryModule REG_SZ Security
File REG_EXPAND_SZ %SystemRoot%\System32\winevt\Logs\Security.evtx
MaxSize REG_DWORD 0x1400000
Retention REG_DWORD 0x0
Security REG_BINARY 01001480B4000000C4000000140000004400000002003000020000000240140072010D0001010000000000010000000002801400FF010F00010100000000000100000000020070000400000000002800FF010F00010600000000000550000000B589FB381984C2CB5C6C236D5700776EC002648700001800FF010F000102000000000005200000002002000000001400FF010F00010100000000000512000000000014008D01020001010000000000050B00000001020000000000052000000020020000010100000000000512000000
RestrictGuestAccess REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Security\DS
ParameterMessageFile REG_EXPAND_SZ %SystemRoot%\System32\MsObjs.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Security\DS\ObjectNames
Directory Service Object REG_DWORD 0x1e00

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Security\IIS-METABASE
EventSourceFlags REG_DWORD 0x1
EventMessageFile REG_EXPAND_SZ %SystemRoot%\system32\inetsrv\iisres.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Security\LSA
ParameterMessageFile REG_EXPAND_SZ %SystemRoot%\System32\MsObjs.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Security\LSA\ObjectNames
PolicyObject REG_DWORD 0x1600
SecretObject REG_DWORD 0x1610
TrustedDomainObject REG_DWORD 0x1620
UserAccountObject REG_DWORD 0x1630
AdtSecurity REG_DWORD 0x1f00

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Security\Microsoft-Windows-Eventlog
ProviderGuid REG_SZ {fc65ddd8-d6ef-4962-83d5-6e5cfe9ce148}
EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\wevtsvc.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Security\Microsoft-Windows-Security-Auditing
ProviderGuid REG_SZ {54849625-5478-4994-a5ba-3e3b0328c30d}
EventMessageFile REG_EXPAND_SZ %SystemRoot%\system32\adtschema.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Security\SC Manager
ParameterMessageFile REG_EXPAND_SZ %SystemRoot%\System32\MsObjs.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Security\SC Manager\ObjectNames
SC_MANAGER Object REG_DWORD 0x1c00
SERVICE Object REG_DWORD 0x1c10

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Security\Security
CategoryCount REG_DWORD 0x9
CategoryMessageFile REG_EXPAND_SZ %SystemRoot%\System32\MsAuditE.dll
EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\MsAuditE.dll
ParameterMessageFile REG_EXPAND_SZ %SystemRoot%\System32\MsObjs.dll
TypesSupported REG_DWORD 0x1c

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Security\Security\ObjectNames
Channel REG_DWORD 0x1400
Desktop REG_DWORD 0x1a10
Device REG_DWORD 0x1100
Directory REG_DWORD 0x1110
Event REG_DWORD 0x1120
EventPair REG_DWORD 0x1130
File REG_DWORD 0x1140
IoCompletion REG_DWORD 0x1300
Job REG_DWORD 0x1410
Key REG_DWORD 0x1150
KeyedEvent REG_DWORD 0x1640
MailSlot REG_DWORD 0x1140
Mutant REG_DWORD 0x1160
NamedPipe REG_DWORD 0x1140
Port REG_DWORD 0x1170
Process REG_DWORD 0x1180
Profile REG_DWORD 0x1190
Section REG_DWORD 0x11a0
Semaphore REG_DWORD 0x11b0
SymbolicLink REG_DWORD 0x11c0
Thread REG_DWORD 0x11d0
Timer REG_DWORD 0x11e0
Token REG_DWORD 0x11f0
Type REG_DWORD 0x1200
WaitablePort REG_DWORD 0x1170
ALPC Port REG_DWORD 0x1170
WindowStation REG_DWORD 0x1a00
WMI Namespace REG_DWORD 0x4200

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Security\Security Account Manager
ParameterMessageFile REG_EXPAND_SZ %SystemRoot%\System32\MsObjs.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Security\Security Account Manager\ObjectNames
SAM_ALIAS REG_DWORD 0x1530
SAM_DOMAIN REG_DWORD 0x1510
SAM_GROUP REG_DWORD 0x1520
SAM_SERVER REG_DWORD 0x1500
SAM_USER REG_DWORD 0x1540

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Security\ServiceModel 3.0.0.0
ParameterMessageFile REG_SZ C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\ServiceModelEvents.dll
TypesSupported REG_DWORD 0x1f
CategoryCount REG_DWORD 0x3
CategoryMessageFile REG_SZ %SystemRoot%\System32\MsAuditE.dll
EventSourceFlags REG_DWORD 0x1
EventMessageFile REG_SZ C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\ServiceModelEvents.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Security\ServiceModel 4.0.0.0
CategoryCount REG_DWORD 0x3
CategoryMessageFile REG_SZ %SystemRoot%\System32\MsAuditE.dll
EventMessageFile REG_SZ C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ServiceModelEvents.dll
EventSourceFlags REG_DWORD 0x1
ParameterMessageFile REG_SZ C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ServiceModelEvents.dll
TypesSupported REG_DWORD 0x1f

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Security\Spooler
ParameterMessageFile REG_EXPAND_SZ %SystemRoot%\System32\MsObjs.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Security\Spooler\ObjectNames
Document REG_DWORD 0x1b20
Printer REG_DWORD 0x1b10
Server REG_DWORD 0x1b00

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Security\TCP/IP
ParameterMessageFile REG_EXPAND_SZ %SystemRoot%\System32\MsObjs.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Security\TCP/IP\ObjectNames
InternetPort REG_DWORD 0x1f80

