| 1 | <?xml version="1.0" encoding="utf-8" standalone="yes"?>
|
|---|
| 2 | <Events><Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'><System><Provider Name='Microsoft-Windows-Eventlog' Guid='{fc65ddd8-d6ef-4962-83d5-6e5cfe9ce148}'/><EventID>104</EventID><Version>0</Version><Level>4</Level><Task>104</Task><Opcode>0</Opcode><Keywords>0x8000000000000000</Keywords><TimeCreated SystemTime='2016-08-19T04:32:45.913128000Z'/><EventRecordID>1040</EventRecordID><Correlation/><Execution ProcessID='888' ThreadID='1108'/><Channel>System</Channel><Computer>ScarletOhare</Computer><Security UserID='S-1-5-21-2730472708-705503196-3691651915-1001'/></System><UserData><LogFileCleared xmlns='http://manifests.microsoft.com/win/2004/08/windows/eventlog'><SubjectUserName>Bruce</SubjectUserName><SubjectDomainName>SCARLETOHARE</SubjectDomainName><Channel>Application</Channel><BackupPath></BackupPath></LogFileCleared></UserData><RenderingInfo Culture='en-US'><Message>The Application log file was cleared.</Message><Level>Information</Level><Task>Log clear</Task><Opcode>Info</Opcode><Channel>System</Channel><Provider>Microsoft-Windows-Eventlog</Provider><Keywords></Keywords></RenderingInfo></Event><Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'><System><Provider Name='Microsoft-Windows-WindowsUpdateClient' Guid='{945A8954-C147-4ACD-923F-40C45405A658}'/><EventID>19</EventID><Version>1</Version><Level>4</Level><Task>1</Task><Opcode>13</Opcode><Keywords>0x8000000000000018</Keywords><TimeCreated SystemTime='2016-08-19T03:41:27.470428900Z'/><EventRecordID>1039</EventRecordID><Correlation/><Execution ProcessID='1036' ThreadID='6728'/><Channel>System</Channel><Computer>ScarletOhare</Computer><Security UserID='S-1-5-18'/></System><EventData><Data Name='updateTitle'>Definition Update for Windows Defender - KB2267602 (Definition 1.227.120.0)</Data><Data Name='updateGuid'>{8F49766C-76C1-4CB2-9F64-DCC4E86C3A80}</Data><Data Name='updateRevisionNumber'>200</Data><Data Name='serviceGuid'>{7971F918-A847-4430-9279-4A52D1EFE18D}</Data></EventData><RenderingInfo Culture='en-US'><Message>Installation Successful: Windows successfully installed the following update: Definition Update for Windows Defender - KB2267602 (Definition 1.227.120.0)</Message><Level>Information</Level><Task>Windows Update Agent</Task><Opcode>Installation</Opcode><Channel>System</Channel><Provider>Microsoft-Windows-WindowsUpdateClient</Provider><Keywords><Keyword>Installation</Keyword><Keyword>Success</Keyword></Keywords></RenderingInfo></Event><Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'><System><Provider Name='Microsoft-Windows-WindowsUpdateClient' Guid='{945A8954-C147-4ACD-923F-40C45405A658}'/><EventID>43</EventID><Version>1</Version><Level>4</Level><Task>1</Task><Opcode>13</Opcode><Keywords>0x8000000000002008</Keywords><TimeCreated SystemTime='2016-08-19T03:41:07.445622900Z'/><EventRecordID>1038</EventRecordID><Correlation/><Execution ProcessID='1036' ThreadID='6728'/><Channel>System</Channel><Computer>ScarletOhare</Computer><Security UserID='S-1-5-18'/></System><EventData><Data Name='updateTitle'>Definition Update for Windows Defender - KB2267602 (Definition 1.227.120.0)</Data><Data Name='updateGuid'>{8F49766C-76C1-4CB2-9F64-DCC4E86C3A80}</Data><Data Name='updateRevisionNumber'>200</Data></EventData><RenderingInfo Culture='en-US'><Message>Installation Started: Windows has started installing the following update: Definition Update for Windows Defender - KB2267602 (Definition 1.227.120.0)</Message><Level>Information</Level><Task>Windows Update Agent</Task><Opcode>Installation</Opcode><Channel>System</Channel><Provider>Microsoft-Windows-WindowsUpdateClient</Provider><Keywords><Keyword>Installation</Keyword><Keyword>Started</Keyword></Keywords></RenderingInfo></Event><Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'><System><Provider Name='Microsoft-Windows-Kernel-General' Guid='{A68CA8B7-004F-D7B6-A698-07E2DE0F1F5D}'/><EventID>16</EventID><Version>0</Version><Level>4</Level><Task>0</Task><Opcode>0</Opcode><Keywords>0x8000000000000000</Keywords><TimeCreated SystemTime='2016-08-19T03:40:30.691438500Z'/><EventRecordID>1037</EventRecordID><Correlation/><Execution ProcessID='2504' ThreadID='8756'/><Channel>System</Channel><Computer>ScarletOhare</Computer><Security UserID='S-1-5-21-2730472708-705503196-3691651915-1001'/></System><EventData><Data Name='HiveNameLength'>102</Data><Data Name='HiveName'>\??\C:\Users\Bruce\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\Settings\settings.dat</Data><Data Name='KeysUpdated'>8</Data><Data Name='DirtyPages'>1</Data></EventData><RenderingInfo Culture='en-US'><Message>The access history in hive \??\C:\Users\Bruce\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\Settings\settings.dat was cleared updating 8 keys and creating 1 modified pages.</Message><Level>Information</Level><Task></Task><Opcode>Info</Opcode><Channel>System</Channel><Provider>Microsoft-Windows-Kernel-General</Provider><Keywords></Keywords></RenderingInfo></Event><Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'><System><Provider Name='Microsoft-Windows-WindowsUpdateClient' Guid='{945A8954-C147-4ACD-923F-40C45405A658}'/><EventID>44</EventID><Version>1</Version><Level>4</Level><Task>1</Task><Opcode>12</Opcode><Keywords>0x8000000000002004</Keywords><TimeCreated SystemTime='2016-08-19T02:57:22.244462000Z'/><EventRecordID>1036</EventRecordID><Correlation/><Execution ProcessID='1036' ThreadID='4536'/><Channel>System</Channel><Computer>ScarletOhare</Computer><Security UserID='S-1-5-18'/></System><EventData><Data Name='updateTitle'>Definition Update for Windows Defender - KB2267602 (Definition 1.227.120.0)</Data><Data Name='updateGuid'>{8F49766C-76C1-4CB2-9F64-DCC4E86C3A80}</Data><Data Name='updateRevisionNumber'>200</Data></EventData><RenderingInfo Culture='en-US'><Message>Windows Update started downloading an update.</Message><Level>Information</Level><Task>Windows Update Agent</Task><Opcode>Download</Opcode><Channel>System</Channel><Provider>Microsoft-Windows-WindowsUpdateClient</Provider><Keywords><Keyword>Download</Keyword><Keyword>Started</Keyword></Keywords></RenderingInfo></Event><Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'><System><Provider Name='Microsoft-Windows-Kernel-Processor-Power' Guid='{0F67E49F-FE51-4E9F-B490-6F2948CC6027}'/><EventID>37</EventID><Version>0</Version><Level>3</Level><Task>7</Task><Opcode>0</Opcode><Keywords>0x8000000000000000</Keywords><TimeCreated SystemTime='2016-08-19T02:54:45.211444100Z'/><EventRecordID>1035</EventRecordID><Correlation/><Execution ProcessID='4' ThreadID='236'/><Channel>System</Channel><Computer>ScarletOhare</Computer><Security UserID='S-1-5-18'/></System><EventData><Data Name='Group'>0</Data><Data Name='Number'>3</Data><Data Name='CapDurationInSeconds'>71</Data><Data Name='PpcChanges'>1</Data><Data Name='TpcChanges'>0</Data><Data Name='PccChanges'>0</Data></EventData><RenderingInfo Culture='en-US'><Message>The speed of processor 3 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 71 seconds since the last report.</Message><Level>Warning</Level><Task></Task><Opcode>Info</Opcode><Channel>System</Channel><Provider>Microsoft-Windows-Kernel-Processor-Power</Provider><Keywords></Keywords></RenderingInfo></Event><Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'><System><Provider Name='Microsoft-Windows-Kernel-Processor-Power' Guid='{0F67E49F-FE51-4E9F-B490-6F2948CC6027}'/><EventID>37</EventID><Version>0</Version><Level>3</Level><Task>7</Task><Opcode>0</Opcode><Keywords>0x8000000000000000</Keywords><TimeCreated SystemTime='2016-08-19T02:54:45.211442800Z'/><EventRecordID>1034</EventRecordID><Correlation/><Execution ProcessID='4' ThreadID='232'/><Channel>System</Channel><Computer>ScarletOhare</Computer><Security UserID='S-1-5-18'/></System><EventData><Data Name='Group'>0</Data><Data Name='Number'>1</Data><Data Name='CapDurationInSeconds'>71</Data><Data Name='PpcChanges'>1</Data><Data Name='TpcChanges'>0</Data><Data Name='PccChanges'>0</Data></EventData><RenderingInfo Culture='en-US'><Message>The speed of processor 1 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 71 seconds since the last report.