SystemLook 30.07.11 by jpshortstuff Log created at 11:19 on 18/02/2018 by Damian Administrator - Elevation successful WARNING: SystemLook running under WOW64. Use SystemLook_x64 for accurate results. ========== reg ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog] "PlugPlayServiceType"= 0x0000000003 (3) "ServiceDll"="%SystemRoot%\System32\wevtsvc.dll" "ServiceDllUnloadOnStop"= 0x0000000001 (1) "ServiceMain"="ServiceMain" "SvcMemHardLimitInMB"= 0x0000000014 (20) "SvcMemMidLimitInMB"= 0x000000000f (15) "SvcMemSoftLimitInMB"= 0x000000000b (11) "DisplayName"="@%SystemRoot%\system32\wevtsvc.dll,-200" "ErrorControl"= 0x0000000001 (1) "Group"="Event Log" "ImagePath"="%SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted -p" "Start"= 0x0000000002 (2) "Type"= 0x0000000020 (32) "Description"="@%SystemRoot%\system32\wevtsvc.dll,-201" "ObjectName"="NT AUTHORITY\LocalService" "ServiceSidType"= 0x0000000001 (1) "RequiredPrivileges"="SeChangeNotifyPrivilege SeImpersonatePrivilege SeAuditPrivilege" "FailureActionsOnNonCrashFailures"= 0x0000000001 (1) "FailureActions"=80 51 01 00 00 00 00 00 00 00 00 00 03 00 00 00 14 00 00 00 01 00 00 00 60 ea 00 00 01 00 00 00 c0 d4 01 00 00 00 00 00 00 00 00 00 (REG_BINARY) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application] "DisplayNameFile"="%SystemRoot%\system32\wevtapi.dll" "DisplayNameID"= 0x0000000100 (256) "File"="%SystemRoot%\system32\winevt\Logs\Application.evtx" "MaxSize"= 0x0001400000 (20971520) "PrimaryModule"="Application" "Retention"= 0x0000000000 (0) "RestrictGuestAccess"= 0x0000000001 (1) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\.NET Runtime] "EventMessageFile"="C:\Windows\System32\mscoree.dll" "TypesSupported"= 0x0000000007 (7) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\.NET Runtime Optimization Service] "EventMessageFile"="C:\Windows\System32\mscoree.dll" "TypesSupported"= 0x0000000007 (7) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\Application] "CategoryCount"= 0x0000000007 (7) "CategoryMessageFile"="%SystemRoot%\system32\wevtapi.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\Application Error] "CategoryCount"= 0x0000000001 (1) "CategoryMessageFile"="%SystemRoot%\System32\wer.dll" "EventMessageFile"="%SystemRoot%\System32\wer.dll" "TypesSupported"= 0x0000000007 (7) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\Application Hang] "EventMessageFile"="%SystemRoot%\System32\wersvc.dll" "TypesSupported"= 0x0000000007 (7) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\Application Management] "EventMessageFile"="%SystemRoot%\System32\appmgmts.dll" "ParameterMessageFile"="%SystemRoot%\System32\kernel32.dll" "TypesSupported"= 0x0000000007 (7) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\Application-Addon-Event-Provider] "ProviderGuid"="{a83fa99f-c356-4ded-9fd6-5a5eb8546d68}" "EventMessageFile"="%SystemRoot%\system32\ieframe.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\ASP.NET 2.0.50727.0] "CategoryCount"= 0x0000000005 (5) "CategoryMessageFile"="C:\WINDOWS\Microsoft.NET\Framework64\v2.0.50727\aspnet_rc.dll" "EventMessageFile"="C:\WINDOWS\Microsoft.NET\Framework64\v2.0.50727\aspnet_rc.dll" "TypesSupported"= 0x0000000007 (7) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\AutoEnrollment] "ProviderGuid"="{F0DB7EF8-B6F3-4005-9937-FEB77B9E1B43}" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\CardSpace 4.0.0.0] "CategoryCount"= 0x0000000001 (1) "CategoryMessageFile"="C:\Windows\System32\icardres.dll" "EventMessageFile"="C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ServiceModelEvents.dll;C:\Windows\System32\icardres.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\CertCa] "ProviderGuid"="{98BF1CD3-583E-4926-95EE-A61BF3F46470}" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\CertCli] "ProviderGuid"="{98BF1CD3-583E-4926-95EE-A61BF3F46470}" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\CertEnroll] "ProviderGuid"="{54164045-7C50-4905-963F-E5BC1EEF0CCA}" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\Chkdsk] "EventMessageFile"="%SystemRoot%\System32\ulib.dll" "TypesSupported"= 0x0000000007 (7) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\Chrome] "CategoryCount"= 0x0000000001 (1) "CategoryMessageFile"="C:\Program Files (x86)\Google\Chrome\Application\64.0.3282.167\eventlog_provider.dll" "EventMessageFile"="C:\Program Files (x86)\Google\Chrome\Application\64.0.3282.167\eventlog_provider.dll" "ParameterMessageFile"="C:\Program Files (x86)\Google\Chrome\Application\64.0.3282.167\eventlog_provider.dll" "TypesSupported"= 0x0000000007 (7) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\COM] "providerGuid"="{bf406804-6afa-46e7-8a48-6c357e1d6d61}" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\COM+] "providerGuid"="{0f177893-4a9c-4709-b921-f432d67f43d5}" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\DeliveryOptimization] "EventMessageFile"="%SystemRoot%\system32\dosvc.dll" "TypesSupported"= 0x0000000007 (7) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\Desktop Window Manager] "EventMessageFile"="%SystemRoot%\system32\dwm.exe" "TypesSupported"= 0x0000000007 (7) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\DiskQuota] "EventMessageFile"="%SystemRoot%\System32\dskquota.dll" "TypesSupported"="0x00000007" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\Dwminit] "EventMessageFile"="%SystemRoot%\system32\dwminit.dll" "TypesSupported"= 0x0000000002 (2) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\Error Instrument] "ProviderGuid"="{cd7cf0d0-02cc-4872-9b65-0dba0a90efe8}" "EventMessageFile"="%SystemRoot%\system32\user32.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\ESENT] "CategoryCount"= 0x0000000010 (16) "CategoryMessageFile"="%systemroot%\system32\esent.dll" "EventMessageFile"="%systemroot%\system32\esent.dll" "TypesSupported"= 0x0000000007 (7) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\EventSystem] "providerGuid"="{899daace-4868-4295-afcd-9eb8fb497561}" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\Folder Redirection] "EventMessageFile"="%SystemRoot%\System32\fdeploy.dll" "ProviderGuid"="{7D7B0C39-93F6-4100-BD96-4DDA859652C5}" "TypesSupported"= 0x0000000007 (7) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\Group Policy Applications] "CategoryCount"= 0x0000000002 (2) "CategoryMessageFile"="C:\Windows\System32\gpprefcl.dll" "EventMessageFile"="C:\Windows\System32\gpprefcl.dll" "ParameterMessageFile"="C:\Windows\System32\gpprefcl.dll" "TypesSupported"= 0x0000000007 (7) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\Group Policy Client] "CategoryCount"= 0x0000000002 (2) "CategoryMessageFile"="C:\Windows\System32\gpprefcl.dll" "EventMessageFile"="C:\Windows\System32\gpprefcl.dll" "ParameterMessageFile"="C:\Windows\System32\gpprefcl.dll" "TypesSupported"= 0x0000000007 (7) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\Group Policy Data Sources] "CategoryCount"= 0x0000000002 (2) "CategoryMessageFile"="C:\Windows\System32\gpprefcl.dll" "EventMessageFile"="C:\Windows\System32\gpprefcl.dll" "ParameterMessageFile"="C:\Windows\System32\gpprefcl.dll" "TypesSupported"= 0x0000000007 (7) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\Group Policy Device Settings] "CategoryCount"= 0x0000000002 (2) "CategoryMessageFile"="C:\Windows\System32\gpprefcl.dll" "EventMessageFile"="C:\Windows\System32\gpprefcl.dll" "ParameterMessageFile"="C:\Windows\System32\gpprefcl.dll" "TypesSupported"= 0x0000000007 (7) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\Group Policy Drive Maps] "CategoryCount"= 0x0000000002 (2) "CategoryMessageFile"="C:\Windows\System32\gpprefcl.dll" "EventMessageFile"="C:\Windows\System32\gpprefcl.dll" "ParameterMessageFile"="C:\Windows\System32\gpprefcl.dll" "TypesSupported"= 0x0000000007 (7) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\Group Policy Environment] "CategoryCount"= 0x0000000002 (2) "CategoryMessageFile"="C:\Windows\System32\gpprefcl.dll" "EventMessageFile"="C:\Windows\System32\gpprefcl.dll" "ParameterMessageFile"="C:\Windows\System32\gpprefcl.dll" "TypesSupported"= 0x0000000007 (7) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\Group Policy Files] "CategoryCount"= 0x0000000002 (2) "CategoryMessageFile"="C:\Windows\System32\gpprefcl.dll" "EventMessageFile"="C:\Windows\System32\gpprefcl.dll" "ParameterMessageFile"="C:\Windows\System32\gpprefcl.dll" "TypesSupported"= 0x0000000007 (7) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\Group Policy Folder Options] "CategoryCount"= 0x0000000002 (2) "CategoryMessageFile"="C:\Windows\System32\gpprefcl.dll" "EventMessageFile"="C:\Windows\System32\gpprefcl.dll" "ParameterMessageFile"="C:\Windows\System32\gpprefcl.dll" "TypesSupported"= 0x0000000007 (7) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\Group Policy Folders] "CategoryCount"= 0x0000000002 (2) "CategoryMessageFile"="C:\Windows\System32\gpprefcl.dll" "EventMessageFile"="C:\Windows\System32\gpprefcl.dll" "ParameterMessageFile"="C:\Windows\System32\gpprefcl.dll" "TypesSupported"= 0x0000000007 (7) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\Group Policy Ini Files] "CategoryCount"= 0x0000000002 (2) "CategoryMessageFile"="C:\Windows\System32\gpprefcl.dll" "EventMessageFile"="C:\Windows\System32\gpprefcl.dll" "ParameterMessageFile"="C:\Windows\System32\gpprefcl.dll" "TypesSupported"= 0x0000000007 (7) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\Group Policy Internet Settings] "CategoryCount"= 0x0000000002 (2) "CategoryMessageFile"="C:\Windows\System32\gpprefcl.dll" "EventMessageFile"="C:\Windows\System32\gpprefcl.dll" "ParameterMessageFile"="C:\Windows\System32\gpprefcl.dll" "TypesSupported"= 0x0000000007 (7) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\Group Policy Local Users and Groups] "CategoryCount"= 0x0000000002 (2) "CategoryMessageFile"="C:\Windows\System32\gpprefcl.dll" "EventMessageFile"="C:\Windows\System32\gpprefcl.dll" "ParameterMessageFile"="C:\Windows\System32\gpprefcl.dll" "TypesSupported"= 0x0000000007 (7) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\Group Policy Mail Profiles] "CategoryCount"= 0x0000000002 (2) "CategoryMessageFile"="C:\Windows\System32\gpprefcl.dll" "EventMessageFile"="C:\Windows\System32\gpprefcl.dll" "ParameterMessageFile"="C:\Windows\System32\gpprefcl.dll" "TypesSupported"= 0x0000000007 (7) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\Group Policy Network Options] "CategoryCount"= 0x0000000002 (2) "CategoryMessageFile"="C:\Windows\System32\gpprefcl.dll" "EventMessageFile"="C:\Windows\System32\gpprefcl.dll" "ParameterMessageFile"="C:\Windows\System32\gpprefcl.dll" "TypesSupported"= 0x0000000007 (7) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\Group Policy Network Shares] "CategoryCount"= 0x0000000002 (2) "CategoryMessageFile"="C:\Windows\System32\gpprefcl.dll" "EventMessageFile"="C:\Windows\System32\gpprefcl.dll" "ParameterMessageFile"="C:\Windows\System32\gpprefcl.dll" "TypesSupported"= 0x0000000007 (7) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\Group Policy Power Options] "CategoryCount"= 0x0000000002 (2) "CategoryMessageFile"="C:\Windows\System32\gpprefcl.dll" "EventMessageFile"="C:\Windows\System32\gpprefcl.dll" "ParameterMessageFile"="C:\Windows\System32\gpprefcl.dll" "TypesSupported"= 0x0000000007 (7) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\Group Policy Printers] "CategoryCount"= 0x0000000002 (2) "CategoryMessageFile"="C:\Windows\System32\gpprefcl.dll" "EventMessageFile"="C:\Windows\System32\gpprefcl.dll" "ParameterMessageFile"="C:\Windows\System32\gpprefcl.dll" "TypesSupported"= 0x0000000007 (7) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\Group Policy Regional Options] "CategoryCount"= 0x0000000002 (2) "CategoryMessageFile"="C:\Windows\System32\gpprefcl.dll" "EventMessageFile"="C:\Windows\System32\gpprefcl.dll" "ParameterMessageFile"="C:\Windows\System32\gpprefcl.dll" "TypesSupported"= 0x0000000007 (7) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\Group Policy Registry] "CategoryCount"= 0x0000000002 (2) "CategoryMessageFile"="C:\Windows\System32\gpprefcl.dll" "EventMessageFile"="C:\Windows\System32\gpprefcl.dll" "ParameterMessageFile"="C:\Windows\System32\gpprefcl.dll" "TypesSupported"= 0x0000000007 (7) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\Group Policy Scheduled Tasks] "CategoryCount"= 0x0000000002 (2) "CategoryMessageFile"="C:\Windows\System32\gpprefcl.dll" "EventMessageFile"="C:\Windows\System32\gpprefcl.dll" "ParameterMessageFile"="C:\Windows\System32\gpprefcl.dll" "TypesSupported"= 0x0000000007 (7) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\Group Policy Services] "CategoryCount"= 0x0000000002 (2) "CategoryMessageFile"="C:\Windows\System32\gpprefcl.dll" "EventMessageFile"="C:\Windows\System32\gpprefcl.dll" "ParameterMessageFile"="C:\Windows\System32\gpprefcl.dll" "TypesSupported"= 0x0000000007 (7) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\Group Policy Shortcuts] "CategoryCount"= 0x0000000002 (2) "CategoryMessageFile"="C:\Windows\System32\gpprefcl.dll" "EventMessageFile"="C:\Windows\System32\gpprefcl.dll" "ParameterMessageFile"="C:\Windows\System32\gpprefcl.dll" "TypesSupported"= 0x0000000007 (7) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\Group Policy Standard Edition] "CategoryCount"= 0x0000000002 (2) "CategoryMessageFile"="C:\Windows\System32\gpprefcl.dll" "EventMessageFile"="C:\Windows\System32\gpprefcl.dll" "ParameterMessageFile"="C:\Windows\System32\gpprefcl.dll" "TypesSupported"= 0x0000000007 (7) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\Group Policy Start Menu Settings] "CategoryCount"= 0x0000000002 (2) "CategoryMessageFile"="C:\Windows\System32\gpprefcl.dll" "EventMessageFile"="C:\Windows\System32\gpprefcl.dll" "ParameterMessageFile"="C:\Windows\System32\gpprefcl.dll" "TypesSupported"= 0x0000000007 (7) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\GroupPolicy] "EventMessageFile"="%SystemRoot%\System32\gpapi.dll" "TypesSupported"= 0x0000000007 (7) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\Handwriting Recognition] "CategoryCount"= 0x0000000007 (7) "CategoryMessageFile"="%CommonProgramFiles%\Microsoft Shared\Ink\IPSEventLogMsg.dll" "EventMessageFile"="%CommonProgramFiles%\Microsoft Shared\Ink\IPSEventLogMsg.dll" "TypesSupported"= 0x0000000007 (7) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\Interactive Services detection] "EventMessageFile"="%SystemRoot%\System32\UI0Detect.exe" "TypesSupported"= 0x0000000007 (7) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\ipmiprv] "EventMessageFile"="%windir%\system32\wbem\ipmiprr.dll" "providerGuid"="{2A45D52E-BBF3-4843-8E18-B356ED5F6A65}" "TypesSupported"= 0x0000000007 (7) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\LoadPerf] "ProviderGuid"="{122EE297-BB47-41AE-B265-1CA8D1886D40}" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\Microsoft Fax] "CategoryCount"= 0x0000000004 (4) "CategoryMessageFile"="C:\Windows\System32\fxsevent.dll" "EventMessageFile"="C:\Windows\System32\fxsevent.dll" "publisherGuid"="{9F8639E0-9EEF-4125-9B1C-86109BDD8289}" "TypesSupported"= 0x0000000007 (7) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\Microsoft-Windows-AAD] "providerGuid"="{4DE9BC9C-B27A-43C9-8994-0915F1A5E24F}" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\Microsoft-Windows-ApplicationExperienceInfrastructure] "ProviderGuid"="{5ec13d8e-4b3f-422e-a7e7-3121a1d90c7a}" "EventMessageFile"="%SystemRoot%\system32\apphelp.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\Microsoft-Windows-AppModel-Runtime] "ProviderGuid"="{f1ef270a-0d32-4352-ba52-dbab41e1d859}" "EventMessageFile"="%SystemRoot%\system32\Microsoft-Windows-System-Events.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\Microsoft-Windows-AppModel-State] "ProviderGuid"="{bff15e13-81bf-45ee-8b16-7cfead00da86}" "EventMessageFile"="%SystemRoot%\system32\Microsoft-Windows-System-Events.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\Microsoft-Windows-ASN1] "providerGuid"="{d92ef8ac-99dd-4ab8-b91d-c6eba85f3755}" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\Microsoft-Windows-Audio] "ProviderGuid"="{ae4bd3be-f36f-45b6-8d21-bdd6fb832853}" "EventMessageFile"="%SystemRoot%\System32\audioses.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\Microsoft-Windows-Audit-CVE] "ProviderGuid"="{85a62a0d-7e17-485f-9d4f-749a287193a6}" "EventMessageFile"="%SystemRoot%\system32\Microsoft-Windows-System-Events.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\Microsoft-Windows-AxInstallService] "ProviderGuid"="{dab3b18c-3c0f-43e8-80b1-e44bc0dad901}" "EventMessageFile"="%SystemRoot%\System32\AxInstSv.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\Microsoft-Windows-Backup] "ProviderGuid"="{1db28f2e-8f80-4027-8c5a-a11f7f10f62d}" "EventMessageFile"="%windir%\system32\BlbEvents.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\Microsoft-Windows-CAPI2] "ProviderGuid"="{5bbca4a8-b209-48dc-a8c7-b23d3e5216fb}" "EventMessageFile"="%SystemRoot%\System32\crypt32.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\Microsoft-Windows-CertificateServicesClient] "ProviderGuid"="{73370bd6-85e5-430b-b60a-fea1285808a7}" "EventMessageFile"="%SystemRoot%\system32\dimsjob.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\Microsoft-Windows-CertificateServicesClient-AutoEnrollment] "ProviderGuid"="{f0db7ef8-b6f3-4005-9937-feb77b9e1b43}" "EventMessageFile"="%SystemRoot%\system32\pautoenr.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\Microsoft-Windows-CertificateServicesClient-CertEnroll] "ProviderGuid"="{54164045-7c50-4905-963f-e5bc1eef0cca}" "EventMessageFile"="%SystemRoot%\system32\certenroll.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\Microsoft-Windows-CertificateServicesClient-CredentialRoaming] "ProviderGuid"="{89a2278b-c662-4aff-a06c-46ad3f220bca}" "EventMessageFile"="%SystemRoot%\system32\dimsroam.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\Microsoft-Windows-CertificationAuthorityClient-CertCli] "ProviderGuid"="{98bf1cd3-583e-4926-95ee-a61bf3f46470}" "EventMessageFile"="%SystemRoot%\system32\certcli.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\Microsoft-Windows-COMRuntime] "ProviderGuid"="{bf406804-6afa-46e7-8a48-6c357e1d6d61}" "EventMessageFile"="%systemroot%\system32\combase.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\Microsoft-Windows-Crypto-BCrypt] "providerGuid"="{C7E089AC-BA2A-11E0-9AF7-68384824019B}" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\Microsoft-Windows-Crypto-CNG] "providerGuid"="{E3E0E2F0-C9C5-11E0-8AB9-9EBC4824019B}" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\Microsoft-Windows-Crypto-DPAPI] "providerGuid"="{89fe8f40-cdce-464e-8217-15ef97d4c7c3}" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\Microsoft-Windows-Crypto-DSSEnh] "providerGuid"="{43dad447-735f-4829-a6ff-9829a87419ff}" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\Microsoft-Windows-Crypto-NCrypt] "providerGuid"="{e8ed09dc-100c-45e2-9fc8-b53399ec1f70}" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\Microsoft-Windows-Crypto-RNG] "providerGuid"="{54d5ac20-e14f-4fda-92da-ebf7556ff176}" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\Microsoft-Windows-Crypto-RSAEnh] "providerGuid"="{152FDB2B-6E9D-4B60-B317-815D5F174C4A}" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\Microsoft-Windows-Deduplication] "ProviderGuid"="{f9fe3908-44b8-48d9-9a32-5a763ff5ed79}" "EventMessageFile"="%SystemRoot%\System32\ddputils.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\Microsoft-Windows-Defrag] "EventMessageFile"="%systemroot%\system32\defragsvc.dll" "TypesSupported"= 0x0000000007 (7) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\Microsoft-Windows-DeliveryOptimization] "ProviderGuid"="{f8ad09ba-419c-5134-1750-270f4d0fb889}" "EventMessageFile"="%SystemRoot%\System32\dosvc.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\Microsoft-Windows-DeviceGuard] "providerGuid"="{F717D024-F5B4-4F03-9AB9-331B2DC38FFB}" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\Microsoft-Windows-DirectShow-Core] "ProviderGuid"="{968f313b-097f-4e09-9cdd-bc62692d138b}" "EventMessageFile"="%SystemRoot%\system32\quartz.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\Microsoft-Windows-DirectShow-KernelSupport] "ProviderGuid"="{3cc2d4af-da5e-4ed4-bcbe-3cf995940483}" "EventMessageFile"="%SystemRoot%\System32\ksproxy.ax" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\Microsoft-Windows-EapHost] "ProviderGuid"="{6eb8db94-fe96-443f-a366-5fe0cee7fb1c}" "EventMessageFile"="%systemroot%\system32\eapsvc.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\Microsoft-Windows-EFS] "ProviderGuid"="{3663a992-84be-40ea-bba9-90c7ed544222}" "EventMessageFile"="%SystemRoot%\system32\efscore.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\Microsoft-Windows-EventCollector] "ProviderGuid"="{b977cf02-76f6-df84-cc1a-6a4b232322b6}" "EventMessageFile"="%SystemRoot%\system32\wecsvc.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\Microsoft-Windows-Folder Redirection] "ProviderGuid"="{7d7b0c39-93f6-4100-bd96-4dda859652c5}" "EventMessageFile"="%SystemRoot%\System32\fdeploy.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\Microsoft-Windows-GenericRoaming] "providerGuid"="{4EACB4D0-263B-4b93-8CD6-778A278E5642}" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\Microsoft-Windows-Immersive-Shell] "ProviderGuid"="{315a8872-923e-4ea2-9889-33cd4754bf64}" "EventMessageFile"="%SystemRoot%\system32\twinui.appcore.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\Microsoft-Windows-KdsSvc] "providerGuid"="{D4BE7726-DC7A-11DF-A6E6-0902DFD72085}" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\Microsoft-Windows-LiveId] "providerGuid"="{05f02597-fe85-4e67-8542-69567ab8fd4f}" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\Microsoft-Windows-LoadPerf] "EventMessageFile"="%SystemRoot%\system32\loadperf.dll" "ProviderGuid"="{122ee297-bb47-41ae-b265-1ca8d1886d40}" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\Microsoft-Windows-PerfCtrs] "ProviderGuid"="{973143dd-f3c7-4ef5-b156-544ac38c39b6}" "EventMessageFile"="%SystemRoot%\system32\perfctrs.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\Microsoft-Windows-PerfNet] "ProviderGuid"="{cab2b8a5-49b9-4eec-b1b0-fac21da05a3b}" "EventMessageFile"="%SystemRoot%\system32\perfnet.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\Microsoft-Windows-PerfOS] "ProviderGuid"="{f82fb576-e941-4956-a2c7-a0cf83f6450a}" "EventMessageFile"="%SystemRoot%\system32\perfos.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\Microsoft-Windows-PerfProc] "ProviderGuid"="{72d211e1-4c54-4a93-9520-4901681b2271}" "EventMessageFile"="%SystemRoot%\system32\perfproc.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\Microsoft-Windows-propsys] "EventMessageFile"="%SystemRoot%\system32\propsys.dll" "ProviderGuid"="{9485FA1E-23CD-49A1-84E3-11D8BC550CB7}" "TypesSupported"= 0x0000000007 (7) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\Microsoft-Windows-RemoteApp and Desktop Connections] "ProviderGuid"="{1b8b402d-78dc-46fb-bf71-46e64aedf165}" "EventMessageFile"="%SystemRoot%\system32\TSWorkspace.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\Microsoft-Windows-RemoteAssistance] "ProviderGuid"="{5b0a651a-8807-45cc-9656-7579815b6af0}" "EventMessageFile"="%systemroot%\system32\msra.exe" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\Microsoft-Windows-RestartManager] "ProviderGuid"="{0888e5ef-9b98-4695-979d-e92ce4247224}" "EventMessageFile"="%SystemRoot%\System32\RstrtMgr.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\Microsoft-Windows-RPC-Events] "ProviderGuid"="{f4aed7c7-a898-4627-b053-44a7caa12fcd}" "EventMessageFile"="%SystemRoot%\system32\rpcrt4.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\Microsoft-Windows-Security-EnterpriseData-FileRevocationManager] "ProviderGuid"="{2cd58181-0bb6-463e-828a-056ff837f966}" "EventMessageFile"="%SystemRoot%\system32\efswrt.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\Microsoft-Windows-Security-Netlogon] "providerGuid"="{E5BA83F6-07D0-46b1-8BC7-7E669A1D31DC}" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\Microsoft-Windows-SmartCard-DeviceEnum] "providerGuid"="{AAEAC398-3028-487c-9586-44EACAD03637}" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\Microsoft-Windows-SoftwareRestrictionPolicies] "ProviderGuid"="{7d29d58a-931a-40ac-8743-48c733045548}" "EventMessageFile"="%SystemRoot%\system32\Microsoft-Windows-System-Events.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\Microsoft-Windows-Spell-Checking] "ProviderGuid"="{d0e22efc-ac66-4b25-a72d-382736b5e940}" "EventMessageFile"="%systemroot%\System32\MsSpellCheckingFacility.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\Microsoft-Windows-SpellChecker] "ProviderGuid"="{b2fcd41f-9a40-4150-8c92-b224b7d8c8aa}" "EventMessageFile"="%systemroot%\System32\MsSpellCheckingFacility.