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Security\VSSAudit
EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\VSSVC.EXE
EventSourceFlags REG_DWORD 0x0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System
DisplayNameFile REG_EXPAND_SZ %SystemRoot%\system32\wevtapi.dll
DisplayNameID REG_DWORD 0x102
PrimaryModule REG_SZ System
File REG_EXPAND_SZ %SystemRoot%\system32\winevt\Logs\System.evtx
MaxSize REG_DWORD 0x1400000
Retention REG_DWORD 0x0
RestrictGuestAccess REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\ACPI
EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\Drivers\acpi.sys
TypesSupported REG_DWORD 0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\adp94xx
EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\IoLogMsg.dll
TypesSupported REG_DWORD 0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\adpahci
EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\IoLogMsg.dll
TypesSupported REG_DWORD 0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\adpu320
EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\IoLogMsg.dll
TypesSupported REG_DWORD 0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\AeLookupSvc
EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\aelupsvc.dll
TypesSupported REG_DWORD 0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\AmdK8
EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\amdk8.sys
TypesSupported REG_DWORD 0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\AmdPPM
EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\amdppm.sys
TypesSupported REG_DWORD 0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\amdsata
EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\IoLogMsg.dll
TypesSupported REG_DWORD 0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\amdsbs
EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\IoLogMsg.dll
TypesSupported REG_DWORD 0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\amdxata
EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\IoLogMsg.dll
TypesSupported REG_DWORD 0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\APPHOSTSVC
providerGuid REG_SZ {CAC10856-9223-48fe-96BA-2A772274FB53}
TypesSupported REG_DWORD 0x7
EventMessageFile REG_EXPAND_SZ %windir%\system32\inetsrv\iisres.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\Application Management Group Policy
ParameterMessageFile REG_EXPAND_SZ %SystemRoot%\System32\kernel32.dll
TypesSupported REG_DWORD 0x7
EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\appmgmts.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\Application Popup
EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\ntdll.dll
TypesSupported REG_DWORD 0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\arc
EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\IoLogMsg.dll
TypesSupported REG_DWORD 0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\arcsas
EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\IoLogMsg.dll
TypesSupported REG_DWORD 0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\AsyncMac
EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\mprmsg.dll
TypesSupported REG_DWORD 0x1f