</Message><Level>Warning</Level><Task></Task><Opcode>Info</Opcode><Channel>System</Channel><Provider>Microsoft-Windows-Kernel-Processor-Power</Provider><Keywords></Keywords></RenderingInfo></Event><Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'><System><Provider Name='Microsoft-Windows-Kernel-Processor-Power' Guid='{0F67E49F-FE51-4E9F-B490-6F2948CC6027}'/><EventID>37</EventID><Version>0</Version><Level>3</Level><Task>7</Task><Opcode>0</Opcode><Keywords>0x8000000000000000</Keywords><TimeCreated SystemTime='2016-08-19T02:54:45.211439000Z'/><EventRecordID>1033</EventRecordID><Correlation/><Execution ProcessID='4' ThreadID='244'/><Channel>System</Channel><Computer>ScarletOhare</Computer><Security UserID='S-1-5-18'/></System><EventData><Data Name='Group'>0</Data><Data Name='Number'>0</Data><Data Name='CapDurationInSeconds'>71</Data><Data Name='PpcChanges'>1</Data><Data Name='TpcChanges'>0</Data><Data Name='PccChanges'>0</Data></EventData><RenderingInfo Culture='en-US'><Message>The speed of processor 0 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 71 seconds since the last report.</Message><Level>Warning</Level><Task></Task><Opcode>Info</Opcode><Channel>System</Channel><Provider>Microsoft-Windows-Kernel-Processor-Power</Provider><Keywords></Keywords></RenderingInfo></Event><Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'><System><Provider Name='Microsoft-Windows-Kernel-Processor-Power' Guid='{0F67E49F-FE51-4E9F-B490-6F2948CC6027}'/><EventID>37</EventID><Version>0</Version><Level>3</Level><Task>7</Task><Opcode>0</Opcode><Keywords>0x8000000000000000</Keywords><TimeCreated SystemTime='2016-08-19T02:54:45.211434300Z'/><EventRecordID>1032</EventRecordID><Correlation/><Execution ProcessID='4' ThreadID='248'/><Channel>System</Channel><Computer>ScarletOhare</Computer><Security UserID='S-1-5-18'/></System><EventData><Data Name='Group'>0</Data><Data Name='Number'>2</Data><Data Name='CapDurationInSeconds'>71</Data><Data Name='PpcChanges'>1</Data><Data Name='TpcChanges'>0</Data><Data Name='PccChanges'>0</Data></EventData><RenderingInfo Culture='en-US'><Message>The speed of processor 2 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 71 seconds since the last report.</Message><Level>Warning</Level><Task></Task><Opcode>Info</Opcode><Channel>System</Channel><Provider>Microsoft-Windows-Kernel-Processor-Power</Provider><Keywords></Keywords></RenderingInfo></Event><Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'><System><Provider Name='Microsoft-Windows-DistributedCOM' Guid='{1B562E86-B7AA-4131-BADC-B6F3A001407E}' EventSourceName='DCOM'/><EventID Qualifiers='0'>10016</EventID><Version>0</Version><Level>2</Level><Task>0</Task><Opcode>0</Opcode><Keywords>0x8080000000000000</Keywords><TimeCreated SystemTime='2016-08-19T02:54:37.059941300Z'/><EventRecordID>1031</EventRecordID><Correlation/><Execution ProcessID='976' ThreadID='1544'/><Channel>System</Channel><Computer>ScarletOhare</Computer><Security UserID='S-1-5-18'/></System><EventData><Data Name='param1'>application-specific</Data><Data Name='param2'>Local</Data><Data Name='param3'>Activation</Data><Data Name='param4'>{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}</Data><Data Name='param5'>{F72671A9-012C-4725-9D2F-2A4D32D65169}</Data><Data Name='param6'>NT AUTHORITY</Data><Data Name='param7'>SYSTEM</Data><Data Name='param8'>S-1-5-18</Data><Data Name='param9'>LocalHost (Using LRPC)</Data><Data Name='param10'>Unavailable</Data><Data Name='param11'>Unavailable</Data></EventData><RenderingInfo Culture='en-US'><Message>The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
|
|---|
| 3 | {8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
|
|---|
| 4 | and APPID
|
|---|
| 5 | {F72671A9-012C-4725-9D2F-2A4D32D65169}
|
|---|
| 6 | to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.</Message><Level>Error</Level><Task></Task><Opcode>Info</Opcode><Channel></Channel><Provider>Microsoft-Windows-DistributedCOM</Provider><Keywords><Keyword>Classic</Keyword></Keywords></RenderingInfo></Event><Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'><System><Provider Name='Microsoft-Windows-Winlogon' Guid='{DBE9B383-7CF3-4331-91CC-A3CB16A3B538}'/><EventID>7001</EventID><Version>0</Version><Level>4</Level><Task>1101</Task><Opcode>0</Opcode><Keywords>0x2000200000000000</Keywords><TimeCreated SystemTime='2016-08-19T02:54:36.616019000Z'/><EventRecordID>1030</EventRecordID><Correlation/><Execution ProcessID='408' ThreadID='568'/><Channel>System</Channel><Computer>ScarletOhare</Computer><Security UserID='S-1-5-18'/></System><EventData><Data Name='TSId'>1</Data><Data Name='UserSid'>S-1-5-21-2730472708-705503196-3691651915-1001</Data></EventData><RenderingInfo Culture='en-US'><Message>User Logon Notification for Customer Experience Improvement Program</Message><Level>Information</Level><Task></Task><Opcode>Info</Opcode><Channel>System</Channel><Provider>Microsoft-Windows-Winlogon</Provider><Keywords></Keywords></RenderingInfo></Event><Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'><System><Provider Name='Lfsvc'/><EventID Qualifiers='0'>1</EventID><Level>4</Level><Task>0</Task><Keywords>0x80000000000000</Keywords><TimeCreated SystemTime='2016-08-19T02:53:44.876886500Z'/><EventRecordID>1029</EventRecordID><Channel>System</Channel><Computer>ScarletOhare</Computer><Security/></System><EventData></EventData><RenderingInfo Culture='en-US'><Message>Geolocation positioning is enabled.</Message><Level>Information</Level><Task></Task><Opcode>Info</Opcode><Channel></Channel><Provider></Provider><Keywords><Keyword>Classic</Keyword></Keywords></RenderingInfo></Event><Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'><System><Provider Name='Service Control Manager' Guid='{555908d1-a6d7-4695-8e1e-26931d2012f4}' EventSourceName='Service Control Manager'/><EventID Qualifiers='49152'>7026</EventID><Version>0</Version><Level>4</Level><Task>0</Task><Opcode>0</Opcode><Keywords>0x8080000000000000</Keywords><TimeCreated SystemTime='2016-08-19T02:53:41.207200600Z'/><EventRecordID>1028</EventRecordID><Correlation/><Execution ProcessID='820' ThreadID='824'/><Channel>System</Channel><Computer>ScarletOhare</Computer><Security/></System><EventData><Data Name='param1'>
|
|---|
| 7 | dam</Data></EventData><RenderingInfo Culture='en-US'><Message>The following boot-start or system-start driver(s) did not load:
|
|---|
| 8 | dam</Message><Level>Information</Level><Task></Task><Opcode></Opcode><Channel></Channel><Provider>Microsoft-Windows-Service Control Manager</Provider><Keywords><Keyword>Classic</Keyword></Keywords></RenderingInfo></Event><Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'><System><Provider Name='Microsoft-Windows-WLAN-AutoConfig' Guid='{9580D7DD-0379-4658-9870-D5BE7D52D6DE}'/><EventID>4000</EventID><Version>0</Version><Level>4</Level><Task>0</Task><Opcode>1</Opcode><Keywords>0x4000000000000000</Keywords><TimeCreated SystemTime='2016-08-19T02:53:39.678480900Z'/><EventRecordID>1027</EventRecordID><Correlation/><Execution ProcessID='2224' ThreadID='2256'/><Channel>System</Channel><Computer>ScarletOhare</Computer><Security UserID='S-1-5-18'/></System><EventData></EventData><RenderingInfo Culture='en-US'><Message>WLAN AutoConfig service has successfully started.