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\Microsoft-Windows-Spellchecking-Host] "ProviderGuid"="{1bda2ab1-bbc1-4acb-a849-c0ef2b249672}" "EventMessageFile"="%systemroot%\System32\MsSpellCheckingHost.exe" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\Microsoft-Windows-System-Restore] "ProviderGuid"="{126cdb97-d346-4894-8a34-658da5eea1b6}" "EventMessageFile"="%windir%\system32\SrEvents.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\Microsoft-Windows-TerminalServices-ClientActiveXCore] "ProviderGuid"="{28aa95bb-d444-4719-a36f-40462168127e}" "EventMessageFile"="%SystemRoot%\system32\mstscax.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\Microsoft-Windows-User Profiles General] "ProviderGuid"="{db00dfb6-29f9-4a9c-9b3b-1f4f9e7d9770}" "EventMessageFile"="%SystemRoot%\System32\userenv.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\Microsoft-Windows-User Profiles Service] "ProviderGuid"="{89b1e9f0-5aff-44a6-9b44-0a07a7ce5845}" "EventMessageFile"="%SystemRoot%\System32\profsvc.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\Microsoft-Windows-User-Loader] "ProviderGuid"="{b059b83f-d946-4b13-87ca-4292839dc2f2}" "EventMessageFile"="%SystemRoot%\system32\Microsoft-Windows-System-Events.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\Microsoft-Windows-Video-For-Windows] "ProviderGuid"="{712abb2d-d806-4b42-9682-26da01d8b307}" "EventMessageFile"="%SystemRoot%\system32\mciavi32.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\Microsoft-Windows-WBioSrvc] "providerGuid"="{A0E3D8EA-C34F-4419-A1DB-90435B8B21D0}" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\Microsoft-Windows-WindowsSystemAssessmentTool] "ProviderGuid"="{11a75546-3234-465e-bec8-2d301cb501ac}" "EventMessageFile"="%SystemRoot%\system32\WINSAT.EXE" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\Microsoft-Windows-Winsrv] "ProviderGuid"="{9d55b53d-449b-4824-a637-24f9d69aa02f}" "EventMessageFile"="%SystemRoot%\system32\winsrv.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\Microsoft-Windows-WMI] "ProviderGuid"="{1edeee53-0afe-4609-b846-d8c0b2075b1f}" "EventMessageFile"="%SystemRoot%\system32\wbem\WinMgmtR.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\Microsoft-Windows-XWizards] "ProviderGuid"="{777ba8fe-2498-4875-933a-3067de883070}" "EventMessageFile"="%windir%\system32\xwizards.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\Microsoft.Transactions.Bridge 3.0.0.0] "CategoryCount"= 0x000000000e (14) "CategoryMessageFile"="C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\ServiceModelEvents.dll" "EventMessageFile"="C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\ServiceModelEvents.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\Microsoft.Transactions.Bridge 4.0.0.0] "CategoryCount"= 0x000000000f (15) "CategoryMessageFile"="C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ServiceModelEvents.dll" "EventMessageFile"="C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ServiceModelEvents.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\MSDTC] "providerGuid"="{719BE4ED-E9BC-4DD8-A7CF-C85CE8E4975D}" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\MSDTC 2] "providerGuid"="{5D9E0020-3761-4f36-90C8-38CE6511BD12}" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\MSDTC Client] "providerGuid"="{7A67066E-193F-4D3A-82D3-322FEE5259DE}" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\MSDTC Client 2] "providerGuid"="{155CB334-3D7F-4ff1-B107-DF8AFC3C0363}" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\MsiInstaller] "EventMessageFile"="C:\Windows\System32\msimsg.dll" "TypesSupported"= 0x0000000007 (7) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\PDH] "ProviderGuid"="{04D66358-C4A1-419B-8023-23B73902DE2C}" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\PerfCtrs] "ProviderGuid"="{973143DD-F3C7-4EF5-B156-544AC38C39B6}" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\PerfDisk] "ProviderGuid"="{7F9D83DE-8ABB-457F-98E8-4AD161449ECC}" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\Perflib] "ProviderGuid"="{13B197BD-7CEE-4B4E-8DD0-59314CE374CE}" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\PerfNet] "ProviderGuid"="{CAB2B8A5-49B9-4EEC-B1B0-FAC21DA05A3B}" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\PerfOs] "ProviderGuid"="{F82FB576-E941-4956-A2C7-A0CF83F6450A}" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\PerfProc] "ProviderGuid"="{72D211E1-4C54-4A93-9520-4901681B2271}" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\PrintBrm] "ProviderGuid"="{CF3F502E-B40D-4071-996F-00981EDF938E}" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\Process Exit Monitor] "providerGuid"="{FD771D53-8492-4057-8E35-8C02813AF49B}" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\Profsvc] "EventMessageFile"="%SystemRoot%\System32\profsvc.dll" "ProviderGuid"="{89B1E9F0-5AFF-44A6-9B44-0A07A7CE5845}" "TypesSupported"= 0x0000000007 (7) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\RasClient] "EventMessageFile"="%SystemRoot%\System32\mprmsg.dll" "TypesSupported"= 0x000000001f (31) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\SceCli] "EventMessageFile"="%SystemRoot%\System32\scecli.dll" "TypesSupported"= 0x0000000007 (7) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\SceSrv] "EventMessageFile"="%SystemRoot%\System32\scesrv.dll" "TypesSupported"= 0x0000000007 (7) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\SecurityCenter] "EventMessageFile"="%SystemRoot%\System32\wscsvc.dll" "TypesSupported"= 0x0000000007 (7) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\ServiceModel Audit 3.0.0.0] "CategoryCount"= 0x0000000002 (2) "CategoryMessageFile"="C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\ServiceModelEvents.dll" "EventMessageFile"="C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\ServiceModelEvents.dll" "TypesSupported"= 0x000000001f (31) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\ServiceModel Audit 4.0.0.0] "CategoryCount"= 0x0000000002 (2) "CategoryMessageFile"="C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ServiceModelEvents.dll" "EventMessageFile"="C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ServiceModelEvents.dll" "TypesSupported"= 0x000000001f (31) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\SideBySide] "EventMessageFile"="%SystemRoot%\System32\sxs.dll" "TypesSupported"= 0x0000000007 (7) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\Software Installation] "EventMessageFile"="%SystemRoot%\System32\appmgr.dll" "TypesSupported"= 0x0000000007 (7) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\Software Protection Platform Service] "EventMessageFile"="%SystemRoot%\system32\sppsvc.exe" "ProviderGuid"="{E23B33B0-C8C9-472C-A5F9-F2BDFEA0F156}" "TypesSupported"= 0x0000000007 (7) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\SpeechRuntime] "EventMessageFile"="C:\Windows\System32\Speech_OneCore\Common\sapi_onecore.dll" "TypesSupported"= 0x0000000007 (7) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\SPP] "EventMessageFile"="%systemroot%\system32\sxproxy.dll" "TypesSupported"= 0x0000000007 (7) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\SrmSvc] "EventMessageFile"="%SystemRoot%\System32\srm.dll" "TypesSupported"= 0x0000000007 (7) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\Standard TCP/IP Port] "ProviderGuid"="{CAD2D809-03D9-4F46-9CF4-72AA4F04B6B9}" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\Steam Client Service] "EventMessageFile"="C:\Program Files (x86)\Common Files\Steam\SteamService.exe" "TypesSupported"= 0x0000000007 (7) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\System Restore] "EventMessageFile"="%systemroot%\system32\srcore.dll" "TypesSupported"= 0x0000000007 (7) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\System.IdentityModel 3.0.0.0] "CategoryCount"= 0x000000000e (14) "CategoryMessageFile"="C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\ServiceModelEvents.dll" "EventMessageFile"="C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\ServiceModelEvents.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\System.IdentityModel 4.0.0.0] "CategoryCount"= 0x000000000f (15) "CategoryMessageFile"="C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ServiceModelEvents.dll" "EventMessageFile"="C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ServiceModelEvents.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\System.IO.Log 3.0.0.0] "CategoryCount"= 0x000000000e (14) "CategoryMessageFile"="C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\ServiceModelEvents.dll" "EventMessageFile"="C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\ServiceModelEvents.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\System.IO.Log 4.0.0.0] "CategoryCount"= 0x000000000f (15) "CategoryMessageFile"="C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ServiceModelEvents.dll" "EventMessageFile"="C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ServiceModelEvents.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\System.Runtime.Serialization 3.0.0.0] "CategoryCount"= 0x000000000e (14) "CategoryMessageFile"="C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\ServiceModelEvents.dll" "EventMessageFile"="C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\ServiceModelEvents.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\System.Runtime.Serialization 4.0.0.0] "CategoryCount"= 0x000000000f (15) "CategoryMessageFile"="C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ServiceModelEvents.dll" "EventMessageFile"="C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ServiceModelEvents.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\System.ServiceModel 3.0.0.0] "CategoryCount"= 0x000000000e (14) "CategoryMessageFile"="C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\ServiceModelEvents.dll" "EventMessageFile"="C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\ServiceModelEvents.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\System.ServiceModel 4.0.0.0] "CategoryCount"= 0x000000000f (15) "CategoryMessageFile"="C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ServiceModelEvents.dll" "EventMessageFile"="C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ServiceModelEvents.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\usbperf] "EventMessageFile"="%SystemRoot%\system32\usbperf.dll" "TypesSupported"= 0x0000000007 (7) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\Userenv] "EventMessageFile"="%SystemRoot%\System32\userenv.dll" "ProviderGuid"="{DB00DFB6-29F9-4A9C-9B3B-1F4F9E7D9770}" "TypesSupported"= 0x0000000007 (7) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\VBRuntime] "EventMessageFile"="C:\Windows\SysWOW64\msvbvm60.dll" "TypesSupported"= 0x0000000004 (4) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\VSS] "EventMessageFile"="%SystemRoot%\System32\VSSVC.EXE" "TypesSupported"= 0x0000000007 (7) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\VSSetup] "EventMessageFile"="d:\f528c4950c9d87d1acf148c52ec5\DW\DW20.exe" "TypesSupported"= 0x0000000007 (7) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\WerSvc] "EventMessageFile"="%SystemRoot%\System32\wersvc.dll" "TypesSupported"= 0x0000000007 (7) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\Windows Backup] "EventMessageFile"="%systemroot%\system32\sdengin2.dll" "TypesSupported"= 0x0000000007 (7) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\Windows Error Reporting] "EventMessageFile"="%SystemRoot%\System32\wer.dll" "TypesSupported"= 0x0000000007 (7) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\Windows Search Service] "CategoryCount"= 0x0000000007 (7) "CategoryMessageFile"="%systemroot%\system32\tquery.dll" "EventMessageFile"="%systemroot%\system32\tquery.dll" "ProviderGuid"="{CA4E628D-8567-4896-AB6B-835B221F373F}" "TypesSupported"= 0x0000000007 (7) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\Windows Search Service Profile Notification] "EventMessageFile"="%SystemRoot%\system32\wsepno.dll" "ProviderGuid"="{FC6F77DD-769A-470E-BCF9-1B6555A118BE}" "TypesSupported"= 0x0000000007 (7) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\Wininit] "EventMessageFile"="%SystemRoot%\System32\wininit.exe" "providerGuid"="{206f6dea-d3c5-4d10-bc72-989f03c8b84b}" "TypesSupported"= 0x0000000007 (7) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\Winlogon] "EventMessageFile"="%SystemRoot%\System32\winlogon.exe" "providerGuid"="{DBE9B383-7CF3-4331-91CC-A3CB16A3B538}" "TypesSupported"= 0x0000000007 (7) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\WinMgmt] "ProviderGuid"="{1edeee53-0afe-4609-b846-d8c0b2075b1f}" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\Wlclntfy] "EventMessageFile"="%SystemRoot%\System32\winlogon.exe" "providerGuid"="{DBE9B383-7CF3-4331-91CC-A3CB16A3B538}" "TypesSupported"= 0x0000000007 (7) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\WMI.NET Provider Extension] "EventMessageFile"="C:\Windows\Microsoft.NET\Framework64\v4.0.30319\EventLogMessages.dll" "TypesSupported"= 0x0000000007 (7) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\Wow64 Emulation Layer] "EventMessageFile"="%SystemRoot%\System32\ntvdm64.dll" "TypesSupported"= 0x0000000007 (7) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\WSH] "EventMessageFile"="%SystemRoot%\System32\wshext.dll" "TypesSupported"= 0x000000001f (31) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\HardwareEvents] "DisplayNameFile"="%SystemRoot%\system32\wecsvc.dll" "DisplayNameID"= 0x0000000100 (256) "File"="%systemroot%\system32\winevt\logs\HardwareEvents.evtx" "MaxSize"= 0x0001400000 (20971520) "Retention"= 0x0000000000 (0) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Internet Explorer] "CustomSD"="O:BAG:SYD:(A;;0x07;;;WD)S:(ML;;0x1;;;LW)" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Key Management Service] "DisplayNameFile"="%SystemRoot%\system32\sppsvc.exe" "DisplayNameID"= 0x0000000100 (256) "MaxSize"= 0x0001400000 (20971520) "Retention"= 0x0000000000 (0) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Key Management Service\KmsRequests] "EventMessageFile"="%SystemRoot%\system32\sppsvc.exe" "ProviderGuid"="{E23B33B0-C8C9-472C-A5F9-F2BDFEA0F156}" "TypesSupported"= 0x0000000007 (7) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Security] "DisplayNameFile"="%SystemRoot%\system32\wevtapi.dll" "DisplayNameID"= 0x0000000101 (257) "File"="%SystemRoot%\System32\winevt\Logs\Security.evtx" "Isolation"= 0x0000000002 (2) "MaxSize"= 0x0001400000 (20971520) "PrimaryModule"="Security" "Retention"= 0x0000000000 (0) "Security"=01 00 14 80 a4 00 00 00 b0 00 00 00 14 00 00 00 44 00 00 00 02 00 30 00 02 00 00 00 02 40 14 00 72 01 0d 00 01 01 00 00 00 00 00 01 00 00 00 00 02 80 14 00 ff 01 0f 00 01 01 00 00 00 00 00 01 00 00 00 00 02 00 60 00 04 00 00 00 00 00 14 00 8d 01 02 00 01 01 00 00 00 00 00 05 0b 00 00 00 00 00 18 00 ff 01 0f 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 00 00 14 00 fd 01 02 00 01 01 00 00 00 00 00 05 12 00 00 00 00 00 18 00 84 00 00 00 01 02 00 00 00 00 00 0f 02 00 00 00 01 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00 (REG_BINARY) "RestrictGuestAccess"= 0x0000000001 (1) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Security\DS] "ParameterMessageFile"="%SystemRoot%\System32\MsObjs.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Security\DS\ObjectNames] "Directory Service Object"= 0x0000001e00 (7680) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Security\LSA] "ParameterMessageFile"="%SystemRoot%\System32\MsObjs.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Security\LSA\ObjectNames] "AdtSecurity"= 0x0000001f00 (7936) "PolicyObject"= 0x0000001600 (5632) "SecretObject"= 0x0000001610 (5648) "TrustedDomainObject"= 0x0000001620 (5664) "UserAccountObject"= 0x0000001630 (5680) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Security\Microsoft-Windows-Eventlog] "ProviderGuid"="{fc65ddd8-d6ef-4962-83d5-6e5cfe9ce148}" "EventMessageFile"="%SystemRoot%\System32\wevtsvc.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Security\Microsoft-Windows-Security-Auditing] "ProviderGuid"="{54849625-5478-4994-a5ba-3e3b0328c30d}" "EventMessageFile"="%SystemRoot%\system32\adtschema.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Security\SC Manager] "ParameterMessageFile"="%SystemRoot%\System32\MsObjs.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Security\SC Manager\ObjectNames] "SC_MANAGER Object"= 0x0000001c00 (7168) "SERVICE Object"= 0x0000001c10 (7184) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Security\Security] "CategoryCount"= 0x0000000009 (9) "CategoryMessageFile"="%SystemRoot%\System32\MsAuditE.dll" "EventMessageFile"="%SystemRoot%\System32\MsAuditE.dll" "ParameterMessageFile"="%SystemRoot%\System32\MsObjs.dll" "TypesSupported"= 0x000000001c (28) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Security\Security\ObjectNames] "ALPC Port"= 0x0000001170 (4464) "Channel"= 0x0000001400 (5120) "Desktop"= 0x0000001a10 (6672) "Device"= 0x0000001100 (4352) "Directory"= 0x0000001110 (4368) "Event"= 0x0000001120 (4384) "File"= 0x0000001140 (4416) "IoCompletion"= 0x0000001300 (4864) "Job"= 0x0000001410 (5136) "Key"= 0x0000001150 (4432) "KeyedEvent"= 0x0000001640 (5696) "MailSlot"= 0x0000001140 (4416) "Mutant"= 0x0000001160 (4448) "NamedPipe"= 0x0000001140 (4416) "Port"= 0x0000001170 (4464) "Process"= 0x0000001180 (4480) "Profile"= 0x0000001190 (4496) "Section"= 0x00000011a0 (4512) "Semaphore"= 0x00000011b0 (4528) "SymbolicLink"= 0x00000011c0 (4544) "Thread"= 0x00000011d0 (4560) "Timer"= 0x00000011e0 (4576) "Token"= 0x00000011f0 (4592) "Type"= 0x0000001200 (4608) "WaitablePort"= 0x0000001170 (4464) "WindowStation"= 0x0000001a00 (6656) "WMI Namespace"= 0x0000004200 (16896) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Security\Security Account Manager] "ParameterMessageFile"="%SystemRoot%\System32\MsObjs.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Security\Security Account Manager\ObjectNames] "SAM_ALIAS"= 0x0000001530 (5424) "SAM_DOMAIN"= 0x0000001510 (5392) "SAM_GROUP"= 0x0000001520 (5408) "SAM_SERVER"= 0x0000001500 (5376) "SAM_USER"= 0x0000001540 (5440) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Security\ServiceModel 3.0.0.0] "CategoryCount"= 0x0000000003 (3) "CategoryMessageFile"="%SystemRoot%\System32\MsAuditE.dll" "EventMessageFile"="C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\ServiceModelEvents.dll" "EventSourceFlags"= 0x0000000001 (1) "ParameterMessageFile"="C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\ServiceModelEvents.dll" "TypesSupported"= 0x000000001f (31) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Security\ServiceModel 4.0.0.0] "CategoryCount"= 0x0000000003 (3) "CategoryMessageFile"="%SystemRoot%\System32\MsAuditE.dll" "EventMessageFile"="C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ServiceModelEvents.dll" "EventSourceFlags"= 0x0000000001 (1) "ParameterMessageFile"="C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ServiceModelEvents.dll" "TypesSupported"= 0x000000001f (31) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Security\Spooler] "ParameterMessageFile"="%SystemRoot%\System32\MsObjs.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Security\Spooler\ObjectNames] "Document"= 0x0000001b20 (6944) "Printer"= 0x0000001b10 (6928) "Server"= 0x0000001b00 (6912) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Security\TCP/IP] "ParameterMessageFile"="%SystemRoot%\System32\MsObjs.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Security\TCP/IP\ObjectNames] "InternetPort"= 0x0000001f80 (8064) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Security\VSSAudit] "EventMessageFile"="%SystemRoot%\System32\VSSVC.EXE" "EventSourceFlags"= 0x0000000000 (0) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System] "DisplayNameFile"="%SystemRoot%\system32\wevtapi.dll" "DisplayNameID"= 0x0000000102 (258) "File"="%SystemRoot%\system32\winevt\Logs\System.evtx" "MaxSize"= 0x0001400000 (20971520) "PrimaryModule"="System" "Retention"= 0x0000000000 (0) "RestrictGuestAccess"= 0x0000000001 (1) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\3ware] "EventMessageFile"="%SystemRoot%\System32\IoLogMsg.dll" "TypesSupported"= 0x0000000007 (7) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\ACPI] "EventMessageFile"="%SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\Drivers\acpi.sys" "TypesSupported"= 0x0000000007 (7) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\ADP80XX] "EventMessageFile"="%SystemRoot%\System32\IoLogMsg.dll" "TypesSupported"= 0x0000000007 (7) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\AFD] "EventMessageFile"="%SystemRoot%\System32\netevent.dll" "TypesSupported"= 0x0000000007 (7) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\agp440] "EventMessageFile"="%SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\agp440.sys" "TypesSupported"= 0x0000000007 (7) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\AmdK8] "EventMessageFile"="%SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\amdk8.sys" "TypesSupported"= 0x0000000007 (7) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\AmdPPM] "EventMessageFile"="%SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\amdppm.sys" "TypesSupported"= 0x0000000007 (7) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\amdsata] "EventMessageFile"="%SystemRoot%\System32\IoLogMsg.dll" "TypesSupported"= 0x0000000007 (7) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\amdsbs] "EventMessageFile"="%SystemRoot%\System32\IoLogMsg.dll" "TypesSupported"= 0x0000000007 (7) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\amdxata] "EventMessageFile"="%SystemRoot%\System32\IoLogMsg.dll" "TypesSupported"= 0x0000000007 (7) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\Application Management Group Policy] "EventMessageFile"="%SystemRoot%\System32\appmgmts.dll" "ParameterMessageFile"="%SystemRoot%\System32\kernel32.dll" "TypesSupported"= 0x0000000007 (7) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\Application Popup] "ProviderGuid"="{47bfa2b7-bd54-4fac-b70b-29021084ca8f}" "EventMessageFile"="%SystemRoot%\system32\winsrv.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\AppReadiness] "EventMessageFile"="%SystemRoot%\system32\AppReadiness.dll" "ProviderGuid"="{f0be35f8-237b-4814-86b5-ade51192e503}" "TypesSupported"= 0x0000000007 (7) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\arcsas] "EventMessageFile"="%SystemRoot%\System32\IoLogMsg.dll" "TypesSupported"= 0x0000000007 (7) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\AsyncMac] "EventMessageFile"="%SystemRoot%\System32\mprmsg.dll" "TypesSupported"= 0x000000001f (31) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\atapi] "EventMessageFile"="%SystemRoot%\System32\IoLogMsg.dll" "TypesSupported"= 0x0000000007 (7) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\b06bdrv] "eventmessagefile"="%SystemRoot%\System32\iologmsg.dll;%SystemRoot%\System32\drivers\bxvbda.sys" "typessupported"= 0x0000000007 (7) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\BasicRender] "EventMessageFile"="%SystemRoot%\System32\IoLogMsg.dll" "TypesSupported"= 0x0000000007 (7) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\beep] "EventMessageFile"="%SystemRoot%\System32\IoLogMsg.dll" "TypesSupported"= 0x0000000007 (7) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\Bowser] "EventMessageFile"="%systemroot%\system32\netevent.dll" "TypesSupported"= 0x0000000007 (7) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\Browser] "EventMessageFile"="%systemroot%\system32\netevent.dll" "TypesSupported"= 0x0000000007 (7) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\BugCheck] "providerGuid"="{ABCE23E7-DE45-4366-8631-84FA6C525952}" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\cdrom] "EventMessageFile"="%SystemRoot%\System32\IoLogMsg.dll" "TypesSupported"= 0x0000000007 (7) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\cht4iscsi] "EventMessageFile"="%SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\cht4sx64.sys" "TypesSupported"= 0x0000000007 (7) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\cht4vbd] "EventMessageFile"="%SystemRoot%\System32\netevent.dll;%SystemRoot%\System32\drivers\cht4vx64.sys" "TypesSupported"= 0x0000000007 (7) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\DCOM] "providerGuid"="{1B562E86-B7AA-4131-BADC-B6F3A001407E}" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\DfsSvc] "ProviderGuid"="{7DA4FE0E-FD42-4708-9AA5-89B77A224885}" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\Dhcp] "EventMessageFile"="%SystemRoot%\System32\dhcpcore.dll" "ParameterMessageFile"="%SystemRoot%\System32\kernel32.dll" "providerGuid"="{15A7A4F8-0072-4EAB-ABAD-F98A4D666AED}" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\Dhcpv6] "EventMessageFile"="%SystemRoot%\system32\dhcpcore6.dll" "ParameterMessageFile"="%SystemRoot%\system32\kernelbase.dll" "providerGuid"="{6A1F2B00-6A90-4C38-95A5-5CAB3B056778}" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\disk] "EventMessageFile"="%SystemRoot%\System32\IoLogMsg.dll" "TypesSupported"= 