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\atapi
EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\IoLogMsg.dll
TypesSupported REG_DWORD 0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\b06bdrv
eventmessagefile REG_EXPAND_SZ %SystemRoot%\System32\iologmsg.dll;%SystemRoot%\System32\drivers\bxvbda.sys
typessupported REG_DWORD 0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\b57nd60a
EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\netevent.dll;%SystemRoot%\System32\drivers\b57nd60a.sys
TypesSupported REG_DWORD 0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\beep
EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\IoLogMsg.dll
TypesSupported REG_DWORD 0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\Bowser
EventMessageFile REG_EXPAND_SZ %systemroot%\system32\netevent.dll
TypesSupported REG_DWORD 0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\Browser
EventMessageFile REG_EXPAND_SZ %systemroot%\system32\netevent.dll
TypesSupported REG_DWORD 0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\BugCheck
providerGuid REG_EXPAND_SZ {ABCE23E7-DE45-4366-8631-84FA6C525952}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\cdrom
EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\IoLogMsg.dll
TypesSupported REG_DWORD 0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\DCOM
providerGuid REG_EXPAND_SZ {1B562E86-B7AA-4131-BADC-B6F3A001407E}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\DfsSvc
ProviderGuid REG_EXPAND_SZ {7DA4FE0E-FD42-4708-9AA5-89B77A224885}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\Dhcp
providerGuid REG_EXPAND_SZ {15A7A4F8-0072-4EAB-ABAD-F98A4D666AED}
EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\dhcpcore.dll
ParameterMessageFile REG_EXPAND_SZ %SystemRoot%\System32\kernel32.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\Dhcpv6
providerGuid REG_EXPAND_SZ {6A1F2B00-6A90-4C38-95A5-5CAB3B056778}
EventMessageFile REG_EXPAND_SZ %SystemRoot%\system32\dhcpcore6.dll
ParameterMessageFile REG_EXPAND_SZ %SystemRoot%\system32\kernelbase.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\Dhcp_QEC
EventMessageFile REG_EXPAND_SZ %Systemroot%\System32\dhcpqec.dll
ParameterMessageFile REG_EXPAND_SZ %Systemroot%\System32\dhcpqec.dll
TypesSupported REG_DWORD 0x1f
providerGuid REG_EXPAND_SZ {F6DA35CE-D312-41C8-9828-5A2E173C91B6}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\disk
EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\IoLogMsg.dll
TypesSupported REG_DWORD 0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\Display
EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\DispCI.dll
TypesSupported REG_DWORD 0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\dmvsc
EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\dmvscres.dll
TypesSupported REG_DWORD 0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\Dnsapi
ParameterMessageFile REG_EXPAND_SZ %Systemroot%\system32\kernel32.dll
EventMessageFile REG_EXPAND_SZ %Systemroot%\system32\netevent.dll
TypesSupported REG_DWORD 0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\Dnscache
ParameterMessageFile REG_EXPAND_SZ %Systemroot%\system32\kernel32.dll
EventMessageFile REG_EXPAND_SZ %Systemroot%\system32\netevent.dll
TypesSupported REG_DWORD 0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\e1cexpress
EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\netevent.dll;%SystemRoot%\System32\drivers\e1c62x64.sys
TypesSupported REG_DWORD 0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\ebdrv
eventmessagefile REG_EXPAND_SZ %SystemRoot%\System32\iologmsg.dll;%SystemRoot%\System32\drivers\evbda.sys
typessupported REG_DWORD 0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\elxstor
EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\IoLogMsg.dll
TypesSupported REG_DWORD 0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\eventlog
EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\netevent.dll
TypesSupported REG_DWORD 0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\exFAT
TypesSupported REG_DWORD 0x7
EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\IoLogMsg.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\FltMgr
TypesSupported REG_DWORD 0x7
EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\drivers\fltmgr.sys;%SystemRoot%\System32\IoLogMsg.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\fvevol
ProviderGuid REG_EXPAND_SZ {651DF93B-5053-4D1E-94C5-F6E6D25908D0}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\HidBth
EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\Drivers\hidbth.sys
TypesSupported REG_DWORD 0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\HpSAMD
EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\IoLogMsg.dll
TypesSupported REG_DWORD 0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\Http
ProviderGuid REG_EXPAND_SZ {7b6bc78c-898b-4170-bbf8-1a469ea43fc5}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\i8042prt
EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\i8042prt.sys
TypesSupported REG_DWORD 0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\iaStorA
EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\iaStorA.sys
TypesSupported REG_DWORD 0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\iaStorF
EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\IoLogMsg.dll
TypesSupported REG_DWORD 0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\iaStorS
EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\iaStorS.sys
TypesSupported REG_DWORD 0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\iaStorV
EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\iaStorV.sys
TypesSupported REG_DWORD 0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\iirsp
EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\IoLogMsg.dll
TypesSupported REG_DWORD 0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\IIS Config
ParameterMessageFile REG_EXPAND_SZ %windir%\system32\inetsrv\iiscfg.dll
TypesSupported REG_DWORD 0x7
CategoryCount REG_DWORD 0x15
CategoryMessageFile REG_EXPAND_SZ %windir%\system32\inetsrv\iiscfg.dll
EventMessageFile REG_EXPAND_SZ %windir%\system32\inetsrv\iiscfg.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\IIS-METABASE
providerGuid REG_SZ {BBB924B8-F415-4F57-AA45-1007F704C9B1}
EventSourceFlags REG_DWORD 0x1
EventMessageFile REG_EXPAND_SZ %windir%\system32\inetsrv\iisres.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\IISCTLS
providerGuid REG_SZ {DA9A85BB-563D-40FB-A164-8E982EA6844B}
TypesSupported REG_DWORD 0x7
EventMessageFile REG_EXPAND_SZ %windir%\system32\inetsrv\iisres.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\IISLOG
TypesSupported REG_DWORD 0x0
EventMessageFile REG_EXPAND_SZ %Windir%\system32\inetsrv\iscomlog.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\intelppm
EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\intelppm.sys
TypesSupported REG_DWORD 0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\IPMGM
providerGuid REG_EXPAND_SZ {29D13147-1C2E-48EC-9994-E29DFE496EB3}
EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\rtm.dll
TypesSupported REG_DWORD 0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\IPMIDRV
EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\drivers\ipmidrv.sys
TypesSupported REG_DWORD 0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\IPNATHLP
providerGuid REG_EXPAND_SZ {A6F32731-9A38-4159-A220-3D9B7FC5FE5D}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\IPRouterManager
providerGuid REG_EXPAND_SZ {F2C628AE-D26C-4352-9C45-74754E1E2F9F}
EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\mprmsg.dll
TypesSupported REG_DWORD 0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\isapnp
EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\isapnp.sys
TypesSupported REG_DWORD 0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\iScsiPrt
EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\iscsilog.dll
TypesSupported REG_DWORD 0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\kbdclass
EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\kbdclass.sys
TypesSupported REG_DWORD 0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\kbdhid
EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\kbdhid.sys
TypesSupported REG_DWORD 0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\Kerberos
EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\kerberos.dll
TypesSupported REG_DWORD 0x7
ProviderGuid REG_EXPAND_SZ {98E6CFCB-EE0A-41E0-A57B-622D4E1B30B1}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\LEqdUsb
EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\drivers\LEqdUsb.sys
TypesSupported REG_DWORD 0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\lltdio
EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\netevent.dll
TypesSupported REG_DWORD 0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\LmHosts
EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\netevent.dll
TypesSupported REG_DWORD 0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\LsaSrv
ProviderGuid REG_SZ {199fe037-2b82-40a9-82ac-e1d46c792b99}
EventMessageFile REG_EXPAND_SZ %windir%\System32\lsasrv.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\LSI_FC
EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\IoLogMsg.dll
TypesSupported REG_DWORD 0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\LSI_SAS
EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\IoLogMsg.dll
TypesSupported REG_DWORD 0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\LSI_SAS2
EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\IoLogMsg.dll
TypesSupported REG_DWORD 0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\LSI_SCSI
EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\IoLogMsg.dll
TypesSupported REG_DWORD 0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\LSM
EventMessageFile REG_EXPAND_SZ %SystemRoot%\system32\lsm.exe
TypesSupported REG_DWORD 0x7
providerGuid REG_SZ {5d896912-022d-40aa-a3a8-4fa5515c76d7}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\mbamchameleon
EventMessageFile REG_SZ C:\Windows\system32\drivers\mbamchameleon.sys
TypesSupported REG_DWORD 0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\megasas
EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\IoLogMsg.dll
TypesSupported REG_DWORD 0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\MegaSR
EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\IoLogMsg.dll
TypesSupported REG_DWORD 0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\MEIx64
EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\netevent.dll;%SystemRoot%\System32\drivers\HECIx64.sys
TypesSupported REG_DWORD 0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\Microsoft-Windows-Application-Experience
ProviderGuid REG_SZ {eef54e71-0661-422d-9a98-82fd4940b820}
EventMessageFile REG_EXPAND_SZ %SystemRoot%\system32\aeevts.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\Microsoft-Windows-BitLocker-API
ProviderGuid REG_SZ {5d674230-ca9f-11da-a94d-0800200c9a66}
EventMessageFile REG_EXPAND_SZ %SystemRoot%\system32\fveapi.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\Microsoft-Windows-BitLocker-Driver
ProviderGuid REG_SZ {651df93b-5053-4d1e-94c5-f6e6d25908d0}
EventMessageFile REG_EXPAND_SZ %SystemRoot%\system32\drivers\fvevol.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\Microsoft-Windows-Bits-Client
ProviderGuid REG_SZ {ef1cc15b-46c1-414e-bb95-e76b077bd51e}
EventMessageFile REG_EXPAND_SZ %systemroot%\system32\qmgr.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\Microsoft-Windows-CorruptedFileRecovery-Client
ProviderGuid REG_SZ {ba093605-3909-4345-990b-26b746adee0a}
EventMessageFile REG_EXPAND_SZ %SystemRoot%\system32\cofiredm.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\Microsoft-Windows-CorruptedFileRecovery-Server
ProviderGuid REG_SZ {d6f68875-cdf5-43a5-a3e3-53ffd683311c}
EventMessageFile REG_EXPAND_SZ %SystemRoot%\system32\cofiredm.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\Microsoft-Windows-DfsSvc
ProviderGuid REG_SZ {7da4fe0e-fd42-4708-9aa5-89b77a224885}
EventMessageFile REG_EXPAND_SZ %SystemRoot%\system32\netevent.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\Microsoft-Windows-Dhcp-Client
ProviderGuid REG_SZ {15a7a4f8-0072-4eab-abad-f98a4d666aed}
EventMessageFile REG_EXPAND_SZ %SystemRoot%\system32\dhcpcore.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\Microsoft-Windows-Dhcp-Nap-Enforcement-Client
ProviderGuid REG_SZ {f6da35ce-d312-41c8-9828-5a2e173c91b6}
EventMessageFile REG_EXPAND_SZ %Systemroot%\system32\dhcpqec.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\Microsoft-Windows-DHCPv6-Client
ProviderGuid REG_SZ {6a1f2b00-6a90-4c38-95a5-5cab3b056778}
EventMessageFile REG_EXPAND_SZ %systemroot%\system32\dhcpcore6.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\Microsoft-Windows-Diagnostics-Networking
ProviderGuid REG_SZ {36c23e18-0e66-11d9-bbeb-505054503030}
EventMessageFile REG_EXPAND_SZ %windir%\system32\netdiagfx.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\Microsoft-Windows-Directory-Services-SAM
ProviderGuid REG_SZ {0d4fdc09-8c27-494a-bda0-505e4fd8adae}
EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\samsrv.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\Microsoft-Windows-DiskDiagnostic
ProviderGuid REG_SZ {e670a5a2-ce74-4ab4-9347-61b815319f4c}
EventMessageFile REG_EXPAND_SZ %windir%\system32\dfdts.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\Microsoft-Windows-DNS-Client
ProviderGuid REG_SZ {1c95126e-7eea-49a9-a3fe-a378b03ddb4d}
EventMessageFile REG_EXPAND_SZ %SystemRoot%\system32\dnsapi.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\Microsoft-Windows-DriverFrameworks-UserMode
ProviderGuid REG_SZ {2e35aaeb-857f-4beb-a418-2e6c0e54d988}
EventMessageFile REG_EXPAND_SZ %SystemRoot%\system32\WUDFPlatform.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\Microsoft-Windows-EnhancedStorage-EhStorCertDrv
ProviderGuid REG_SZ {bd2d1dae-d678-4e10-9667-21cba2aa70c3}
EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\EhStorAuthn.exe