|
|---|
| 9 | </Message><Level>Information</Level><Task></Task><Opcode>Start</Opcode><Channel>System</Channel><Provider>Microsoft-Windows-WLAN-AutoConfig</Provider><Keywords></Keywords></RenderingInfo></Event><Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'><System><Provider Name='Microsoft-Windows-TaskScheduler' Guid='{DE7B24EA-73C8-4A09-985D-5BDADCFA9017}'/><EventID>414</EventID><Version>0</Version><Level>3</Level><Task>414</Task><Opcode>0</Opcode><Keywords>0x4000000000000000</Keywords><TimeCreated SystemTime='2016-08-19T02:53:39.126392700Z'/><EventRecordID>1026</EventRecordID><Correlation/><Execution ProcessID='1036' ThreadID='1192'/><Channel>System</Channel><Computer>ScarletOhare</Computer><Security UserID='S-1-5-18'/></System><EventData Name='TaskMisconfigured'><Data Name='TaskName'>NT TASK\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join</Data><Data Name='Parameter'>%SystemRoot%\System32\AutoWorkplace.exe</Data></EventData><RenderingInfo Culture='en-US'><Message>Task Scheduler service found a misconfiguration in the NT TASK\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join definition. Additional Data: Error Value: %SystemRoot%\System32\AutoWorkplace.exe.</Message><Level>Warning</Level><Task>Task Misconfiguration</Task><Opcode>Info</Opcode><Channel>System</Channel><Provider>Microsoft-Windows-TaskScheduler</Provider><Keywords></Keywords></RenderingInfo></Event><Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'><System><Provider Name='Microsoft-Windows-DHCPv6-Client' Guid='{6A1F2B00-6A90-4C38-95A5-5CAB3B056778}'/><EventID>51046</EventID><Version>0</Version><Level>4</Level><Task>4</Task><Opcode>62</Opcode><Keywords>0x2000000000000000</Keywords><TimeCreated SystemTime='2016-08-19T02:53:39.073580000Z'/><EventRecordID>1025</EventRecordID><Correlation/><Execution ProcessID='888' ThreadID='1736'/><Channel>System</Channel><Computer>ScarletOhare</Computer><Security UserID='S-1-5-19'/></System><EventData></EventData><RenderingInfo Culture='en-US'><Message>DHCPv6 client service is started</Message><Level>Information</Level><Task>Service State Event</Task><Opcode>ServiceStart</Opcode><Channel>System</Channel><Provider>Microsoft-Windows-DHCPv6-Client</Provider><Keywords></Keywords></RenderingInfo></Event><Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'><System><Provider Name='Microsoft-Windows-Dhcp-Client' Guid='{15A7A4F8-0072-4EAB-ABAD-F98A4D666AED}'/><EventID>50036</EventID><Version>0</Version><Level>4</Level><Task>4</Task><Opcode>68</Opcode><Keywords>0x2000000000000000</Keywords><TimeCreated SystemTime='2016-08-19T02:53:39.036591800Z'/><EventRecordID>1024</EventRecordID><Correlation/><Execution ProcessID='888' ThreadID='1668'/><Channel>System</Channel><Computer>ScarletOhare</Computer><Security UserID='S-1-5-19'/></System><EventData></EventData><RenderingInfo Culture='en-US'><Message>DHCPv4 client service is started</Message><Level>Information</Level><Task>Service State Event</Task><Opcode>ServiceStart</Opcode><Channel>System</Channel><Provider>Microsoft-Windows-Dhcp-Client</Provider><Keywords></Keywords></RenderingInfo></Event><Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'><System><Provider Name='Microsoft-Windows-FilterManager' Guid='{F3C5E28E-63F6-49C7-A204-E48A1BC4B09D}'/><EventID>6</EventID><Version>1</Version><Level>4</Level><Task>0</Task><Opcode>0</Opcode><Keywords>0x8000400000000000</Keywords><TimeCreated SystemTime='2016-08-19T02:53:38.849069200Z'/><EventRecordID>1023</EventRecordID><Correlation/><Execution ProcessID='4' ThreadID='388'/><Channel>System</Channel><Computer>ScarletOhare</Computer><Security UserID='S-1-5-18'/></System><EventData><Data Name='FinalStatus'>0x0</Data><Data Name='DeviceVersionMajor'>10</Data><Data Name='DeviceVersionMinor'>0</Data><Data Name='DeviceNameLength'>5</Data><Data Name='DeviceName'>wcnfs</Data><Data Name='DeviceTime'>2016-07-15T22:28:27.000000000Z</Data><Data Name='ExtraInfoLength'>190</Data><Data Name='ExtraInfoString'>{ "flags" : "0x00000014" , "registration_version" : "0x00000203" , "tx" : false , "sections" : false , "frame" : 1 , "class_name" : "FSFilter Top" , "instances" : [["409900","0x00000000"]] }</Data><Data Name='FilterID'>{02000000-000D-0000-D1EC-08E3C4F9D101}</Data></EventData><RenderingInfo Culture='en-US'><Message>File System Filter 'wcnfs' (10.0, 2016-07-15T22:28:27.000000000Z) has successfully loaded and registered with Filter Manager.</Message><Level>Information</Level><Task></Task><Opcode>Info</Opcode><Channel>System</Channel><Provider>Microsoft-Windows-FilterManager</Provider><Keywords></Keywords></RenderingInfo></Event><Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'><System><Provider Name='Microsoft-Windows-FilterManager' Guid='{F3C5E28E-63F6-49C7-A204-E48A1BC4B09D}'/><EventID>6</EventID><Version>1</Version><Level>4</Level><Task>0</Task><Opcode>0</Opcode><Keywords>0x8000400000000000</Keywords><TimeCreated SystemTime='2016-08-19T02:53:38.825413500Z'/><EventRecordID>1022</EventRecordID><Correlation/><Execution ProcessID='4' ThreadID='32'/><Channel>System</Channel><Computer>ScarletOhare</Computer><Security UserID='S-1-5-18'/></System><EventData><Data Name='FinalStatus'>0x0</Data><Data Name='DeviceVersionMajor'>10</Data><Data Name='DeviceVersionMinor'>0</Data><Data Name='DeviceNameLength'>10</Data><Data Name='DeviceName'>storqosflt</Data><Data Name='DeviceTime'>2016-07-15T22:26:43.000000000Z</Data><Data Name='ExtraInfoLength'>203</Data><Data Name='ExtraInfoString'>{ "flags" : "0x00000010" , "registration_version" : "0x00000203" , "tx" : false , "sections" : false , "frame" : 0 , "class_name" : "FSFilter Quota Management" , "instances" : [["244000","0x00000000"]] }</Data><Data Name='FilterID'>{02000000-000C-0000-718A-06E3C4F9D101}</Data></EventData><RenderingInfo Culture='en-US'><Message>File System Filter 'storqosflt' (10.0, 2016-07-15T22:26:43.000000000Z) has successfully loaded and registered with Filter Manager.</Message><Level>Information</Level><Task></Task><Opcode>Info</Opcode><Channel>System</Channel><Provider>Microsoft-Windows-FilterManager</Provider><Keywords></Keywords></RenderingInfo></Event><Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'><System><Provider Name='Microsoft-Windows-FilterManager' Guid='{F3C5E28E-63F6-49C7-A204-E48A1BC4B09D}'/><EventID>6</EventID><Version>1</Version><Level>4</Level><Task>0</Task><Opcode>0</Opcode><Keywords>0x8000400000000000</Keywords><TimeCreated SystemTime='2016-08-19T02:53:38.806551400Z'/><EventRecordID>1021</EventRecordID><Correlation/><Execution ProcessID='4' ThreadID='180'/><Channel>System</Channel><Computer>ScarletOhare</Computer><Security UserID='S-1-5-18'/></System><EventData><Data Name='FinalStatus'>0x0</Data><Data Name='DeviceVersionMajor'>10</Data><Data Name='DeviceVersionMinor'>0</Data><Data Name='DeviceNameLength'>5</Data><Data Name='DeviceName'>luafv</Data><Data Name='DeviceTime'>2016-07-15T22:21:48.000000000Z</Data><Data Name='ExtraInfoLength'>201</Data><Data Name='ExtraInfoString'>{ "flags" : "0x00000014" , "registration_version" : "0x00000203" , "tx" : false , "sections" : false , "frame" : 0 , "class_name" : "FSFilter Virtualization" , "instances" : [["135000","0x00000000"]] }</Data><Data Name='FilterID'>{02000000-000B-0000-1928-04E3C4F9D101}</Data></EventData><RenderingInfo Culture='en-US'><Message>File System Filter 'luafv' (10.0, 2016-07-15T22:21:48.000000000Z) has successfully loaded and registered with Filter Manager.