0x0000000007 (7) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\Display] "EventMessageFile"="%SystemRoot%\System32\dxgwdi.dll" "TypesSupported"= 0x0000000007 (7) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\Dnsapi] "EventMessageFile"="%Systemroot%\system32\netevent.dll" "ParameterMessageFile"="%Systemroot%\system32\kernel32.dll" "TypesSupported"= 0x0000000007 (7) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\Dnscache] "EventMessageFile"="%Systemroot%\system32\netevent.dll" "ParameterMessageFile"="%Systemroot%\system32\kernel32.dll" "TypesSupported"= 0x0000000007 (7) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\ebdrv] "eventmessagefile"="%SystemRoot%\System32\drivers\evbda.sys;%SystemRoot%\System32\iologmsg.dll" "typessupported"= 0x0000000007 (7) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\eventlog] "EventMessageFile"="%SystemRoot%\System32\netevent.dll" "TypesSupported"= 0x0000000007 (7) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\exFAT] "EventMessageFile"="%SystemRoot%\System32\IoLogMsg.dll" "TypesSupported"= 0x0000000007 (7) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\FltMgr] "EventMessageFile"="%SystemRoot%\System32\drivers\fltmgr.sys;%SystemRoot%\System32\IoLogMsg.dll" "TypesSupported"= 0x0000000007 (7) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\fvevol] "ProviderGuid"="{651DF93B-5053-4D1E-94C5-F6E6D25908D0}" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\gagp30kx] "EventMessageFile"="%SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\gagp30kx.sys" "TypesSupported"= 0x0000000007 (7) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\HidBth] "EventMessageFile"="%SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\Drivers\hidbth.sys" "TypesSupported"= 0x0000000007 (7) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\hidi2c] "EventMessageFile"="%SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\Drivers\hidi2c.sys" "TypesSupported"= 0x0000000007 (7) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\HpSAMD] "EventMessageFile"="%SystemRoot%\System32\IoLogMsg.dll" "TypesSupported"= 0x0000000007 (7) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\Http] "ProviderGuid"="{7b6bc78c-898b-4170-bbf8-1a469ea43fc5}" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\i8042prt] "EventMessageFile"="%SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\i8042prt.sys" "TypesSupported"= 0x0000000007 (7) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\iaStorAV] "EventMessageFile"="%SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\iaStorAV.sys" "TypesSupported"= 0x0000000007 (7) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\iaStorV] "EventMessageFile"="%SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\iaStorV.sys" "TypesSupported"= 0x0000000007 (7) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\ibbus] "EventMessageFile"="%SystemRoot%\System32\drivers\ibbus.sys;%SystemRoot%\System32\IoLogMsg.dll" "TypesSupported"= 0x0000000007 (7) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\Intel-iaLPSS-GPIO] "EventMessageFile"="%SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\system32\drivers\iaLPSSi_GPIO.sys" "TypesSupported"= 0x0000000007 (7) "ProviderGuid"="{d386cc7a-620a-41c1-abf5-55018c6c699a}" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\Intel-iaLPSS-I2C] "EventMessageFile"="%SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\system32\drivers\iaLPSSi_I2C.sys" "TypesSupported"= 0x0000000007 (7) "ProviderGuid"="{D4AEAC44-AD44-456E-9C90-33F8CDCED6AF}" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\Intel-iaLPSS2-GPIO2] "EventMessageFile"="%SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\system32\drivers\iaLPSS2i_GPIO2.sys" "TypesSupported"= 0x0000000007 (7) "ProviderGuid"="{63848cff-3ec7-4ddf-8072-5f95e8c8eb98}" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\Intel-iaLPSS2-I2C] "EventMessageFile"="%SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\system32\drivers\iaLPSS2i_I2C.sys" "TypesSupported"= 0x0000000007 (7) "ProviderGuid"="{C2F86198-03CA-4771-8D4C-CE6E15CBCA56}" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\intelppm] "EventMessageFile"="%SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\intelppm.sys" "TypesSupported"= 0x0000000007 (7) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\invdimm] "EventMessageFile"="%SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\invdimm.sys" "TypesSupported"= 0x0000000007 (7) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\IPMGM] "EventMessageFile"="%SystemRoot%\System32\rtm.dll" "providerGuid"="{29D13147-1C2E-48EC-9994-E29DFE496EB3}" "TypesSupported"= 0x0000000007 (7) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\IPMIDRV] "EventMessageFile"="%SystemRoot%\System32\drivers\ipmidrv.sys" "TypesSupported"= 0x0000000007 (7) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\IPNATHLP] "providerGuid"="{A6F32731-9A38-4159-A220-3D9B7FC5FE5D}" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\IPRouterManager] "EventMessageFile"="%SystemRoot%\System32\mprmsg.dll" "providerGuid"="{F2C628AE-D26C-4352-9C45-74754E1E2F9F}" "TypesSupported"= 0x0000000007 (7) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\irevents] "CategoryCount"= 0x0000000001 (1) "CategoryMessageFile"="%SystemRoot%\System32\irmon.dll" "EventMessageFile"="%SystemRoot%\System32\irmon.dll" "TypesSupported"= 0x0000000007 (7) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\isapnp] "EventMessageFile"="%SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\isapnp.sys" "TypesSupported"= 0x0000000007 (7) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\iScsiPrt] "EventMessageFile"="%SystemRoot%\System32\iscsilog.dll" "TypesSupported"= 0x0000000007 (7) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\kbdclass] "EventMessageFile"="%SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\kbdclass.sys" "TypesSupported"= 0x0000000007 (7) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\kbdhid] "EventMessageFile"="%SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\kbdhid.sys" "TypesSupported"= 0x0000000007 (7) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\kdnic] "EventMessageFile"="%SystemRoot%\System32\netevent.dll" "TypesSupported"= 0x0000000007 (7) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\Kerberos] "EventMessageFile"="%SystemRoot%\System32\kerberos.dll" "ProviderGuid"="{98E6CFCB-EE0A-41E0-A57B-622D4E1B30B1}" "TypesSupported"= 0x0000000007 (7) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\Lfsvc] "EventMessageFile"="C:\Windows\System32\locationframework.dll" "TypesSupported"= 0x0000000007 (7) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\lltdio] "EventMessageFile"="%SystemRoot%\System32\netevent.dll" "TypesSupported"= 0x0000000007 (7) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\LmHosts] "EventMessageFile"="%SystemRoot%\System32\netevent.dll" "TypesSupported"= 0x0000000007 (7) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\LsaSrv] "ProviderGuid"="{199fe037-2b82-40a9-82ac-e1d46c792b99}" "EventMessageFile"="%windir%\System32\lsasrv.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\LSI_SAS] "EventMessageFile"="%SystemRoot%\System32\IoLogMsg.dll" "TypesSupported"= 0x0000000007 (7) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\LSI_SAS2i] "EventMessageFile"="%SystemRoot%\System32\IoLogMsg.dll" "TypesSupported"= 0x0000000007 (7) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\LSI_SAS3i] "EventMessageFile"="%SystemRoot%\System32\IoLogMsg.dll" "TypesSupported"= 0x0000000007 (7) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\LSI_SSS] "EventMessageFile"="%SystemRoot%\System32\IoLogMsg.dll" "TypesSupported"= 0x0000000007 (7) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\LSM] "EventMessageFile"="%SystemRoot%\system32\lsm.dll" "providerGuid"="{5d896912-022d-40aa-a3a8-4fa5515c76d7}" "TypesSupported"= 0x0000000007 (7) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\megasas] "EventMessageFile"="%SystemRoot%\System32\IoLogMsg.dll" "TypesSupported"= 0x0000000007 (7) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\megasas2i] "EventMessageFile"="%SystemRoot%\System32\IoLogMsg.dll" "TypesSupported"= 0x0000000007 (7) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\megasr] "EventMessageFile"="%SystemRoot%\System32\IoLogMsg.dll" "TypesSupported"= 0x0000000007 (7) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\MEIx64] "EventMessageFile"="%SystemRoot%\System32\netevent.dll;%SystemRoot%\System32\drivers\TeeDriverW8x64.sys" "TypesSupported"= 0x0000000007 (7) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\Microsoft-Windows-Audit-CVE] "ProviderGuid"="{85a62a0d-7e17-485f-9d4f-749a287193a6}" "EventMessageFile"="%SystemRoot%\system32\Microsoft-Windows-System-Events.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\Microsoft-Windows-BitLocker-API] "ProviderGuid"="{5d674230-ca9f-11da-a94d-0800200c9a66}" "EventMessageFile"="%SystemRoot%\system32\fveapi.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\Microsoft-Windows-BitLocker-Driver] "ProviderGuid"="{651df93b-5053-4d1e-94c5-f6e6d25908d0}" "EventMessageFile"="%SystemRoot%\system32\drivers\fvevol.sys" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\Microsoft-Windows-Bits-Client] "ProviderGuid"="{ef1cc15b-46c1-414e-bb95-e76b077bd51e}" "EventMessageFile"="%systemroot%\system32\qmgr.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\Microsoft-Windows-Bluetooth-BthLEPrepairing] "ProviderGuid"="{4af188ac-e9c4-4c11-b07b-1fabc07dfeb2}" "EventMessageFile"="%SystemRoot%\system32\bthserv.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\Microsoft-Windows-CoreSystem-InitMachineConfig] "ProviderGuid"="{0b886108-1899-4d3a-9c0d-42d8fc4b9108}" "EventMessageFile"="%windir%\system32\drivers\cmimcext.sys" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\Microsoft-Windows-CoreSystem-NetProvision-JoinProviderOnline] "ProviderGuid"="{3629dd4d-d6f1-4302-a623-0768b51501c7}" "EventMessageFile"="%windir%\System32\joinproviderol.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\Microsoft-Windows-CorruptedFileRecovery-Client] "ProviderGuid"="{ba093605-3909-4345-990b-26b746adee0a}" "EventMessageFile"="%SystemRoot%\system32\cofiredm.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\Microsoft-Windows-CorruptedFileRecovery-Server] "ProviderGuid"="{d6f68875-cdf5-43a5-a3e3-53ffd683311c}" "EventMessageFile"="%SystemRoot%\system32\cofiredm.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\Microsoft-Windows-Devices-Background] "ProviderGuid"="{64ef2b1c-4ae1-4e64-8599-1636e441ec88}" "EventMessageFile"="%SystemRoot%\system32\deviceaccess.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\Microsoft-Windows-DfsSvc] "ProviderGuid"="{7da4fe0e-fd42-4708-9aa5-89b77a224885}" "EventMessageFile"="%SystemRoot%\system32\netevent.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\Microsoft-Windows-Dhcp-Client] "ProviderGuid"="{15a7a4f8-0072-4eab-abad-f98a4d666aed}" "EventMessageFile"="%SystemRoot%\system32\dhcpcore.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\Microsoft-Windows-DHCPv6-Client] "ProviderGuid"="{6a1f2b00-6a90-4c38-95a5-5cab3b056778}" "EventMessageFile"="%systemroot%\system32\dhcpcore6.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\Microsoft-Windows-Diagnostics-Networking] "ProviderGuid"="{36c23e18-0e66-11d9-bbeb-505054503030}" "EventMessageFile"="%windir%\system32\netdiagfx.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\Microsoft-Windows-Directory-Services-SAM] "ProviderGuid"="{0d4fdc09-8c27-494a-bda0-505e4fd8adae}" "EventMessageFile"="%SystemRoot%\System32\samsrv.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\Microsoft-Windows-DiskDiagnostic] "ProviderGuid"="{e670a5a2-ce74-4ab4-9347-61b815319f4c}" "EventMessageFile"="%windir%\system32\dfdts.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\Microsoft-Windows-DistributedCOM] "ProviderGuid"="{1b562e86-b7aa-4131-badc-b6f3a001407e}" "EventMessageFile"="%systemroot%\system32\combase.