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\Microsoft-Windows-EventCollector
ProviderGuid REG_SZ {b977cf02-76f6-df84-cc1a-6a4b232322b6}
EventMessageFile REG_EXPAND_SZ %SystemRoot%\system32\wecsvc.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\Microsoft-Windows-Eventlog
ProviderGuid REG_SZ {fc65ddd8-d6ef-4962-83d5-6e5cfe9ce148}
EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\wevtsvc.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\Microsoft-Windows-Fault-Tolerant-Heap
ProviderGuid REG_SZ {6b93bf66-a922-4c11-a617-cf60d95c133d}
EventMessageFile REG_EXPAND_SZ %SystemRoot%\system32\fthsvc.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\Microsoft-Windows-FilterManager
ProviderGuid REG_SZ {f3c5e28e-63f6-49c7-a204-e48a1bc4b09d}
EventMessageFile REG_EXPAND_SZ %SystemRoot%\system32\drivers\fltmgr.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\Microsoft-Windows-Firewall
ProviderGuid REG_SZ {e595f735-b42a-494b-afcd-b68666945cd3}
EventMessageFile REG_EXPAND_SZ %SystemRoot%\system32\mpssvc.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\Microsoft-Windows-FMS
ProviderGuid REG_SZ {dea07764-0790-44de-b9c4-49677b17174f}
EventMessageFile REG_EXPAND_SZ %SystemRoot%\system32\fms.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\Microsoft-Windows-FunctionDiscoveryHost
ProviderGuid REG_SZ {538cbbad-4877-4eb2-b26e-7caee8f0f8cb}
EventMessageFile REG_EXPAND_SZ %SystemRoot%\system32\fdphost.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\Microsoft-Windows-GroupPolicy
ProviderGuid REG_SZ {aea1b4fa-97d1-45f2-a64c-4d69fffd92c9}
EventMessageFile REG_EXPAND_SZ %systemroot%\system32\gpsvc.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\Microsoft-Windows-HAL
ProviderGuid REG_SZ {63d1e632-95cc-4443-9312-af927761d52a}
EventMessageFile REG_EXPAND_SZ %systemroot%\system32\microsoft-windows-hal-events.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\Microsoft-Windows-HttpEvent
ProviderGuid REG_SZ {7b6bc78c-898b-4170-bbf8-1a469ea43fc5}
EventMessageFile REG_EXPAND_SZ %SystemRoot%\system32\drivers\HTTP.SYS