</Message><Level>Information</Level><Task></Task><Opcode>Info</Opcode><Channel>System</Channel><Provider>Microsoft-Windows-FilterManager</Provider><Keywords></Keywords></RenderingInfo></Event><Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'><System><Provider Name='Microsoft-Windows-FilterManager' Guid='{F3C5E28E-63F6-49C7-A204-E48A1BC4B09D}'/><EventID>6</EventID><Version>1</Version><Level>4</Level><Task>0</Task><Opcode>0</Opcode><Keywords>0x8000400000000000</Keywords><TimeCreated SystemTime='2016-08-19T02:53:38.772713300Z'/><EventRecordID>1020</EventRecordID><Correlation/><Execution ProcessID='4' ThreadID='112'/><Channel>System</Channel><Computer>ScarletOhare</Computer><Security UserID='S-1-5-18'/></System><EventData><Data Name='FinalStatus'>0x0</Data><Data Name='DeviceVersionMajor'>10</Data><Data Name='DeviceVersionMinor'>0</Data><Data Name='DeviceNameLength'>5</Data><Data Name='DeviceName'>wcifs</Data><Data Name='DeviceTime'>2016-07-15T22:27:16.000000000Z</Data><Data Name='ExtraInfoLength'>201</Data><Data Name='ExtraInfoString'>{ "flags" : "0x00000014" , "registration_version" : "0x00000203" , "tx" : false , "sections" : false , "frame" : 0 , "class_name" : "FSFilter Virtualization" , "instances" : [["189900","0x00000000"]] }</Data><Data Name='FilterID'>{02000000-000A-0000-0101-FDE2C4F9D101}</Data></EventData><RenderingInfo Culture='en-US'><Message>File System Filter 'wcifs' (10.0, 2016-07-15T22:27:16.000000000Z) has successfully loaded and registered with Filter Manager.</Message><Level>Information</Level><Task></Task><Opcode>Info</Opcode><Channel>System</Channel><Provider>Microsoft-Windows-FilterManager</Provider><Keywords></Keywords></RenderingInfo></Event><Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'><System><Provider Name='Microsoft-Windows-Directory-Services-SAM' Guid='{0D4FDC09-8C27-494A-BDA0-505E4FD8ADAE}'/><EventID>16962</EventID><Version>0</Version><Level>4</Level><Task>0</Task><Opcode>0</Opcode><Keywords>0x8000000000000000</Keywords><TimeCreated SystemTime='2016-08-19T02:53:38.174826300Z'/><EventRecordID>1019</EventRecordID><Correlation ActivityID='{DC59F5D7-F9C4-0000-0AF6-59DCC4F9D101}'/><Execution ProcessID='828' ThreadID='832'/><Channel>System</Channel><Computer>ScarletOhare</Computer><Security UserID='S-1-5-18'/></System><EventData Name='SAMMSG_RESTRICT_REMOTE_SAM_DEFAULT_SD'><Data Name='Default SD String:'>O:SYG:SYD:(A;;RC;;;BA)</Data></EventData><RenderingInfo Culture='en-US'><Message>Remote calls to the SAM database are being restricted using the default security descriptor: O:SYG:SYD:(A;;RC;;;BA).
|
|---|
| 10 | For more information please see http://go.microsoft.com/fwlink/?LinkId=787651.</Message><Level>Information</Level><Task></Task><Opcode>Info</Opcode><Channel>System</Channel><Provider>Microsoft-Windows-Directory-Services-SAM</Provider><Keywords></Keywords></RenderingInfo></Event><Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'><System><Provider Name='Microsoft-Windows-Ntfs' Guid='{3FF37A1C-A68D-4D6E-8C9B-F79E8B16C482}'/><EventID>98</EventID><Version>0</Version><Level>4</Level><Task>0</Task><Opcode>0</Opcode><Keywords>0x8000000000000002</Keywords><TimeCreated SystemTime='2016-08-19T02:53:35.970105100Z'/><EventRecordID>1018</EventRecordID><Correlation/><Execution ProcessID='4' ThreadID='388'/><Channel>System</Channel><Computer>ScarletOhare</Computer><Security UserID='S-1-5-18'/></System><EventData><Data Name='DriveName'>\\?\Volume{ef594f70-37d4-4b0c-b4d8-a8d86012f0cf}</Data><Data Name='DeviceName'>\Device\HarddiskVolume1</Data><Data Name='CorruptionActionState'>0</Data></EventData><RenderingInfo Culture='en-US'><Message>Volume \\?\Volume{ef594f70-37d4-4b0c-b4d8-a8d86012f0cf} (\Device\HarddiskVolume1) is healthy. No action is needed.</Message><Level>Information</Level><Task></Task><Opcode>Info</Opcode><Channel>System</Channel><Provider></Provider><Keywords></Keywords></RenderingInfo></Event><Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'><System><Provider Name='Microsoft-Windows-Ntfs' Guid='{3FF37A1C-A68D-4D6E-8C9B-F79E8B16C482}'/><EventID>98</EventID><Version>0</Version><Level>4</Level><Task>0</Task><Opcode>0</Opcode><Keywords>0x8000000000000002</Keywords><TimeCreated SystemTime='2016-08-19T02:53:35.923755200Z'/><EventRecordID>1017</EventRecordID><Correlation/><Execution ProcessID='4' ThreadID='392'/><Channel>System</Channel><Computer>ScarletOhare</Computer><Security UserID='S-1-5-18'/></System><EventData><Data Name='DriveName'>\\?\Volume{83a4717e-cb93-437a-8a04-53d775d23a49}</Data><Data Name='DeviceName'>\Device\HarddiskVolume7</Data><Data Name='CorruptionActionState'>0</Data></EventData><RenderingInfo Culture='en-US'><Message>Volume \\?\Volume{83a4717e-cb93-437a-8a04-53d775d23a49} (\Device\HarddiskVolume7) is healthy. No action is needed.</Message><Level>Information</Level><Task></Task><Opcode>Info</Opcode><Channel>System</Channel><Provider></Provider><Keywords></Keywords></RenderingInfo></Event><Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'><System><Provider Name='Microsoft-Windows-Ntfs' Guid='{3FF37A1C-A68D-4D6E-8C9B-F79E8B16C482}'/><EventID>98</EventID><Version>0</Version><Level>4</Level><Task>0</Task><Opcode>0</Opcode><Keywords>0x8000000000000002</Keywords><TimeCreated SystemTime='2016-08-19T02:53:35.889963700Z'/><EventRecordID>1016</EventRecordID><Correlation/><Execution ProcessID='4' ThreadID='208'/><Channel>System</Channel><Computer>ScarletOhare</Computer><Security UserID='S-1-5-18'/></System><EventData><Data Name='DriveName'>D:</Data><Data Name='DeviceName'>\Device\HarddiskVolume6</Data><Data Name='CorruptionActionState'>0</Data></EventData><RenderingInfo Culture='en-US'><Message>Volume D: (\Device\HarddiskVolume6) is healthy. No action is needed.</Message><Level>Information</Level><Task></Task><Opcode>Info</Opcode><Channel>System</Channel><Provider></Provider><Keywords></Keywords></RenderingInfo></Event><Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'><System><Provider Name='BTHUSB'/><EventID Qualifiers='16389'>18</EventID><Level>4</Level><Task>0</Task><Keywords>0x80000000000000</Keywords><TimeCreated SystemTime='2016-08-19T02:53:35.743226100Z'/><EventRecordID>1015</EventRecordID><Channel>System</Channel><Computer>ScarletOhare</Computer><Security/></System><EventData><Data></Data><Binary>00000800010000000000000012000540000000000000000000000000000000000000000000000000E000000000000000</Binary></EventData><RenderingInfo Culture='en-US'><Message>Windows cannot store Bluetooth authentication codes (link keys) on the local adapter. Bluetooth keyboards might not work in the system BIOS during startup.</Message><Level>Information</Level><Task></Task><Opcode></Opcode><Channel></Channel><Provider></Provider><Keywords><Keyword>Classic</Keyword></Keywords></RenderingInfo></Event><Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'><System><Provider Name='Microsoft-Windows-Kernel-Processor-Power' Guid='{0F67E49F-FE51-4E9F-B490-6F2948CC6027}'/><EventID>55</EventID><Version>0</Version><Level>4</Level><Task>47</Task><Opcode>0</Opcode><Keywords>0x8000000000000000</Keywords><TimeCreated SystemTime='2016-08-19T02:53:34.064775000Z'/><EventRecordID>1014</EventRecordID><Correlation/><Execution ProcessID='4' ThreadID='388'/><Channel>System</Channel><Computer>ScarletOhare</Computer><Security UserID='S-1-5-18'/></System><EventData><Data Name='Group'>0</Data><Data Name='Number'>3</Data><Data Name='IdleStateCount'>3</Data><Data Name='IdleImplementation'>1</Data><Data Name='NominalFrequency'>2401</Data><Data Name='MaximumPerformancePercent'>100</Data><Data Name='MinimumPerformancePercent'>20</Data><Data Name='MinimumThrottlePercent'>2</Data><Data Name='PerformanceImplementation'>1</Data></EventData><RenderingInfo Culture='en-US'><Message>Processor 3 in group 0 exposes the following power management capabilities:
|
|---|
| 11 |
|
|---|
| 12 | Idle state type: ACPI Idle (C) States (3 state(s))
|
|---|
| 13 |
|
|---|
| 14 | Performance state type: ACPI Performance (P) / Throttle (T) States
|
|---|
| 15 | Nominal Frequency (MHz): 2401
|
|---|
| 16 | Maximum performance percentage: 100
|
|---|
| 17 | Minimum performance percentage: 20
|
|---|
| 18 | Minimum throttle percentage: 2</Message><Level>Information</Level><Task></Task><Opcode>Info</Opcode><Channel>System</Channel><Provider>Microsoft-Windows-Kernel-Processor-Power</Provider><Keywords></Keywords></RenderingInfo></Event><Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'><System><Provider Name='Microsoft-Windows-Kernel-Processor-Power' Guid='{0F67E49F-FE51-4E9F-B490-6F2948CC6027}'/><EventID>55</EventID><Version>0</Version><Level>4</Level><Task>47</Task><Opcode>0</Opcode><Keywords>0x8000000000000000</Keywords><TimeCreated SystemTime='2016-08-19T02:53:34.063887600Z'/><EventRecordID>1013</EventRecordID><Correlation/><Execution ProcessID='4' ThreadID='388'/><Channel>System</Channel><Computer>ScarletOhare</Computer><Security UserID='S-1-5-18'/></System><EventData><Data Name='Group'>0</Data><Data Name='Number'>1</Data><Data Name='IdleStateCount'>3</Data><Data Name='IdleImplementation'>1</Data><Data Name='NominalFrequency'>2401</Data><Data Name='MaximumPerformancePercent'>100</Data><Data Name='MinimumPerformancePercent'>20</Data><Data Name='MinimumThrottlePercent'>2</Data><Data Name='PerformanceImplementation'>1</Data></EventData><RenderingInfo Culture='en-US'><Message>Processor 1 in group 0 exposes the following power management capabilities:
|
|---|
| 19 |
|
|---|
| 20 | Idle state type: ACPI Idle (C) States (3 state(s))
|
|---|
| 21 |
|
|---|
| 22 | Performance state type: ACPI Performance (P) / Throttle (T) States
|
|---|
| 23 | Nominal Frequency (MHz): 2401
|
|---|
| 24 | Maximum performance percentage: 100
|
|---|
| 25 | Minimum performance percentage: 20
|
|---|
| 26 | Minimum throttle percentage: 2</Message><Level>Information</Level><Task></Task><Opcode>Info</Opcode><Channel>System</Channel><Provider>Microsoft-Windows-Kernel-Processor-Power</Provider><Keywords></Keywords></RenderingInfo></Event><Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'><System><Provider Name='Microsoft-Windows-Kernel-Processor-Power' Guid='{0F67E49F-FE51-4E9F-B490-6F2948CC6027}'/><EventID>55</EventID><Version>0</Version><Level>4</Level><Task>47</Task><Opcode>0</Opcode><Keywords>0x8000000000000000</Keywords><TimeCreated SystemTime='2016-08-19T02:53:34.063036100Z'/><EventRecordID>1012</EventRecordID><Correlation/><Execution ProcessID='4' ThreadID='388'/><Channel>System</Channel><Computer>ScarletOhare</Computer><Security UserID='S-1-5-18'/></System><EventData><Data Name='Group'>0</Data><Data Name='Number'>2</Data><Data Name='IdleStateCount'>3</Data><Data Name='IdleImplementation'>1</Data><Data Name='NominalFrequency'>2401</Data><Data Name='MaximumPerformancePercent'>100</Data><Data Name='MinimumPerformancePercent'>20</Data><Data Name='MinimumThrottlePercent'>2</Data><Data Name='PerformanceImplementation'>1</Data></EventData><RenderingInfo Culture='en-US'><Message>Processor 2 in group 0 exposes the following power management capabilities:
|
|---|
| 27 |
|
|---|
| 28 | Idle state type: ACPI Idle (C) States (3 state(s))
|
|---|
| 29 |
|
|---|
| 30 | Performance state type: ACPI Performance (P) / Throttle (T) States
|
|---|
| 31 | Nominal Frequency (MHz): 2401
|
|---|
| 32 | Maximum performance percentage: 100
|
|---|
| 33 | Minimum performance percentage: 20
|
|---|
| 34 | Minimum throttle percentage: 2</Message><Level>Information</Level><Task></Task><Opcode>Info</Opcode><Channel>System</Channel><Provider>Microsoft-Windows-Kernel-Processor-Power</Provider><Keywords></Keywords></RenderingInfo></Event><Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'><System><Provider Name='Microsoft-Windows-Kernel-Processor-Power' Guid='{0F67E49F-FE51-4E9F-B490-6F2948CC6027}'/><EventID>55</EventID><Version>0</Version><Level>4</Level><Task>47</Task><Opcode>0</Opcode><Keywords>0x8000000000000000</Keywords><TimeCreated SystemTime='2016-08-19T02:53:34.055896900Z'/><EventRecordID>1011</EventRecordID><Correlation/><Execution ProcessID='4' ThreadID='388'/><Channel>System</Channel><Computer>ScarletOhare</Computer><Security UserID='S-1-5-18'/></System><EventData><Data Name='Group'>0</Data><Data Name='Number'>0</Data><Data Name='IdleStateCount'>3</Data><Data Name='IdleImplementation'>1</Data><Data Name='NominalFrequency'>2401</Data><Data Name='MaximumPerformancePercent'>100</Data><Data Name='MinimumPerformancePercent'>20</Data><Data Name='MinimumThrottlePercent'>2</Data><Data Name='PerformanceImplementation'>1</Data></EventData><RenderingInfo Culture='en-US'><Message>Processor 0 in group 0 exposes the following power management capabilities:
|
|---|
| 35 |
|
|---|
| 36 | Idle state type: ACPI Idle (C) States (3 state(s))
|
|---|
| 37 |
|
|---|
| 38 | Performance state type: ACPI Performance (P) / Throttle (T) States
|
|---|
| 39 | Nominal Frequency (MHz): 2401
|
|---|
| 40 | Maximum performance percentage: 100
|
|---|
| 41 | Minimum performance percentage: 20
|
|---|
| 42 | Minimum throttle percentage: 2</Message><Level>Information</Level><Task></Task><Opcode>Info</Opcode><Channel>System</Channel><Provider>Microsoft-Windows-Kernel-Processor-Power</Provider><Keywords></Keywords></RenderingInfo></Event><Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'><System><Provider Name='MEIx64'/><EventID Qualifiers='16391'>2</EventID><Level>4</Level><Task>0</Task><Keywords>0x80000000000000</Keywords><TimeCreated SystemTime='2016-08-19T02:53:33.955431600Z'/><EventRecordID>1010</EventRecordID><Channel>System</Channel><Computer>ScarletOhare</Computer><Security/></System><EventData><Data></Data><Binary>00000000010000000000000002000740000000000000000000000000000000000000000000000000</Binary></EventData><RenderingInfo Culture='en-US'><Message>Intel(R) Management Engine Interface driver has started successfully.</Message><Level>Information</Level><Task></Task><Opcode></Opcode><Channel></Channel><Provider></Provider><Keywords><Keyword>Classic</Keyword></Keywords></RenderingInfo></Event><Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'><System><Provider Name='Microsoft-Windows-Kernel-PnP' Guid='{9C205A39-1250-487D-ABD7-E831C6290539}'/><EventID>219</EventID><Version>0</Version><Level>3</Level><Task>212</Task><Opcode>0</Opcode><Keywords>0x8000000000000000</Keywords><TimeCreated SystemTime='2016-08-19T02:53:33.876336900Z'/><EventRecordID>1009</EventRecordID><Correlation/><Execution ProcessID='4' ThreadID='388'/><Channel>System</Channel><Computer>ScarletOhare</Computer><Security UserID='S-1-5-18'/></System><EventData><Data Name='DriverNameLength'>16</Data><Data Name='DriverName'>ROOT\SYSTEM\0004</Data><Data Name='Status'>3221226341</Data><Data Name='FailureNameLength'>14</Data><Data Name='FailureName'>\Driver\WUDFRd</Data><Data Name='Version'>0</Data></EventData><RenderingInfo Culture='en-US'><Message>The driver \Driver\WUDFRd failed to load for the device ROOT\SYSTEM\0004.