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\Microsoft-Windows-DNS-Client] "ProviderGuid"="{1c95126e-7eea-49a9-a3fe-a378b03ddb4d}" "EventMessageFile"="%SystemRoot%\system32\dnsapi.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\Microsoft-Windows-DriverFrameworks-UserMode] "ProviderGuid"="{2e35aaeb-857f-4beb-a418-2e6c0e54d988}" "EventMessageFile"="%SystemRoot%\system32\WUDFPlatform.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\Microsoft-Windows-EnhancedStorage-EhStorTcgDrv] "ProviderGuid"="{aa3aa23b-bb6d-425a-b58c-1d7e37f5d02a}" "EventMessageFile"="%SystemRoot%\System32\Drivers\EhStorTcgDrv.sys" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\Microsoft-Windows-EventCollector] "ProviderGuid"="{b977cf02-76f6-df84-cc1a-6a4b232322b6}" "EventMessageFile"="%SystemRoot%\system32\wecsvc.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\Microsoft-Windows-Eventlog] "ProviderGuid"="{fc65ddd8-d6ef-4962-83d5-6e5cfe9ce148}" "EventMessageFile"="%SystemRoot%\System32\wevtsvc.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\Microsoft-Windows-exFAT-SQM] "ProviderGuid"="{494e7a3d-8db9-4ec4-b43e-2844af6e38d6}" "EventMessageFile"="%SystemRoot%\system32\drivers\exfat.sys" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\Microsoft-Windows-Fat-SQM] "ProviderGuid"="{3e59a529-b0b3-4a11-8129-9ffe6bb46eb9}" "EventMessageFile"="%SystemRoot%\system32\drivers\fastfat.sys" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\Microsoft-Windows-Fault-Tolerant-Heap] "ProviderGuid"="{6b93bf66-a922-4c11-a617-cf60d95c133d}" "EventMessageFile"="%SystemRoot%\system32\fthsvc.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\Microsoft-Windows-FilterManager] "ProviderGuid"="{f3c5e28e-63f6-49c7-a204-e48a1bc4b09d}" "EventMessageFile"="%SystemRoot%\system32\drivers\fltmgr.sys" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\Microsoft-Windows-Firewall] "ProviderGuid"="{e595f735-b42a-494b-afcd-b68666945cd3}" "EventMessageFile"="%SystemRoot%\System32\mpssvc.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\Microsoft-Windows-FMS] "ProviderGuid"="{dea07764-0790-44de-b9c4-49677b17174f}" "EventMessageFile"="%SystemRoot%\system32\fms.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\Microsoft-Windows-FunctionDiscoveryHost] "ProviderGuid"="{538cbbad-4877-4eb2-b26e-7caee8f0f8cb}" "EventMessageFile"="%SystemRoot%\system32\fdphost.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\Microsoft-Windows-GPIO-ClassExtension] "ProviderGuid"="{55ab77f6-fa04-43ef-af45-688fbf500482}" "EventMessageFile"="%SystemRoot%\system32\drivers\msgpioclx.sys" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\Microsoft-Windows-GroupPolicy] "ProviderGuid"="{aea1b4fa-97d1-45f2-a64c-4d69fffd92c9}" "EventMessageFile"="%systemroot%\system32\gpsvc.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\Microsoft-Windows-HAL] "ProviderGuid"="{63d1e632-95cc-4443-9312-af927761d52a}" "EventMessageFile"="%systemroot%\system32\microsoft-windows-hal-events.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\Microsoft-Windows-HttpEvent] "ProviderGuid"="{7b6bc78c-898b-4170-bbf8-1a469ea43fc5}" "EventMessageFile"="%SystemRoot%\system32\drivers\http.sys" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\Microsoft-Windows-InstallUX] "EventMessageFile"="%SystemRoot%\system32\oobe\InstallEventRes.dll" "ProviderGuid"="{93b4ff2e-42a9-431f-876c-3c70a84560fe}" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\Microsoft-Windows-Iphlpsvc] "ProviderGuid"="{66a5c15c-4f8e-4044-bf6e-71d896038977}" "EventMessageFile"="%windir%\system32\iphlpsvc.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\Microsoft-Windows-IsolatedUserMode] "ProviderGuid"="{73a33ab2-1966-4999-8add-868c41415269}" "EventMessageFile"="%systemroot%\system32\iumbase.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\Microsoft-Windows-Kernel-Boot] "ProviderGuid"="{15ca44ff-4d7a-4baa-bba5-0998955e531e}" "EventMessageFile"="%SystemRoot%\system32\Microsoft-Windows-System-Events.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\Microsoft-Windows-Kernel-General] "ProviderGuid"="{a68ca8b7-004f-d7b6-a698-07e2de0f1f5d}" "EventMessageFile"="%SystemRoot%\system32\Microsoft-Windows-System-Events.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\Microsoft-Windows-Kernel-Interrupt-Steering] "ProviderGuid"="{951b41ea-c830-44dc-a671-e2c9958809b8}" "EventMessageFile"="%systemroot%\system32\microsoft-windows-kernel-processor-power-events.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\Microsoft-Windows-Kernel-IO] "ProviderGuid"="{abf1f586-2e50-4ba8-928d-49044e6f0db7}" "EventMessageFile"="%SystemRoot%\system32\Microsoft-Windows-System-Events.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\Microsoft-Windows-Kernel-PnP] "ProviderGuid"="{9c205a39-1250-487d-abd7-e831c6290539}" "EventMessageFile"="%SystemRoot%\system32\microsoft-windows-kernel-pnp-events.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\Microsoft-Windows-Kernel-Power] "ProviderGuid"="{331c3b3a-2005-44c2-ac5e-77220c37d6b4}" "EventMessageFile"="%systemroot%\system32\microsoft-windows-kernel-power-events.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\Microsoft-Windows-Kernel-Processor-Power] "ProviderGuid"="{0f67e49f-fe51-4e9f-b490-6f2948cc6027}" "EventMessageFile"="%systemroot%\system32\microsoft-windows-kernel-processor-power-events.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\Microsoft-Windows-Kernel-Tm] "ProviderGuid"="{4cec9c95-a65f-4591-b5c4-30100e51d870}" "EventMessageFile"="%SystemRoot%\system32\ktmw32.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\Microsoft-Windows-Kernel-WHEA] "ProviderGuid"="{7b563579-53c8-44e7-8236-0f87b9fe6594}" "EventMessageFile"="%SystemRoot%\system32\PSHED.DLL" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\Microsoft-Windows-Kernel-XDV] "ProviderGuid"="{f029ac39-38f0-4a40-b7de-404d244004cb}" "EventMessageFile"="%SystemDrive%\Windows\System32\Drivers\VerifierExt.sys" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\Microsoft-Windows-LanguagePackSetup] "ProviderGuid"="{7237fff9-a08a-4804-9c79-4a8704b70b87}" "EventMessageFile"="%SystemRoot%\system32\lpksetup.exe" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\Microsoft-Windows-Memory-Diagnostic-Task-Handler] "ProviderGuid"="{babda89a-4d5e-48eb-af3d-e0e8410207c0}" "EventMessageFile"="%SystemRoot%\system32\MemoryDiagnostic.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\Microsoft-Windows-MemoryDiagnostics-Results] "ProviderGuid"="{5f92bc59-248f-4111-86a9-e393e12c6139}" "EventMessageFile"="%SystemRoot%\System32\relpost.exe" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\Microsoft-Windows-MemoryDiagnostics-Schedule] "ProviderGuid"="{73e9c9de-a148-41f7-b1db-4da051fdc327}" "EventMessageFile"="%SystemRoot%\System32\mdsched.exe" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\Microsoft-Windows-MountMgr] "ProviderGuid"="{e3bac9f8-27be-4823-8d7f-1cc320c05fa7}" "EventMessageFile"="%SystemRoot%\system32\drivers\mountmgr.sys" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\Microsoft-Windows-NDIS] "ProviderGuid"="{cdead503-17f5-4a3e-b7ae-df8cc2902eb9}" "EventMessageFile"="%windir%\system32\drivers\ndis.sys" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\Microsoft-Windows-NdisImPlatformSysEvtProvider] "ProviderGuid"="{62de9e48-90c6-4755-8813-6a7d655b0802}" "EventMessageFile"="%SystemRoot%\system32\drivers\NdisImPlatform.sys" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\Microsoft-Windows-NetworkBridge] "ProviderGuid"="{a67075c2-3e39-4109-b6cd-6d750058a731}" "EventMessageFile"="%windir%\system32\drivers\bridge.sys" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\Microsoft-Windows-Ntfs] "ProviderGuid"="{3ff37a1c-a68d-4d6e-8c9b-f79e8b16c482}" "EventMessageFile"="%SystemRoot%\system32\drivers\ntfs.sys" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\Microsoft-Windows-Ntfs-SQM] "EventMessageFile"="%SystemRoot%\system32\drivers\ntfs.sys" "ProviderGuid"="{e9b319e4-0030-40a7-91cb-04d6a8ef7e09}" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\Microsoft-Windows-Ntfs-UBPM] "ProviderGuid"="{8e6a5303-a4ce-498f-afdb-e03a8a82b077}" "EventMessageFile"="%SystemRoot%\system32\drivers\ntfs.sys" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\Microsoft-Windows-OfflineFiles] "ProviderGuid"="{95353826-4fbe-41d4-9c42-f521c6e86360}" "EventMessageFile"="%systemroot%\system32\cscsvc.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\Microsoft-Windows-OverlayFilter] "ProviderGuid"="{46c78e5c-a213-46a8-8a6b-622f6916201d}" "EventMessageFile"="%SystemRoot%\system32\drivers\wof.sys" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\Microsoft-Windows-PersistentMemory-INvdimm] "ProviderGuid"="{94d560d0-147e-51c9-763a-b03634331449}" "EventMessageFile"="%SystemRoot%\system32\drivers\invdimm.sys" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\Microsoft-Windows-PersistentMemory-NvdimmN] "ProviderGuid"="{ba4b59d0-3388-55a0-bdd7-8fd539dee1d2}" "EventMessageFile"="%SystemRoot%\system32\drivers\nvdimmn.sys" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\Microsoft-Windows-PersistentMemory-PmemDisk] "ProviderGuid"="{0fa2ee03-1feb-5057-3bb3-eb25521b8482}" "EventMessageFile"="%SystemRoot%\system32\drivers\pmem.sys" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\Microsoft-Windows-PersistentMemory-VirtualNvdimm] "ProviderGuid"="{3244f41a-e7e6-5f92-8c62-6ca864cb8cea}" "EventMessageFile"="%SystemRoot%\system32\drivers\vnvdimm.sys" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\Microsoft-Windows-Power-Meter-Polling] "ProviderGuid"="{306c4e0b-e148-543d-315b-c618eb93157c}" "EventMessageFile"="%SystemRoot%\system32\umpoext.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\Microsoft-Windows-Power-Troubleshooter] "ProviderGuid"="{cdc05e28-c449-49c6-b9d2-88cf761644df}" "EventMessageFile"="%systemroot%\system32\pots.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\Microsoft-Windows-ReFS] "ProviderGuid"="{cd9c6198-bf73-4106-803b-c17d26559018}" "EventMessageFile"="%SystemRoot%\system32\drivers\refs.sys" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\Microsoft-Windows-ReFS-v1] "ProviderGuid"="{059f0f37-910e-4ff0-a7ee-ae8d49dd319b}" "EventMessageFile"="%SystemRoot%\system32\drivers\refsv1.sys" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\Microsoft-Windows-ResetEng] "ProviderGuid"="{a4445c76-ed85-c8a3-02c1-532a38614a9e}" "EventMessageFile"="%windir%\system32\reseteng.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\Microsoft-Windows-Resource-Exhaustion-Detector] "ProviderGuid"="{9988748e-c2e8-4054-85f6-0c3e1cad2470}" "EventMessageFile"="%SystemRoot%\system32\radardt.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\Microsoft-Windows-ResourcePublication] "ProviderGuid"="{74c2135f-cc76-45c3-879a-ef3bb1eeaf86}" "EventMessageFile"="%SystemRoot%\system32\fdrespub.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\Microsoft-Windows-SCPNP] "ProviderGuid"="{9f650c63-9409-453c-a652-83d7185a2e83}" "EventMessageFile"="%SystemRoot%\system32\certprop.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\Microsoft-Windows-Serial-ClassExtension] "ProviderGuid"="{47bc9477-a8ba-452e-b951-4f2ed3593cf9}" "EventMessageFile"="%SystemRoot%\system32\drivers\SerCx.sys" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\Microsoft-Windows-Serial-ClassExtension-V2] "ProviderGuid"="{eee173ef-7ed2-45de-9877-01c70a852fbd}" "EventMessageFile"="%SystemRoot%\system32\drivers\SerCx2.sys" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\Microsoft-Windows-Servicing] "EventMessageFile"="%SystemRoot%\servicing\cbsmsg.dll" "ProviderGuid"="{bd12f3b8-fc40-4a61-a307-b7a013a069c1}" "TypesSupported"= 0x0000000007 (7) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\Microsoft-Windows-Setup] "ProviderGuid"="{75ebc33e-997f-49cf-b49f-ecc50184b75d}" "EventMessageFile"="%SystemRoot%\system32\oobe\winsetup.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\Microsoft-Windows-SetupPlatform] "ProviderGuid"="{530fb9b9-c515-4472-9313-fb346f9255e3}" "EventMessageFile"="%SystemRoot%\system32\setupetw.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\Microsoft-Windows-SPB-ClassExtension] "ProviderGuid"="{72cd9ff7-4af8-4b89-aede-5f26fda13567}" "EventMessageFile"="%SystemRoot%\system32\drivers\SpbCx.sys" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\Microsoft-Windows-SPB-HIDI2C] "ProviderGuid"="{991f8fe6-249d-44d6-b93d-5a3060c1dedb}" "EventMessageFile"="%SystemRoot%\system32\drivers\hidi2c.sys" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\Microsoft-Windows-Spell-Checking] "ProviderGuid"="{d0e22efc-ac66-4b25-a72d-382736b5e940}" "EventMessageFile"="%systemroot%\System32\MsSpellCheckingFacility.