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\Microsoft-Windows-IPBusEnum
ProviderGuid REG_SZ {cd032e15-15ad-4da4-afc6-03bf83516195}
EventMessageFile REG_EXPAND_SZ %systemroot%\system32\ipbusenum.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\Microsoft-Windows-Iphlpsvc
ProviderGuid REG_SZ {66a5c15c-4f8e-4044-bf6e-71d896038977}
EventMessageFile REG_EXPAND_SZ %windir%\system32\iphlpsvc.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\Microsoft-Windows-Kernel-Boot
ProviderGuid REG_SZ {15ca44ff-4d7a-4baa-bba5-0998955e531e}
EventMessageFile REG_EXPAND_SZ %SystemRoot%\system32\advapi32.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\Microsoft-Windows-Kernel-General
ProviderGuid REG_SZ {a68ca8b7-004f-d7b6-a698-07e2de0f1f5d}
EventMessageFile REG_EXPAND_SZ %SystemRoot%\system32\advapi32.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\Microsoft-Windows-Kernel-PnP
ProviderGuid REG_SZ {9c205a39-1250-487d-abd7-e831c6290539}
EventMessageFile REG_EXPAND_SZ %SystemRoot%\system32\advapi32.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\Microsoft-Windows-Kernel-Power
ProviderGuid REG_SZ {331c3b3a-2005-44c2-ac5e-77220c37d6b4}
EventMessageFile REG_EXPAND_SZ %systemroot%\system32\microsoft-windows-kernel-power-events.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\Microsoft-Windows-Kernel-Processor-Power
ProviderGuid REG_SZ {0f67e49f-fe51-4e9f-b490-6f2948cc6027}
EventMessageFile REG_EXPAND_SZ %systemroot%\system32\microsoft-windows-kernel-processor-power-events.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\Microsoft-Windows-Kernel-Tm
ProviderGuid REG_SZ {4cec9c95-a65f-4591-b5c4-30100e51d870}
EventMessageFile REG_EXPAND_SZ %SystemRoot%\system32\ktmw32.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\Microsoft-Windows-Kernel-WHEA
ProviderGuid REG_SZ {7b563579-53c8-44e7-8236-0f87b9fe6594}
EventMessageFile REG_EXPAND_SZ %SystemRoot%\system32\PSHED.DLL

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\Microsoft-Windows-LanguagePackSetup
ProviderGuid REG_SZ {7237fff9-a08a-4804-9c79-4a8704b70b87}
EventMessageFile REG_EXPAND_SZ %SystemRoot%\system32\lpksetup.exe

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\Microsoft-Windows-MemoryDiagnostics-Results
ProviderGuid REG_SZ {5f92bc59-248f-4111-86a9-e393e12c6139}
EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\relpost.exe

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\Microsoft-Windows-MemoryDiagnostics-Schedule
ProviderGuid REG_SZ {73e9c9de-a148-41f7-b1db-4da051fdc327}
EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\mdsched.exe

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\Microsoft-Windows-MountMgr
ProviderGuid REG_SZ {e3bac9f8-27be-4823-8d7f-1cc320c05fa7}
EventMessageFile REG_EXPAND_SZ %SystemRoot%\system32\drivers\mountmgr.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\Microsoft-Windows-OfflineFiles
ProviderGuid REG_SZ {95353826-4fbe-41d4-9c42-f521c6e86360}
EventMessageFile REG_EXPAND_SZ %systemroot%\system32\cscsvc.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\Microsoft-Windows-Power-Troubleshooter
ProviderGuid REG_SZ {cdc05e28-c449-49c6-b9d2-88cf761644df}
EventMessageFile REG_EXPAND_SZ %systemroot%\system32\pots.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\Microsoft-Windows-RasSstp
ProviderGuid REG_SZ {6c260f2c-049a-43d8-bf4d-d350a4e6611a}
EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\sstpsvc.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\Microsoft-Windows-Recovery
ProviderGuid REG_SZ {9e95e4d0-4cb4-4b5d-a936-c972d7d08d90}
EventMessageFile REG_EXPAND_SZ %SystemRoot%\system32\recovery.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\Microsoft-Windows-Resource-Exhaustion-Detector
ProviderGuid REG_SZ {9988748e-c2e8-4054-85f6-0c3e1cad2470}
EventMessageFile REG_EXPAND_SZ %SystemRoot%\system32\radardt.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\Microsoft-Windows-ResourcePublication
ProviderGuid REG_SZ {74c2135f-cc76-45c3-879a-ef3bb1eeaf86}
EventMessageFile REG_EXPAND_SZ %SystemRoot%\system32\fdrespub.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\Microsoft-Windows-SCPNP
ProviderGuid REG_SZ {9f650c63-9409-453c-a652-83d7185a2e83}
EventMessageFile REG_EXPAND_SZ %SystemRoot%\system32\certprop.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\Microsoft-Windows-Service Pack Installer
EventMessageFile REG_EXPAND_SZ %systemroot%\system32\EventProviders\spcmsg.dll
ProviderGuid REG_SZ {62ef8b9f-ee45-4aba-a9b9-b70e878bf30a}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\Microsoft-Windows-Servicing
EventMessageFile REG_EXPAND_SZ %SystemRoot%\servicing\cbsmsg.dll
TypesSupported REG_DWORD 0x7
ProviderGuid REG_EXPAND_SZ {bd12f3b8-fc40-4a61-a307-b7a013a069c1}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\Microsoft-Windows-Setup
ProviderGuid REG_SZ {75ebc33e-997f-49cf-b49f-ecc50184b75d}
EventMessageFile REG_EXPAND_SZ %SystemRoot%\system32\oobe\winsetup.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\Microsoft-Windows-Spell-Checking
ProviderGuid REG_SZ {d0e22efc-ac66-4b25-a72d-382736b5e940}
EventMessageFile REG_EXPAND_SZ %systemroot%\System32\MsSpellCheckingFacility.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\Microsoft-Windows-SpellChecker
ProviderGuid REG_SZ {b2fcd41f-9a40-4150-8c92-b224b7d8c8aa}
EventMessageFile REG_EXPAND_SZ %systemroot%\System32\MsSpellCheckingFacility.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\Microsoft-Windows-StartupRepair
ProviderGuid REG_SZ {c914f0df-835a-4a22-8c70-732c9a80c634}
EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\reagent.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\Microsoft-Windows-Subsys-SMSS
ProviderGuid REG_SZ {43e63da5-41d1-4fbf-aded-1bbed98fdd1d}
EventMessageFile REG_EXPAND_SZ %windir%\system32\csrsrv.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\Microsoft-Windows-TaskScheduler
ProviderGuid REG_SZ {de7b24ea-73c8-4a09-985d-5bdadcfa9017}
EventMessageFile REG_EXPAND_SZ %SystemRoot%\system32\schedsvc.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\Microsoft-Windows-TerminalServices-LocalSessionManager
ProviderGuid REG_SZ {5d896912-022d-40aa-a3a8-4fa5515c76d7}
EventMessageFile REG_EXPAND_SZ %SystemRoot%\system32\lsm.exe