</Message><Level>Warning</Level><Task></Task><Opcode>Info</Opcode><Channel>System</Channel><Provider>Microsoft-Windows-Kernel-PnP</Provider><Keywords></Keywords></RenderingInfo></Event><Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'><System><Provider Name='Microsoft-Windows-DriverFrameworks-UserMode' Guid='{2E35AAEB-857F-4BEB-A418-2E6C0E54D988}'/><EventID>10114</EventID><Version>1</Version><Level>4</Level><Task>101</Task><Opcode>0</Opcode><Keywords>0x2000000000000000</Keywords><TimeCreated SystemTime='2016-08-19T02:53:33.876230400Z'/><EventRecordID>1008</EventRecordID><Correlation/><Execution ProcessID='4' ThreadID='388'/><Channel>System</Channel><Computer>ScarletOhare</Computer><Security UserID='S-1-5-18'/></System><UserData><UMDFReflectorDependencyMissing xmlns='http://www.microsoft.com/DriverFrameworks/UserMode/Event'><Dependency>WUDFPf</Dependency></UMDFReflectorDependencyMissing></UserData><RenderingInfo Culture='en-US'><Message>WUDFPf (part of UMDF) did not load yet. After it does, Windows will start the device again.</Message><Level>Information</Level><Task>Startup of the UMDF reflector</Task><Opcode>Info</Opcode><Channel>System</Channel><Provider>Microsoft-Windows-DriverFrameworks-UserMode</Provider><Keywords></Keywords></RenderingInfo></Event><Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'><System><Provider Name='Microsoft-Windows-Kernel-PnP' Guid='{9C205A39-1250-487D-ABD7-E831C6290539}'/><EventID>219</EventID><Version>0</Version><Level>3</Level><Task>212</Task><Opcode>0</Opcode><Keywords>0x8000000000000000</Keywords><TimeCreated SystemTime='2016-08-19T02:53:33.874420100Z'/><EventRecordID>1007</EventRecordID><Correlation/><Execution ProcessID='4' ThreadID='388'/><Channel>System</Channel><Computer>ScarletOhare</Computer><Security UserID='S-1-5-18'/></System><EventData><Data Name='DriverNameLength'>16</Data><Data Name='DriverName'>ROOT\SYSTEM\0003</Data><Data Name='Status'>3221226341</Data><Data Name='FailureNameLength'>14</Data><Data Name='FailureName'>\Driver\WUDFRd</Data><Data Name='Version'>0</Data></EventData><RenderingInfo Culture='en-US'><Message>The driver \Driver\WUDFRd failed to load for the device ROOT\SYSTEM\0003.</Message><Level>Warning</Level><Task></Task><Opcode>Info</Opcode><Channel>System</Channel><Provider>Microsoft-Windows-Kernel-PnP</Provider><Keywords></Keywords></RenderingInfo></Event><Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'><System><Provider Name='Microsoft-Windows-DriverFrameworks-UserMode' Guid='{2E35AAEB-857F-4BEB-A418-2E6C0E54D988}'/><EventID>10114</EventID><Version>1</Version><Level>4</Level><Task>101</Task><Opcode>0</Opcode><Keywords>0x2000000000000000</Keywords><TimeCreated SystemTime='2016-08-19T02:53:33.874306800Z'/><EventRecordID>1006</EventRecordID><Correlation/><Execution ProcessID='4' ThreadID='388'/><Channel>System</Channel><Computer>ScarletOhare</Computer><Security UserID='S-1-5-18'/></System><UserData><UMDFReflectorDependencyMissing xmlns='http://www.microsoft.com/DriverFrameworks/UserMode/Event'><Dependency>WUDFPf</Dependency></UMDFReflectorDependencyMissing></UserData><RenderingInfo Culture='en-US'><Message>WUDFPf (part of UMDF) did not load yet. After it does, Windows will start the device again.</Message><Level>Information</Level><Task>Startup of the UMDF reflector</Task><Opcode>Info</Opcode><Channel>System</Channel><Provider>Microsoft-Windows-DriverFrameworks-UserMode</Provider><Keywords></Keywords></RenderingInfo></Event><Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'><System><Provider Name='Microsoft-Windows-Kernel-PnP' Guid='{9C205A39-1250-487D-ABD7-E831C6290539}'/><EventID>219</EventID><Version>0</Version><Level>3</Level><Task>212</Task><Opcode>0</Opcode><Keywords>0x8000000000000000</Keywords><TimeCreated SystemTime='2016-08-19T02:53:33.873410000Z'/><EventRecordID>1005</EventRecordID><Correlation/><Execution ProcessID='4' ThreadID='388'/><Channel>System</Channel><Computer>ScarletOhare</Computer><Security UserID='S-1-5-18'/></System><EventData><Data Name='DriverNameLength'>16</Data><Data Name='DriverName'>ROOT\SYSTEM\0002</Data><Data Name='Status'>3221226341</Data><Data Name='FailureNameLength'>14</Data><Data Name='FailureName'>\Driver\WUDFRd</Data><Data Name='Version'>0</Data></EventData><RenderingInfo Culture='en-US'><Message>The driver \Driver\WUDFRd failed to load for the device ROOT\SYSTEM\0002.</Message><Level>Warning</Level><Task></Task><Opcode>Info</Opcode><Channel>System</Channel><Provider>Microsoft-Windows-Kernel-PnP</Provider><Keywords></Keywords></RenderingInfo></Event><Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'><System><Provider Name='Microsoft-Windows-DriverFrameworks-UserMode' Guid='{2E35AAEB-857F-4BEB-A418-2E6C0E54D988}'/><EventID>10114</EventID><Version>1</Version><Level>4</Level><Task>101</Task><Opcode>0</Opcode><Keywords>0x2000000000000000</Keywords><TimeCreated SystemTime='2016-08-19T02:53:33.873302200Z'/><EventRecordID>1004</EventRecordID><Correlation/><Execution ProcessID='4' ThreadID='388'/><Channel>System</Channel><Computer>ScarletOhare</Computer><Security UserID='S-1-5-18'/></System><UserData><UMDFReflectorDependencyMissing xmlns='http://www.microsoft.com/DriverFrameworks/UserMode/Event'><Dependency>WUDFPf</Dependency></UMDFReflectorDependencyMissing></UserData><RenderingInfo Culture='en-US'><Message>WUDFPf (part of UMDF) did not load yet. After it does, Windows will start the device again.</Message><Level>Information</Level><Task>Startup of the UMDF reflector</Task><Opcode>Info</Opcode><Channel>System</Channel><Provider>Microsoft-Windows-DriverFrameworks-UserMode</Provider><Keywords></Keywords></RenderingInfo></Event><Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'><System><Provider Name='Microsoft-Windows-Kernel-PnP' Guid='{9C205A39-1250-487D-ABD7-E831C6290539}'/><EventID>219</EventID><Version>0</Version><Level>3</Level><Task>212</Task><Opcode>0</Opcode><Keywords>0x8000000000000000</Keywords><TimeCreated SystemTime='2016-08-19T02:53:33.872299400Z'/><EventRecordID>1003</EventRecordID><Correlation/><Execution ProcessID='4' ThreadID='388'/><Channel>System</Channel><Computer>ScarletOhare</Computer><Security UserID='S-1-5-18'/></System><EventData><Data Name='DriverNameLength'>16</Data><Data Name='DriverName'>ROOT\SYSTEM\0001</Data><Data Name='Status'>3221226341</Data><Data Name='FailureNameLength'>14</Data><Data Name='FailureName'>\Driver\WUDFRd</Data><Data Name='Version'>0</Data></EventData><RenderingInfo Culture='en-US'><Message>The driver \Driver\WUDFRd failed to load for the device ROOT\SYSTEM\0001.</Message><Level>Warning</Level><Task></Task><Opcode>Info</Opcode><Channel>System</Channel><Provider>Microsoft-Windows-Kernel-PnP</Provider><Keywords></Keywords></RenderingInfo></Event><Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'><System><Provider Name='Microsoft-Windows-DriverFrameworks-UserMode' Guid='{2E35AAEB-857F-4BEB-A418-2E6C0E54D988}'/><EventID>10114</EventID><Version>1</Version><Level>4</Level><Task>101</Task><Opcode>0</Opcode><Keywords>0x2000000000000000</Keywords><TimeCreated SystemTime='2016-08-19T02:53:33.872176200Z'/><EventRecordID>1002</EventRecordID><Correlation/><Execution ProcessID='4' ThreadID='388'/><Channel>System</Channel><Computer>ScarletOhare</Computer><Security UserID='S-1-5-18'/></System><UserData><UMDFReflectorDependencyMissing xmlns='http://www.microsoft.com/DriverFrameworks/UserMode/Event'><Dependency>WUDFPf</Dependency></UMDFReflectorDependencyMissing></UserData><RenderingInfo Culture='en-US'><Message>WUDFPf (part of UMDF) did not load yet. After it does, Windows will start the device again.