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\Microsoft-Windows-SpellChecker] "ProviderGuid"="{b2fcd41f-9a40-4150-8c92-b224b7d8c8aa}" "EventMessageFile"="%systemroot%\System32\MsSpellCheckingFacility.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\Microsoft-Windows-StartupRepair] "ProviderGuid"="{c914f0df-835a-4a22-8c70-732c9a80c634}" "EventMessageFile"="%SystemRoot%\System32\reagent.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\Microsoft-Windows-Subsys-SMSS] "ProviderGuid"="{43e63da5-41d1-4fbf-aded-1bbed98fdd1d}" "EventMessageFile"="%windir%\system32\csrsrv.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\Microsoft-Windows-TaskScheduler] "ProviderGuid"="{de7b24ea-73c8-4a09-985d-5bdadcfa9017}" "EventMessageFile"="%SystemRoot%\system32\schedsvc.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\Microsoft-Windows-TerminalServices-LocalSessionManager] "ProviderGuid"="{5d896912-022d-40aa-a3a8-4fa5515c76d7}" "EventMessageFile"="%SystemRoot%\system32\lsm.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\Microsoft-Windows-TerminalServices-RemoteConnectionManager] "ProviderGuid"="{c76baa63-ae81-421c-b425-340b4b24157f}" "EventMessageFile"="%SystemRoot%\system32\termsrv.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\Microsoft-Windows-Time-Service] "ProviderGuid"="{06edcfeb-0fd0-4e53-acca-a6f8bbf81bcb}" "EventMessageFile"="%SystemRoot%\system32\w32time.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\Microsoft-Windows-TPM-WMI] "ProviderGuid"="{7d5387b0-cbe0-11da-a94d-0800200c9a66}" "EventMessageFile"="%SystemRoot%\system32\TpmCoreProvisioning.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\Microsoft-Windows-USB-CCID] "ProviderGuid"="{f708c483-4880-11e6-9121-5cf37068b67b}" "EventMessageFile"="%SystemRoot%\System32\Drivers\UMDF\UsbccidDriver.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\Microsoft-Windows-USB-MAUSBHOST] "ProviderGuid"="{7725b5f9-1f2e-4e21-baeb-b2af4690bc87}" "EventMessageFile"="%SystemRoot%\system32\drivers\MAUSBHOST.sys" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\Microsoft-Windows-USB-USBHUB3] "ProviderGuid"="{ac52ad17-cc01-4f85-8df5-4dce4333c99b}" "EventMessageFile"="%systemroot%\System32\drivers\usbhub3.sys" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\Microsoft-Windows-USB-USBXHCI] "ProviderGuid"="{30e1d284-5d88-459c-83fd-6345b39b19ec}" "EventMessageFile"="%SystemRoot%\system32\drivers\usbxhci.sys" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\Microsoft-Windows-UserModePowerService] "ProviderGuid"="{ce8dee0b-d539-4000-b0f8-77bed049c590}" "EventMessageFile"="%SystemRoot%\system32\umpo.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\Microsoft-Windows-UserPnp] "ProviderGuid"="{96f4a050-7e31-453c-88be-9634f4e02139}" "EventMessageFile"="%SystemRoot%\system32\umpnpmgr.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\Microsoft-Windows-WHEA-Logger] "ProviderGuid"="{c26c4f3c-3f66-4e99-8f8a-39405cfed220}" "EventMessageFile"="%systemroot%\system32\whealogr.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\Microsoft-Windows-WindowsToGo-StartupOptions] "ProviderGuid"="{2e6cb42e-161d-413b-a6c1-84ca4c1e5890}" "EventMessageFile"="%SystemRoot%\System32\pwlauncher.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\Microsoft-Windows-WindowsUpdateClient] "ProviderGuid"="{945a8954-c147-4acd-923f-40c45405a658}" "EventMessageFile"="%systemroot%\system32\wuaueng.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\Microsoft-Windows-Wininit] "ProviderGuid"="{206f6dea-d3c5-4d10-bc72-989f03c8b84b}" "EventMessageFile"="%SystemRoot%\system32\wininit.exe" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\Microsoft-Windows-Winlogon] "ProviderGuid"="{dbe9b383-7cf3-4331-91cc-a3cb16a3b538}" "EventMessageFile"="%SystemRoot%\system32\winlogon.exe" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\Microsoft-Windows-WLAN-AutoConfig] "ProviderGuid"="{9580d7dd-0379-4658-9870-d5be7d52d6de}" "EventMessageFile"="%windir%\system32\wlansvc.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\mlx4_bus] "EventMessageFile"="%SystemRoot%\System32\drivers\mlx4_bus.sys;%SystemRoot%\System32\IoLogMsg.dll" "TypesSupported"= 0x0000000007 (7) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\mouclass] "EventMessageFile"="%SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\mouclass.sys" "TypesSupported"= 0x0000000007 (7) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\mouhid] "EventMessageFile"="%SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\mouhid.sys" "TypesSupported"= 0x0000000007 (7) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\mrxsmb] "EventMessageFile"="%systemroot%\system32\netevent.dll;%systemroot%\system32\iologmsg.dll" "TypesSupported"= 0x0000000007 (7) "ParameterMessageFile"="%SystemRoot%\System32\kernel32.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\MsBridge] "EventMessageFile"="%SystemRoot%\System32\netevent.dll" "TypesSupported"= 0x0000000007 (7) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\MSDTC Gateway] "EventMessageFile"="C:\Windows\Microsoft.NET\Framework64\v2.0.50727\EventLogMessages.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\MSDTC WS-AT Protocol] "EventMessageFile"="C:\Windows\Microsoft.NET\Framework64\v2.0.50727\EventLogMessages.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\mshidumdf] "EventMessageFile"="%SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\Drivers\umdf\Microsoft.Bluetooth.Profiles.HidOverGatt.dll" "TypesSupported"= 0x0000000007 (7) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\MSiSCSI] "EventMessageFile"="%systemroot%\System32\iscsiexe.dll" "TypesSupported"= 0x0000000007 (7) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\MTConfig] "EventMessageFile"="%SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\MTConfig.sys" "TypesSupported"= 0x0000000007 (7) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\Mup] "EventMessageFile"="%systemroot%\system32\netevent.dll;%systemroot%\system32\iologmsg.dll" "TypesSupported"= 0x0000000007 (7) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\mvumis] "EventMessageFile"="%SystemRoot%\System32\IoLogMsg.dll" "TypesSupported"= 0x0000000007 (7) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\NdisImPlatform] "EventMessageFile"="%SystemRoot%\System32\netevent.dll" "TypesSupported"= 0x0000000007 (7) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\NdisImPlatformSysEvtProvider] "ProviderGuid"="{62de9e48-90c6-4755-8813-6a7d655b0802}" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\NdisWan] "EventMessageFile"="%SystemRoot%\System32\mprmsg.dll" "TypesSupported"= 0x000000001f (31) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\ndiswanlegacy] "EventMessageFile"="%SystemRoot%\System32\mprmsg.dll" "TypesSupported"= 0x000000001f (31) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\NetBIOS] "EventMessageFile"="%SystemRoot%\system32\iologmsg.dll" "TypesSupported"= 0x0000000007 (7) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\NetBT] "EventMessageFile"="%SystemRoot%\System32\netevent.dll" "TypesSupported"= 0x0000000007 (7) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\NetJoin] "ProviderGuid"="{9741fd4e-3757-479f-a3c6-fc49f6d5edd0}" "EventMessageFile"="%windir%\System32\netjoin.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\Netlogon] "EventMessageFile"="%SystemRoot%\System32\netmsg.dll" "ParameterMessageFile"="%SystemRoot%\System32\kernel32.dll" "TypesSupported"= 0x0000000007 (7) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\netvscvfpp] "EventMessageFile"="%SystemRoot%\system32\netevent.dll" "TypesSupported"= 0x0000000007 (7) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\Ntfs] "EventMessageFile"="%SystemRoot%\system32\drivers\ntfs.sys" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\nvdimmn] "EventMessageFile"="%SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\nvdimmn.sys" "TypesSupported"= 0x0000000007 (7) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\nvlddmkm] (No values found) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\nvstor] "EventMessageFile"="%SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\nvstor.sys" "TypesSupported"= 0x0000000007 (7) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\nv_agp] "EventMessageFile"="%SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\nv_agp.sys" "TypesSupported"= 0x0000000007 (7) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\P2PIMSvc] "ProviderGuid"="{2992E9CF-4F99-48f5-A0B6-B99B11CD387D}" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\Parport] "EventMessageFile"="%SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\parport.sys" "TypesSupported"= 0x0000000007 (7) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\partmgr] "EventMessageFile"="%SystemRoot%\System32\IoLogMsg.dll" "TypesSupported"= 0x0000000007 (7) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\pcmcia] "EventMessageFile"="%SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\Drivers\Pcmcia.sys" "TypesSupported"= 0x0000000007 (7) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\percsas2i] "EventMessageFile"="%SystemRoot%\System32\IoLogMsg.dll" "TypesSupported"= 0x0000000007 (7) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\percsas3i] "EventMessageFile"="%SystemRoot%\System32\IoLogMsg.dll" "TypesSupported"= 0x0000000007 (7) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\pmem] "EventMessageFile"="%SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\pmem.sys" "TypesSupported"= 0x0000000007 (7) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\PNPMEM] "EventMessageFile"="%SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\pnpmem.sys" "TypesSupported"= 0x0000000007 (7) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\PNRPSvc] "ProviderGuid"="{BBE94F36-F8DC-4C33-8227-81602B7A3D53}" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\Power] "EventMessageFile"="%SystemRoot%\System32\umpo.dll" "TypesSupported"= 0x0000000007 (7) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\PptpMiniport] "EventMessageFile"="%SystemRoot%\System32\netevent.dll" "TypesSupported"= 0x0000000007 (7) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\Print] "EventMessageFile"="%SystemRoot%\System32\ntprint.dll" "providerGuid"="{747EF6FD-E535-4d16-B510-42C90F6873A1}" "TypesSupported"= 0x0000000007 (7) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\PrintFilterPipelineSvc] "ProviderGuid"="{5B33145C-1C66-49F3-B4CA-F563C165F2C0}" "TypesSupported"= 0x0000000001 (1) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\Processor] "EventMessageFile"="%SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\processr.sys" "TypesSupported"= 0x0000000007 (7) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\RasAuto] "EventMessageFile"="%SystemRoot%\System32\mprmsg.dll" "TypesSupported"= 0x000000001f (31) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\RasCfg] "EventMessageFile"="%SystemRoot%\System32\mprmsg.dll" "TypesSupported"= 0x000000001f (31) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\Rasman] "EventMessageFile"="%SystemRoot%\System32\mprmsg.dll" "TypesSupported"= 0x000000001f (31) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\RasSstp] "EventMessageFile"="%systemroot%\system32\sstpsvc.dll" "ProviderGuid"="{6c260f2c-049a-43d8-bf4d-d350a4e6611a}" "TypesSupported"= 0x000000001c (28) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\rdbss] "EventMessageFile"="C:\Windows\System32\netevent.dll" "TypesSupported"= 0x0000000007 (7) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\RemoteAccess] "EventMessageFile"="%SystemRoot%\System32\mprmsg.dll" "ParameterMessageFile"="%SystemRoot%\System32\iassvcs.dll" "TypesSupported"= 0x000000001f (31) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\RetailDemo] "EventMessageFile"="%SystemRoot%\system32\RDXService.dll" "ProviderGuid"="{d3f29eda-805d-428a-9902-b259b937f84b}" "TypesSupported"= 0x0000000007 (7) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\rhproxy] "EventMessageFile"="%SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\Drivers\rhproxy.sys" "TypesSupported"= 0x0000000007 (7) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\rspndr] "EventMessageFile"="%SystemRoot%\System32\netevent.dll" "TypesSupported"= 0x0000000007 (7) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\rt640x64] "EventMessageFile"="%SystemRoot%\System32\netevent.dll;%SystemRoot%\System32\drivers\rt640x64.sys" "TypesSupported"= 0x0000000007 (7) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\SAM] "EventMessageFile"="%SystemRoot%\System32\samsrv.dll" "providerGuid"="{0D4FDC09-8C27-494A-BDA0-505E4FD8ADAE}" "TypesSupported"= 0x0000000007 (7) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\sbp2port] "EventMessageFile"="%SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\sbp2port.sys" "TypesSupported"= 0x0000000007 (7) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\SCardSvr] "providerGuid"="{4FCBF664-A33A-4652-B436-9D558983D955}" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\Schannel] "ProviderGuid"="{1f678132-5938-4686-9fdc-c8ff68f15c85}" "EventMessageFile"="%windir%\System32\lsasrv.