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\Microsoft-Windows-TerminalServices-RemoteConnectionManager
ProviderGuid REG_SZ {c76baa63-ae81-421c-b425-340b4b24157f}
EventMessageFile REG_EXPAND_SZ %SystemRoot%\system32\termsrv.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\Microsoft-Windows-Time-Service
ProviderGuid REG_SZ {06edcfeb-0fd0-4e53-acca-a6f8bbf81bcb}
EventMessageFile REG_EXPAND_SZ %SystemRoot%\system32\w32time.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\Microsoft-Windows-TPM-WMI
ProviderGuid REG_SZ {7d5387b0-cbe0-11da-a94d-0800200c9a66}
EventMessageFile REG_EXPAND_SZ %SystemRoot%\system32\wbem\Win32_Tpm.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\Microsoft-Windows-UserPnp
ProviderGuid REG_SZ {96f4a050-7e31-453c-88be-9634f4e02139}
EventMessageFile REG_EXPAND_SZ %SystemRoot%\system32\umpnpmgr.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\Microsoft-Windows-WHEA-Logger
ProviderGuid REG_SZ {c26c4f3c-3f66-4e99-8f8a-39405cfed220}
EventMessageFile REG_EXPAND_SZ %systemroot%\system32\whealogr.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\Microsoft-Windows-WindowsUpdateClient
ProviderGuid REG_SZ {945a8954-c147-4acd-923f-40c45405a658}
EventMessageFile REG_EXPAND_SZ %systemroot%\system32\wuaueng.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\Microsoft-Windows-Wininit
ProviderGuid REG_SZ {206f6dea-d3c5-4d10-bc72-989f03c8b84b}
EventMessageFile REG_EXPAND_SZ %SystemRoot%\system32\wininit.exe

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\Microsoft-Windows-Winlogon
ProviderGuid REG_SZ {dbe9b383-7cf3-4331-91cc-a3cb16a3b538}
EventMessageFile REG_EXPAND_SZ %SystemRoot%\system32\winlogon.exe

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\Microsoft-Windows-WLAN-AutoConfig
ProviderGuid REG_SZ {9580d7dd-0379-4658-9870-d5be7d52d6de}
EventMessageFile REG_EXPAND_SZ %windir%\system32\wlansvc.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\mouclass
EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\mouclass.sys
TypesSupported REG_DWORD 0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\mouhid
EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\mouhid.sys
TypesSupported REG_DWORD 0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\mpio
EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\mpio.sys
TypesSupported REG_DWORD 0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\mrxsmb
EventMessageFile REG_EXPAND_SZ %systemroot%\system32\netevent.dll;%systemroot%\system32\iologmsg.dll
TypesSupported REG_DWORD 0x7
ParameterMessageFile REG_EXPAND_SZ %SystemRoot%\System32\kernel32.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\MSDTC Gateway
EventMessageFile REG_SZ C:\Windows\Microsoft.NET\Framework64\v2.0.50727\EventLogMessages.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\MSDTC WS-AT Protocol
EventMessageFile REG_SZ C:\Windows\Microsoft.NET\Framework64\v2.0.50727\EventLogMessages.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\MSiSCSI
EventMessageFile REG_EXPAND_SZ %systemroot%\System32\iscsiexe.dll
TypesSupported REG_DWORD 0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\MTConfig
EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\MTConfig.sys
TypesSupported REG_DWORD 0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\Mup
EventMessageFile REG_EXPAND_SZ C:\Windows\system32\netevent.dll;C:\Windows\system32\iologmsg.dll
TypesSupported REG_DWORD 0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\NAPIPSecEnf
providerGuid REG_EXPAND_SZ {8115579E-2BEA-4C9E-9AB1-821CC2C98AB0}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\NdisWan
EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\mprmsg.dll
TypesSupported REG_DWORD 0x1f

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\NetBIOS
EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\iologmsg.dll
TypesSupported REG_DWORD 0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\NetBT
EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\netevent.dll
TypesSupported REG_DWORD 0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\Netlogon
EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\netmsg.dll
ParameterMessageFile REG_EXPAND_SZ %SystemRoot%\System32\kernel32.dll
TypesSupported REG_DWORD 0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\nfrd960
EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\IoLogMsg.dll
TypesSupported REG_DWORD 0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\Ntfs
EventMessageFile REG_EXPAND_SZ %SystemRoot%\system32\drivers\ntfs.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\nvlddmkm

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\nvraid

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\nvstor
EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\nvstor.sys
TypesSupported REG_DWORD 0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\P2PIMSvc
ProviderGuid REG_EXPAND_SZ {2992E9CF-4F99-48f5-A0B6-B99B11CD387D}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\Parport
EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\parport.sys
TypesSupported REG_DWORD 0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\partmgr
EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\IoLogMsg.dll
TypesSupported REG_DWORD 0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\pcmcia
EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\Drivers\Pcmcia.sys
TypesSupported REG_DWORD 0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\PlugPlayManager
EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\umpnpmgr.dll
TypesSupported REG_DWORD 0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\PNRPSvc
ProviderGuid REG_EXPAND_SZ {BBE94F36-F8DC-4C33-8227-81602B7A3D53}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\Power
EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\umpo.dll
TypesSupported REG_DWORD 0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\PptpMiniport
EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\netevent.dll
TypesSupported REG_DWORD 0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\Print
EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\ntprint.dll
TypesSupported REG_DWORD 0x7
providerGuid REG_SZ {747EF6FD-E535-4d16-B510-42C90F6873A1}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\PrintFilterPipelineSvc
ProviderGuid REG_EXPAND_SZ {5B33145C-1C66-49F3-B4CA-F563C165F2C0}
TypesSupported REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\Processor
EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\processr.sys
TypesSupported REG_DWORD 0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\ql2300
EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\IoLogMsg.dll
TypesSupported REG_DWORD 0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\ql40xx
EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\IoLogMsg.dll
TypesSupported REG_DWORD 0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\RasAuto
EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\mprmsg.dll
TypesSupported REG_DWORD 0x1f