</Message><Level>Information</Level><Task>Startup of the UMDF reflector</Task><Opcode>Info</Opcode><Channel>System</Channel><Provider>Microsoft-Windows-DriverFrameworks-UserMode</Provider><Keywords></Keywords></RenderingInfo></Event><Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'><System><Provider Name='Microsoft-Windows-Kernel-PnP' Guid='{9C205A39-1250-487D-ABD7-E831C6290539}'/><EventID>219</EventID><Version>0</Version><Level>3</Level><Task>212</Task><Opcode>0</Opcode><Keywords>0x8000000000000000</Keywords><TimeCreated SystemTime='2016-08-19T02:53:33.864396300Z'/><EventRecordID>1001</EventRecordID><Correlation/><Execution ProcessID='4' ThreadID='388'/><Channel>System</Channel><Computer>ScarletOhare</Computer><Security UserID='S-1-5-18'/></System><EventData><Data Name='DriverNameLength'>20</Data><Data Name='DriverName'>ROOT\LENOVOVHID\0000</Data><Data Name='Status'>3221226341</Data><Data Name='FailureNameLength'>14</Data><Data Name='FailureName'>\Driver\WUDFRd</Data><Data Name='Version'>0</Data></EventData><RenderingInfo Culture='en-US'><Message>The driver \Driver\WUDFRd failed to load for the device ROOT\LENOVOVHID\0000.</Message><Level>Warning</Level><Task></Task><Opcode>Info</Opcode><Channel>System</Channel><Provider>Microsoft-Windows-Kernel-PnP</Provider><Keywords></Keywords></RenderingInfo></Event><Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'><System><Provider Name='Microsoft-Windows-DriverFrameworks-UserMode' Guid='{2E35AAEB-857F-4BEB-A418-2E6C0E54D988}'/><EventID>10114</EventID><Version>1</Version><Level>4</Level><Task>101</Task><Opcode>0</Opcode><Keywords>0x2000000000000000</Keywords><TimeCreated SystemTime='2016-08-19T02:53:33.864239000Z'/><EventRecordID>1000</EventRecordID><Correlation/><Execution ProcessID='4' ThreadID='388'/><Channel>System</Channel><Computer>ScarletOhare</Computer><Security UserID='S-1-5-18'/></System><UserData><UMDFReflectorDependencyMissing xmlns='http://www.microsoft.com/DriverFrameworks/UserMode/Event'><Dependency>WUDFPf</Dependency></UMDFReflectorDependencyMissing></UserData><RenderingInfo Culture='en-US'><Message>WUDFPf (part of UMDF) did not load yet. After it does, Windows will start the device again.</Message><Level>Information</Level><Task>Startup of the UMDF reflector</Task><Opcode>Info</Opcode><Channel>System</Channel><Provider>Microsoft-Windows-DriverFrameworks-UserMode</Provider><Keywords></Keywords></RenderingInfo></Event><Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'><System><Provider Name='Microsoft-Windows-Kernel-Power' Guid='{331C3B3A-2005-44C2-AC5E-77220C37D6B4}'/><EventID>172</EventID><Version>0</Version><Level>4</Level><Task>203</Task><Opcode>0</Opcode><Keywords>0x8000000000000404</Keywords><TimeCreated SystemTime='2016-08-19T02:53:30.380353800Z'/><EventRecordID>999</EventRecordID><Correlation/><Execution ProcessID='4' ThreadID='400'/><Channel>System</Channel><Computer>ScarletOhare</Computer><Security UserID='S-1-5-18'/></System><EventData><Data Name='State'>2</Data><Data Name='Reason'>6</Data></EventData><RenderingInfo Culture='en-US'><Message>Connectivity state in standby: Disconnected, Reason: NIC compliance</Message><Level>Information</Level><Task></Task><Opcode>Info</Opcode><Channel>System</Channel><Provider>Microsoft-Windows-Kernel-Power</Provider><Keywords></Keywords></RenderingInfo></Event><Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'><System><Provider Name='Microsoft-Windows-FilterManager' Guid='{F3C5E28E-63F6-49C7-A204-E48A1BC4B09D}'/><EventID>6</EventID><Version>1</Version><Level>4</Level><Task>0</Task><Opcode>0</Opcode><Keywords>0x8000400000000000</Keywords><TimeCreated SystemTime='2016-08-19T02:53:30.349391700Z'/><EventRecordID>998</EventRecordID><Correlation/><Execution ProcessID='4' ThreadID='8'/><Channel>System</Channel><Computer>ScarletOhare</Computer><Security UserID='S-1-5-18'/></System><EventData><Data Name='FinalStatus'>0x0</Data><Data Name='DeviceVersionMajor'>10</Data><Data Name='DeviceVersionMinor'>0</Data><Data Name='DeviceNameLength'>9</Data><Data Name='DeviceName'>npsvctrig</Data><Data Name='DeviceTime'>2016-07-15T22:28:33.000000000Z</Data><Data Name='ExtraInfoLength'>183</Data><Data Name='ExtraInfoString'>{ "flags" : "0x00000018" , "registration_version" : "0x00000203" , "tx" : false , "sections" : false , "frame" : 0 , "class_name" : "(null)" , "instances" : [["46000","0x00000000"]] }</Data><Data Name='FilterID'>{02000000-0007-0000-ED3C-F9DDC4F9D101}</Data></EventData><RenderingInfo Culture='en-US'><Message>File System Filter 'npsvctrig' (10.0, 2016-07-15T22:28:33.000000000Z) has successfully loaded and registered with Filter Manager.</Message><Level>Information</Level><Task></Task><Opcode>Info</Opcode><Channel>System</Channel><Provider>Microsoft-Windows-FilterManager</Provider><Keywords></Keywords></RenderingInfo></Event><Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'><System><Provider Name='Microsoft-Windows-FilterManager' Guid='{F3C5E28E-63F6-49C7-A204-E48A1BC4B09D}'/><EventID>6</EventID><Version>1</Version><Level>4</Level><Task>0</Task><Opcode>0</Opcode><Keywords>0x8000400000000000</Keywords><TimeCreated SystemTime='2016-08-19T02:53:29.902538800Z'/><EventRecordID>997</EventRecordID><Correlation/><Execution ProcessID='4' ThreadID='8'/><Channel>System</Channel><Computer>ScarletOhare</Computer><Security UserID='S-1-5-18'/></System><EventData><Data Name='FinalStatus'>0x0</Data><Data Name='DeviceVersionMajor'>10</Data><Data Name='DeviceVersionMinor'>0</Data><Data Name='DeviceNameLength'>9</Data><Data Name='DeviceName'>FileCrypt</Data><Data Name='DeviceTime'>2016-07-15T22:22:39.000000000Z</Data><Data Name='ExtraInfoLength'>197</Data><Data Name='ExtraInfoString'>{ "flags" : "0x00000000" , "registration_version" : "0x00000203" , "tx" : false , "sections" : false , "frame" : 0 , "class_name" : "FSFilter Encryption" , "instances" : [["141100","0x00000000"]] }</Data><Data Name='FilterID'>{02000000-0006-0000-F8AB-B3DDC4F9D101}</Data></EventData><RenderingInfo Culture='en-US'><Message>File System Filter 'FileCrypt' (10.0, 2016-07-15T22:22:39.000000000Z) has successfully loaded and registered with Filter Manager.</Message><Level>Information</Level><Task></Task><Opcode>Info</Opcode><Channel>System</Channel><Provider>Microsoft-Windows-FilterManager</Provider><Keywords></Keywords></RenderingInfo></Event><Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'><System><Provider Name='Microsoft-Windows-Ntfs' Guid='{3FF37A1C-A68D-4D6E-8C9B-F79E8B16C482}'/><EventID>98</EventID><Version>0</Version><Level>4</Level><Task>0</Task><Opcode>0</Opcode><Keywords>0x8000000000000002</Keywords><TimeCreated SystemTime='2016-08-19T02:53:29.752799600Z'/><EventRecordID>996</EventRecordID><Correlation/><Execution ProcessID='4' ThreadID='256'/><Channel>System</Channel><Computer>ScarletOhare</Computer><Security UserID='S-1-5-18'/></System><EventData><Data Name='DriveName'>C:</Data><Data Name='DeviceName'>\Device\HarddiskVolume5</Data><Data Name='CorruptionActionState'>0</Data></EventData><RenderingInfo Culture='en-US'><Message>Volume C: (\Device\HarddiskVolume5) is healthy. No action is needed.