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\scmbus] "EventMessageFile"="%SystemRoot%\System32\IoLogMsg.dll" "TypesSupported"= 0x0000000007 (7) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\sercx] "EventMessageFile"="\SystemRoot\system32\drivers\SerCx.sys" "TypesSupported"= 0x0000000007 (7) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\sercx2] "EventMessageFile"="\SystemRoot\system32\drivers\SerCx2.sys" "TypesSupported"= 0x0000000007 (7) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\Serial] "EventMessageFile"="%SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\serial.sys" "TypesSupported"= 0x0000000007 (7) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\sermouse] "EventMessageFile"="%SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\sermouse.sys" "TypesSupported"= 0x0000000007 (7) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\Server] "EventMessageFile"="%SystemRoot%\System32\netevent.dll" "TypesSupported"= 0x0000000007 (7) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\Service Control Manager] "ProviderGuid"="{555908d1-a6d7-4695-8e1e-26931d2012f4}" "EventMessageFile"="%SystemRoot%\system32\services.exe" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\SiSRaid2] "EventMessageFile"="%SystemRoot%\System32\IoLogMsg.dll" "TypesSupported"= 0x0000000007 (7) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\SiSRaid4] "EventMessageFile"="%SystemRoot%\System32\IoLogMsg.dll" "TypesSupported"= 0x0000000007 (7) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\SMSvcHost 3.0.0.0] "CategoryCount"= 0x000000000e (14) "CategoryMessageFile"="C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\ServiceModelEvents.dll" "EventMessageFile"="C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\ServiceModelEvents.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\SMSvcHost 4.0.0.0] "CategoryCount"= 0x000000000f (15) "CategoryMessageFile"="C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ServiceModelEvents.dll" "EventMessageFile"="C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ServiceModelEvents.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\SNMPTRAP] "EventMessageFile"="%SystemRoot%\System32\snmptrap.exe" "TypesSupported"= 0x0000000007 (7) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\spaceport] "EventMessageFile"="%SystemRoot%\System32\iologmsg.dll" "TypesSupported"= 0x0000000007 (7) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\spbcx] "EventMessageFile"="\SystemRoot\system32\drivers\SpbCx.sys" "TypesSupported"= 0x0000000007 (7) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\Srv] "EventMessageFile"="%SystemRoot%\System32\netevent.dll" "TypesSupported"= 0x0000000007 (7) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\stexstor] "EventMessageFile"="%SystemRoot%\System32\IoLogMsg.dll" "TypesSupported"= 0x0000000007 (7) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\StillImage] "EventMessageFile"="%SystemRoot%\System32\wiaservc.dll" "TypesSupported"= 0x0000000007 (7) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\storahci] "EventMessageFile"="%SystemRoot%\System32\IoLogMsg.dll" "TypesSupported"= 0x0000000007 (7) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\stornvme] "EventMessageFile"="%SystemRoot%\System32\IoLogMsg.dll" "TypesSupported"= 0x0000000007 (7) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\System] "CategoryCount"= 0x0000000007 (7) "CategoryMessageFile"="%SystemRoot%\system32\wevtapi.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\Tcpip] "EventMessageFile"="%SystemRoot%\system32\netevent.dll" "TypesSupported"= 0x0000000007 (7) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\Tcpip6] "EventMessageFile"="%SystemRoot%\system32\netevent.dll" "TypesSupported"= 0x0000000007 (7) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\TCPMon] "EventMessageFile"="%SystemRoot%\System32\tcpmon.dll" "TypesSupported"= 0x0000000007 (7) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\TermService] "EventMessageFile"="%SystemRoot%\system32\termsrv.dll" "providerGuid"="{C76BAA63-AE81-421C-B425-340B4B24157F}" "TypesSupported"= 0x0000000007 (7) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\TPM] "ProviderGuid"="{1b6b0772-251b-4d42-917d-faca166bc059}" "EventMessageFile"="%SystemRoot%\System32\drivers\tpm.sys" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\tsusbflt] "ProviderGuid"="{6e400999-5b82-475f-b800-cef6fe361539}" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\tsusbhub] "ProviderGuid"="{dcbe5aaa-16e2-457c-9337-366950045f0a}" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\tunnel] "EventMessageFile"="%SystemRoot%\System32\netevent.dll" "TypesSupported"= 0x0000000007 (7) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\uagp35] "EventMessageFile"="%SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\uagp35.sys" "TypesSupported"= 0x0000000007 (7) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\UASPStor] "EventMessageFile"="%SystemRoot%\System32\iologmsg.dll" "TypesSupported"= 0x0000000007 (7) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\UEFI] "EventMessageFile"="%SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\Drivers\uefi.sys" "TypesSupported"= 0x0000000007 (7) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\uliagpkx] "EventMessageFile"="%SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\uliagpkx.sys" "TypesSupported"= 0x0000000007 (7) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\UmRdpService] "EventMessageFile"="%SystemRoot%\System32\umrdp.dll" "providerGuid"="{952773BF-C2B7-49BC-88F4-920744B82C43}" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\usbehci] "EventMessageFile"="%SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\Drivers\usbehci.sys" "TypesSupported"= 0x0000000007 (7) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\usbrndis6] "EventMessageFile"="%SystemRoot%\System32\netevent.dll" "TypesSupported"= 0x0000000007 (7) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\usbser] "EventMessageFile"="%SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\Drivers\usbser.sys" "TypesSupported"= 0x0000000007 (7) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\User32] "ProviderGuid"="{b0aa8734-56f7-41cc-b2f4-de228e98b946}" "EventMessageFile"="%SystemRoot%\system32\user32.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\VBoxNetLwf] "EventMessageFile"="%SystemRoot%\System32\IoLogMsg.dll" "TypesSupported"= 0x0000000007 (7) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\VBoxUSBMon] "EventMessageFile"="%SystemRoot%\System32\IoLogMsg.dll" "TypesSupported"= 0x0000000007 (7) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\VDS Basic Provider] "EventMessageFile"="%SystemRoot%\System32\vdsbas.dll" "TypesSupported"= 0x0000000007 (7) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\VDS Dynamic Provider] "EventMessageFile"="%SystemRoot%\System32\vdsdyn.dll" "TypesSupported"= 0x0000000007 (7) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\VDS Virtual Disk Provider] "EventMessageFile"="%SystemRoot%\System32\vdsvd.dll" "TypesSupported"= 0x0000000007 (7) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\Virtual Disk Service] "EventMessageFile"="%SystemRoot%\System32\vds.exe" "TypesSupported"= 0x0000000007 (7) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\vnvdimm] "EventMessageFile"="%SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\vnvdimm.sys" "TypesSupported"= 0x0000000007 (7) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\volmgr] "EventMessageFile"="%SystemRoot%\System32\IoLogMsg.dll" "TypesSupported"= 0x0000000007 (7) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\Volsnap] "ProviderGuid"="{cb017cd2-1f37-4e65-82bc-3e91f6a37559}" "EventMessageFile"="%SystemRoot%\system32\drivers\volsnap.sys" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\vpci] "EventMessageFile"="%SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\vpci.sys" "TypesSupported"= 0x0000000007 (7) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\vsmraid] "EventMessageFile"="%SystemRoot%\System32\IoLogMsg.dll" "TypesSupported"= 0x0000000007 (7) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\VSTXRAID] "EventMessageFile"="%SystemRoot%\System32\IoLogMsg.dll" "TypesSupported"= 0x0000000007 (7) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\W32Time] "EventMessageFile"="%Systemroot%\system32\w32time.dll" "ProviderGuid"="{06EDCFEB-0FD0-4E53-ACCA-A6F8BBF81BCB}" "TypesSupported"= 0x0000000007 (7) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\WacomPen] "EventMessageFile"="%SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\wacompen.sys" "TypesSupported"= 0x0000000007 (7) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\WalletService] "EventMessageFile"="%SystemRoot%\system32\WalletService.dll" "ProviderGuid"="{6ED11B00-C1B5-48CB-AECC-FF72EBEFBAE8}" "TypesSupported"= 0x0000000007 (7) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\wdf01000] "EventMessageFile"="C:\Windows\System32\drivers\Wdf01000.sys" "TypesSupported"= 0x0000000007 (7) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\wecsvc] "EventMessageFile"="%SystemRoot%\System32\wecsvc.dll" "TypesSupported"= 0x0000000007 (7) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\Win32k] "EventMessageFile"="%SystemRoot%\System32\win32kbase.sys" "TypesSupported"= 0x0000000007 (7) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\WinDefend] "EventMessageFile"="%ProgramFiles%\Windows Defender\MpEvMsg.dll" "ParameterMessageFile"="%ProgramFiles%\Windows Defender\MpEvMsg.dll" "ProviderGuid"="{11CD958A-C507-4EF3-B3F2-5FD9DFBD2C78}" "TypesSupported"= 0x0000000007 (7) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\Windows Disk Diagnostic] "EventMessageFile"="%SystemRoot%\System32\DFDTS.dll" "TypesSupported"= 0x0000000007 (7) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\Windows Script Host] "EventMessageFile"="%SystemRoot%\System32\wshext.dll" "TypesSupported"= 0x0000000018 (24) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\WinHttpAutoProxySvc] "EventMessageFile"="$(runtime.system32)\winhttp.dll" "ProviderGuid"="{7D44233D-3055-4B9C-BA64-0D47CA40A232}" "TypesSupported"= 0x0000000007 (7) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\WinNat] "EventMessageFile"="%SystemRoot%\System32\netevent.dll" "TypesSupported"= 0x0000000007 (7) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\WinRM] "ProviderGuid"="{A7975C8F-AC13-49F1-87DA-5A984A4AB417}" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\WMIxWDM] "EventMessageFile"="%SystemRoot%\System32\IoLogMsg.dll" "TypesSupported"= 0x0000000007 (7) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\WMPNetworkSvc] "ProviderGuid"="{6A2DC7C1-930A-4FB5-BB44-80B30AEBED6C}" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\Workstation] "EventMessageFile"="C:\Windows\System32\netmsg.dll" "TypesSupported"= 0x0000000007 (7) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\WPDClassInstaller] "ProviderGuid"="{AD5162D8-DAF0-4A25-88A7-01CBEB33902E}" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Windows PowerShell] "AutoBackupLogFiles"= 0x0000000000 (0) "MaxSize"= 0x0000f00000 (15728640) "Retention"= 0x0000000000 (0) "Sources"="PowerShell" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Windows PowerShell\PowerShell] "CategoryCount"= 0x0000000008 (8) "CategoryMessageFile"="%SystemRoot%\system32\WindowsPowerShell\v1.0\pwrshmsg.dll" "EventMessageFile"="%SystemRoot%\system32\WindowsPowerShell\v1.0\pwrshmsg.dll" -= EOF =-