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\Rasman
EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\mprmsg.dll
TypesSupported REG_DWORD 0x1f

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\RasSstp
TypesSupported REG_DWORD 0x1c
EventMessageFile REG_EXPAND_SZ %systemroot%\system32\sstpsvc.dll
ProviderGuid REG_SZ {6c260f2c-049a-43d8-bf4d-d350a4e6611a}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\rcmirror
EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\rcmirror64.sys
TypesSupported REG_DWORD 0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\rdbss
EventMessageFile REG_EXPAND_SZ C:\Windows\system32\netevent.dll
TypesSupported REG_DWORD 0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\RemoteAccess
EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\mprmsg.dll
ParameterMessageFile REG_EXPAND_SZ %SystemRoot%\System32\iassvcs.dll
TypesSupported REG_DWORD 0x1f

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\rspndr
EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\netevent.dll
TypesSupported REG_DWORD 0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\RTL8192su
EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\netevent.dll
TypesSupported REG_DWORD 0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\SAM
EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\samsrv.dll
TypesSupported REG_DWORD 0x7
providerGuid REG_SZ {0D4FDC09-8C27-494A-BDA0-505E4FD8ADAE}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\sbp2port
EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\sbp2port.sys
TypesSupported REG_DWORD 0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\SCardSvr
providerGuid REG_EXPAND_SZ {4FCBF664-A33A-4652-B436-9D558983D955}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\Schannel
ProviderGuid REG_SZ {1f678132-5938-4686-9fdc-c8ff68f15c85}
EventMessageFile REG_EXPAND_SZ %windir%\System32\lsasrv.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\Serial
EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\serial.sys
TypesSupported REG_DWORD 0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\sermouse
EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\sermouse.sys
TypesSupported REG_DWORD 0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\Server
TypesSupported REG_DWORD 0x7
EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\netevent.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\Service Control Manager
ProviderGuid REG_SZ {555908d1-a6d7-4695-8e1e-26931d2012f4}
EventMessageFile REG_EXPAND_SZ %SystemRoot%\system32\services.exe

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\SiSRaid2
EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\IoLogMsg.dll
TypesSupported REG_DWORD 0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\SiSRaid4
EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\IoLogMsg.dll
TypesSupported REG_DWORD 0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\Smb
EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\netevent.dll
TypesSupported REG_DWORD 0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\SMSvcHost 3.0.0.0
CategoryCount REG_DWORD 0xe
CategoryMessageFile REG_SZ C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\ServiceModelEvents.dll
EventMessageFile REG_SZ C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\ServiceModelEvents.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\SMSvcHost 4.0.0.0
CategoryCount REG_DWORD 0xf
CategoryMessageFile REG_SZ C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ServiceModelEvents.dll
EventMessageFile REG_SZ C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ServiceModelEvents.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\SNMPTRAP
EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\snmptrap.exe
TypesSupported REG_DWORD 0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\Srv
TypesSupported REG_DWORD 0x7
EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\netevent.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\sscdbus
TypesSupported REG_DWORD 0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\sscdmdm
TypesSupported REG_DWORD 0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\sscdserd
TypesSupported REG_DWORD 0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\ssmirrdr
EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\ssmirrdr.sys
TypesSupported REG_DWORD 0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\stexstor
EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\IoLogMsg.dll
TypesSupported REG_DWORD 0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\StillImage
TypesSupported REG_DWORD 0x7
EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\wiaservc.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\storflt
EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\vmstorfltres.dll
TypesSupported REG_DWORD 0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\System
CategoryCount REG_DWORD 0x7
CategoryMessageFile REG_EXPAND_SZ %SystemRoot%\system32\wevtapi.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\Tcpip
EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\netevent.dll
TypesSupported REG_DWORD 0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\Tcpip6
EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\netevent.dll
TypesSupported REG_DWORD 0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\TCPMon
TypesSupported REG_DWORD 0x7
EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\tcpmon.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\TermDD
TypesSupported REG_DWORD 0x7
EventMessageFile REG_EXPAND_SZ %SystemRoot%\system32\ntdll.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\TermService
EventMessageFile REG_EXPAND_SZ %SystemRoot%\system32\termsrv.dll
TypesSupported REG_DWORD 0x7
providerGuid REG_SZ {C76BAA63-AE81-421C-B425-340B4B24157F}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\TPM
EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\tpm.sys
TypesSupported REG_DWORD 0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\TsUsbFlt
ProviderGuid REG_EXPAND_SZ {6e400999-5b82-475f-b800-cef6fe361539}
EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\drivers\tsusbflt.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\tunnel
EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\netevent.dll
TypesSupported REG_DWORD 0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\UmRdpService
providerGuid REG_SZ {952773BF-C2B7-49BC-88F4-920744B82C43}
EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\umrdp.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\USB-100x64
EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\netevent.dll
TypesSupported REG_DWORD 0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\usbehci
EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\Drivers\usbehci.sys
TypesSupported REG_DWORD 0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\USER32
EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\user32.dll
TypesSupported REG_DWORD 0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\VDS Basic Provider
EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\vdsbas.dll
TypesSupported REG_DWORD 0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\VDS Dynamic Provider
EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\vdsdyn.dll
TypesSupported REG_DWORD 0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\VDS Virtual Disk Provider
EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\vdsvd.dll
TypesSupported REG_DWORD 0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\vga
EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\vgapnp.sys
TypesSupported REG_DWORD 0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\Virtual Disk Service
EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\vds.exe
TypesSupported REG_DWORD 0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\vmbus
EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\vmbusres.dll
TypesSupported REG_DWORD 0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\vmci
EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\drivers\vmci.sys
TypesSupported REG_DWORD 0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\volmgr
EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\IoLogMsg.dll
TypesSupported REG_DWORD 0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\Volsnap
EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\Drivers\VolSnap.sys
TypesSupported REG_DWORD 0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\vrvd5
EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\vrvd5.sys
TypesSupported REG_DWORD 0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\vsmraid
EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\IoLogMsg.dll
TypesSupported REG_DWORD 0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\vwifimp
EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\netevent.dll
TypesSupported REG_DWORD 0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\W32Time
EventMessageFile REG_EXPAND_SZ %Systemroot%\system32\w32time.dll
TypesSupported REG_DWORD 0x7
ProviderGuid REG_SZ {06EDCFEB-0FD0-4E53-ACCA-A6F8BBF81BCB}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\W3SVC
providerGuid REG_SZ {05448E22-93DE-4A7A-BBA5-92E27486A8BE}
TypesSupported REG_DWORD 0x7
EventMessageFile REG_EXPAND_SZ %windir%\system32\inetsrv\iisres.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\WacomPen
EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\wacompen.sys
TypesSupported REG_DWORD 0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\WAS
providerGuid REG_SZ {524B5D04-133C-4A62-8362-64E8EDB9CE40}
TypesSupported REG_DWORD 0x7
EventMessageFile REG_EXPAND_SZ %windir%\system32\inetsrv\iisres.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\Wd
EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\drivers\wd.sys
TypesSupported REG_DWORD 0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\wdf01000
EventMessageFile REG_SZ C:\Windows\System32\drivers\Wdf01000.sys
TypesSupported REG_DWORD 0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\wecsvc
EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\wecsvc.dll
TypesSupported REG_DWORD 0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\Win32k
EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\win32k.sys
TypesSupported REG_DWORD 0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\WinDefend
ParameterMessageFile REG_EXPAND_SZ %ProgramFiles%\Windows Defender\MpEvMsg.dll
ProviderGuid REG_SZ {11CD958A-C507-4EF3-B3F2-5FD9DFBD2C78}
TypesSupported REG_DWORD 0x7
EventMessageFile REG_EXPAND_SZ %ProgramFiles%\Windows Defender\MpEvMsg.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\Windows Disk Diagnostic
TypesSupported REG_DWORD 0x7
EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\DFDTS.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\Windows Script Host
EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\wshext.dll
TypesSupported REG_DWORD 0x18