</Message><Level>Information</Level><Task></Task><Opcode>Info</Opcode><Channel>System</Channel><Provider></Provider><Keywords></Keywords></RenderingInfo></Event><Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'><System><Provider Name='Microsoft-Windows-FilterManager' Guid='{F3C5E28E-63F6-49C7-A204-E48A1BC4B09D}'/><EventID>6</EventID><Version>1</Version><Level>4</Level><Task>0</Task><Opcode>0</Opcode><Keywords>0x8000400000000000</Keywords><TimeCreated SystemTime='2016-08-19T02:53:28.234245000Z'/><EventRecordID>995</EventRecordID><Correlation/><Execution ProcessID='4' ThreadID='8'/><Channel>System</Channel><Computer>ScarletOhare</Computer><Security UserID='S-1-5-18'/></System><EventData><Data Name='FinalStatus'>0x0</Data><Data Name='DeviceVersionMajor'>0</Data><Data Name='DeviceVersionMinor'>0</Data><Data Name='DeviceNameLength'>7</Data><Data Name='DeviceName'>mfehidk</Data><Data Name='DeviceTime'>2015-04-02T14:24:20.000000000Z</Data><Data Name='ExtraInfoLength'>200</Data><Data Name='ExtraInfoString'>{ "flags" : "0x00000018" , "registration_version" : "0x00000203" , "tx" : false , "sections" : false , "frame" : 0 , "class_name" : "FSFilter Anti-Virus" , "instances" : [["321300.00","0x00000000"]] }</Data><Data Name='FilterID'>{02000000-0004-0000-E0F1-B6DCC4F9D101}</Data></EventData><RenderingInfo Culture='en-US'><Message>File System Filter 'mfehidk' (0.0, 2015-04-02T14:24:20.000000000Z) has successfully loaded and registered with Filter Manager.</Message><Level>Information</Level><Task></Task><Opcode>Info</Opcode><Channel>System</Channel><Provider>Microsoft-Windows-FilterManager</Provider><Keywords></Keywords></RenderingInfo></Event><Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'><System><Provider Name='Microsoft-Windows-FilterManager' Guid='{F3C5E28E-63F6-49C7-A204-E48A1BC4B09D}'/><EventID>6</EventID><Version>1</Version><Level>4</Level><Task>0</Task><Opcode>0</Opcode><Keywords>0x8000400000000000</Keywords><TimeCreated SystemTime='2016-08-19T02:53:28.232503500Z'/><EventRecordID>994</EventRecordID><Correlation/><Execution ProcessID='4' ThreadID='8'/><Channel>System</Channel><Computer>ScarletOhare</Computer><Security UserID='S-1-5-18'/></System><EventData><Data Name='FinalStatus'>0x0</Data><Data Name='DeviceVersionMajor'>10</Data><Data Name='DeviceVersionMinor'>0</Data><Data Name='DeviceNameLength'>8</Data><Data Name='DeviceName'>WdFilter</Data><Data Name='DeviceTime'>2016-07-15T22:25:21.000000000Z</Data><Data Name='ExtraInfoLength'>196</Data><Data Name='ExtraInfoString'>{ "flags" : "0x00000030" , "registration_version" : "0x00000203" , "tx" : true , "sections" : false , "frame" : 0 , "class_name" : "FSFilter Anti-Virus" , "instances" : [["328010","0x00000000"]] }</Data><Data Name='FilterID'>{02000000-0003-0000-7F8F-B4DCC4F9D101}</Data></EventData><RenderingInfo Culture='en-US'><Message>File System Filter 'WdFilter' (10.0, 2016-07-15T22:25:21.000000000Z) has successfully loaded and registered with Filter Manager.</Message><Level>Information</Level><Task></Task><Opcode>Info</Opcode><Channel>System</Channel><Provider>Microsoft-Windows-FilterManager</Provider><Keywords></Keywords></RenderingInfo></Event><Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'><System><Provider Name='Microsoft-Windows-FilterManager' Guid='{F3C5E28E-63F6-49C7-A204-E48A1BC4B09D}'/><EventID>6</EventID><Version>1</Version><Level>4</Level><Task>0</Task><Opcode>0</Opcode><Keywords>0x8000400000000000</Keywords><TimeCreated SystemTime='2016-08-19T02:53:28.231745700Z'/><EventRecordID>993</EventRecordID><Correlation/><Execution ProcessID='4' ThreadID='8'/><Channel>System</Channel><Computer>ScarletOhare</Computer><Security UserID='S-1-5-18'/></System><EventData><Data Name='FinalStatus'>0x0</Data><Data Name='DeviceVersionMajor'>10</Data><Data Name='DeviceVersionMinor'>0</Data><Data Name='DeviceNameLength'>3</Data><Data Name='DeviceName'>Wof</Data><Data Name='DeviceTime'>2016-07-15T22:27:07.000000000Z</Data><Data Name='ExtraInfoLength'>196</Data><Data Name='ExtraInfoString'>{ "flags" : "0x00000010" , "registration_version" : "0x00000203" , "tx" : true , "sections" : false , "frame" : 0 , "class_name" : "FSFilter Compression" , "instances" : [["40700","0x00000000"]] }</Data><Data Name='FilterID'>{02000000-0002-0000-7F8F-B4DCC4F9D101}</Data></EventData><RenderingInfo Culture='en-US'><Message>File System Filter 'Wof' (10.0, 2016-07-15T22:27:07.000000000Z) has successfully loaded and registered with Filter Manager.</Message><Level>Information</Level><Task></Task><Opcode>Info</Opcode><Channel>System</Channel><Provider>Microsoft-Windows-FilterManager</Provider><Keywords></Keywords></RenderingInfo></Event><Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'><System><Provider Name='Microsoft-Windows-FilterManager' Guid='{F3C5E28E-63F6-49C7-A204-E48A1BC4B09D}'/><EventID>6</EventID><Version>1</Version><Level>4</Level><Task>0</Task><Opcode>0</Opcode><Keywords>0x8000400000000000</Keywords><TimeCreated SystemTime='2016-08-19T02:53:28.231128200Z'/><EventRecordID>992</EventRecordID><Correlation/><Execution ProcessID='4' ThreadID='8'/><Channel>System</Channel><Computer>ScarletOhare</Computer><Security UserID='S-1-5-18'/></System><EventData><Data Name='FinalStatus'>0x0</Data><Data Name='DeviceVersionMajor'>10</Data><Data Name='DeviceVersionMinor'>0</Data><Data Name='DeviceNameLength'>8</Data><Data Name='DeviceName'>FileInfo</Data><Data Name='DeviceTime'>2016-07-15T22:26:05.000000000Z</Data><Data Name='ExtraInfoLength'>192</Data><Data Name='ExtraInfoString'>{ "flags" : "0x00000010" , "registration_version" : "0x00000203" , "tx" : false , "sections" : false , "frame" : 0 , "class_name" : "FSFilter Bottom" , "instances" : [["45000","0x00000000"]] }</Data><Data Name='FilterID'>{02000000-0001-0000-7F8F-B4DCC4F9D101}</Data></EventData><RenderingInfo Culture='en-US'><Message>File System Filter 'FileInfo' (10.0, 2016-07-15T22:26:05.000000000Z) has successfully loaded and registered with Filter Manager.</Message><Level>Information</Level><Task></Task><Opcode>Info</Opcode><Channel>System</Channel><Provider>Microsoft-Windows-FilterManager</Provider><Keywords></Keywords></RenderingInfo></Event><Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'><System><Provider Name='Microsoft-Windows-Kernel-Boot' Guid='{15CA44FF-4D7A-4BAA-BBA5-0998955E531E}'/><EventID>30</EventID><Version>0</Version><Level>4</Level><Task>21</Task><Opcode>0</Opcode><Keywords>0x8000000000000000</Keywords><TimeCreated SystemTime='2016-08-19T02:53:27.665635900Z'/><EventRecordID>991</EventRecordID><Correlation/><Execution ProcessID='4' ThreadID='8'/><Channel>System</Channel><Computer>ScarletOhare</Computer><Security UserID='S-1-5-18'/></System><EventData><Data Name='ResetEndStart'>0</Data><Data Name='LoadOSImageStart'>1651</Data><Data Name='StartOSImageStart'>1714</Data><Data Name='ExitBootServicesEntry'>3048</Data><Data Name='ExitBootServicesExit'>3048</Data></EventData><RenderingInfo Culture='en-US'><Message>The firmware reported boot metrics.</Message><Level>Information</Level><Task></Task><Opcode>Info</Opcode><Channel>System</Channel><Provider>Microsoft-Windows-Kernel-Boot</Provider><Keywords></Keywords></RenderingInfo></Event></Events>
|
|---|