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\WinHttpAutoProxySvc
EventMessageFile REG_EXPAND_SZ winhttp.dll
ProviderGuid REG_SZ {7D44233D-3055-4B9C-BA64-0D47CA40A232}
TypesSupported REG_DWORD 0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\WinRM
ProviderGuid REG_EXPAND_SZ {A7975C8F-AC13-49F1-87DA-5A984A4AB417}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\WMIxWDM
EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\IoLogMsg.dll
TypesSupported REG_DWORD 0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\WMPNetworkSvc
ProviderGuid REG_SZ {6A2DC7C1-930A-4FB5-BB44-80B30AEBED6C}
EventMessageFile REG_EXPAND_SZ C:\Program Files\Windows Media Player\wmpnetwk.exe
TypesSupported REG_DWORD 0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\Workstation
EventMessageFile REG_EXPAND_SZ C:\Windows\system32\netmsg.dll
TypesSupported REG_DWORD 0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\WPC
TypesSupported REG_DWORD 0x7
EventMessageFile REG_EXPAND_SZ %SystemRoot%\System32\wpcsvc.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\WPDClassInstaller
ProviderGuid REG_SZ {AD5162D8-DAF0-4A25-88A7-01CBEB33902E}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\TuneUp

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\TuneUp\TuneUp.UtilitiesSvc
EventMessageFile REG_EXPAND_SZ C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe
TypesSupported REG_DWORD 0x7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Windows PowerShell
AutoBackupLogFiles REG_DWORD 0x0
MaxSize REG_DWORD 0xf00000
Sources REG_MULTI_SZ PowerShell
Retention REG_DWORD 0x0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Windows PowerShell\PowerShell
CategoryCount REG_DWORD 0x8
CategoryMessageFile REG_EXPAND_SZ %SystemRoot%\system32\WindowsPowerShell\v1.0\pwrshmsg.dll
EventMessageFile REG_EXPAND_SZ %SystemRoot%\system32\WindowsPowerShell\v1.0\pwrshmsg.dll

========= End of CMD: =========

==== End of Fixlog 08:15:13 ====

Sysnative Windows Update · Apr 13, 2018

FRST Fix
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
1. Download attached file and save it to the Desktop.
Note. It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work (in this case...the desktop).
2. Run FRST64 by Right-Clicking on the file and choosing Run as administrator.
3. Press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
4. When finished FRST64 will generate a log on the Desktop (Fixlog.txt). Please post the contents of it in your reply.
5. Try updates again and attach CBS.log if any fail.

raaone · Apr 13, 2018

Here is the new FixLog.txt link:
Dropbox - Fixlog.txt

I will try updates again now.

raaone · Apr 13, 2018

That last run with FRST64 and your script fixed it.
THANK YOU THANK YOU.
What was the actual problem?

Sysnative Windows Update · Apr 13, 2018

Awesome news! You had a legacy registry key which I fixed! Take care.

raaone · Apr 13, 2018

Can you tell what old program it came from?
I don't want to be a pain, I'm just real curious as to what old program it was.
Thank you.

Sysnative Windows Update · Apr 13, 2018

No problem. It was not a program. It was a part of Windows, but it was stuck in a state where it reverted.

For example a setting to increase a number of maximum print events could be stored in the event log before it rolled.

Eventlog Key (Windows)

[SOLVED] Win 7-64 Always Reverts and Backs Out After Quarterly Update Attempt.

raaone

Member

raaone

Member

Sysnative Windows Update

Inactive

raaone

Member

Sysnative Windows Update

Inactive

raaone

Member

Sysnative Windows Update

Inactive

raaone

Member

Sysnative Windows Update

Inactive

Attachments

raaone

Member

Sysnative Windows Update

Inactive

Attachments

raaone

Member

raaone

Member

Sysnative Windows Update

Inactive

raaone

Member

Sysnative Windows Update

Inactive